The Nigerian Communications Commission (NCC) has warned Nigerians about newly discovered cyberattacks on Android devices in public places.
The commission, through its Cyber Security Incident Response Team (CSIRT), identified vulnerabilities that hackers use in gaining unauthorised access into smartphones at public charging stations.
The first is described as Juice Jacking, which can gain access into consumers’ devices when charging mobile phones at public charging stations and it applies to all mobile phones. The other is a Facebook for Android Friend Acceptance Vulnerability, which targets only Android Operating System.
In the CSIRT security Advisory 0001, it was noted that Juice Jacking gives attackers channels to gain unauthorized entry into unsuspecting mobile phone users’ devices when they charge their mobile phones at public charging stations.
Many public spaces, restaurants, malls and even in public trains do offer complementary services to their customers in a bid to enhance customer services, one of which is providing charging ports or sockets. However, an attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations.
Once unsuspecting persons plug their phones at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone. This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, or audio using the microphone.
The attacker can also watch the victim in real-time if the victims’ camera is not covered. The attacker is also given full access to the gallery and also to the phone’s Global Positioning System (GPS) location.
When an attacker gains access to a user’s Mobile phone, he gets remote access to the User’s phone which leads to breaches in Confidentiality, Violation of Data Integrity and bypass of Authentication Mechanisms.
Symptoms of attack may include a sudden spike in battery consumption, devices operating slower than usual, apps taking a long time to load, and when they load they crash frequently and cause abnormal data usage.
The NCC-CSIRT, however, proffered solutions to this attack to include using ‘charging only USB cable’, to avoid Universal Serial Bus (USB) data connection; using one’s AC charging adaptor in public space, and not granting trust to portable devices prompt for USB data connection.
Other preventive measures against Juice Jacking include installing Antivirus and updating them to the latest definitions always; keeping mobile devices up to date with the latest patches; using one’s own power bank; keeping the mobile phone off when charging in public places; as well as ensuring use of one’s own charger if one must charge in public.
The NCC-CSIRT Advisory 0001 also warned that Facebook for Android is vulnerable to a permission issue which gives privilege to anyone with physical access to the android device to accept friend requests without unlocking the phone. The products affected include Versions 329.0.0.29.120 of Android OS.
With this, the attacker will be able to add the victim as a friend and collect personal information of the victim, such as Email, Date of Birth, Check-ins, Mobile phone number, Address, Pictures and other information that the victim may have shared, which would only be visible to his/her friends.
To be protected from the Facebook-associated vulnerability, NCC-CSIRT in the security advisory recommends to users to disable the feature from their device’s lock screen notification settings.
The NCC-CSIRT was inaugurated in October 2021 to provide guidance and direction for the constituents in dealing with issues relating to the security of critical infrastructure in their possession, and periodically assess, review and collate the threat landscape, risks, and opportunities affecting the communications sector, in order to provide advice to relevant stakeholders in those regards.
Three teenage boys have been arrested in Oke Aregba area of Abeokuta, the Ogun State capital after they were caught burning the head of a girl for a money ritual.
A security guard in the area, Segun Adewusi, noticed in the early hours of Saturday that some four boys were burning something suspected to be the human head in a local pot on the road.
The security guard immediately contacted policemen at Adatan station, who went to the scene to get three of the boys arrested as one had fled before the police arrived.
A police source said the slain girl, identified as Rofiat, was a resident of Idi-Ape. She was a girlfriend to one Soliu, who is now in the police net.
Soliu was said to have lured the girl to his room, where he held her down and asked one of his friends to slaughter her with a knife.
“The arrested suspects were identified as 17-year-old Wariz Oladeinde from Kugba, 19-year-old Abdulgafar Lukman from Kugba and Mustakeem Balogun from Bode Olude, all in Abeokuta. Soliu was the boyfriend of the girl, he ran away, but was later arrested.
“They killed Rofiat, cut her head, packed the headless body in a sack and started burning the head in a pot. They told the police in the presence of a mammoth crowd that they wanted to use it for a money ritual.
“The police have taken the body away to a mortuary,” a source told Daily Post on Saturday.
In a video clip Mustakeem Balogun, said, “We wanted to use just her head alone for money ritual. Soliu strangled her and he told me to assist him and we cut off her head.”
The Ogun State Police Public Relations Officer, Abimbola Oyeyemi, has confirmed the incident.
