- The Nigerian Communications Commission (NCC) has warned Nigerians to be extra careful when charging their phones in public places
- The warning comes after the NCC’s Cyber Security Incident Response Team discovered two cyber vulnerabilities
- According to NCC, the two vulnerabilities make it easy for fraudsters to attack cellphones and Facebook accounts of unsuspecting victims.
The Nigerian Communications Commission says it has identified two new methods of hacking into mobile devices by fraudsters.
This is contained in a security advisory CSIRT 0001 which was just published on January 26, 2022.
According to NCC Cybersecurity Incident Response Team (NCC-CSIRT) mobile phone users who use public charging stations risk losing their valuable data and critical information.
The NCC-CSIRT describes the first attack as Juice Jacking, a cyber theft exploit by which unauthorized users or hackers gain access to consumer devices when charging cell phones at public charging stations.
Many Nigerians embraced cryptocurrency as a rebellion against the CBN’s strict policies – Patricia
Punch reports that the other form of cyberattack is a Facebook friend acceptance vulnerability for Android, wwhich only targets the Android operating system.
NCC explains that with Juice Jacking, attackers have found a new way to gain unauthorized entry into the devices of unsuspecting cellphone users when charging their cellphones at public charging stations.
How victims’ phones are hacked
Part of the report reads as follows:
“Many public spaces, restaurants, shopping malls and even in public trains offer complementary services to their customers with the aim of improving customer services, one of which is to provide ports or charging points. “
NCC also noted that an attacker can take advantage of this courtesy to charge a payload in the charging station or on the cables that he would leave connected to the stations.
He revealed that when unsuspecting people plug their phones into the charging station or cable left behind by the attacker, the payload is automatically downloaded to the victims’ phone.
FG opposes lending apps and online banks for violating user data privacy
The report continues:
“This payload then gives the attacker remote access to the mobile phone, allowing them to monitor transmitted data as text or audio using the microphone. The attacker can even watch the victim in real time if the victim’s camera is not covered. The attacker also has full access to the gallery as well as the location of the phone’s Global Positioning System (GPS).
What happens after a phone user is victimized
On what happens after an attacker gains access to a user’s mobile phone, NCC reveals that the attacker gains remote access to the user’s phone resulting in a breach of privacy, breach of data integrity and circumvention of authentication mechanisms.
“Symptoms of an attack can include a sudden increase in battery consumption, a device running slower than usual, apps taking a long time to load, and when they load they crash frequently and result in abnormal data usage.”
NCC offers a solution
Finally, FG begins an investigation into Sokoloan, LCredit and other loan sharks for breaching the confidentiality of customer data
The NCC-CSIRT, however, proposed solutions to this attack to include the use of “charging only the USB cable”, to avoid the Universal Serial Bus (USB) data connection; use their AC charging adapter in the public space; and do not trust portable devices prompt for USB data connection.
Other preventive measures against Juice Jacking include installing Antivirus and always updating them with the latest definitions; keep mobile devices up to date with the latest patches; use its own power bank; keep the mobile phone switched off when charging in public places; as well as ensuring the use of one’s own charger, if one has to charge in public.
For the other NCC warns that Facebook for Android is vulnerable to a permissions issue that gives the privilege to anyone with physical access to the Android device to accept friend requests without unlocking the phone.
“Affected products include Android OS version 3188.8.131.52.120,” it said.
“With this, the attacker will be able to add the victim as a friend and collect personal information about the victim, such as email, date of birth, records, mobile number, address , photos and other information that the victim may have shared, which would only be visible to their friends.
Default rate soars as loan apps face bleak future in Nigeria
NCC has advised Facebook users to disable the feature from their device’s lock screen notification settings.
No more extension, NCC issues a final warning to Nigerians who have not yet linked their SIM card to NIN
Meanwhile, the NCC had issued a stern warning to Nigerians who did not yet have their Subscriber Identity Modules (SIM) cards linked to their National Identity Numbers (NINs).
According to the commission, those who have not yet complied will no longer be able to use their lines when the deadline expires.
NCC issued the warning in a statement after the conclusion of the second edition of the Telecoms Consumer Town Hall radio show.