26.4 C

Hackers can access mobile phones when charging in public, NCC warns




The Nigerian Communications Commission (NCC) has alerted the country to newly discovered cyberattacks on Android devices in public places.

The commission, through its Cyber Security Incident Response Team, CSIRT, identified vulnerabilities that hackers use in gaining unauthorised access into smartphones at public charging stations.

First is juice jacking, which is part of two cyber vulnerabilities identified by CSIRT. The other is the Facebook Android Friend Acceptance Vulnerability, which targets only the Android Operating System.


Lawyer sues El-Rufai, NCC and four telcos over Kaduna network shutdown

People living with disabilities picket NCC Abuja office over employment discrimination

NCC investigating data depletion, wrongful deductions by mobile networks

- Advertisement -

This was disclosed by the NCC Director of Public Affairs Ikechukwu Adinde, who cautioned phone users to be careful of charging ports in public spaces, restaurants, malls and public trains.

“An attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations.

“Once unsuspecting persons plug their phones at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone,” he said.

This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, or audio using the microphone as the attacker can watch the victim in real-time if the camera is not covered.

The attacker is also given full access to the gallery and also to the phone’s Global Positioning System (GPS) location.

In October 2021, the commission raised alarm over FluBot — a malware that targets Android devices to steal banking information.

“When an attacker gains access to a user’s mobile phone, he gets remote access into the phone, leading to breach in confidentiality, violation of data integrity and bypass of Authentication Mechanisms.

- Advertisement -

“Symptoms of attack may include a sudden spike in battery consumption, device operating slower than usual, apps taking a long time to load, and when they load they crash frequently and cause abnormal data usage,” Adinde said.

The other vulnerability is on Facebook for Android which gives privilege to anyone with physical access to the android device to accept friend requests without unlocking the phone.

The products affected include Versions 329. of Android OS, but the attacker will be able to add the victim as a friend and collect personal information of the victim.

The aattacker can also have access to details such as email, date of birth, check-ins, mobile phone number, address, pictures and other information that the victim may have shared, which would only have been visible to his/her friends.

The CSIRT proffered solutions to include ‘charging only USB cable’ to avoid universal serial bus (USB) data connection; using one’s AC charging adaptor in public space, and not granting trust to portable devices prompt for USB data connection.

“Other preventive measures against juice jacking include: installing antivirus and updating them to the latest definitions always, and keeping mobile devices up to date with the latest patches.

“Using one’s own power bank; keeping the mobile phone off when charging in public places; as well as ensuring use of one’s own charger if one must charge in public.

- Advertisement -

“However, to be protected from the Facebook-associated vulnerability, NCC-CSIRT in the security advisory recommended to users to disable the feature from their device’s lock screen notification settings,” the statement read.

Author profile

Amos Abba is a journalist with the International Center for Investigative Reporting, ICIR, who believes that courageous investigative reporting is the key to social justice and accountability in the society.

Support the ICIR

We invite you to support us to continue the work we do.

Your support will strengthen journalism in Nigeria and help sustain our democracy.


If you or someone you know has a lead, tip or personal experience about this report, our WhatsApp line is open and confidential for a conversation



  1. The required protection from NCC is the solutions to victims of cyber attack. How can we desable the hacker from our device as quickly as possible.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Support the ICIR

We need your support to produce excellent journalism at all times.



Army has arrested Owo church attackers – Chief of Defense Staff

THE Chief of Defence Staff (CDS) Lucky Irabor on Tuesday said troops of the...

Show organiser reveals why Kizz Daniel refused to perform in Tanzania after $60,000 payment

ORGANISER of the Summer Amplified Concert which flopped in Dar es Salaam, Tanzania, Stephen...

Air Peace suspends Johannesburg flights from August 22

AIR PEACE has suspended flight operations from Nigeria to Johannesburg, effective August 22, 2022. In...

NESG asks FG to cut leakages, reduce cost of governance

THE board of directors of the Nigerian Economic Summit Group (NESG) has directed the...

World Congress of Science and Factual Producers offers scholarships

THE World Congress of Science and Factual Producers (WCSFP) is inviting applications for its...

Most Read


Subscribe to our newsletter