Stop Charging Your Mobile Phone In Public Places, 'Yahoo Boys' Can Hack Into Your Phones NCC Warns Nigerians

Stop Charging Your Mobile Phone In Public Places, 'Yahoo Boys' Can Hack Into Your Phones NCC Warns Nigerians

  • The Nigerian Communications Commission (NCC) has warned Nigerians to exercise extra caution when charging their phones in public places
  • The warning comes after the NCC Cyber Security Incident Response team uncovered two cyber vulnerabilities 
  • According to NCC, the two vulnerabilities make it simple for fraudsters to attack unsuspecting victims' mobile phones and Facebook accounts

The Nigerian Communications Commission’s says it has identified two new methods fraudsters hack into mobile devices.

This is contained in a just released CSIRT security advisory 0001 released on January 26, 2022.

According to NCC Cyber Security Incident Response Team (NCC-CSIRT) mobile phone users who use public charging stations are likely to lose their valuable data and critical information.

NCC-CSIRT describe the first attack as Juice Jacking, a cyber theft exploit through which unauthorised users or hackers gain access into consumers’ devices when charging mobile phones at public charging stations.

Read also

The US government piles pressure on Apple, Google to pull TikTok from stores

Stop Charging Your Mobile Phone In Public Places, 'Yahoo Boys' Can Hack Into Your Phones NCC Warns Nigerians
Professor Umar Garba Danbatta is the Executive Vice-Chairman and Chief Executive Officer (EVC/CEO) of the Nigerian Communications Commission (NCC). Credit: NCC
Source: Facebook

PAY ATTENTION: Follow us on Instagram - get the most important news directly in your favourite app!

Punch reports that the other form of cyber attack is a Facebook for Android Friend Acceptance Vulnerability, which targets only Android Operating System.

NCC explains that with Juice Jacking, attackers have found a new way to gain unauthorised entry into unsuspecting mobile phone users' devices when they charge their mobile phones at public charging stations.

How victims phones are hacked

Part of the report reads:

“Many public spaces, restaurants, malls and even in the public trains do offer complementary services to their customers in a bid to enhance customer services, one of which is providing charging ports or sockets."

NCC also further noted that an attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations.

Read also

EFCC Says landlords giving out houses to Yahoo Boys risk 15-year jail term

It revealed that when the unsuspecting persons plug their phones at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone.

The report continues:

“This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, or audio using the microphone. The attacker can even watch the victim in real time if the victims’ camera is not covered. The attacker is also given full access to the gallery and also to the phone's Global Positioning System (GPS) location.”

What next after a phone user falls victim

On what happens after an attacker gains access to a user’s Mobile phone, NCC reveals the attacker gets remote access to the User’s phone which leads to breach in Confidentiality, Violation of Data Integrity and bypass of Authentication Mechanisms.

It said:

“Symptoms of attack may include sudden spike in battery consumption, device operating slower than usual, apps taking a long time to load, and when they load they crash frequently and cause abnormal data usage."

Read also

US abortion reversal spurs online data fears

NCC proffer solution

The NCC-CSIRT, however, proffered solutions to this attack to include using ‘charging only USB cable’, to avoid Universal Serial Bus (USB) data connection; using one’s AC charging adaptor in public space; and not granting trust to portable devices prompt for USB data connection.

Other preventive measures against Juice Jacking include installing Antivirus and updating them to the latest definitions always; keeping mobile devices up to date with the latest patches; using one’s own power bank; keeping mobile phone off when charging in public places; as well as ensuring use of one’s own charger, if one must charge in public.”

For the other NCC warns that Facebook for Android is vulnerable to a permission issue which gives privilege to anyone with physical access to the android device to accept friend requests without unlocking the phone.

“The products affected include Versions 329.0.0.29.120 of Android OS,” it said.
“With this, the attacker will be able to add the victim as a friend and collect personal information of the victim, such as Email, Date of Birth, Check-ins, Mobile phone number, Address, Pictures and other information that the victim may have shared, which would only be visible to his/her friends.”

Read also

Hackers steal $100 million worth of crypto in major hack

NCC advised facebook users to disable the feature from their device’s lock screen notification settings.

No more extension, NCC issues final warning to Nigerians yet to link their SIM with NIN

Meanwhile, the NCC had issued a stern warning to Nigerians yet to have their Subscriber Identity Modules(SIM) cards linked with their National Identity Numbers (NIN).

According to the commission, those yet to comply will no longer be able to use their lines upon the expiration of the deadline.

NCC issued this warning in a statement after the conclusion of the second edition of the Telecoms Consumer Town Hall radio program.

Source: Legit.ng

Authors:
Dave Ibemere avatar

Dave Ibemere (Senior Business Editor) Dave Ibemere is a senior business editor at Legit.ng. He is a financial journalist with over a decade of experience in print and online media. He also holds a Master's degree from the University of Lagos. He is a member of the African Academy for Open-Source Investigation (AAOSI), the Nigerian Institute of Public Relations and other media think tank groups. He previously worked with The Guardian, BusinessDay, and headed the business desk at Ripples Nigeria. Email: dave.ibemere@corp.legit.ng.