THE Cyber Security Incident Response Team, CSIRT, a cyber intelligence unit of the Nigerian Communications Commission, NCC, has identified two cyber vulnerabilities and advised Nigerian telecom consumers on measures they require to avoid cyber-attacks.
In what is apparently its first security advisory barely three months after its advent, CSIRT identified Juice Jacking as one of the ways hackers gain access into consumers’ devices. Under juicing, hackers gain access while devices are being charged at public charge stations.
The CSIRT, in its first-ever security advisories less than three months after its creation, has solely identified the two cyber-attacks targeting the consumers and proffer solutions that can help telecom consumers from falling victims to the two cyber vulnerabilities.
The first is described as Juice Jacking while the second is Facebook for Android Friend Acceptance Vulnerability. Under the first method hackers can gain access into consumers’ devices when charging mobile phones at public charging stations. The hacking method, which applies to all mobile phones, involves hackers leveraging on the courtesy offered in public trains, restaurants, malls, etc, to load a payload device on the charge ports.
As quickly as any unsuspecting phone owner plugs in a phone, the payload is downloaded automatically on the phone which then gives the attacker remote access to the affected mobile phone and llowing same to monitor data transmitted as text, or audio using the microphone.
CSIRT warns that the attacker can actually watch the victim in real time if the victims’ camera is not covered just as the hackers has full access to the gallery and the phone’s Global Positioning System, GPS, location.
Hackers, according to CSIRT’s release on Wednesday, January 26, 2022, can also gain access to phones through what it refers to a Facebook for Android Friend Acceptance Vulnerability. The method targets only Android Operating System.
When hacked, an attacker has remote access to the User’s phone which culminating in a breach in confidentiality, data integrity violation and bypass of Authentication Mechanisms. Among others, such a hacked device may experience such symptoms as sudden spike in battery consumption, device operating slower than usual, apps taking a long time to load, and when they load they crash frequently and cause abnormal data usage.
But CSIRT says there is a solution. It advises device owners to use ‘charging only USB cable’, avoid Universal Serial Bus, USB, data connection; use of one’s AC charging adaptor in public space and not granting trust to portable devices prompt for USB data connection.
Other measures against Juice Jacking in particular, include installation of Antivirus and updating them to the latest definitions always, keeping mobile devices up to date with the latest patches, using one’s own power bank, keeping mobile phone off when charging in public places as well as ensuring use of one’s own charger, if one must charge in public.