In 2014, Hollywood was turned upside down when personal photos of several high-profile actresses were hacked and released on the Internet. Apple quickly scrambled to fix the problem, citing that it was an issue with their “Find My Phone” app and the iCloud service. Although this type of “brute force” attack is relatively rare, it does underscore a problem that has become increasingly more prevalent—the hacking of smartphones. Now fast-forward three years and the Internet is being plagued by “Ransomware” attacks. It should go without saying that it was only a matter of time before these malware programs started to focus on smartphones. That time has now arrived.
What is ransomware?
Ransomware is a type of malware designed to completely lock a computer or smartphone until a ransom has been paid to the hackers at which point the data and device access will be returned. For the most part, such hacks have been limited to computers such as with the recent WannaCry attack that crippled systems in multiple countries. Smartphones, however, are also becoming targets. One Android device was recently the victim of such a hack and the phone was locked with this message:
“You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc. . . We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.”
This is typical of a ransomware demand. As you can see, the victim is relatively helpless here. They cannot restart the phone because it simply reloads to the same screen. Turning the phone off isn’t going to stop the data from being stolen because it already has been. What is even more ominous is the threat to “friends and family” implying that they could be targeted as well. The malware was first confined to Eastern Europe but has since expanded to the rest of Europe and the United States as well as Asia.
Be wary of apps.
What is even more disturbing about these ransomware programs is that many of them are being commercially sold hidden inside of apps on the Google Play Store. One such app, Energy Rescue, was designed to make your phones battery last longer. However, the malware embedded in the app actually stole the phone owner’s contacts and SMS messages. The user was then sent a ransom demanding about $200. Security experts have long warned Android users about the dangers of using apps from sources outside of the Google Play Store. In theory, the apps on the store are safe because they have gone through Google’s security checks. However, this ransomware had been passed through and customers were infected with the virus. Another curious feature of this ransomware program is that it “checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus,” leading experts to believe that the software was designed by Russian hackers.
Android users should be especially careful.
Another more recent smartphone/ransomware example was the announcement from the Computer Emergency Readiness Team (CERT) that Android phones could be infected with a program called DoubleLocker. This software was inserted into fake Adobe Flash Player apps. This particular app gives itself admin rights and then makes itself the default home app. That way, it can reactivate itself every time a user selects home. Not only does the app lock the phone so it cannot be used, it even changes the user’s pin number so that access can be denied that way as well. The program threatens to delete the user’s banking information if the ransom isn’t met within 24 hours. However, it actually does not do this, but only keeps the phone locked so that it cannot be used at all until the $54 ransom is paid. However, users do have another option—they can do a full factory reset that deletes everything off the phone and takes it back to the original configuration. Although the loss of data from the phone may be problematic, it still could beat paying a ransom or having a phone that is completely bricked.
Another ransomware infestation also hit this month, this one called Lokibot. The code behind this Trojan is unstable, so it doesn’t always work as expected. However, it has been selling online through hackers who share such files for as much as $2,000. Thankfully, this ransomware does not delete or encrypt the files, but renames them. This is an inconvenience, to be certain, but not a disaster as it is with other viruses.
How, then, do you protect yourself from this threat?
First, when you receive a text or email, do not click on any links embedded in them unless you are absolutely sure that you know who they are from and where they are taking you. Also, update your phone and apps regularly. If a weakness or vulnerability is found, these can be fixed with updates and patches, meaning that the more recent versions will be more stable and secure. Finally, it may be a good idea to consider switching over from Android to an iPhone. As was already seen, some ransomware apps have already slipped through the Google Play Store. Apple does more rigorous testing on apps sold through its store. In addition, if a weakness is found, Apple can push an update to all of its iPhones, something that Android cannot do. If you do stick with an Android phone, however, make sure that you do not download third-party apps as these are more likely to be infected with viruses.