Palo Alto Networks unravels ‘BackStab’ technique whichย allows criminals to get access and steal your private data, via unprotected phone backups
The security company, Palo Alto Networks has disclosed details of a new โBackStabโ that steals local mobile data backups and transfers it to the C&C server. A white paper from the companyโs Unit 42 threat intelligence team explains that this data is not taken from mobile devices, but from computers where users create backups for their phones, or where software solutions create automatic backups of their phones whenever they connect it to their computer.
BackStab has been employed by law enforcement and cyberattackers alike to steal SMS and MMS messages, call logs, contacts and address book information, calendars and notes, photos, email, recorded audio and videos, browser bookmarks, web browsing history, cookies from visited websites and geolocation history. The malware exploits the fact that many backup tools donโt implement encryption, so the malicious code easily finds the backups and access data it contains.
As explained by the experts, the BackStab malware doesnโt need to have higher-level privileges or root access to the device or the infected computer.
The whitepaper noted, โiOS devices have been the primary target, as default backup settings in iTunes have left many users backups unencrypted and easily identified, but other mobile platforms are also at risk.โ
โWhile the technique is well-known, a few are aware of the fact that malicious attackers and data collectors have been using malware to execute BackStab in attacks around the world for years.โ
Nicolai Solling, technical services director at Help AG, said that, hackers are able to steal private data from their mobile phones by remotely penetrating the unencrypted backup of their device, which is created in iTunes, in iPhone usersโ case.
He said the attack targets mainly phones that run on iOS, Appleโs mobile operating system.
Solling further said, โThe Backstab attack is quite interesting as it is an attack specific on iOS devices, which historically have seen less malware than other mobile platforms.โ
โBackstab therefore highlights the innovation of the attackers by attacking the weakest link, in this case the backup of the iOS device, which is created in ITunes. So the infection or vulnerability is not on the iOS system, rather on how one of the supporting applications iTunes is handling the data.โ
โThis attack is actually known, but what is interesting is that the attackers are targeting the backup on the clientโs machine. It highlights that any person or organisation needs to understand the immediate, as well as possible attack vectors on their IT infrastructure.โ
Ryan Olson, director of threat intelligence, Unit 42, Palo Alto Networks said, โCybersecurity teams must realize, just because an attack technique is well-known, that doesnโt mean itโs no longer a threat. While conducting our research into BackStab attacks, we gathered over 600 malware samples from 30 countries around the world that were used to conduct remote BackStab attacks.โ
To protect your mobile phones from getting hacked, follow the below recommendations:
– iOS users should use the iCloud backup system or encrypt their local backups in iTunes and select a safe password.
– Regardless of the make or model of your smartphone, upgrade iOS devices to the latest version, as it creates encrypted backups by default.
– Users should not click the โTrustโ button when the dialog box is displayed, while connecting an iOS device to an untrusted computer or charger via a USB cable.
– Never ever root or jailbreak your phone.
– Only install applications you trust.
– Always update the applications on the device.
– Donโt do anything on your device that you donโt want others to see or hear; sharing locations or tracking devices should ideally be kept private.