Dubai: Mobile phones have become a crucial part of everyone’s lives. People use them to take selfies, get in touch with their loved ones, record videos and store other private information.
However, experts warned that UAE consumers, especially those using iPhone gadgets, are prone to cyberattacks and any information about their personal lives, including photos, videos, places they’ve visited, contacts, SMS messages and even corporate data, could easily land in the wrong hands.
Security company Palo Alto Networks has recently released a whitepaper that describes how confidential data in handheld devices can be stolen through backup files stored on personal and Mac computers.
Experts said that private files could be illegally accessed through a technique that has been around for some time called “BackStab”.
They said hackers can steal any of the following: call logs, SMS and MMS messages, and voice mail; contacts and address book information; email calendars and notes; photos, recorded audio and videos; web browsing history, browser bookmarks, cookies from visited websites and geolocation history.
“iOS devices have been the primary target, as default backup settings in iTunes have left many users backups unencrypted and easily identified, but other mobile platforms are also at risk,” the whitepaper noted.
“While the technique is well-known, a few are aware of the fact that malicious attackers and data collectors have been using malware to execute BackStab in attacks around the world for years.”
Nicolai Solling, director of technical services at Help AG, explained that hackers are able to steal people’s private data from their mobile phones by remotely infiltrating the unencrypted backup of their device which, in iPhone users’ case, is created in iTunes.
He said the attack targets mainly phones that run on iOS, Apple’s mobile operating system.
“The Backstab attack is quite interesting as it is an attack specific on iOS devices, which historically have seen less malware than other mobile platforms,” Solling said.
“Backstab therefore highlights the innovation of the attackers by attacking the weakest link, in this case the backup of the iOS device, which is created in ITunes. So the infection or vulnerability is not on the iOS system, rather on how one of the supporting applications iTunes is handling the data.”
“This attack is actually known, but what is interesting is that the attackers are targeting the backup on the client’s machine. It highlights that any person or organisation needs to understand the immediate, as well as possible attack vectors on their IT infrastructure.”
Solling has shared the following tips, in order to protect users against mobile phone hackers:
1. Make sure the backup of your device is encrypted – turn on encryption of the backup in iTunes or use the iCloud backup system and choose a secure password.
2. Regardless of the make or model of your smartphone, always run the latest release of the software of the operating system.
3. When connecting an iOS device to an untrusted computer or charger via a USB cable, don’t click the “Trust” button when the dialog box is displayed.
4. Never ever root or jailbreak your phone.
5. Only install applications you trust.
6. Always update the applications on the device.
7. Don’t do anything on your device that you don’t want others to see or hear; sharing locations or tracking devices should ideally be kept private.
