1. What are the methods or techniques used to hack a smartphone or mobile phone?
1.1. Social engineering
1.1.1. Smartphone operating systems generally have stricter security regimes than PCs or servers. Mobile users need to take affirmative action in order for code to access protected areas of phone's operating system.
1.2. Malvertising
1.2.1. 66% of all malicious apps can be traced back to being downloaded from the Google Play store. Apple closely inspects every app on its app store, which decreases the number of apps available.
1.3. Smishing
1.3.1. Another vector attackers use to get that all-important tappable link in front of their victims is SMS text messaging. The practice is known as SMS phishing or smishing, and it snags the gullible and the high-powered alike. Some cases, hackers using zero-day exploits of mobile browsers can push a malicious file onto a phone.
1.4. Malware
1.4.1. Jailbreaking is seen by many as allowing users to better customize their device. Once a device has been jailbroken, the operating system becomes compromised. Hackers can access passwords, chats, or other input data, such as bank or payment information.
1.5. Pretexting
1.5.1. An attacker can impersonate their victim in communications with their phone provider. This process, known as pretexting, involves piecing together enough personal information about their victim. If successfully verified, the phone carrier may transfer the victim's phone number to a device they possess.
1.6. Breaking in via Bluetooth
1.6.1. Hackers can breach phones without tricking anyone into giving up permissions. The Bluetooth connection is one of the weak spots for a smartphone. Hackers can get close to your smartphone and hack their way in without notice. Many people keep their Bluetooth connection on when they are talking to a phone.
1.7. Man-in-the-middle Wi-Fi attacks
1.7.1. Man-in-the-middle attacks are one way hackers can intercept phone signals. By intercepting communications, hackers can get a wealth of information without ever taking control of the user's phone. The technology still hasn't been rolled out widely in most countries.
2. List the damages which happen while the mobile phone been attacked.
2.1. Data Leakage
2.1.1. Mobile apps are often the cause of unintentional data leakage. "Riskware" apps pose a real problem for mobile users who grant them broad permissions. The September 2019 updates for Android and Apple iOS added protocols to make users more aware of what apps are doing with their location data.
2.2. Unsecured Wi-Fi
2.2.1. Free Wi-Fi networks are often unsecured, so don't use them to access banking or credit card details. To be safe, never use it to access confidential or personal services, like banks or credit cards.
2.3. Network Spoofing
2.3.1. Network spoofing is when hackers set up fake Wi-Fi access points in high-traffic public locations such as coffee shops, libraries and airports. Hackers are able to compromise users' email, e-commerce and other secure information. Never provide personal information; always create a unique password.
2.4. Phishing Attacks
2.4.1. Mobile devices are the front lines of most phishing attack. Email apps display less information to accommodate the smaller screen sizes. Never click on unfamiliar email links. If the matter isn't urgent, then let the response or action items wait until you're at your computer.
2.5. Spyware
2.5.1. Although many mobile users worry about malware sending data streams back to cybercriminals, there’s a key threat closer to home: Spyware. In many cases, it’s not malware from unknown attackers that users should be worried about, but rather spyware installed by spouses, coworkers or employers to keep track of their whereabouts and activity. Also known as stalkerware, many of these apps are designed to be loaded on the target’s device without their consent or knowledge. A comprehensive antivirus and malware detection suite should use specialized scanning techniques for this type of program, which requires slightly different handling than does
2.6. Broken Cryptography
2.6.1. broken cryptography can happen when app developers use weak encryption algorithms or fail to properly implement strong encryption. In the first case, developers may use familiar encryption algorithms despite their known vulnerabilities. Here, the onus is on developers and organizations to enforce encryption standards before apps are deployed.
2.7. Improper Session Handling
2.7.1. Apps generate "tokens" that allow users to perform multiple actions without being forced to re-authenticate their identity. Like passwords for users, tokens are generated by apps to identify and validate devices. Improper session handling occurs when apps unintentionally share session tokens with malicious actors.