The Nigerian Communications Commission (NCC) has said its Cyber Security Incident Response Team (NCC-CSIRT) has independently identified two cyber-attacks targeting mobile users and advised Nigerian telecom consumers on the measures to be taken to get protected from the cyber-attacks.
“The CSIRT, in its first-ever security advisories less than three months after its creation, has solely identified the two cyber-attacks targeting the consumers and proffer solutions that can help telecom consumers from falling victims to the two cyber vulnerabilities.
“The first is described as Juice Jacking, which can gain access into consumers’ devices when charging mobile phones at public charging stations and it applies to all mobile phones. The other is a Facebook for Android Friend Acceptance Vulnerability, which targets only Android Operating System,” NCC stated.
“According to CSIRT security Advisory 0001 released on January 26, 2022, with Juice Jacking, attackers have found a new way to gain unauthorized entry into unsuspecting mobile phone users’ devices when they charge their mobile phones at public charging stations.
“Many public spaces, restaurants, malls, and even public trains do offer complementary services to their customers in a bid to enhance customer services, one of which is providing charging ports or sockets,” the Commission said.
It added that an attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations.
“Once unsuspecting persons plug their phones at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone. This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, or audio using the microphone. The attacker can even watch the victim in real-time if the victims’ camera is not covered. The attacker is also given full access to the gallery and also to the phone’s Global Positioning System (GPS) location.
“When an attacker gains access to a user’s Mobile phone, he gets remote access to the User’s phone which leads to breaches in Confidentiality, Violation of Data Integrity, and bypass of Authentication Mechanisms. Symptoms of attack may include a sudden spike in battery consumption, devices operating slower than usual, apps taking a long time to load, and when they load they crash frequently and cause abnormal data usage,” the telecoms regulator explained.
The NCC-CSIRT, however, proffered solutions to this attack to include using ‘charging only USB cable’, to avoid Universal Serial Bus (USB) data connection; using one’s AC charging adaptor in public space, and not granting trust to portable devices prompt for USB data connection.
TRY IT TONIGHT!!! —
Abuja Civil Servant reveals (FREE) secret Fruits that Increased his Manh0d size, gives Stronger Erections and ends Premature Erection in 7days…