Can a person hack your smartphone?

Yes of course it can be hacked. Of course this depends heavily upon the type of smartphone you have. Basically, whether you have an iPhone or not.

This is because iPhones are MUCH more defensible against hacking, and they are inherently difficult to hack, or even install malware on. Disclaimer on that, however is the advent of a recent app that surfaced in the past couple weeks that made it through Apple’s certification process disguised as a harmless game, but once downloaded would unleash a nasty virus on the iOS. This has sense been quashed, so you should have no worries on that now, just fair warning to take care when downloading apps in the future on an iPhone. It’s not completely invulnerable.

Now then, if you don’t have an iPhone, (in other words you most likely have an Android, or God forbid a Microsoft platform phone).... you aren’t quite as safe. Those phones tend to be easier to hack, and malware is more common on those phones.

Of course, if your phone is jailbroken or ‘rooted’, then you stand a much higher risk as well.

So the short answer I guess is, YUP your phone can be hacked. How to protect yourself? Try as best as you can to have an iPhone. Don’t ever plug your phone into an unfamiliar device. Don’t mess around on unsecured wi-fi networks, don’t download an app if you have any doubt to its trustworthiness. Don’t be dumb browsing the web (same applies for PC behavior). And you’ll be fine. Cheerio!

Anything can be hacked, and iPhones are far from immune, if for no reason other than the. “Apple cannot be hacked!”, attitude leads many hackers to reply with, “Challenge accepted!”. If you think otherwise, go to DEFCON and see how long your device remains secure; you’d be lucky to make it 5 minutes (2 minutes for an iDevice).

The advice about charging stations is spot on; many are “data rippers”. And open wifi networks are generally bad for any device.

Be warned that having Bluetooth turned on opens you up even wider, regardless of platform.

@gambitking: “Try as best as you can to have an iPhone”

…or just no phone at all. That might be a better option. iOS is so locked down and is apparently somewhat safer because of philosophical differences. The result is a mobile OS (iOS) that is practically useless. Android is more open and allows you to side-load apps, etc. But this doesn’t mean that you have to install every little app that comes your way. And remember, when you install an Android app, you are told exactly what these apps have access to. If you don’t feel comfortable with a game having access to your contacts, you don’t have to follow through with the install. It’s pretty simple. Most of us are able to manage having a pc and never get infected. Android is the same way. But it is is a compromise. You must be a little more vigilant. But in return you get a phone that is 50 times more powerful than that “safe” iOS.

I almost forgot…

Part of why the iDevices are actually easier to hack is that they’re all the same whereas there are enough differences between Android devices that hacking one won’t automatically allow you to hack them all. That diversity is similar to how genetic diversity amongst humans keeps us all from being wiped out by a single disease; there are enough immune subjects out there for the race/platform to survive.

And don’t forget that there are still some devastating hacks that are hardly traditional password cracks. There’s the Matt Honan example from last year.

Yes, your phone can be hacked. I was going to elaborate but I agree with the others and there isn’t any point to saying the same thing. :)

You can get antiviris/antimalware software for smartphones. I have Avast installed on mine. How good it is, I don’t know. I don’t trust smartphones enough to risk doing my banking on them.

@jerv , good points indeed, and yes thanks for also mentioning Bluetooth, as I’d forgot to point that out as well. Let’s just hope the OP isn’t planning on attending DEFCON any time soon.

@tom_g , hey I almost didn’t recognize you with that green square! You hit the nail on the head with the “most of us are able to manage having a pc never get infected”, but I’d change that “Most” to “Many” or even “Some”, because the vast majority of PC users, in my experience, are not able to boast such a claim. It all goes back to playing it safe at every turn and knowing what you’re doing out in the ether. Smartphone “smarts” would ideally work the same way, but alas the majority are laypersons in terms of technical knowledge with these devices, malware and hacking/cracking.

I have had both Android and iPhone , and I like them both for different reasons, have no problem with either of them… but “hackability” simply wasn’t on either list of pros and cons

Well, if the NSA can do it, I would say that anyone with a modicum of skill in that field could also do so.

“Hacking” is what I do to my own phone to make it work better. What you are talking about is not really hacking, even if hackers sometimes do it.
What you are talking about is unauthorized access and theft. Your question would be better worded as ‘can someone break into my phone and steal my data’? I think it’s important to remember that we’re talking about crime here, not about hacking.

If someone gets a hold of your phone then they can do what they like to it assuming they have the requisite knowledge. If the phone is out of your hands then you can’t know what’s gone on with it. I think you’re question is more specifically about remote access, though.

Remotely attacking a computing device requires a few things. Unauthorized access has pretty much the same prerequisites as authorized access. Your phone needs to have at least one working wireless interface, whether wifi or otherwise. It needs to be running at least one service (that is, a program which listens to the interface and responds to messages, like an FTP server or the like) and the attacker needs an exploit (a way of manipulating the service in such a way as to attack your phone).
Your phone can be accessed by the outside world in two ways:
1— it can run a service, accepting connections from other hosts;
2— it can initiate a connection to another host (for example, requesting a web page) and receive data from another host in response.
Both kinds of connections are subject to being intercepted by an attacker who pretends to be the intended other host. This is called a “Man in the Middle” or MITM attack.

All phones I know about run at least one service. They have to do so in order to work as a telephone, for one thing.
All smartphones I know about have a web browser. Web browsers can be exploited in different ways. Javascript is a particularly attractive attack vector.

Android and Apple have two different approaches to security. Google sits on discovered vulnerabilities for a while, and then releases them along with the patch that closes the vuln. Other contributors (like AOSP or manufacturers) might disclose the existence of a vuln before a patch exists, in order that other developers might guard against it and help in developing the patch. Apple, as far as I know, does not disclose the existence of vulnerabilities in iOS at all, and updates / patches are released as binary blobs only. (I don’t have an iDevice so I don’t know for sure.)
If this is true about Apple, then it’s a case of what NCBS calls “security through obscurity”. This is a common move among security non-experts, but results in worse security over the long run, because the most secure system is the one that successfully resists the widest variety of attacks. Anyone can design a security system that the designer can’t beat- it takes openness to make a system no one can beat. (Or so we think- no one’s done it yet ;^)

Obscurity increases security only under two conditions:
1) While the “vulnerability escrow” authority (in this case Apple) is the only one who ever knows about the vuln (meaning no one else ever independently discovers it);
2) While the authority is 100% trustworthy and leak-proof. How much do you trust Apple? Surely there’s never been a leak of information from that company, right?

@gambitking It’s easily possible for a computer to be compromised without the attacker knowing it. There are botnets out there with millions of nodes; there’s no reason to think that any of those users knows that their machine is compromised.

tl;dr: Yes, Virginia, your phone (or other computing device) can be hacked. It happens all the time. Get a firewall, and be careful.