How to Keep Your Phone Safe From Hackers

Partial transcription of Weekend Edition Sunday story by Chris Arnold
Originally aired January 23, 2020

Research shows that more general-purpose malware aimed at phones is on the rise.

So here’s what you need to know to reduce your chances of getting hacked.

1. Don’t “jailbreak” your phone and install dubious apps
There is a whole netherworld of questionable apps that exists outside the supported app stores run by Apple, Google and Amazon.

Many people “jailbreak,” or alter, their phones so they can install apps from outside the mainstream app stores — apps that look like games or promise to let you watch a big Hollywood blockbuster before it’s officially released. But “that dramatically increases your risk for installing malicious apps,” says Tim Erlin, a cybersecurity expert at Tripwire.

2. Install all operating system updates
Hackers and the phone manufacturers are in an ongoing race. The hackers find vulnerabilities, and then fixes are included in the software updates for your phone.

“Keeping your phone updated is an important step in keeping it secure as well,” Erlin says. “It’s important to install those updates when they’re available.”

3. Beware of questionable attachments and links
In traditional phishing attempts, you might get an email on your computer asking you to click on a link or download a file that contains malware. But for hackers targeting phones, the threat might not be in an email.

Erlin says, watch out for vague and general-sounding messages asking you to open a file or click on a link. Even if the message comes from someone you know, the person’s account may have been compromised. “And so you click on that link and it compromises your phone,” Erlin says.

4. Protect yourself from SIM-swap attacks. Don’t use your cellphone to verify identity
With a SIM swap, fraudsters take control of a victim’s phone number.

Online accounts use the cellphone number to verify a customer’s identity when the customer wants to do something like change a password. A bank might send you a text message with a temporary code that you then use to change your account’s password.

So without knowing any of your actual passwords, a hacker can take control of an email account and then have control of both your phone number and your email.

5. Be careful about public Wi-Fi when traveling abroad
Be careful if you try to use a public network and it prompts you to do something suspicious (like download an app and use it to log in).

If the address book on your phone is compromised, an attacker would be able to email spam with malicious links to all your contacts. If one of those contacts clicks on the link and then does some online banking, “that lets the hackers steal credentials for their bank account and then they have access to that bank account,” Erlin says.

Copyright © 2020 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information. NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.