Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Mobile Hacking. Show all posts

Apple Alerts Pegasus-like Attack on Indian Activists and Leaders

 

On July 10, two individuals in India received alarming notifications from Apple, Inc. on their iPhones, indicating they were targeted by a “mercenary” attack. This type of spyware allows attackers to infiltrate personal devices, granting access to messages, photos, and the ability to activate the microphone and camera in real time. Apple had previously described these as “state-backed” attacks but revised the terminology in April. 

Iltija Mufti, political adviser and daughter of former Jammu and Kashmir Chief Minister Mehbooba Mufti, and Pushparaj Deshpande, founder of the Samruddha Bharat Foundation, reported receiving these alerts. Both Mufti and Deshpande confirmed to The Hindu that they had updated their phones and planned to have them forensically examined. A spokesperson for Apple in India did not provide an immediate comment. 

Although the alert did not specifically mention state involvement, it cited Pegasus spyware as an example. Pegasus, developed by the Israeli NSO Group Technologies, is exclusively sold to governments. The Indian government has not confirmed or denied using Pegasus and declined to participate in a Supreme Court-ordered probe into its deployment. This is the first instance in months where such spyware alerts have been issued. 

The last known occurrence was in October, when Apple devices belonging to Siddharth Varadarajan of The Wire and Anand Mangnale of the Organized Crime and Corruption Report Project received similar warnings. Forensic analysis later confirmed they were targeted using vulnerabilities exploited by Pegasus clients. Both Mufti and Deshpande criticized the Union government, accusing it of using Pegasus. Mufti stated on X (formerly Twitter), “BJP shamelessly snoops on women only because we refuse to toe their line,” while Deshpande highlighted the government’s misplaced priorities, focusing on deploying Pegasus rather than addressing India’s significant challenges. 

An international investigation in 2021 by the Forbidden Stories collective exposed widespread targeting of civil society organizations, opposition politicians, and journalists with Pegasus spyware. The Indian government denied illegal activity but did not clearly confirm or deny the use of Pegasus. Alleged targets included Rahul Gandhi, former Election Commissioner Ashok Lavasa, student activist Umar Khalid, Union Minister Ashwini Vaishnaw, the Dalai Lama’s entourage, and individuals implicated in the 2018 Bhima Koregaon violence.

Five Markers that Your Phone is Being Spied on or Has Been Compromised

 

A notification stating that "State-sponsored attackers may be targeting your iPhone" was received by a number of leaders of India's opposition parties, including the Indian National Congress, Trinamool Congress, and Shiv Sena, earlier this week. A commotion and discussion on social media ensued when they claimed that the government was spying on the opposition leaders. A statement on the subject has already been released by Apple. Smart apps that blend into your phone's background are what carry out the spying. 

In order to determine whether your phone has been hacked, you can look for the following indicators. 

 
Phone's battery is draining faster than usual 

The first and simplest way to determine whether your phone has been compromised is to examine the battery behaviour. If you've started charging your phone too frequently, or if the battery is draining faster than usual, it's possible that malware or fraudulent apps are using malicious code that drains a lot of power. It should be noted that you must first ensure that there are not a large number of apps running in the background, as this consumes battery. 

Suspicious activity on linked accounts 

Users have multiple accounts on their phones, including Facebook, Instagram, and others. If you see posts made by your account that you don't remember making, it might suggest a breach in your defence. If you are unable to send or receive emails from your phone, hackers may have hacked your device.

Odd pop-ups

Push notifications for fake virus alerts and other threatening messages could indicate that you have adware on your phone, which requires input from you in order to function. Never click on such kinds of messages or notifications. 

Check your phone's app list

Most people are aware of the apps they use. Look through the list of apps on your smartphone and remove any that you don't recognise as they might contain spyware. Apps should always be downloaded from the App Store or Google Play Store. Before downloading, make sure the developer information, spelling, and app description are correct. 

Increased use of mobile data 

Verify whether you are using more data on your mobile device than usual or if it has increased suddenly. It's possible that malicious software or apps are using up your mobile data in the background.

