Keep your personal information secure by protecting your mobile device

19 Apr 2018 - 15:45

Smartphones have become a one stop shop everything that we do. We use it to make online purchases, manage our bank accounts, keep track of email, and get the lowdown on what’s happening on Instagram, Facebook and Twitter.

It’s convenient to use, light to carry, and always within arm’s reach, except when writing exams that is. This is the main reason why cybercriminals are developing all kinds of software to mine data from these devices. The scary part is, that if you’re an Android user, you are most at risk.

Why should I care?

The UCT Computer Security Incident Response Team (CSIRT) receives a number of security-related incidents, which in some cases they are able to assist, and other times are only able to advise on what you can do.

Real-life scenarios

Research paper goes MIA days before hand-in

Take for example the UCT student who had been working on his dissertation for months, and just before hand in realised, that oops, all his research was missing from OneDrive and was irretrievable. How? Those sneaky hackers created an app that contained malware which was designed to access a user’s personal information and login details. This poor student, who cannot be named, installed the app, without knowing what its true purpose was for. So, while he used the app for his enjoyment, the hackers could access his phone to get all the information they needed to access all his online accounts, because who logs out of apps when they’re done using it, right? Well this student should’ve, because all his social accounts were used to spread viruses to unsuspecting contacts. Needless to say, it took quite some time to sort out the mess that hackers left, and get his life back in order. Being blamed for something you never did or said is never pleasant, but at least his bank account details could not be accessed, because he still keeps it old school and goes into the bank. Unlike another UCT student, who thought he was being tech savvy by using a banking app on his phone, but did not realise the consequences of not signing out.

Cool app leads to diminished bank account funds

A third-year UCT student downloaded a new gaming app via an advertisement, instead of via the Google Play store. Instead of closing the app, before opening his banking app, he just minimised the screen, and logged onto his mobile banking app to transfer money. When he completed the transaction, he minimised the screen instead of logging out, and went back to playing the game.

Little did he know that the app which brought him so much enjoyment, was a ploy by hackers to access his banking information, which they successfully did, and cleaned out his bank accounts, because his limit was more than what was in his bank account. After making the discovery, he immediately contacted his bank’s Customer Support, who checked and said that all the transactions look legitimate, but they will investigate. He then went to SAPS to make a case, but with not much to go on, they too could only offer to investigate and see what they can find. Lastly, he logged an incident with the UCT CSIRT team to inform them of the incident, and to make others aware of what can happen if their devices are not secured.

Festive season loner gets conned

During the 2017 December holidays, an Honours student was conned by a criminal into getting her to give him money. He did this via cat phishing which is when one-person preys on the emotions of another person, getting them to trust them and eventually give them what they need, in most cases, money.

The criminal made contact with her via WhatsApp, pretending to be a friend of a fellow student. Instead of checking with this student, if she knew the guy, she went on his word and struck up a conversation, which kept going for a few days. She explained that before he contacted her, she was very lonely, because she couldn’t go to her family for the festive season. When he contacted her, she wasn’t as alone anymore.

He then indicated that he would like to visit her in Cape Town, but needed money to travel from Johannesburg. This made her a bit suspicious, but being a professional conman, he knew how to influence her so that she would give him the money. She gave in and as soon as the transaction was completed, the received a message in return saying, “thank you”. The messages she sent thereafter, were undelivered, and when calling the number it said the “subscriber is currently unavailable, please try again later”. She too then reported the matter to SAPS, but once again with only a cell number and a fake identity, there were no leads to follow up on.

These stories are a reality and has happened at UCT

It’s scary to think that these incidents have actually happened and have been reported to the UCT CSIRT. In fact, over the past year and a half, mobile phones have been the main target of cyber-criminals to get access to a user’s key information, including accessing their online banking app’s login details. Once they have this information, they can easily take control of bank accounts, without the user knowing about it. Sneaky, but a reality. Makes you want to think twice about saving your login details so that you don’t have to try and remember which password to use.

What’s even worse, is that the same applies to hacking your social media or email accounts. Just imagine someone sending posts on your behalf, which could damage your reputation. Not ideal.

“But how do they do they do it?”, you may ask.

It’s pretty simple. They create an app that contains malware which is designed to access your personal information, or login details. This app is then made available online for you to download. Once its installed on your phone, all havoc breaks loose and before you know it, TA DA, they have your info.

They can even use it to steal your research data, saved on Google Drive or One Drive, because of course you didn’t sign out of your account the last time you used it. Did you? Imagine that happening two days beforehand in. Bye bye 15 000-word research document that took months to prepare.

Don’t become a statistic

If you’re an Android user, be app wise and check that the apps you download via the Google Play Store are Verified by Play Protect. Google Play Protect is on by default on your device, and verifies an app is safe when you click Install. If it doesn’t appear, then you may want to click cancel and find an alternative app that is protected.

Google Play Protect is only active on Android mobile device that use Google Play Services 11 or higher. Check which OS version you are running to see if your phone can access this feature:

  1. On your device, navigate to Settings.
  2. Tap About Phone or About Device to see which version your device is using.

If not, then you are going to have to do a factory reset to ensure that all viruses that could be on your phone are removed. Yes, it’s a mission, but it’s one way to ensure that your phone is malware-free.

Most important of all, ensure that you have an anti-virus installed no matter what Android operating system you’re using. UCT doesn’t offer this for mobile devices, but you can download and install the McAfee anti-virus for free from your app store. If McAfee is not your thing, then find an alternative that will best suit your needs.

Your phone can reveal a lot about you, so don’t you think it’s worth the effort to secure it?