Mobile phones are an integral part of our lives in the present era. We use mobile phones for exchanging important information, financial transactions and personal communication. But with this convenience, risks have also increased. Hackers are trying to hack digital devices and mobile phones using various new techniques.
New technique in phone calls:
Recently, hackers have started using a new technique where they continue a conversation with a user over a phone call and at the same time another hacker remotely runs ‘exploit commands’. These commands can be used to install malware, steal sensitive data or control the device.
How the new technique works:
IP address theft: The hacker first steals the IP address of the victim’s mobile phone. This is done using phishing links, malware or other deceptive methods.
Phone calls: Hackers call the victim and engage in a conversation. Through this call, the hacker can create distraction in the victim’s attention, show temptation and take advantage of enough time to carry out the attack.
Exploit Command: While one hacker is on a phone call, another hacker remotely targets the victim’s mobile device and executes ‘exploit commands’. These commands can be used to install malware, open ports on the device, disable firewalls and antivirus, steal sensitive information, or take control of the device.
Successful Hacking: If hackers succeed in taking over the device, they can remotely log in to the victim’s mobile phone from anywhere and take full control of the mobile phone and steal data from the phone, installing malware.
Risk: This recent technique is very dangerous. Because it gives the victim complete control of the mobile phone without informing the victim.
Case Study 1:
Ayesha Siddique, a school teacher from Boyra area of Khulna district, came to me with a problem. Her complaints were as follows-
1: Some abnormalities are being noticed on the phone.
2. My Facebook ID is being used by someone else.
3. The model number and information of the mobile phone shown in the device manager of my Telegram ID is not the information of my handset.
4. My picture was given in the profile of my WhatsApp account. But it was changed and another picture was set.
5. Most of the time I cannot access my WhatsApp account. WhatsApp sends me messages saying that my ID is logged in to another device.
I logged in to her Facebook ID with the victim’s permission. In this, I saw that there was indeed an unknown device in the login history. It was confirmed that the phone had been hacked and I also informed the victim about the matter. With the victim’s permission, the security of the device and accounts was ensured by removing the unknown devices from Gmail and other accounts and taking control of all the accounts and devices. Through this, the victim’s problem was solved.
After a while, the victim called me and told me that he was being called repeatedly from some unknown WhatsApp number. The screenshot he provided showed that 20 to 25 calls had been made, but he did not receive them.
After a while, another foreign number started receiving calls in the same way. That is, when the hackers realize that their victim has lost control of the device, they are in a state of confusion. They continue to try their best to regain control of the victim’s device.
When the rate of phone calls was getting beyond the limit of patience, the victim gave me access to his WhatsApp again for observation. I sent a text message to the suspicious WhatsApp number about the punishment for cybercrime, the identification of international criminals and the provision of arrest through Interpol. And with that, text messages and phone calls from that rogue number stopped coming.
Case Study 2:
A video was published on the social media platform Facebook on April 8. In which a victim is quoted as saying that if you receive a phone call from a number with +92 or +99 at the beginning, or if you call back to that number and talk, all the information on the mobile will be lost to the hacker! Not only that, the video claims that hackers can also steal money in mobile financial service (MFS) accounts like bKash, Nagad, and Upaya even without sharing any kind of PIN. The video went viral until last Friday (April 12).
According to various media reports, many mobile phone users panicked after seeing the video on social media. They hesitated to accept calls from relatives or acquaintances from abroad. They say that the reason is that the video says that WhatsApp or Instagram IDs can be hacked in these phone calls. Users were seen discussing this video in various public groups on Facebook, WhatsApp, and Messenger. They are panicking and confused and are not accepting phone calls from foreign numbers.
How this type of hacker attack works:
This type of attack through phone calls is more possible on devices using RISC processors. Because they cannot handle multiple tasks at the same time. By calling WhatsApp or IMU, the smartphone processor is made busy through IP calls. At the same time, another hacker takes advantage of the device’s vulnerability by exploiting it and enters the system and takes control. In this case, not only +99, +97 numbers, but also from any domestic or foreign number can make IP calls to the customer. In this case, having an IP address is mandatory, otherwise it is not possible.
What to do if you receive an unknown phone call:
It cannot be said that the idea of being a victim of damage by receiving a phone call is not entirely correct. Again, it is not entirely correct that the call cannot be received. In this case, if there is silence from the other end after receiving the phone without saying anything, then hang up the phone. If the phone starts giving offers or advertisements, then hang up too. If you are invited to install apps or play games to win, hang up the phone.
Do not prolong suspicious calls. If someone tries to exploit you by keeping you on the phone call and trying to access your device, the process will fail if you do not prolong the connection.
Be careful with phone calls from unknown people or organizations and do not share any important information.
Do not click on suspicious web links and do not download applications from unknown sources. Also, use strong passwords for your mobile phone.