The Russian Expert Listed the Main Signs of Smartphone Surveillance

 

Along with the unconditional benefits, the smart devices around us also carry a number of dangers. Thus, with the help of a smartphone, attackers can gain access to the personal data of its owner. According to Evgeny Kashkin, associate professor of the Department of Intelligent Information Security Systems at RTU MIREA, there are several signs that may indirectly indicate that your smartphone has become a spy. 

"An important point, in this case, is the requirement for applications to use a camera, microphone, as well as access to data (images and videos) on the phone during installation. Of course, you can disagree with this point during the installation, but most likely, then the application will not work at all or will work incorrectly," the expert explains. 

According to him, for a number of applications, these access rights are mandatory for work, but there are applications where "such rights for normal operation are simply absurd." For example, a home internet account status application. 

Another important factor, in his opinion, is the use of geolocation in applications. At the same time, it`s not only about GPS, but also the use of cellular data, as well as connections to various web resources. Such an approach, on the one hand, can greatly facilitate the search for the right companies within walking distance in a number of search engines, but, on the other hand, the cell phone conducts a "total" tracking of your movements. The key question, in this case, is how the data will be used by those who collect it. 

A number of companies have gone even further in this context. They started tracking the email messages of the users. Thus, with the banal purchase of an electronic plane ticket, the system will notify you in advance of the departure date, and on the day of departure, it will build you a route to the airport, taking into account traffic jams. 

He also advises paying attention to the sudden and uneven loss of battery power. This may indicate that a malicious program is running in the background that can use the phone to carry out a DDOS attack. 

Another alarming symptom is the sudden freezing of the phone or even turning it off for no objective reason. And finally, the occurrence of noises and extraneous sounds during a conversation may also indicate that your phone is being monitored. 

Cybersecurity experts called the signs of smartphone hack

Fast discharge of the smartphone, the appearance of strange notifications or spam when the screen is locked, blocking antivirus programs - all this may indicate that malicious software is installed on the device.

Experts named an unnaturally fast discharge of the battery as one of the main signs of hacking. As a rule, such software runs in the background on your phone, significantly eating up the battery power. Self-restart of the phone is another sign of hacking.

Dmitry Galov, a cybersecurity expert at Kaspersky Lab, pointed out that when it comes to banking Trojans, miners, spyware and stalker software, whose task is to remain unnoticed for as long as possible, there are only a few indirect signs of infection.

"These signs include fast battery discharge, despite the fact that the phone may be new, the device overheating, the consumption of a large amount of Internet traffic, the appearance of strange notifications or unfamiliar programs that you did not install. And this is not a complete list," Mr. Galov said.

According to him, it is possible to correctly answer whether the device is infected only with the help of antivirus. However, if the device is hacked, the antivirus software may be blocked for unknown reasons, even restarting the phone will not help.

"If the user finds signs of infection with a miner or a banking Trojan on the smartphone, then he needs to check the device with an antivirus and remove the malicious software", the Kaspersky Lab expert explained.

Before deleting stalker programs, the expert recommends thinking about whether this step will create an even greater danger: "the initiator of surveillance will most likely find out about this soon, and it is unknown what the next steps of the attacker will be."

The number of cases of hacking smartphone games has increased in the world

In the first half of 2021, the Russian mobile games market was among the world's top five leaders in terms of downloads. Therefore, hackers began to actively attack Russians playing on smartphones. In online games with prizes, attackers can crack the code to get rewards instead of honest participants. In games with registration, hackers hunt for the personal data of players. 

According to forecasts, the volume of the Russian video game market by the end of this year is expected to amount to $2,236 million. Along with the growing interest of consumers in video games, the activity of hackers and scammers is also growing.

Basically, the key to obtaining personal data, logins and access to the victim's computer is phishing. There are various schemes: from simple chat correspondence with malicious links to fraudulent sites where players are offered to improve statistics, download various hacks containing keyloggers or spyware.

It is quite simple to distinguish a game in which there is a chance to meet a dishonest player. You just need to find out if the application is using any anti-cheat (software for tracking and preventing the use of funds for cheating), as well as how often it is updated. Such information can be found in the public domain, often the developers of a particular game write about it themselves.

