Palo Alto Networks unravels ‘BackStab’ technique which allows criminals to get access and steal your private data, via unprotected phone backups.
The security company, Palo Alto Networks has disclosed details of a new “BackStab” that steals local mobile data backups and transfers it to the C&C server. A white paper from the company’s Unit 42 threat intelligence team explains that this data is not taken from mobile devices, but from computers where users create backups for their phones, or where software solutions create automatic backups of their phones whenever they connect it to their computer.
BackStab has been employed by law enforcement and cyberattackers alike to steal SMS and MMS messages, call logs, contacts and address book information, calendars and notes, photos, email, recorded audio and videos, browser bookmarks, web browsing history, cookies from visited websites and geolocation history. The malware exploits the fact that many backup tools don’t implement encryption, so the malicious code easily finds the backups and access data it contains.
As explained by the experts, the BackStab malware doesn’t need to have higher-level privileges or root access to the device or the infected computer.
The whitepaper noted, “iOS devices have been the primary target, as default backup settings in iTunes have left many users backups unencrypted and easily identified, but other mobile platforms are also at risk.”
“While the technique is well-known, a few are aware of the fact that malicious attackers and data collectors have been using malware to execute BackStab in attacks around the world for years.”
Nicolai Solling, technical services director at Help AG, said that, hackers are able to steal private data from their mobile phones by remotely penetrating the unencrypted backup of their device, which is created in iTunes, in iPhone users’ case.
He said the attack targets mainly phones that run on iOS, Apple’s mobile operating system.
Solling further said, “The Backstab attack is quite interesting as it is an attack specific on iOS devices, which historically have seen less malware than other mobile platforms.”
“Backstab therefore highlights the innovation of the attackers by attacking the weakest link, in this case the backup of the iOS device, which is created in ITunes. So the infection or vulnerability is not on the iOS system, rather on how one of the supporting applications iTunes is handling the data.”
“This attack is actually known, but what is interesting is that the attackers are targeting the backup on the client’s machine. It highlights that any person or organisation needs to understand the immediate, as well as possible attack vectors on their IT infrastructure.”
Ryan Olson, director of threat intelligence, Unit 42, Palo Alto Networks said, “Cybersecurity teams must realize, just because an attack technique is well-known, that doesn’t mean it’s no longer a threat. While conducting our research into BackStab attacks, we gathered over 600 malware samples from 30 countries around the world that were used to conduct remote BackStab attacks.”
To protect your mobile phones from getting hacked, follow the below recommendations:
– iOS users should use the iCloud backup system or encrypt their local backups in iTunes and select a safe password.
– Regardless of the make or model of your smartphone, upgrade iOS devices to the latest version, as it creates encrypted backups by default.
– Users should not click the “Trust” button when the dialog box is displayed, while connecting an iOS device to an untrusted computer or charger via a USB cable.
– Never ever root or jailbreak your phone.
– Only install applications you trust.
– Always update the applications on the device.
– Don’t do anything on your device that you don’t want others to see or hear; sharing locations or tracking devices should ideally be kept private.