‘BackStab’ can hack and steal private data on your mobile phone without you knowing it

Palo Alto Networks unravels ‘BackStab’ technique whichย allows criminals to get access and steal your private data, via unprotected phone backups

The security company, Palo Alto Networks has disclosed details of a new โ€œBackStabโ€ that steals local mobile data backups and transfers it to the C&C server. A white paper from the companyโ€™s Unit 42 threat intelligence team explains that this data is not taken from mobile devices, but from computers where users create backups for their phones, or where software solutions create automatic backups of their phones whenever they connect it to their computer.

BackStab has been employed by law enforcement and cyberattackers alike to steal SMS and MMS messages, call logs, contacts and address book information, calendars and notes, photos, email, recorded audio and videos, browser bookmarks, web browsing history, cookies from visited websites and geolocation history. The malware exploits the fact that many backup tools donโ€™t implement encryption, so the malicious code easily finds the backups and access data it contains.

As explained by the experts, the BackStab malware doesnโ€™t need to have higher-level privileges or root access to the device or the infected computer.

The whitepaper noted, โ€œiOS devices have been the primary target, as default backup settings in iTunes have left many users backups unencrypted and easily identified, but other mobile platforms are also at risk.โ€

โ€œWhile the technique is well-known, a few are aware of the fact that malicious attackers and data collectors have been using malware to execute BackStab in attacks around the world for years.โ€

Nicolai Solling, technical services director at Help AG, said that, hackers are able to steal private data from their mobile phones by remotely penetrating the unencrypted backup of their device, which is created in iTunes, in iPhone usersโ€™ case.

He said the attack targets mainly phones that run on iOS, Appleโ€™s mobile operating system.

Solling further said, โ€œThe Backstab attack is quite interesting as it is an attack specific on iOS devices, which historically have seen less malware than other mobile platforms.โ€

โ€œBackstab therefore highlights the innovation of the attackers by attacking the weakest link, in this case the backup of the iOS device, which is created in ITunes. So the infection or vulnerability is not on the iOS system, rather on how one of the supporting applications iTunes is handling the data.โ€

โ€œThis attack is actually known, but what is interesting is that the attackers are targeting the backup on the clientโ€™s machine. It highlights that any person or organisation needs to understand the immediate, as well as possible attack vectors on their IT infrastructure.โ€

Ryan Olson, director of threat intelligence, Unit 42, Palo Alto Networks said, โ€œCybersecurity teams must realize, just because an attack technique is well-known, that doesnโ€™t mean itโ€™s no longer a threat. While conducting our research into BackStab attacks, we gathered over 600 malware samples from 30 countries around the world that were used to conduct remote BackStab attacks.โ€

To protect your mobile phones from getting hacked, follow the below recommendations:

– iOS users should use the iCloud backup system or encrypt their local backups in iTunes and select a safe password.
– Regardless of the make or model of your smartphone, upgrade iOS devices to the latest version, as it creates encrypted backups by default.
– Users should not click the โ€œTrustโ€ button when the dialog box is displayed, while connecting an iOS device to an untrusted computer or charger via a USB cable.
– Never ever root or jailbreak your phone.
– Only install applications you trust.
– Always update the applications on the device.
– Donโ€™t do anything on your device that you donโ€™t want others to see or hear; sharing locations or tracking devices should ideally be kept private.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Read More

Suggested Post