MATEUSZ KOPACZ, ICT security manager
Cyber-resilience becomes a popular topic of public debate. Our country has decided to establish a new special service - "Central Cybercrime Bureau". The Prime Minister and the head of the Chancellery of the Prime Minister fell victim to a profiled attack on private e-mails. Every day we receive requests for assistance after and during an information security attack or attempt to encrypt drives. In the first blog post, we will share with you our observations on mobile devices.
Smartphones have become a hacker's paradise. They are rarely secured like computers and we process much more data on them. We use them to chat with family, friends, colleagues and clients. We install applications, follow social media, make transfers, and manage home automation.
Hacking a smartphone is like a trip to our own world. Hackers find out where we live, meet friends and family, and gain access to banking applications, documents and learn the most hidden secrets. The computer can be secured by entering a complicated and difficult to break password. On the cellphone, all you need is a simple four-digit code.
It is true that smartphone manufacturers were the first to use biometric data on a global scale (fingerprint pattern, face ID or iris scan), but this method of authentication is used interchangeably with the PIN code. In addition, criminals by scanning the phone also steal biometric data needed in the next stage of the attack.
How criminals can use your phone:
- Know your location and track it using GPS
- Eavesdrop on what you say and even record phone calls
- View your saved photos and videos
- Turn on the camera at any time
- Read all typed texts and log every keystroke, including pin numbers and passwords for accounts in banking applications, online stores and social media
- Read messages of any type, even encrypted ones
- Log all activity, even when the device is locked
Applications that are used for such attacks often bypass legal issues, pretending to be tools for monitoring children or tracking employees.
What can we do to reduce the risk?
As a rule, we don't need complicated procedures to fend off most cyber attacks. All you need is common sense and consistency.
The most important activities for maintaining safety are:
- Regularly updating the application and the operating system
- Enabling two-factor authentication
- Avoiding public WiFi networks
- Not installing applications from an untrustworthy source *
- Using and updating antivirus software
- No jailbreaking **, especially on Apple phones
- Never clicking on links from unknown email / SMS messages
- Observing communication regarding the status of the device (e.g. Apple introduced indicators when the application uses a microphone or a camera)
- Avoiding foreign USB chargers: chargers have their own small programs that check the battery charge level, for example. It is possible to modify the charger or even the cable itself to run malicious code and infect the device. To see how easy it is, watch this clip
* The Play Store has been identified as the largest source of malware applications by Doctor Web
** Jailbreak / Root allows you to get full access to the device and upload applications and extensions that are not available through official distribution sources.
However, cybercriminals can use other methods as well, where our common sense will not help.
- The equipment necessary to eavesdrop on phone calls currently costs only a few hundred zlotys, allows to recreate a fake cell phone tower and take over communication. Makeshift towers or femtocells are sold by telecommunications companies as signal amplifiers. These tiny devices can actually hijack all phone calls, messages, and e-mails and share them with a potential hacker.
- Pegasus is the most effective surveillance tool developed by the Israeli company NSO Group. It allows to infect any phone from anywhere in the world, all you need is a phone call or a push message. The software is usually used by secret services. However, no one can guarantee when such and similar solutions will be used by criminals. Here you can check if your device has ever been of interest to the NSO Group.
- Taking over our phone number - remember that it is possible to make a "copy" of our SIM card from the operator (this is the simplest, but not the only method). If someone learns our data and undergoes verification at the operator's, they can order a copy of it under the pretext of a damaged SIM card. Then all communication will go to him: e.g. verification codes from the bank. If they previously obtained access to our e-mail, they basically has unlimited access to most internet banking systems.
- We also have bad news for people who believe that iOS devices are protected against spyware. Candiru, based in Tel Aviv (Israel), specializes in providing spyware that allows to infect and monitor iPhones, Android devices, Mac computers, Windows computers and cloud accounts. The company's main product is spyware, which allows for the victim's device to be infected with many different attack vectors, such as: malicious links, man-in-the-middle attacks, physical attacks and the Sherlock vector (an exploit that does not require any interaction with victim's website, the so-called zero-click). The software allows to steal data from the most popular browsers and applications, such as: Skype, Outlook, Telegram, Facebook, WhatsApp, Signal or Gmail. One of the functions is to send messages in popular messengers in real time from the victim's device, thanks to which we can, for example, extract information of interest to us or infect the equipment of a person from the attacked vicinity. So far, it has been possible to confirm the tools used to spy on more than 100 people, mainly politicians, human rights defenders, journalists, scientists, embassy staff and political dissidents. Here you can see an example of the pricing of this tool.
New era, new threats, new solutions
We have entered an age where data rules. From personal data, such as: name and surname, address, e-mail addresses, telephone numbers, and finally PESEL number, to a lot of traces that we leave on the Internet. Data collected on our phones can provide criminals with sufficient information to steal identities and take out loans on our behalf, as more and more people are finding out. They can also prove to be a gold mine for advertisers and telemarketers. Therefore, the most important thing is awareness. Unfortunately, while very sophisticated security is being applied in various layers of the digital world, smartphones have been forgotten and are exposed to cybercriminals.
That is why it is so important to build awareness to understand the threat and estimate the risk. Let's consciously choose with whom and what data we share. Let's not install applications from suspicious sources - let's take care of digital hygiene. Let's be careful, let's use adequate security.
If you have doubts or would like to know the details, please contact us to find out more: