technology

Bluesnarfing: what you need to know.

When buying a technological device today, whether it’s a smartphone, a speaker, a keyboard or a smart watch, one of things people look for is Bluetooth compatibility. And who could blame them when Bluetooth has become a ubiquitous feature of technology that everyone can’t live without. But just like any technology, convenience can quickly turn into chaos when fallen into the wrong hands. With that in mind, here’s what you need to know to guard against cybercriminals when using Bluetooth.

Google paid a settlement fee of $7million for unauthorized data collection from unsecured wireless networks in 2013. While their intention likely wasn’t theft, many disagreed and called them out for Bluesnarfing, a method most hackers are familiar with.

What is it?
Bluesnarfing is the use of Bluetooth connection to steal information from a wireless device, particularly common in smartphones and laptops. Using programming languages that allow them to find Bluetooth devices left continuously on and in “discovery” mode, cybercriminals can attack devices as far as 300 feet away without leaving any trace.

Once a device is compromised, hackers have access to everything on it: contact, emails, passwords, photos, and any other information. To make matters worse, they can also leave victims with costly phone bills by using their phone to tap long distance and 900-number calls.

What preventive measures can you take?
The best way is to disable Bluetooth on your device when you’re not using it, especially in crowded public spaces, a hacker’s sweet spot. Other ways to steer clear of Bluesnarfing include:

Switching your Bluetooth to “non-discovery” mode
Using at least eight characters in your PIN as every digit adds approximately 10,000 more combinations required to crack it
Never accept pairing requests from unknown users
Require user approval for connection requests (configurable in your smartphone’s security features)
Avoid pairing devices for the first time in public areas.

technology

App permission consequences.

Now let’s take a look at some of the categories that apps might ask for access to. The consequences of granting access can be very damaging.

  1. SMS permissions.

If you allow a new app to access SMS, that new utility will be able to access MMS messaging systems as well as any SMS app you have on your phone, not just the one default SMS tool that comes with the Android operating system. Furthermore, an app with permission to access SMS will be able to read all of the messages you have stored in your SMS apps. It will also be able to intercept and read (and possibly alter) incoming messages and it will even be allowed to send out SMS messages from your phone.

  1. Phone call permissions.

The permission to access any communication service on your phone is a gift to any malware that wants to replicate itself by sending out Trojan programs to your Contacts list. If the worm can send those infections out from your Phone number, the hacker that wrote the original virus saves a lot of money and also hides his identity.

A malicious money-making app with permission to access your phone’s call functions can rack up your bill and make a ton of money for its owner by making repeated calls to premium numbers owned by the hacker.

  1. Camera permissions.

Apps that have the permission to access your camera can take screenshots of your activities, take photos and videos of you and your friends, and send those image and video files back to the writer of the app. Similarly, if an app has access to your microphone, any recording tool on your phone can be manipulated to record you without your knowledge.

  1. Location permissions.

The location feature on your phone can tell burglars when you are away from your home and can tell the owners of location-restricted websites and services that you are outside of their operating area so they can block you.

  1. Operating system and storage permissions.

Giving an app permission to access your storage allows data thieves to steal your information. It also opens the door to ransomware that can encrypt all of the files on your device and make them inaccessible until you pay for the decryption key.

Allowing an app to gain control of system settings could mean you lose access to your phone.

Turn off location services completely
On Android, the only way you can turn off access permissions is on a per app basis, as described above. This is the case with all categories except for the Location services of your phone. These can be turned off completely.

Turning off location services defeats geo-restricted websites that try to block your access from other countries. You can bypass their restrictions by using a VPN. However, many sites also check your location in the operating system and that defeats that masking action of the VPN because it gives away your real location.

The strategy of turning off location services completely doesn’t always work to get you into overseas websites. For example, even if you have a VPN operating, the YouTube TV site won’t give you access unless it can also check your phone’s location. You also lose the benefit of being able to track your progress along a route in a web map service.

However, if you want to turn off the location services on your Android phone, go to the Settings screen, scroll down to the Personal section, and tap on Location.

Android location 1

Click on the slider at the top of the Location screen.

Android location 2

Android permission problems
An example of a malware nightmare that will ruin your phone if you allow it to access the system is the Loapi Trojan, which Kaspersky Labs spotted towards the end of 2017. This malware is advertised as an antivirus utility or an adult content app. Once it is installed, the app will constantly demand permission to access the system. It will repeat the demand over and over again until you tap on Allow. You restart your phone to try to turn the app off, but that won’t work. When your phone starts up again, the first thing you will see is that demand for access.

The Loapi Trojan has a wide range of malicious functions. These include launching DDoS attacks on command on other internet connected devices, cryptocurrency mining, and frantic web page access to bump up income from recorded visits. The design of the Trojan enables its controller to load up new attacks on your phone at will. So this is a backdoor that will allow a constant stream of attacks to download onto your phone.

When investigating this Trojan, Kaspersky Labs loaded it onto a smartphone. Within two days, the excessive processing caused by the virus caused the device’s battery to bloat and the phone’s cover to warp. Basically, if you unintentionally download Loapi, you might as well throw your phone away.

The Trojan’s antivirus sweep will detect other antivirus programs running on your phone and alert you to allow removal of those programs, which Loapi falsely labels as malware. Again, the app will not take Deny for an answer. The prompt to allow removal of those programs will not stop until you tap on Allow.

If you have Loapi on your phone, you might try all of the steps outlined in this guide to remove its permissions. However, the defense mechanisms of this malware suite will lock the phone and shut down the settings screens, making it impossible for you to revoke its access rights. This vicious app is just one example of malware that will render your phone unusable.

technology

Virus alert! WhatsApp Pink link will give hackers control of your phone, don’t open it at any cost.

Disguised as a WhatsApp theme-changing APK, WhatsApp Pink is a malware link that installs a virus on your smartphone, giving hackers access to your device.

HIGHLIGHTS:

WhatsApp Pink link is being circulated online that claims to change your WhatsApp theme from green to pink.
This is a malware link that can allow hackers control of your phone.
The APK is disguised as an official WhatsApp update.

A new malware link disguised as a custom WhatsApp theme is making the rounds on WhatsApp group chats. Dubbed as WhatsApp Pink, the malware link claims to change your WhatsApp theme from the original green to pink. However, according to top cybersecurity experts, it’s a virus that allows cybercriminals to hack and take control of your phone. The virus may also take control of your WhatsApp account, and you won’t be able to access it.

What is WhatsApp Pink scam?

This dangerous WhatsApp Pink virus is different from the WhatsApp flaw that was discovered a week back. The flaw only allowed nefarious entities to suspend a user’s WhatsApp account. However, the virus not only restricts users from accessing their WhatsApp account but also gives hackers access to their phone.

Once a user clicks on the link, it takes them to an APK download page. The APK is disguised as an official WhatsApp update, so users might not know that it’s a modified APK that contains the virus. If a user installs the APK, they give hackers access to their phone. There’s a chance that just clicking the link does not download the virus on your phone. So, if you have already clicked on the link but have not downloaded and installed the APK, you might still be safe. If you have not received the WhatsApp Pink message yet, we advise you not to click on the link.

“DO NOT CLICK ON THE WHATSAPP PINK LINK AND INSTALL THE APK FILE. IT WILL LOAD A VIRUS ON YOUR PHONE THAT WILL GIVE HACKERS ACCESS TO YOUR DEVICE.”
WhatsApp has released its official statement on the matter.

“Anyone can get an unusual, uncharacteristic or suspicious message on any service, including email, and anytime that happens we strongly encourage everyone to use caution before responding or engaging. On WhatsApp in particular, we also recommend that people use the tools that we provide within the app to send us a report, report a contact or block contact.”

As much we have berated WhatsApp for its shady practices in the past, this response is genuine. We as users have to take responsibility for such attacks as anyone can send a malware-laced link to us. It’s up to us to judiciously decide whether to click on them or not. The easiest way to avoid such attacks is to never install popular apps from outside Google Play Store. So, beware of the WhatsApp Pink link and any such attempts in the future and protect your online privacy.

technology

Telegram vs Signal: What is the best WhatsApp alternative?

The WhatsApp privacy policy has been bothering a lot of people. The date of the update and policy rolling out has passed and the lingering question still is “What is a good WhatsApp alternative?” There are multiple social messaging apps available. Apps like Google Hangouts, Google Chats, Telegram and Signal, among others have been up for consideration.

The two most popular options that a lot of people are considering are Telegram and Signal. There are a few things that users need to consider before making the switch. There has to be a lot of data transfer. Since the sole reason for the transfer is privacy, users need to choose based on the security features provided by both apps.

Telegram
Telegram started off as a messaging service in 2013 but the platform has transitioned into much more since then. The app now has a number of features and even channels. A lot of users think of it as a good alternative to torrent since torrent has its own share of problems in India. Apart from messaging, users can stream songs, movies and web series on the platform for free of cost. The app itself is free to download and use. Number of people are already making a switch to the platform from WhatsApp.

Signal
Signal is a fairly new social messaging platform that was launched in March 2021. The app has garnered a lot of attention and was considered to be a good alternative for WhatsApp. It is a simple messaging app that does nothing more. When compared to Telegram, it has a lot fewer features to offer. The interface is simple and easy to understand. New users will not have any difficulty in making a switch.

The Better Alternative
There are some differences between the apps when it comes to the treatment of data. One feature that was highly appreciated in WhatsApp was the end-to-end encryption of chats. If you are looking for an alternative that will encrypt all your chats including group chats, then Signal is the app to go for. Telegram does not encrypt all your chats. It only encrypts the secret chat. Signal even encrypts the metadata of your chats, so it does not know who you are talking to and for how long. Whereas, WhatsApp and Telegram do not encrypt your metadata and metadata encryption is important.

So if you are looking for the safest and most secure WhatsApp alternative, Signal is the way to go and not Telegram.

technology

5 easy ways to protect yourself from cyber attacks.

Use your smarts, and technology, to be cyber-secure – at home, at work, at uni or out in the world.

  1. CHECK IF YOU’VE ALREADY BEEN INVOLVED IN A DATA BREACH
    Visit haveibeenpwned.com(external link) and change those passwords for any accounts that it suggests may have been compromised.
  2. CHECK THE STRENGTH OF YOUR PASSWORDS
    Test the strength of your passwords at howsecureismypassword.net(external link) (use something similar to your original password to test its strength).

When choosing a password, remember: the longer it is, the stronger it is. A strong password is at least 12 characters long and hard to guess.

Using a sentence is a great way to create a long password that you’ll never forget.

  1. AVOID THESE PASSWORDS
    The following passwords are considered the most common and easiest to crack – so if you’ve got any of these or similar variations, you should seriously considering changing them – quickly!

123456 (or any chronologically-ordered numbers)
987654321
123123
QWERTY
111111
password
WHICH GENERATION IS MOST GUILTY OF USING INEFFECTIVE PASSWORDS?

  1. TRUST NO ONE (ON EMAILS)
    This may sound a bit extreme – but always be on the lookout for deceitful emails and compromised web pages (spam and phishing). Interacting with these puts your information at risk and can download viruses. Remember:

don’t open email from unknown email addresses
trash attachments in unexpected emails
avoid risky clicks – instead type the address into your browser.

  1. SECURE YOUR DEVICE
    If your mobile device is unsecured, lost or stolen, it could be used to access your info, your money or steal your identity and irreplaceable data like photos or messages. Secure your devices by:

installing anti-virus software
setting a password, gesture or fingerprint that must be entered to unlock
setting the device to require a password before applications are installed
leaving Bluetooth hidden when not in use and disabling automatic connection to networks
enabling remote locking and/or wiping functions, if your device supports them.

technology

Cyber Prox

Get regular updates on the go about our Facebook page and WhatsApp and recent technological and legal advances in order to keep safe.

Cyber crime consultation.

We are here to help in any way possible to keep you away from the menace of cyber crime and to help you technically or legally in case you are a victim.

technology

WhatsApp hacking.

WhatsApp hacking: the new method hackers are using.

The only information needed to connect to someone’s WhatsApp account is a valid phone number and a verification code.

Who would have thought that the way of logging into WhatsApp accounts could be misused to hack user data without their knowledge?
How is it done?

If you receive a message on your phone explaining that an error has been made and that you have received a message containing a code from another person allowing them to connect to WhatsApp, above all, do not disclose this code!
Here is why:

Anyone who has access to this code, along with your phone number, could enter your account, and block you in such a way that you can no longer access it.
How does it work?

The only information needed to connect to someone’s WhatsApp account is a valid phone number and a verification code that you will receive at this number by SMS, used to verify the authenticity of the person wishing to connect.
Unfortunately, some people have decided to take advantage of this ease of use against WhatsApp’s users.
All they need to know is the phone number of their potential victim.
By registering on the application with this phone number that does not belong to them, these same people cannot access the accounts without the access code which was sent to the phone of the victims. Then, the victims receive the following message:
“Hey, I accidentally sent a WhatsApp verification code to your phone. Can you send it to me?”
If a victim responds to this message with the code they received by text message, the perpetrators are in possession of the victim’s telephone number, and also of the identity verification code.
In other words, they have it all.
Nothing then bars their access to their victims’ WhatsApp accounts, from which they can block them.
A tip, as WhatsApp specifies in its terms of use: Never disclose this code to anyone.
“You should never share your WhatsApp verification code with others. If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can’t complete the verification process and use your phone number on WhatsApp. This means you remain in control of your WhatsApp account.”

“WhatsApp doesn’t have sufficient information to identify the individual who is attempting to verify your WhatsApp account.”

So be careful – the security and the use of your WhatsApp account depends on it!

technology

Are matrimonial websites safe to use?

The use of matrimonial websites has grown over the past few years. During the lockdown, a leading Indian matrimonial platform observed a 30% increase in the number of average daily registrations. Increased usage makes such sites more prone to cyber crimes, as has been reported in the recent past. Yet, there is no definite answer to the question of whether these websites are safe for finding a life partner. This article analyses the kinds of cases that we come across regularly and suggests measures to avoid unpleasant situations.

Before getting into the kinds of cyber crimes and frauds taking place on such sites, I will be elaborating on why these crimes occur in the first place.

Reasons why people fall prey to cyber crimes on matrimonial websites
The phrase think before you talk may be extended to think before you type. Most people forget the repercussions of what they type. For example, we are generally secretive about details such as salary, financial assets, etc., but, when it comes to finding a partner online, we put all our details on display. While one may think that this increases our credibility; it also increases the chances a perpetrator missing your personal information. Most people think that money is a major factor in finding a partner, but one must be careful about putting out one’s profile on public platforms.
Love may be blind, but it need not be deaf and dumb as well. Finding love online these days means that physical verification is not possible. We tend to ignore subtle red flags in online meetings, and people turn a blind eye to things they would have otherwise found suspicious. It is important to treat people who one meets through such websites in the same way as one would have if meeting in person.
Most people who register themselves on matrimonial websites want to settle down or find a perfect match. This makes them vulnerable and easier targets for cyber crimes.
Perpetrators establish a sense of trust by investing time in the people they meet online. They may talk to the victim for even 3 to 6 months just to establish a sense of trust and make them more vulnerable. They also spend time talking to the victim’s family or friends to create an impression and gain the victim’s trust. The perpetrators also claim to belong to well-accepted professionals, such as doctors, lawyers, businessmen, etc. to establish a sense of social security and trust.
Cases involving cyber crimes through matrimonial websites

  1. A Pune-based techie loses 10 lakh rupees, instead of receiving gifts
    As per a news article published in October 2019, a woman, a resident of Bavdhan, working in an IT Sector in Pune lost 10 lakh rupees due to a matrimonial fraud. The incident occurred in the first two weeks of September 2019. The conman claimed to have sent the techie gifts from the Netherlands which were seized by customs officials at New Delhi. These gifts included a ring, perfumes, a high-end laptop, and many more such things. She then got a phone call from the customs office asking her to send money to release the above-mentioned gifts.

