In the world of Managed IT Services, we have many defenses against intrusions from spyware, malware and Ransomware among others. Even though we at IT Support LA are strong supporters of user Cybersecurity awareness training, an end user can still thoughtlessly click or open an email link or attachment and let malicious viruses and malware into the network system, an issue that can be easily remedied with a good Disaster Recovery Plan.

With reliable data backups, the malware can be isolated, the systems wiped clean and the data restored within an hour or two. Any reputable member of the IT Support Los Angeles Community should be ready and able to do the same – but with a run-of-the-mill, general IT services ‘Guy’, maybe not so much. We have been called upon repeatedly by unknowledgeable IT Support providers, both outsourced and in-house, to ride to the rescue after an attack. Depending on the quality of the victim’s backup system, we can usually set things right… eventually.

Your Smartphones are completely different…

Is someone spying on my phone?

It is very possible. Even if you have some sense of Cybersecurity, it won’t matter if someone texts your phone with the relatively new Pegasus ‘Zero-Click’ spyware. It used to be that you would have to be foolish enough to download an untrustworthy app, use public Wi-Fi or open links or attachments, but now, no participation is required on your part. The hackers just text you and your phone is immediately infected, and you may not even know it.

Once hacked, aside from stealing your passwords and data and engaging in other nefarious activities, the hackers can easily activate your camera and microphone. Makes you want to leave your phone in the other room when you take a shower or enjoy some ‘intimate’ time, doesn’t it?

This concept is not new: why do you think they sell those little camera covers for laptops? It’s not fear-mongering – it’s caution. Over fifteen years ago, the FBI famously used what they called a ‘roving bug’ on suspected Mafioso figures to turn on the mobsters’ cell microphones and listen in for incriminating dialog, which they got and used in the prosecutions.

What does Pegasus spyware do?

Developed by NSO, an Israeli cyber-arms group, Pegasus reads and sends texts, steals data such as passwords, tracks calls and the phone location, collects data from apps, and turns on the camera and microphone. If the hackers want anything g you store in your phone, Pegasus will get it for them. One can only imagine the photographs that many people would not like to see posted on the internet.

Can you tell if your phone has been hacked?

As a consumer, you may not have an IT services company at your disposal to check out your phone, but you may want to run it by the IT Support people at your work, if you have such access. Granted, many people might not want the IT HelpDesk nerds looking through their phones.

To troubleshoot on your own, there are some tell-tale signs to look for, but your own awareness is required. These may be indicators that your phone and you are not alone:
1) It may be as simple as your phone feeling hotter than usual. This can occur naturally if too many apps are running or if your battery is going bad, but it can also be the result of a malware infection.
2) Your battery drains faster than usual. Again, it could be a battery that is getting old, but if you have not changed your phone habits, but you are recharging much more frequently, it could be a hack attack.
3) Unusually high data usage. This could be because of a newly installed app that uses a ton of data, but it could be malware busy at work.
4) Strange new apps appear - that you did not install. This is a dead giveaway.
5) Pop-ups. If you are getting weird pop-ups that you weren’t getting before – especially if they are inappropriate (X-rated), this is a pretty good indication of the presence of malware.
6) Calls and texts you did NOT make. Somebody DID make them, and most likely it’s a hacker.
7) Erratic behavior. If your phone is opening and closing apps on its own, running very slowly online or even rebooting or turning itself off and on for no reason, you very well may have been hacked.

What happens when your phone is hacked?

Depending on the extent to which you use sensitive financial data in your activities, there are a number of things you need to check immediately for any unusual activity: banking and credit accounts that you access on your phone; social media; email; Apple/Google/Microsoft accounts.

One basic step is to ‘factory reset’ the device and install an updated Operating System (OS) from your service provider. This is the phone version of what a Managed IT Services provider does with an infected network. As to your data being restored, choose judiciously as some infected data may transfer tour new OS. It will be tedious but necessary.

It is highly recommended that any and all phone hackings are reported to your wireless service provider and the FBI. More information on how to report any Cybersecurity breach is HERE.

How do I run a security scan on my phone?

There are several ways – open the Security section in your Systems Settings, go to ‘Google Play Protect’ and select ‘Scan device for security threats.’

You can also run a security scan on your Android or iPhone using The Federal Communications Commission (FCC) offer of a free Smartphone Security Checker HERE. No need to worry here: after all - it’s only the government… what could go wrong?

What is the future of Pegasus?

If past performance predicts future behavior, it is expected that Pegasus will have competition that boasts ever-expanding capabilities. Right now, it is the only truly ’clickless’ spyware that has appeared in the marketplace, but that will not last.

The trepidation among Managed Services Providers is that a zero-click malware will be developed that can attack local office networks. However, most qualified, and experienced IT Support and Services firms view it as an added nuisance rather than an apocalyptic threat. Any Managed IT services outfit is already prepared for the Disaster Recovery aspect of an attack – it’s just another time-consuming hassle they don’t need.