Jun
27

Your smartphone can be easily hacked easily if you plug it in to charge via USB at a public place like an airport, cafe or on public transport.

Researchers at security firm Kaspersky Labs found that they could install a third-party application, like a virus, onto the phone via its USB cable connection to a computer. It took them under three minutes.

They also found that the Android and iOS phones tested leaked a host of private data to the computer they were connected to whilst charging, including the device name, device manufacturer, device type, serial number and even a list of files.

It’s well known that public Wi-Fi connections are a security risk, but did you know that the USB cord used to charge your phone is also used to send data from your phone to other devices?

By pairing it with any charging station (airport, plane, mall), which usually has a computer hidden behind it, you run the risk of having your photos or contact info sent to that device. If the computer behind the charging station is compromised, it could inject malicious code directly into your device.

You should also avoid connecting your mobile device via USB to a rental car’s entertainment system just for charging. Use the cigarette lighter adapter instead so you don’t have to worry about your personal info being stored in a car that’s not yours.

How to protect yourself:

  • Only plug your phone into trusted computers, using trusted USB cables
  • Protect your cell phone with a password, or with another method such as fingerprint recognition, and don’t unlock it while charging.
  • Use encrypted apps like WhatsApp and iMessage to communicate
  • Antiviruse programs can be a pain, but they help to detect malware even if a “charging” vulnerability is used.
  • Always update your cellphone operating system to the most recent version, as that will have the most up-to-date bug fixes.

Save

Malware: Is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software.
The term “malware” is a compound word from two other words “Malicious” and  “software” and describes software created by hackers to disrupt computer operations, gather sensitive information, or gain access to private computer systems.

Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs.

Some forms of malicious software are:

Spyware is a type of malware installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally to monitor users.

While the term spyware suggests software that monitors a user’s computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, which can result in slow internet connection speeds, unauthorized changes in browser settings, or changes to software settings.

Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam

Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing e-mails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details on a fake website which looks are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Spear-phishing is a more targeted form of phishing. Ordinary phishing involves malicious emails sent to any random email account, but spear-phishing email is designed to appear to come from someone who recipient knows and trusts — such as a colleague, business manager or human resources department — and can include a subject line or content that is specifically tailored to the victim’s known interests or industry.  Phishing attacks are so successful because employees click on them at an alarming rate, even when emails are obviously suspicious.

Pharming is a hacker’s attack intended to redirect a website’s traffic to another, bogus site.
The term “pharming” is a compound term based on the words “farming” and “phishing”. Phishing is a type of social-engineering attack to obtain access credentials, such as user names and passwords. In recent years, both pharming and phishing have been used to gain information for online identity theft. Pharming has become of major concern to businesses hosting e-commerce and online banking websites.

Save