Saturday, July 30, 2016

ALL of your smartphone data easily accessible from an app eg Pokemon

In this digital era, 'your' information is no longer yours as it becomes a commodity, and even a tool that can (read is) being used against you.

Your data becomes a target for 'hackers', not necessarily the pimply 15 year old ones but rather the ones working in suits for 'governments'.

Your data becomes a target for government departments, businesses like city councils, supermarket chains like Coles or Woolworths and many other 'businesses'.

To make it even worse IT companies or rather GIANTS like Microsoft, Google and Apple are deliberately perpetuating the problem, by making your data susceptible to being a target of illegal activity by forcing you to store your data on the 'cloud' meaning some place on the internet on 'their' servers.

New products from Microsoft deliberately do not allow you to store your information locally, meaning on your computer's related program or hard disc, whereas previously one could do so.



Nowadays you cannot even backup your device locally, whereas again you were able to do so before.

The Australian government is in on it too, by 'forcing' you to compromise your data.

This is done by narrowing your options the way you communicate with this corporation conglomerate.

Your options are being limited, narrowing them down to (ultimately one option, that being) lodging your applications via your smart phone, and using the brilliant tactic that it's for your benefit because it's easier for you, at the same time being fully aware that 'your' data is at a high level of risk of being compromised.

You cares right? It's only 'your' data, but when 'their' data gets compromised the person/s who compromise it get criminally prosecuted.

This should show you how much of a slave you are to the government.

We could post instructions on how easy it is to gain access to your email account, but then again some retarded federal employee may consider this a 'TERRORIST ACTIVITY' and no doubt our place of residence, work or play would be raided later to be whisked away only to never bee seen again or incarcerated in a normal prison then later to just die, under no suspicious circumstances as determined by a corrupt coroner.

Currently the 'latest craze' for the special people is Pokemon Go, or whatever.

See article from 29 July 2016 by news.com.au of the headline:

All of the data on your smartphone can be accessed by hackers in a matter of minutes

If you thought your smartphone was safe from attack, better think again. 


IMAGINE someone hacking your smartphone and having access to all of your personal data, including contacts, calendar and GPS location. 

Now, imagine the same hacker turning on your phone’s microphone and camera at any given time, listening and watching as they track your every move.

This concept is terrifying on in its own, but even more so when you witness first-hand how easy it is for a cybercriminal to exploit these vulnerabilities.

Check Point’s Nadav Peleg is a cyber security expert who breaks into protected systems and networks to expose vulnerabilities, so they can be fixed.

To demonstrate the risk Australians face, Nadav visited the news.com.au offices to show just how susceptible smartphones can be to attacks.

As the technology editor, I have written my fair share of articles relating to hacking and have even experienced it first-hand after being caught out in the Ashley Madison scandal.

However, I never knew just how easy it was for a hacker to gain access to your smartphone.

“You can have lots of blocks and barriers on the phone, but most of the attacks we see today are happening through social engineering,” Nadav told news.com.au.

“So you don’t actually have to physically have the phone, all you need to do is trick people in order to accept either a malicious app, an email attachment or SMS in order to install a malicious profile that can take over your phone.”

To demonstrate one hacking method, Nadav used the example of a Pokemon Go app on an Android device that had been infected with malware at the time of download.



This control and command centre gives the hacker access to everything on your smartphone.Source:Supplied

Using a control and command centre, Nadav was given full control of the infected Android.

“The person may not even know their phone is infected with malware and, as the hacker doesn’t need direct access to the phone, they can use all of the features of the phone from a laptop anywhere in the world,” he said.

When Nadav said he had full access, that’s exactly what he meant.

Firstly, he got me to film a video of myself on the phone and then seconds later he replayed the video for me on his laptop.

While this was distressing, it was far more chilling when he got me to hold the phone, which for all intents and purposes appeared to be locked.

There was no indication he had been filming me the entire time we had been talking, yet he showed me another video on his laptop he had just taken without my knowledge.

The phone didn’t even change from the black lock screen, so I literally had zero idea I was being filmed. Thankfully it was in a work environment and everything was PG.

Further to this, Nadav demonstrated he had access to the phone’s calendar, GPS and messaging services among other things.

He then used his laptop to send a message from the hacked Android to my iPhone, before explaining this could be used to sign the owner of the phone up to expensive SMS subscription services set up by the hacker to make them money.

So within a matter of minutes, Nadav was able to show me just a small portion of what a hacker could achieve using a control and command centre exploiting a compromised app.


Using a man-in-the-middle attack, this program can record everything typed on the phone.Source:Supplied

Swapping from an Android to an iPhone, Nadav demonstrated how joining a public Wi-Fi can open users to hacking.

Using the Wi-Fi of a popular coffee shop as an example, Nadav demonstrated a man-in-the-middle attack.

This attack secretly relays and alters the communication between two parties who believe they are directly communicating with each other.

In this instance, Nadav said the user had been tricked into connecting to a third-party gateway with keylogging capabilities.

This means everything the person typed on their phone was republished in the program used by the hacker.

Not only does this record conversations and browsing history, but it also captures usernames and passwords.

To show this, Nadav headed to Facebook and the program showed what website was being accessed, as well as the username and an unmasked password that gave access.

“Now using the phone, I am inside the perimeter and that’s what criminal organisations use to gain access to more of the victim’s accounts and information,” he said.

Nadav said now people understand something as innocuous as a contact form on your website can pose a significant threat to your IT infrastructure, people should install mobile threat prevention applications like the one CheckPoint offer through its partnership with Optus.

And after witnessing how easy your phone can be breached, I am going out to get some protection.

No comments: