How Hackers are Utilizing Mobile Sensors for Phishing Attacks

By Enterprise Security Magazine | Monday, January 27, 2020

The cybercriminals have started using new advanced methods to hack the account of the common people or the companies, and one of the attacks recently adopted by them is Mobile Sensor.

FREMONT, CA: According to security experts, hackers are using new and unique advanced technology while launching phishing attacks. New technology abuses the sensors that are already there in a smartphone that, too, for more than a decade.

Sensors are Abused for the Phishing Attack

According to the security experts, the attack abuses are experimental aspects that are available in some particular web browsers like device motion and orientation events. Furthermore, the phishing attack also exploits the gyroscope and accelerometers in smartphones.

Moreover, it is also possible to activate the same sensors on some particular mobile browsers. The sites can recognize if it is a mobile or not by inspecting the presence and state of the controls and then act according to it.

How is the Attack Conducted?

The hacking begins with a text message that seems to come from a high profile target like the financial organization. The text even uses the social engineering technology that allows the victim to click on the URL provided that says to contain an important notification. 

When the victim visits the URL, it presents a blank page, and if they repeatedly try to view the page, it will show 404 errors from the server. The errors designate that hackers are using different layers to protect themselves. 

With the stolen data, the hackers have the liberty to search online about their victim, confirm their cell number, and then call the carrier. The cybercriminals have to answer a few questions from the carrier, which they can do by using the victim’s personal data. 

When the scammers convince the carrier that they are the actual user, it becomes easy for them to switch the number to their SIM card that belongs to them. Once in control with the phone number, the hackers can send SMS-based 2FA checks that protect the online bank account of the user. The passwords are the ultimate key to the accounts, and once the cybercriminals reset the password, they can easily take over any account and use it as per their wish. 

Weekly Brief