According to Panda Security in Russia and the CIS, cryptojacking malware can also be added to the current problems of gamers. Cryptojacking is the use of devices (computers, smartphones, tablet PCs, or even servers) without the knowledge of their owners for the purpose of hidden mining of cryptocurrencies. 

The best way not to become a victim of such fishing is not to download pirated software. If the user notices that the PC or mobile device has become slower or fails, then there is a high probability that the gamer is unknowingly "mining" cryptocurrency for hackers.

Vulnerability in the WIB SIM-browser allows attackers to take control of millions of mobile phones around the world


Previously, E Hacking News reported on the Simjacker vulnerability, which allows to monitor the owners of the phones.

Simjacker is the first real attack where the malicious instructions are sent directly in the SMS message. Interestingly, messages are not stored in either inbox or outbox, so everything happens completely unnoticed by the victim.

According to the researchers, attackers can exploit the vulnerability regardless of the brand of the user's device. A similar vulnerability was recorded on devices of many manufacturers, including Apple, Samsung, Google, HUAWEI and others.

According to Adaptive Mobile Security experts, the vulnerability has been exploited for at least two years by highly sophisticated cyber criminals (most likely working for the government) to spy on users.

Ginno Security Lab experts claim they identified similar kind of vulnerabilities in 2015 and this is the first time they are publishing the details.

Adaptive Mobile Security said that everything starts with sending a malicious SMS-message. It can be sent from a phone, GSM modem or even a computer. After opening, this malicious message launches the S@T Browser program installed on each SIM card, as mobile operators use it to provide their services. In this way, attackers can gain full control of the victim's phone.

The company Ginno Security Lab claims that they have found vulnerability in both WIB simcard-browser and S@T simcard-browsers.

"The Wireless Internet Browser (WIB) is specified by SmartTrust and is the market leading solution for SIM toolkit based browsing".

By sending a malicious SMS message to the victim's phone number, an attacker can exploit vulnerabilities in the WIB simcard-browser to remotely gain control of the victim's mobile phone to perform malicious actions.  In their demo, they remotely made a call from victim's phone to another phone.

The impact of the vulnerability in WIB is spreading around the world and putting hundreds of millions of telecommunication subscribers worldwide at risk. The security vulnerability comes from the SIM card, does not depend on mobile phones or the mobile phone operating system, so every mobile phone is affected.

According to the researchers, one of the main reasons for the existence of Simjacker vulnerability today is the use of outdated technologies in SIM cards, the specifications of which have not been updated since 2009. Experts have already information their findings to the GSM Association, a trade organisation that represents the interests of mobile operators around the world.

Hackers Exploiting a Critical Weakness in Mobile Phones to Track Location



The interface designed for the usage of cell carriers is being exploited heavily by attackers. It allows the cell carriers to get in direct touch with the SIM cards inside subscribers' smartphones, the interface can be employed by the carriers for allowing subscribers to make use of the data stored on their SIM card to provide account balances along with other specialized services.

Hackers can secretly track the location of subscribers by exploiting the interface and giving commands to acquire the IMEI identification code of device; the Simjacker exploit further allows them to carry out actions such as making calls or sending messages.

According to the researchers at AdaptiveMobile Security, the working of the Simjacker exploit is not limited to a few devices, rather, it can be carried out on a wide range of mobile phones, irrespective of their software or hardware.

Unfolding the various aspects of the attack, Dan Guido, a mobile security expert and the CEO of security firm Trail of Bits told Ars, “This attack is platform-agnostic, affects nearly every phone, and there is little anyone except your cell carrier can do about it.”

While commenting on the issue, Karsten Nohl, the chief scientist at SRLabs, told Ars, “We could trigger the attack only on SIM cards with weak or non-existent signature algorithms, which happened to be many SIM cards at the time,”

 “AdaptiveMobile seems to have found a way in which the same attack works even if signatures are properly checked, which is a big step forward in attack research.” He added.

Ethical Hacker to Demonstrate 'Weak' Mobile Internet Security

BERLIN — A German computer engineer said Tuesday that he had deciphered the code used to encrypt most of the world’s mobile Internet traffic and that he planned to publish a guide to prompt global operators to improve their safeguards.

