NCC Alerts Phone Users, Telecom Consumers on New Cyber Attack Schemes, Proffers Security Measures

Two cyberattack schemes targeted at phone users and telecom consumers have been discovered by the Nigerian Communications Commission’s Cyber Security Incident Response Team (NCC-CSIRT).

The cyber vulnerabilities identified as– Juice Jacking and Facebook for Android Friend Acceptance are the first two cyber vulnerabilities disclosed by the NCC-CSIRT.

Investors King recalls that the NCC-CSIRT was inaugurated in October, 2021 saddled with the responsibility of ensuring continuous improvement of communication frameworks to secure and give timely information while responding to cyber threats within the sector.

In a statement issued by the public affairs director of NCC, Dr. Ikechukwu Adinde on Friday, the new cyber vulnerabilities were dissected –how they penetrate and preventive measures.

Juice Jacking cyber vulnerability is targeted at mobile phones and it gains access into it while charging at public places. The second, Facebook for Android Friend Acceptance vulnerability targets only Android Operating Systems.

The statement explained that for Juice Jacking, the attacker gains unauthorized entry into the mobile phone with a payload when charging at public places like restaurants, malls, and train stations.

“The attacker can leverage this to load a payload in the charging station or on the cables they would leave plugged in at the stations. Once unsuspecting persons plug their phones at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone. 

“This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, or audio using the microphone. The attacker can even watch the victim in real time if the victims’ camera is not covered. The attacker is also given full access to the gallery and also to the phone’s Global Positioning System (GPS) location.

“When an attacker gains access to a user’s Mobile phone, he gets remote access to the User’s phone which leads to breach in Confidentiality, Violation of Data Integrity and bypass of Authentication Mechanisms.” 

The symptoms identified in the release are– sudden spike in battery consumption, device operating slower than usual, apps taking a long time to load, and when they load they crash frequently and cause abnormal data usage.

Outlining security measures, the NCC-CSIRT advised mobile phone users to use ‘charging only USB cable’, this is to avoid Universal Serial Bus (USB) data connection. Also, it encouraged the use of one’s AC charging adaptor in public space; and not granting trust to portable devices prompt for USB data connection.

NCC-CSIRT further urged phone users to install antivirus on their devices and promptly update it; use personal power banks; keep mobile phones off when charging in public places; and very importantly, use personal charger when charging in public spaces.

Speaking on the Facebook Android Friend Acceptance vulnerability, it said the cyber attack gives access to anyone holding the android device to accept friend requests without unlocking the phone. The products affected are Versions 329.0.0.29.120 of Android OS.

“With this, the attacker will be able to add the victim as a friend and collect personal information of the victim, such as Email, Date of Birth, Check-ins, Mobile phone number, Address, Pictures and other information that the victim may have shared, which would only be visible to his/her friends.”

The safety measure given to users for this cyber attack is to disable the feature from their device’s lock screen notification settings.