NCC says Nigerians charging phones in public places risk being hacked

The Nigerian Communications Commission (NCC) says it has identified two new methods fraudsters hack into mobile devices, specifically warning android phone users.

According to NCC, Cyber Security Incident Response Team (NCC-CSIRT) mobile phone users who use public charging stations are likely to lose their valuable data and critical information.

NCC-CSIRT described the first attack as Juice Jacking, a cybertheft exploit through which unauthorised users or hackers gain access into consumers’ devices when charging mobile phones at public charging stations.

The other form of cyber attack is a Facebook for Android Friend Acceptance Vulnerability, which targets only Android Operating System.

READ ALSO: 5G AUCTION: NCC denies knowledge of Tinubu’s connection to Mafab communications

These findings was contained in a just released CSIRT security advisory 0001 released on January 26, 2022.

NCC explained that with Juice Jacking, attackers have found a new way to gain unauthorised entry into unsuspecting mobile phone users’ devices when they charge their mobile phones at public charging stations.

“Many public spaces, restaurants, malls and even in the public trains do offer complementary services to their customers in a bid to enhance customer services, one of which is providing charging ports or sockets,” it said.

NCC further noted that an attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations.

“Once unsuspecting persons plug their phones at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone.

“This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, or audio using the microphone. The attacker can even watch the victim in real time if the victims’ camera is not covered. The attacker is also given full access to the gallery and also to the phone’s Global Positioning System (GPS) location,” NCC added.

On what happens after an attacker gains access to a user’s Mobile phone, NCC revealed it gets remote access to the User’s phone which leads to breach in Confidentiality, Violation of Data Integrity and bypass of Authentication Mechanisms.

“ Symptoms of attack may include sudden spike in battery consumption, device operating slower than usual, apps taking a long time to load, and when they load they crash frequently and cause abnormal data usage.

The NCC-CSIRT, however, proffered solutions to this attack to include using ‘charging only USB cable’, to avoid Universal Serial Bus (USB) data connection; using one’s AC charging adaptor in public space; and not granting trust to portable devices prompt for USB data connection.

Other preventive measures against Juice Jacking include installing Antivirus and updating them to the latest definitions always; keeping mobile devices up to date with the latest patches; using one’s own power bank; keeping mobile phone off when charging in public places; as well as ensuring use of one’s own charger, if one must charge in public.”

For the other NCC warns that Facebook for Android is vulnerable to a permission issue which gives privilege to anyone with physical access to the android device to accept friend requests without unlocking the phone.

“The products affected include Versions 329.0.0.29.120 of Android OS,” it said.

“With this, the attacker will be able to add the victim as a friend and collect personal information of the victim, such as Email, Date of Birth, Check-ins, Mobile phone number, Address, Pictures and other information that the victim may have shared, which would only be visible to his/her friends.”

NCC advised facebook users to disable the feature from their device’s lock screen notification settings.

Join the conversation

Opinions

Support Ripples Nigeria, hold up solutions journalism

Balanced, fearless journalism driven by data comes at huge financial costs.

As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.

If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.

Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.

Donate Now