Stop Charging Your Mobile Phone In Public Places, 'Yahoo Boys' Can Hack Into Your Phones NCC Warns Nigerians
- The Nigerian Communications Commission (NCC) has warned Nigerians to exercise extra caution when charging their phones in public places
- The warning comes after the NCC Cyber Security Incident Response team uncovered two cyber vulnerabilities
- According to NCC, the two vulnerabilities make it simple for fraudsters to attack unsuspecting victims' mobile phones and Facebook accounts
PAY ATTENTION: Click “See First” under the “Following” tab to see Legit.ng News on your Facebook News Feed!
The Nigerian Communications Commission’s says it has identified two new methods fraudsters hack into mobile devices.
This is contained in a just released CSIRT security advisory 0001 released on January 26, 2022.
According to NCC Cyber Security Incident Response Team (NCC-CSIRT) mobile phone users who use public charging stations are likely to lose their valuable data and critical information.
NCC-CSIRT describe the first attack as Juice Jacking, a cyber theft exploit through which unauthorised users or hackers gain access into consumers’ devices when charging mobile phones at public charging stations.
PAY ATTENTION: Follow us on Instagram - get the most important news directly in your favourite app!
Punch reports that the other form of cyber attack is a Facebook for Android Friend Acceptance Vulnerability, which targets only Android Operating System.
NCC explains that with Juice Jacking, attackers have found a new way to gain unauthorised entry into unsuspecting mobile phone users' devices when they charge their mobile phones at public charging stations.
How victims phones are hacked
Part of the report reads:
“Many public spaces, restaurants, malls and even in the public trains do offer complementary services to their customers in a bid to enhance customer services, one of which is providing charging ports or sockets."
NCC also further noted that an attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations.
It revealed that when the unsuspecting persons plug their phones at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone.
The report continues:
“This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, or audio using the microphone. The attacker can even watch the victim in real time if the victims’ camera is not covered. The attacker is also given full access to the gallery and also to the phone's Global Positioning System (GPS) location.”
What next after a phone user falls victim
On what happens after an attacker gains access to a user’s Mobile phone, NCC reveals the attacker gets remote access to the User’s phone which leads to breach in Confidentiality, Violation of Data Integrity and bypass of Authentication Mechanisms.
It said:
“Symptoms of attack may include sudden spike in battery consumption, device operating slower than usual, apps taking a long time to load, and when they load they crash frequently and cause abnormal data usage."
NCC proffer solution
The NCC-CSIRT, however, proffered solutions to this attack to include using ‘charging only USB cable’, to avoid Universal Serial Bus (USB) data connection; using one’s AC charging adaptor in public space; and not granting trust to portable devices prompt for USB data connection.
Other preventive measures against Juice Jacking include installing Antivirus and updating them to the latest definitions always; keeping mobile devices up to date with the latest patches; using one’s own power bank; keeping mobile phone off when charging in public places; as well as ensuring use of one’s own charger, if one must charge in public.”
For the other NCC warns that Facebook for Android is vulnerable to a permission issue which gives privilege to anyone with physical access to the android device to accept friend requests without unlocking the phone.
“The products affected include Versions 329.0.0.29.120 of Android OS,” it said.
“With this, the attacker will be able to add the victim as a friend and collect personal information of the victim, such as Email, Date of Birth, Check-ins, Mobile phone number, Address, Pictures and other information that the victim may have shared, which would only be visible to his/her friends.”
NCC advised facebook users to disable the feature from their device’s lock screen notification settings.
No more extension, NCC issues final warning to Nigerians yet to link their SIM with NIN
Meanwhile, the NCC had issued a stern warning to Nigerians yet to have their Subscriber Identity Modules(SIM) cards linked with their National Identity Numbers (NIN).
According to the commission, those yet to comply will no longer be able to use their lines upon the expiration of the deadline.
NCC issued this warning in a statement after the conclusion of the second edition of the Telecoms Consumer Town Hall radio program.
Source: Legit.ng