5 Terrifying Smartphone Hacks You Won't Believe Are Possible

Phones with motion sensitivity on the level of an iPhone 4 can guess what you're typing with up to 80 percent accuracy. And this clever bit of spyware can easily Trojan horse its way onto your phone as part of an otherwise trustworthy-looking app, since it doesn't arouse your tinfoil-hat suspicions by asking for permission to use your camera or microphone. The humble tilt sensor is rarely protected against privacy intrusions, because who would ever have guessed that the little gizmo that flips your screen over when you turn your phone sideways could also be used as a goddamn drunken Facebook status update interceptor?

Of course, the algorithm for figuring out what you're typing based on tiny desk tremors is mind-bogglingly complicated, and the whole system is easily defeated by ... just not setting your phone next to your keyboard, so the chances of such an attack by your local garden-variety hacker are low. But since we already know that the government is trying to listen in on us at all times, we're typing up this article with a phone next to the keyboard just to let them know that we know.

That means all it takes is a modern phone with near field communication (NFC) capabilities and a special scanning program, and voila -- a crook can use thief magic to pass right through a solid wallet to steal your credit card with goddamn radio waves, and you don't even get the satisfaction of a fleeting grope. Yep, in our technological age, even the intimate act of digging inside a stranger's pocket has become detached and impersonal for the sake of convenience.

Now, before you ask: Yes, someone has already created this, and yes, you can totally download it for free if you know where to look. The program's creator, Eddie Lee, demonstrated the hack with his own phone at DefCon 2012, then released his simple app on the Internet as a flashing "Fuck you, fix this!" sign to credit card companies.

The program is also capable of shipping card data to someone else's phone, meaning you can go on a shopping spree on Madison Avenue with a card your buddy just swiped from Sunset Boulevard. Now that's modern convenience, folks!

Imagine this: You're sitting at a coffee shop, preparing to Vine about the horrific lack of a design in the foam of your cappuccino, when your phone suddenly alerts you that it's down to 2 percent power. Holy shit, tragedy has struck! Not a single wall socket in sight -- but hey, is that a free cellphone charging kiosk over there? Thanks, modern convenience!

So you hook up to the free charger, the battery indicator flares back to life, and the world narrowly averts missing out on your latest coffee-related outrage. Meanwhile, a hidden device that a "technician" packed inside the charger is casually mining your phone for personal data, stealing all your saved passwords and bathroom mirror self-portraits, and probably slipping you some nasty phone STDs for good measure. Smooth move, moron -- you just did some lowlife a big convenience by plugging your phone directly into his phone-hacking machine.

Don't feel too bad for being fooled, though. In 2011, over 360 people fell for the same trick at the DefCon convention in Las Vegas. And in case you've never heard of it, DefCon is a conference for professional hackers and security experts from around the world. That's right: A convention full of actual hackers was easily taken in by this so-obvious-nobody-expected-it ruse. Fortunately, the kiosk was operated by Aries Security, and instead of actually snatching data from everybody's phones, the kiosk displayed an educational message reminding these security "experts" not to plug their phones into a random box at a hacker convention.

This ploy is known in the security industry as "juice jacking," a term we're pretty sure they borrowed from the porn industry. Based on the same concept as ATM skimming, a criminal could set up a fake phone charging station (or tamper with an existing one) to immediately steal your data, or install a program on your phone to steal it later.

While charging stations in high-profile areas like airports and shopping malls are probably safe, fake charging stations (just like fake ATMs) could crop up anywhere -- especially with numerous no-name companies renting them out to special events. Your best bet to avoid such a disaster? Carry your own cord and find an electrical outlet of the plain old-fashioned variety. Or, you know, maybe just learn to cope with the hardship of missing a prime tweeting opportunity every now and then.

But really, just stealing the data off your phone is minor when you consider ...

So you've invested in the most obnoxiously tank-like OtterBox money can buy, you don't go around stuffing random cords into your phone-holes, and, for what it's worth, you've kept your phone's antivirus software up to date. When it comes to mobile security, your smartphone is absolutely watertight.

... but is it airtight?

Ralf-Philipp Weinmann of the University of Luxembourg discovered that hackers can infiltrate your phone through the airwaves themselves, completely bypassing your operating system and antivirus software to hack directly into the radio processor. This aerial attack requires a special box that acts like a cellphone tower and tricks your phone into thinking it's connecting to a real network. Once the connection is made, the infection juice starts a-flowing, giving the hackers access to everything that the radio processor controls. And since this processor is in charge of handling phone calls, that means the hackers now have your dialer and your microphone -- and on some phone models, possibly your camera, too.

Weinmann presented his technique at the Black Hat conference in 2011 (presumably while wearing an Abe Lincoln-style stovepipe), demonstrating how a phony cell tower can remotely and silently "answer" your phone and broadcast any conversations within earshot to prying ears. Yes, kind of a crude version of what Batman was using in The Dark Knight. But you don't have to be as rich as Bruce Wayne to wield this kind of power: The same brand of tower was set up at Burning Man 2008 for about $4,500.

Pretty scary stuff, but it gets better ...

In fact, Iron Man's fictional technology falls a little behind the curve this time, considering that PlaceRaider (developed by the U.S. military) was already developed, tested, reported, and published by the fall of 2012. The test runs were a smashing success, by the way: PlaceRaider was put in the hands of unsuspecting phone users in an office setting, and in addition to rendering a detailed view of the environment, the resulting images captured computer screenshots, account numbers on checks, and random loose documents.

The idea is that the malware could be embedded in a camera app like Instagram so that it wouldn't raise any red flags when the app asks for permission to access your camera. Then, in practically no time at all, a burglar's virtually strolling through your home -- browsing through your family photos, scanning your wall calendar with "VACATION" scrawled across it in red Sharpie, jotting down the exact locations of your valuables, even seeing close-up detail of what the keys in your pocket look like ...

Wait, we may have just stumbled across the biggest weakness of PlaceRaider: Seeing as how most smartphones spend the majority of the day buried deep inside their owners' pants, the ne'er-do-well on the receiving end would likely end up sifting through piles of detailed 3D renderings of pocket lint and crotch bulges. Maybe we're panicking a bit prematurely on this one.

Mr. Yee convinced Cracked to run his articles by hacking their brains with his smartphone. Right now he's hacking you into checking out his daily fortune cookie and buying his original T-shirts.

For more reasons to go live in a cave with bears, check out 7 Ways Your Cellphone Is Screwing With Your Body and Mind and 6 Sci-Fi Technologies You'll Soon Have on Your Phone.