The official also mentioned that this amount was refundable, and the woman was made to send money to eight different bank accounts. After transferring the money she realised that she had been duped as the conman who claimed to be an NRI stopped responding to her calls and messages. She even found out that there was no seizure of goods at the New Delhi customs office, and the call that she got from the customs officer was fake. She lodged a complaint at the Hadapsar police station on December 28, 2019.

A similar case occurred recently in July 2020 in Goa, where a woman was duped on a matrimonial site and the imposter duped her of 35 lakh rupees on the pretext of custom clearance.

  1. A Hyderabad-based software engineer loses 1 crore rupees
    In another case reported by the Times of India in June 2020, a 33-year-old Software Engineer in Hyderabad was allegedly duped of Rs 1 crore by a woman he met online through a matrimonial website in 2018. The fraudster introduced herself as a doctor of Indian origin who was residing in Baltimore. The software professional was so smitten by the woman and the chats they had on Telegram and WhatsApp that he was ready to pay any amount of money that she asked for. The victim’s monthly salary was about Rs 80,000 and he utilised savings along with borrowing to send her the money. The KPHB police station registered a case under Sections 420 and 406 of the Indian Penal Code, 1860, and Section 66 of the Information Technology Act, 2000.

Earlier in March 2020, the Hyderabad police arrested a gang of four individuals comprising of a Nigerian and three Nepalese nationals. These scammers tricked a doctor into transferring seven lakh rupees in their bank accounts. This was under the pretext for GST and custom clearance payments for gifts and jewellery.

  1. Sexual harassment and extortion
    In April 2020, one victim got in touch with us for seeking assistance in a case involving sexual harassment and extortion. According to her, she signed up on a popular matrimonial website and started exploring the platform. One individual, claimed to be a Navratna PSU employee and posted to a European country, contacted her. Over time, he shared many fake pieces of information to gain her trust. These included employee ID cards, GPS locations, and salary receipts. A couple of months, he asked her to send her nude photos. While she initially sent the pictures, she came to know that he was also screen-recording their calls. When she informed him that her parents had fixed her engagement, he started blackmailing her using those pictures and screen-recorded videos.

Since then to the time of publication of this article, we have received 17 cases with similar modus operandi.

Relevant laws

  1. Identity Theft

According to Section 66C of the Information Technology Act, 2000, it is an incident of identity theft when someone fraudulently or dishonestly uses your electronic signature, password, or any other unique identification feature. Other provisions that may be applicable vary from case to case. Relevant provisions from the Indian Penal Code, 1860:

Section 464: Forgery
Section 465: False documents
Section 468: Forgery for the purpose of cheating
Section 469: Forgery for harming reputation
Section 471: Using a forged document or electronic record as genuine
Section 474: Possession of a forged document with an intention to use as genuine

  1. Financial Frauds
    Financial frauds on matrimonial websites are punishable by law. They may involve the application of Sections 66C and 66D of the Information Technology Act, 2000. However, relevant provisions from the Indian Penal Code, 1860 are applicable such as Sections 406 and 420.
  2. Sexual harassment and extortion
    While the exact provisions will vary from one case to another, the following provisions from the Information Technology Act, 2000 are relevant.

Section 66E: Violation of privacy
Section 67: Publication and transmission of obscene content
Section 67A: Publication and transmission of sexually explicit content
While on the other hand, Sections 354C (voyeurism), 354D (stalking), and 384 to 387 (extortion) from the Indian Penal Code, 1860 are applicable.

Best Practices
Every platform out there will have its pros and cons and the same goes for matrimonial websites. It becomes your responsibility to ensure that you perform due diligence for any individual that you meet online.

As a thumb rule, you should not trust any person you meet online. If you do trust, ALWAYS verify.

We recommend our readers to follow these best practices to minimise the chances of falling prey to cyber crimes:

Do an extensive background check on the other person before revealing your personal information.
Do not believe everything that the other person says.
Take your time and make an informed decision.
Talk to your friend or family members as they will have a fresh pair of eyes.
Do not share your financial information, or make any payments for any reason whatsoever.

technology

Online Dating in 2021: Cyber Safety Precautions for Women.

