\n
![](\"https:\/\/www.csoonline.com\/wp-content\/uploads\/2025\/05\/509643-0-49097100-1747315978-shutterstock_1038184249.jpg?quality=50&strip=all\")
<\/p>\n
\n<\/p>\n
The tabloids were just after scoops, but criminals can use the same techniques to do more damage. \u201cIf successfully verified, the attacker convinces the phone carrier to transfer the victim\u2019s phone number to a device they possess, in what\u2019s known as a\u00a0SIM swap,<\/em>\u201d says Adam Kohnke, information security manager at the Infosec Institute. \u201cCalls, texts, and access codes \u2014 like the\u00a0second-factor authentication codes<\/a>\u00a0your bank or financial providers send to your phone via SMS \u2014 now go to the attacker and not you.\u201d<\/p>\n One of the most obvious \u2014 but overlooked \u2014 ways to install malware on someone\u2019s phone is to do it manually, once you gain physical access to their device. This is of particular importance in domestic violence or stalking scenarios, but it is used for corporate espionage as well.<\/p>\n \u201cWhen someone has physical access to a device, the risk landscape changes significantly,\u201d says Polygaurd\u2019s Badiyan. \u201cTools like FlexiSPY, mSpy, or Xnspy can be installed quickly and run silently, capturing text messages, call logs, GPS location, and even activating microphones or cameras without user awareness. For corporate espionage, malicious configuration profiles (especially on iOS) or sideloaded APKs (on Android) can be deployed to reroute data, manipulate network traffic, or introduce persistent backdoors. There are also hardware-based threats: malicious charging cables, keyloggers, or implanted devices that can exfiltrate data or inject malware. However, these tend to be less common outside of high-value targets.\u201d<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":" The tabloids were just after scoops, but criminals can use the same techniques to do more damage. \u201cIf successfully verified, the attacker convinces the phone carrier to transfer the victim\u2019s phone number to a device they possess, in what\u2019s known as a\u00a0SIM swap,\u201d says Adam Kohnke, information security manager at the Infosec Institute. \u201cCalls, texts, […]<\/p>","protected":false},"author":3,"featured_media":5642,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-5641","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blog"},"_links":{"self":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts\/5641","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/comments?post=5641"}],"version-history":[{"count":0,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts\/5641\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/media\/5642"}],"wp:attachment":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/media?parent=5641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/categories?post=5641"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/tags?post=5641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Gaining physical access to your phone<\/h3>\n