What to do if you're worried your phone has been hacked – The Washington Post

Technology solves a lot of problems, but sometimes it introduces just as many. Deciding what’s worth worrying about can feel like a part-time job.
This week, we save you time by diving into some tech anxieties with a few experts and deciding whether it’s time to panic. Here are the CliffsNotes:
At Help Desk, unraveling the tech questions that vex you is our full-time job. You can write to us at yourhelpdesk@washpost.com, and read on to see what other readers are wondering about.
The security problem lurking in millions of sites and services: Do regular consumers need to be concerned about the Log4j security vulnerability flaw?
—JD Johns, Los Angeles
Hi JD,
First, some background for those unfamiliar with this security threat: Last week the information security community freaked out a little after discovering a problem inside a super-popular chunk of software called log4j. This software “logs,” or keeps track of, an application’s past activity, and it pops up everywhere from the clouds where you store your photos to the apps on your work computer.
Hackers realized they could control computers running log4j by simply logging a line of malicious code, and they started sharing that bad code on the Internet. Meanwhile, security professionals worked around-the-clock to patch up the vulnerable software and cut off access to important data.
What does all this mean for you and me?
Not much right now, according to Allan Liska, director of threat intelligence at cybersecurity firm Recorded Future. While Liska and his co-workers lose sleep trying to cut hackers off before they can take advantage of the vulnerability, the most the average person might notice is a wonky website or offline app, he said.
Even more likely, you won’t notice anything at all, as compromised apps or websites probably won’t show evidence of tampering.
Most hackers so far have used the vulnerability to run coin miners, or applications that generate cryptocurrency, on other people’s computers, Liska said. As time goes on, bad actors will likely exploit log4j to install ransomware, steal data or worm their way into the back ends of critical systems like banks or government agencies. Unfortunately, the long-term effects of this vulnerability are likely to be worse than what we’re seeing today, said Asaf Ashkenazi, chief operating officer of the security company Verimatrix. (Ashkenazi noted the past few days have been “a nightmare” for security professionals.)
For now, it’s an unfortunate waiting game for normal people. Keep practicing good password hygiene and be cognizant of who you give personal data to. (And maybe think about sending some extra appreciation to any IT people in your life.)
The ultimate guide to secure passwords
A 21st-century haunting: My smartphone will start taking pix randomly, especially late at night if I pick it up or start moving it in my hand. It will light up on its own while sitting on a surface. The camera will flash several times without me enabling it.
—Tricia Young, Arlington, Va.
Hi Tricia,
I’m sorry that your phone is acting scary — it never feels good when technology seems to have a will of its own.
There’s a chance your phone is doing this because of a “shortcut” to the camera gone awry, or maybe someone turned on the “LED flash for alerts” accessibility setting, which could make your phone flash each time you receive a text or an update from an app. Investigate if the flash tends to coincide with incoming messages or notifications. On an iPhone, you can also check the setting by going to Settings –> Accessibility –> Audio/Visual. On an Android, try Settings –> Accessibility –> Advanced Settings –> Flash Notification.
The odds that your device has been hacked are slim. But it wouldn’t be the first time that an individual’s device was compromised by commercial spyware or malicious software from an app.
“There are a lot of sketchy apps out there,” says Fred Mastrippolito, CEO of cybersecurity firm Polito. “And some of them even end up in the App Store.”
If it helps, it’s unlikely that anyone trying to spy on you through your camera would repeatedly set off the flash, Ashkenazi said.
If you’re worried, a factory reset will remove any bad software, confusing shortcuts or annoying notification settings on your phone, he advised. Be careful: This will also remove all your texts, photos, contacts and apps if you don’t back them up to the cloud first. (You can do that in an iPhone’s Settings app by tapping on your name at the top, then your device name, then iCloud Backup, then Back Up Now. On an Android device, try Settings –> Google –> Backup –> Back up now.) But if a funky app is causing your problems, restoring it right back to your phone would bring back the weird flashes, as well.
To reset an iPhone, go to Settings –> General –> Transfer or Reset iPhone –> Erase All Content and Settings. To reset an Android phone, try Settings –> General management –> Reset –> Factory data reset.
Without looking at your device, it’s tough to know precisely what’s going on. But no one should live in fear of these little metal and silicon boxes — there’s no shame in trading the phone in for a new one or resetting it if it’s bugging you.
You’re not paranoid to cover your webcam. But the cameras you can’t cover are scarier.
He sees you when you’re sleeping, he knows when you’re awake: After reading your articles on tracking and privacy, what are your thoughts on Secret Santa Generator apps?
—Martha, Chelmsford, Mass.
Hi Martha,
For the uninitiated, Secret Santa generator apps match gift recipients with anonymous givers in a holiday present exchange. To use one, you punch in everyone’s name and maybe a few questions like “What’s your favorite candy?”
Given widespread tracking by the apps we download onto our phones, the privacy practices of those name-hungry Secret Santa generator apps are worth a second thought.
But are they worth not getting a present?
Let’s weigh two scenarios. In scenario one, you give your name to the generator app. It has some confusing clause in its privacy agreement that says it can share your data with “affiliates,” so it does. Now, some data broker knows that your name is Martha and you like Reese’s Pieces.
In scenario two, you abstain from the app and then watch from the sidelines as co-workers and relatives unwrap sandalwood candles and gift cards to Starbucks.
Like recipe apps before them, I wouldn’t be surprised if Secret Santa generator apps do a little data-harvesting on the side. It’s just too tempting! (And common.)
But my advice is: Let’s do some selective forgetting here and, in the spirit of the season, let Secret Santa generator apps reign unchecked. Even Santa needs a steady source of names, addresses and social security numbers for his Naughty and Nice lists, probably. Joy to the world.
For some recipe apps, your personal data is gravy
Help Desk is a new destination built for readers looking to better understand and take control of the technology used in everyday life. Meet the Help Desk team.
Go deeper: Tech in Your Life | Tech at Work | Your Data and Privacy | Internet Access | What’s New | Ethical Issues
Data and Privacy: A guide to every privacy setting you should change now. We have gone through the settings for the most popular (and problematic) services to give you recommendations. Google | Amazon | Facebook | Venmo | Apple | Android
Ask a question: Send the Help Desk your personal technology questions.

source

Share:

More Posts

Market Research

Pulse Surveys

Turn feedback into action

Our survey platform makes it easy to measure and understand feedback so you can drive growth and innovation

Pulse Handshak

Pulse Handshak

Collaborative online survey tool for the market research industry. Remote assisted surveying just like face-to-face interviews. Here interviewers can talk to the respondent over the web-console without the need for any other communication channel and share the same Q're with responses and click actions.

Pulse FE

Pulse FE

Pulse Field Expert or Pulse FE is the main platform for both offline and online survey at softofficepro.com. It is robust and used by hundreds of clients over tens of years with millions of responses. Do it once Q're and deploy on both offline devices (android) and online forms makes it a great cost effective platform for any kind of responses

Pulse Ultimate

Pulse Ultimate

Pulse Ultimate is targeted for tracking studies and retail audits. An offline survey system offering extreme field control including processes like data quality check, back-check, rework, comparison with previous wave data etc. helps to get the best results on a day-to-day basis

Pulse LS

Pulse LS

Use a managed Limesurvey and our expertise for creating complex forms and token based user management. Use optional mailing system to send survey invitation to each participant and track progress of the response status. Industry standard SPSS / R output supported