Online dating has become a common phenomenon, with many apps and their ever-increasing user base. This new trend may turn out to be unsafe for various users. The solution is not to completely stop using them, but to ensure that you use them safely. It is not a hidden fact that men and women experience cyber crime differently. More so, women are more likely to face cyber stalking and online harassment than men. This article suggests a list of cyber safety practices for women that you must follow.

From what we have seen in the cases we receive, the reasons for women being the primary victims can be:

Lack of awareness of using dating platforms.
Negligible interest in knowing about security measures.
Perpetrators may find it easy to blackmail a victim for being present on online dating sites due to cultural stigma.
Lack of familiarity with technological advancements.
After taking a detailed look at the available cases, I have prepared the following guide. You can adopt the following security and safety measures while using online dating platforms.

Suggested Cyber Safety Practices
You should not use a profile picture that reveals your city or locality. If a dating application shows individuals living nearby, it may be possible for them to determine your location easily.
Avoid uploading so-many of your photos on your dating account. A perpetrator can perform a reverse search on your pictures to gather plenty of information about you.
You should not publicly share information about your political interest. I have seen cases where a victim’s political interest was a trigger for anger or vengeful behaviour.
Minimise sharing personal information that is very specific to you – for example, your height, weight, and other physical characteristics. A perpetrator can use these pieces of information with your photos to make a fake profile and give it credibility.
Perpetrators often share too much personal information about themselves to build trust. In most of the cases, it is fake. So, you should not fall right into this trap and avoid sharing sensitive information just because the other person is doing so. Perpetrators use this as a tactic to extract information from you.
I have seen cases where perpetrators invest around 3 to 6 months. They aim to give a false sense of safety to the victim. You should not trust someone merely because you know them for 5 months.
You should avoid meeting in person without conducting a comprehensive background check.
If you decide to meet the person you met online, share the meeting specifics with someone you trust.
Endnotes
Online dating platforms can be actually useful when it comes to finding new friends or a partner. However, one must not oversee the possible dangers that may come your way. In such a situation, it becomes imperative for you to be conscious about your online safety. While the tips given above can help you greatly, always think twice before sharing your personal information on online dating platforms. And if you are stuck in a problem, you can always reach out to us!

technology

WhatsApp hacking: the new method hackers are using.

The only information needed to connect to someone’s WhatsApp account is a valid phone number and a verification code.

Who would have thought that the way of logging into WhatsApp accounts could be misused to hack user data without their knowledge?
How is it done?

If you receive a message on your phone explaining that an error has been made and that you have received a message containing a code from another person allowing them to connect to WhatsApp, above all, do not disclose this code!
Here is why:

Anyone who has access to this code, along with your phone number, could enter your account, and block you in such a way that you can no longer access it.
How does it work?

The only information needed to connect to someone’s WhatsApp account is a valid phone number and a verification code that you will receive at this number by SMS, used to verify the authenticity of the person wishing to connect.
Unfortunately, some people have decided to take advantage of this ease of use against WhatsApp’s users.
All they need to know is the phone number of their potential victim.
By registering on the application with this phone number that does not belong to them, these same people cannot access the accounts without the access code which was sent to the phone of the victims. Then, the victims receive the following message:
“Hey, I accidentally sent a WhatsApp verification code to your phone. Can you send it to me?”
If a victim responds to this message with the code they received by text message, the perpetrators are in possession of the victim’s telephone number, and also of the identity verification code.
In other words, they have it all.
Nothing then bars their access to their victims’ WhatsApp accounts, from which they can block them.
A tip, as WhatsApp specifies in its terms of use: Never disclose this code to anyone.
“You should never share your WhatsApp verification code with others. If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can’t complete the verification process and use your phone number on WhatsApp. This means you remain in control of your WhatsApp account.”

“WhatsApp doesn’t have sufficient information to identify the individual who is attempting to verify your WhatsApp account.”

So be careful – the security and the use of your WhatsApp account depends on it!