Hackers can access mobile phones when charging in public, NCC warns

The Nigerian Communications Commission (NCC) has alerted the country to newly discovered cyberattacks on Android devices in public places.

The commission, through its Cyber Security Incident Response Team, CSIRT, identified vulnerabilities that hackers use in gaining unauthorised access into smartphones at public charging stations.

First is juice jacking, which is part of two cyber vulnerabilities identified by CSIRT. The other is the Facebook Android Friend Acceptance Vulnerability, which targets only the Android Operating System.


READ ALSO:

Lawyer sues El-Rufai, NCC and four telcos over Kaduna network shutdown

People living with disabilities picket NCC Abuja office over employment discrimination

NCC investigating data depletion, wrongful deductions by mobile networks


This was disclosed by the NCC Director of Public Affairs Ikechukwu Adinde, who cautioned phone users to be careful of charging ports in public spaces, restaurants, malls and public trains.

“An attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations.

“Once unsuspecting persons plug their phones at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone,” he said.

This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, or audio using the microphone as the attacker can watch the victim in real-time if the camera is not covered.

The attacker is also given full access to the gallery and also to the phone’s Global Positioning System (GPS) location.

In October 2021, the commission raised alarm over FluBot — a malware that targets Android devices to steal banking information.

“When an attacker gains access to a user’s mobile phone, he gets remote access into the phone, leading to breach in confidentiality, violation of data integrity and bypass of Authentication Mechanisms.

“Symptoms of attack may include a sudden spike in battery consumption, device operating slower than usual, apps taking a long time to load, and when they load they crash frequently and cause abnormal data usage,” Adinde said.

The other vulnerability is on Facebook for Android which gives privilege to anyone with physical access to the android device to accept friend requests without unlocking the phone.

The products affected include Versions 329.0.0.29.120 of Android OS, but the attacker will be able to add the victim as a friend and collect personal information of the victim.

The aattacker can also have access to details such as email, date of birth, check-ins, mobile phone number, address, pictures and other information that the victim may have shared, which would only have been visible to his/her friends.




     

     

    The CSIRT proffered solutions to include ‘charging only USB cable’ to avoid universal serial bus (USB) data connection; using one’s AC charging adaptor in public space, and not granting trust to portable devices prompt for USB data connection.

    “Other preventive measures against juice jacking include: installing antivirus and updating them to the latest definitions always, and keeping mobile devices up to date with the latest patches.

    “Using one’s own power bank; keeping the mobile phone off when charging in public places; as well as ensuring use of one’s own charger if one must charge in public.

    “However, to be protected from the Facebook-associated vulnerability, NCC-CSIRT in the security advisory recommended to users to disable the feature from their device’s lock screen notification settings,” the statement read.

    Amos Abba is a journalist with the International Center for Investigative Reporting, ICIR, who believes that courageous investigative reporting is the key to social justice and accountability in the society.

    Join the ICIR WhatsApp channel for in-depth reports on the economy, politics and governance, and investigative reports.

    Support the ICIR

    We invite you to support us to continue the work we do.

    Your support will strengthen journalism in Nigeria and help sustain our democracy.

    If you or someone you know has a lead, tip or personal experience about this report, our WhatsApp line is open and confidential for a conversation

    1 COMMENT

    1. The required protection from NCC is the solutions to victims of cyber attack. How can we desable the hacker from our device as quickly as possible.

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here


    Support the ICIR

    We need your support to produce excellent journalism at all times.

    - Advertisement

    Recent

    - Advertisement