EXPERTS are warning against a new severe threat to privacy and data security on smartphones as hackers use tricks such as a missed call to control devices.
Victims may be completely unaware that they were exposed to the hack and never even notice there is suspicious behavior on their phones.
The cyberattack uses a technique known as a zero-click hack which does not require the victim to click on an encrypted link to be caught.
The hack can be carried out without any voluntary action from the victim, unlike the typical cyber-attack where traps are laid out to trick people into clicking on a vulnerable URL or downloading an attachment with embedded malware.
The zero-click hack instead takes advantage of flaws in your device.
It uses these flaws to sidestep the data verification generally needed to get into a phone.
“The targets may not notice anything suspicious on their phone,” Bill Marczak, a security researcher at The Citizen Lab, told News18.
“Even if they do observe something like ‘weird’ call behavior, the event may be transient and not leave any traces on the device.
“The shift towards zero-click attacks by an industry and customers already steeped in secrecy increases the likelihood of abuse going undetected.”
WHATSAPP MISSED CALL HACK
The most infamous of the no-click hacks so far was a breach of Whatsapp in 2019 which took advantage of a flaw in its missed call system.
The hack used a missed call to exploit the source code in Whatsapp allowing the attacker to load spyware between the two devices.
Yet users can do nothing to prevent themselves from receiving a missed call, meaning many were left vulnerable.
Once the missed call allowed the spyware to be downloaded, it could embed itself deep inside a device and run as a background resource.
“The current trend towards zero-click infection vectors and more sophisticated anti-forensic capabilities is part of a broader industry-wide shift towards more sophisticated, less detectable means of surveillance,” Marczak explained.
“Although this is a predictable technological evolution, it increases the technological challenges facing both network administrators and investigators.”
“While it is still possible to identify zero-click attacks, the technical effort required to identify cases markedly increases, as does the logistical complexity of investigations,” he added.
“As techniques grow more sophisticated, spyware developers are better able to obfuscate their activities, operate unimpeded in the global surveillance marketplace, and thus facilitate the continued abuse of human rights while evading public accountability.”
Ian Beer, a cybersecurity expert with Google Project Zero, has warned that everyone should realize they are vulnerable.
“The takeaway from this project should not be: no one will spend six months of their life just to hack my phone, I’m fine,” he told News 18.
“Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.”
He suggests that the larger companies should come together to target the problem for the safety of all consumers.
“Sharing information with the security community helps enormously in understanding those tradeoffs.,” he said.