Amazon.com founder Jeff Bezos’ phone was targeted in May 2018 by a malware triggered though a malicious video file sent to him on WhatsApp by crown prince of Saudi Arabia, The Guardian reported, citing unidentified people. Mint probes how smartphones are hacked.
How have attackers exploited WhatsApp?
A large amount of data was exfiltrated from Bezos’s phone within hours of the attack, the report said. Targeting users by sending a video message or making a call was common in 2019. The Pegasus spyware attack, which targeted 1,400 people globally, was executed via a WhatsApp call. Attackers gained real-time access to a phone’s camera, microphone, storage and location. In November the Indian government’s cyber-security agency warned WhatsApp users about another attack, where a device was infiltrated by sending an MP4 video file. Spyware attacks can also be carried out by sending a malicious link via email or SMS.
Why should users be watchful of apps?
A common vector for malware on smartphones are malicious apps from third-party stores. Some of these apps have occasionally been found on Play Store too, despite Google’s strict vetting process. Many of these apps use advanced obfuscation techniques such as encrypting the malicious file to avoid detection. Once installed, such an app would ask targets for accessibility rights, so it can plant a “back door” on the device and send critical data to a remote server. Not all malware go after personal data; many hack the phone for cryptojacking, which can have serious consequences for the battery and motherboard.
How can attackers target you through OTA updates?
Attackers have found a new phishing attack to target Android devices. They first send an SMS with a fake OTA (over the air) update offering the target new network configuration settings. Once these settings are downloaded, attackers can route all internet traffic originating from the phone through a proxy server controlled by them, and, thus, monitor all online activity.
What are the routes taken by malware?
Not all malware target users via links, messages and apps. Unique ones like BlueBorne can spread through airwaves using Bluetooth connectivity and to other devices using the same modus operandi. Connecting to a public WiFi network is risky. These networks can be used to carry out man-in-the-middle attacks, where any information passing between the smartphone and the network can be seen by attackers. Charging a smartphone using a USB port at a public kiosk can also make it vulnerable to attacks.
Which devices are less prone to attacks?
There are many other ways in which a smartphone can be hacked, but the ones cited are more common. Attacks are not limited to Android devices, so the numbers are a lot higher. Android devices run on open source code, which lets owners tinker more with the operating system (OS). Customizations by phone makers can also weaken the security. In contrast, Apple doesn’t release source code for iOS with developers, which restricts iPhone owners from modifying the code on their phones.