Are you sure the mobile device you use is absolutely safe so that even the financial transactions can be conducted via this?
Sure enough, the technologies that support mobile and data communication via this have evolved a great deal, the security methods associated with this also has matured accordingly. But, just as the mobile devices have become indispensible in today’s world, their sheer numbers and the complexities associated also raises more issues and questions, prominent being the unauthorized access to the mobile data.
Here we discuss some possibilities.
Loop-hole slide trough, brute-force and other systematic attacks that were aimed at your good old PC is now being reformulated to target your mobile devices as well.
Some possible modes and channels are…
System Vulnerabilities
Many manufacturers embed device management tools to remotely configure and update their mobile devices, and for these manufacturers, production of many of these applications in-house poses many headaches. Alternatively, outsourcing also reduces overheads.
This scenario opens up many possibilities, which hackers capitalize sooner or later.
This happens when a new software application gets installed into the system. Among the ways are duping the user, which results in user knowingly installs it but, without knowing the consequences. Many a time malwares piggyback on other applications and games also. Malware attacks on mobile devices are on a steady raise.
A story that trickled out some time back is the hacking of the accounts of then CIA director John Brennan and many other top end intelligence officials by a teenage hacker group.
Yes, we are talking about military grade espionage, and you know, in comparison, to breach into a simple mobile device is by and large a simple affair. Many malwares have the ability to redirect or forward messages, photos, contact details, charting locations etc.
In the yester age of laptop mailing, SSL and TLS offered excellent security for the common but sophisticated key loggers were able to circumvent these in-transit security layers by tapping into the system at the data entry stage itself.
In the mobile device scenario also there is reason for apprehension as these circumvention strategies evolve. Apart from key loggers, it’s also possible to mislead the victim to allow a draw over and take screenshots every other second. This means neither personal nor highly confidential information are no longer safe, whatever message application victim use. It’s not a big deal to bundle these screenshot files as a video or a gif and sent to any destination. This file could still be much smaller than many of the common videos we share via chat apps.
Some Nigerian and Russian hacker groups, it is heard, have even started reselling this as a service. It is unfortunate many of the devices out there are already compromised due to system vulnerabilities itself, let alone additional malwares. A move by the Government of India to curtail the sales of some Chinese brands of mobile phones should be seen in this light. There are reasons to doubt the inclusion of intentional black hat coding in these phones’s OS itself.
Only recently Google banned many hundreds of apps from play store and many of them were also very popular. This action was based on complaints and because of the possibilities for unethical behavior pattern these apps are embedded with. Again, unfortunately, many of the mobile phones already carry apps of this class. But, whatever banned is just a meager number considering there are literally many thousands of these apps floating around in and out of play store.
This involves using baits to make the mobile user initiate certain actions like clicking links, filling masqueraded forms etc. This could be presented as exceptional offers from well known organizations were the users are invited to follow in and sometimes, fill in certain details. Victims usually end up divulging personal information.
The users are also invited to follow links as a part of apparently fun filled games or to try out free trial software that could contain malware. This can compromise user’s phone or other devices.
Overflowed Buffer
For rapid re-access and reuse of data, systems store these in a temporary storage area. When an application push in more data to this area than it is intended to hold, results in buffer overflow and could overlap and overwrite adjacent memory. Many a times this is a program error but can result in data snooping and security attacks. Data transfer quantity via mobiles are on the rise, the data transfer speed via networks are also increasing dramatically. So, chances for buffer overflows and possibilities for data corruption have also increased many fold and so has the security risks associated with that.
Eavesdropping! Yes, as simple as that!
You now enter the dark domain of Stingrays.
This system masquerade somewhat as a mobile phone tower and nearby mobile phones gets connected to it. This device can grab all the necessary metadata. Some versions can read your SMS and more.
Many law enforcement agencies use these or similar systems to eavesdrop especially during VVIP visits, at terrorist hideouts etc. It is also known, creative backyard engineers building and using these to pipe out valuable information.
Bluetooth Hacking
Talks about bluebugging have been on the scene for quite some time now. Victim’s Bluetooth signals are intercepted and hacked into. This gives hackers access to the texts, contacts, call history, photos… well, almost everything on your phone.
Sharing files can make the infection more widespread.
Among other uses, scammers can use these hacked phones to make long distance calls, which generally have better voice quality than calls via chat apps over internet and even can get the owner of the phone into trouble.
Having outlined all these possibilities, unless the user installs an exploitery application into an android or ios device, it’s generally safe to use a mobile to do financial transactions. End-to-end encryption is a standard environment requirement.
Moreover, unless the user is such high profile stuff, it is very unlikely for him/her to be under the scanner of a competent hacker!

« Go back to the previous page