Before the millennium our biggest fear was that we would no longer have technology, now for some it’s that we have too much. In our houses, our cars, our hands and our ears there are those who have turned technology into a crime-ridden street. With the majority of the public oblivious to hackers, luckily there are people quietly working behind the scenes, to try and ensure tech doesn’t bring our whole lives crumbling down. So, what is it that they’re stopping and how could it affect our everyday lives?
In December 2017, it was reported that cyber criminals were using Facebook Messenger to infect computers with malware that mines cryptocurrency. Detected by Cyber Security firm ‘Trend Micro’, and nicknamed ‘DigMine’, the malware was designed to look like a video file and had the potential to spread throughout your friends list. A recent update on the issue states that the problem hasn’t gone away. In fact, with the increased popularity of cryptocurrency, the cryptojackers have actually updated the string of viruses.
Facebook messenger isn’t the only messaging app that’s been hit by malware either, with Skype, Viber and WhatsApp all being left vulnerable.
At the beginning of this year, Kaspersky Lab warned of a newly discovered spyware called SkyGoFree, which was capable of using WhatsApp to steal users’ messages, force their phones to record audio and video, and take pictures, all without arousing any suspicion. Calling the malware “one of the most advanced mobile implants”, Kaspersky warn that in the years it has been operational it has grown into a “full-fledged multifunctional spyware” and has already infected the phones of several people in Italy.
‘Major vulnerabilities’ were revealed in the Tinder app in January. The app, who’s appeal lies in anonymity between those who swipe left, has been discovered by Checkmarx Cyber Security Firm to be contrarily struggling with their privacy. Lacking basic HTTPS encryption, the firm found that anybody using the same WIFI network was able to see the same profiles Tinder users came across and work out whether they had matched or not. Whilst this oversight might seem less than malicious, concerns were subsequently raised about the safety of LGBT+ members, as sexual preference could also be detected.
“While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.” - Erez Yalon, Checkmarx’s manager of application security research
This is similarly a problem which has been raised regarding the Grindr app this year. In April the Norwegian Consumer Council filed a complaint against the gay dating app, in light of its decision to share its user’s personal data with 3rd parties, data which includes sexual preference and HIV status. This disclosure could be incredibly dangerous for users, in a world where LGBT+ citizens are still heavily persecuted. A fact that is compounded by the fact that Grindr has recently been acquired by a Chinese corporate group, leaving the application subject to relevant disclosure laws, in a country whose anti-gay laws intersect with surveillance and censorship.
January this year saw computers being slowed down by ads that hijacked them in order to secretly mine cryptocurrencies. Using Youtube in order to piggyback Googles DoubleClick ads, 90% of the time malicious adverts would launch a miner called Coinhive. One of the most ‘victimless crimes’, a Google spokesperson announced shortly after that the ads had been blocked in just two hours.
How to protect yourself
Whilst hackers are getting more inventive with their techniques, the majority of malware is only harmful if you click a ‘dodgy’ link. In the case of the Facebook Messenger breach, the cryptojackers attempted to lure in users with a carefully written message including the persons name and an enticing video title sent from a friend. If a link looks suspicious or you receive a message from an acquaintance out of the blue, a simple reply questioning the contents could save you a lot of hassle.
Something as simple as ensuring all of your applications are up to date is also crucial, in order to avoid unwanted usage. Updates issued by app developers have new security measures built in to protect users and help to solve gaps in security which have been discovered over time.
“It is incredibly important to keep your apps up to date as they generally hold huge amounts of sensitive, personal data – everything from your email address to your bank details.” – Azeem Aleem, Director of Advanced Cyber Defence Practice for EMEA and APJ at RSA