The Nigerian Communications Commission (NCC) has issued a warning to the country about new cyberattacks on Android smartphones in public spaces.
The commission’s Cyber Security Incident Response Team, or CSIRT, discovered flaws that hackers exploit to obtain unauthorized access to cellphones at public charging stations.
The first is juice jacking, which is one of CSIRT’s two cyber vulnerabilities. The other vulnerability is the Facebook Android Friend Acceptance Vulnerability, which only affects Android users.
This was revealed by NCC Director of Public Affairs Ikechukwu Adinde, who advised phone users to avoid charging ports in public places like as restaurants, malls, and public transportation.
“An attacker might take advantage of this kindness by loading a payload in the charging station or on the cords they’d leave plugged in at the stations.”
“The payload is immediately downloaded on the victims’ phone whenever they plug their phones into the charging station or the wire left by the attacker,” he explained.
This payload then grants the attacker direct access to the phone, allowing them to monitor data sent as text or voice via the microphone, as well as view the victim in real time if the camera is not covered.
The attacker also has full access to the gallery and the phone’s location through the Global Positioning System (GPS).
The commission issued a warning in October 2021 about FluBot, a virus that targets Android smartphones in order to steal financial information.
“When an attacker acquires remote access to a user’s mobile phone, he exposes the phone’s personal information, violates data integrity, and bypasses authentication mechanisms.”
“A sudden surge in battery use, device functioning slower than usual, applications taking a long time to open, and when they do, they crash often and generate abnormal data usage are all symptoms of an attack,” Adinde added.