Karsten Nohl, who published the algorithms used by mobile operators to encrypt voice conversations on digital phone networks in 2009, said during an interview he planned to demonstrate how he had intercepted and read the data during a presentation Wednesday.

Mr. Nohl said he and a colleague, Luca Melette, intercepted and decrypted wireless data using an inexpensive, modified, 7-year-old Motorola cellphone and several free software applications. The two intercepted and decrypted data traffic in a five-kilometer, or 3.1-mile, radius, Mr. Nohl said.
The interceptor phone was used to test networks in Germany, Italy and other European countries that Mr. Nohl declined to identify. In Germany, Mr. Nohl said he was able to decrypt and read data transmissions on all four mobile networks — T-Mobile, O2 Germany, Vodafone and E-Plus. He described the level of encryption provided by operators as “weak.”

In Italy, Mr. Nohl said his interceptions revealed that two operators, TIM, the mobile unit of the market leader, Telecom Italia, and Wind did not encrypt their mobile data transmissions at all. A third, Vodafone Italia, provided weak encryption, he said.

A spokeswoman for the GSM Association, the industry group based in London that represents global telephone operators, said the group would await details of Mr. Nohl’s research before commenting. A spokesman for O2, which is owned by Telefónica of Spain, said the operator followed Mr. Nohl’s research closely and would take account his findings in its own operations.

Vodafone said in a statement that “We regularly review security measures and carry out risk assessments to prevent the kind of exploit described. We implement appropriate measures across our networks to protect our customers’ privacy.”

Mr. Nohl said he developed his interception technology on an internal broadband network he set up at his research firm, Security Research Labs, in Berlin. His tests focused on mobile data networks that ran on the General Packet Radio Service, or GPRS, technology, which is used widely across the globe.

GPRS networks were introduced in 2000 as successors to GSM digital networks and were the first mobile networks to deliver significant data besides short text messages. GPRS networks are still widely used as backups for newer, faster 3G wireless networks, and consumers are often diverted to GPRS grids when they reach the limits of their monthly data plans.

Rogers Communications, a Canadian operator, estimates that 90 percent of mobile data traffic still runs on GPRS networks.

Mr. Nohl said he was surprised to find that the two Italian operators, TIM and Wind, did not encrypt their data traffic at all. In a statement, TIM would not confirm Mr. Nohl’s claims.

“TIM confirms that it uses state-of-the-art radio mobile technologies from primary international vendors to guarantee the protection of its mobile communications,” it said.

Mr. Nohl, who said he works for mobile operators who hire him to detect vulnerabilities in their systems, said many operators continue to run unencrypted data networks because it allows them to more easily filter out competing, unwanted services like Skype, an Internet-based service that allows consumers to make voice and video calls without using the operators’ voice networks.

“One reason operators keep giving me for switching off encryption is, operators want to be able to monitor traffic, to detect and suppress Skype, or to filter viruses, in a decentralized fashion,” Mr. Nohl said. “With encryption switched on, the operator cannot ‘look into’ the traffic anymore while in transit to the central GPRS system.”

Mr. Nohl said he intended to release his instructions at a conference of the Chaos Computer Club, a computer hackers’ group, which is being held near Berlin in Finowfurt, Germany. They will describe how to convert a Motorola C-123 cellphone, which is designed to run open-source software, into an interception device. But he said he would not release the keys to unlock the encryption used by operators to secure GPRS networks.

Mr. Nohl said his research was intended to prod mobile operators to improve the security of the wireless Internet, which he said was rudimentary compared with the safeguards protecting data sent over conventional, fixed-line computer networks. He said he destroyed the data he had intercepted from networks in Europe, and did not condone eavesdropping, a crime in Europe.

“We are releasing the software needed to reprogram cheap Motorola phones to become GPRS interceptors,” Mr. Nohl said. “This exposes operators with no encryption, like those in Italy, to immediate risk.”

Mr. Nohl said the release of the information would give mobile operators “a few months” to improve security before other hackers recreated his results and attempted to breech security of the mobile broadband networks.

source: nytimes