Even mobile sensors can become phishing attacks

Even mobile sensors can become phishing attacks

The complexity and sophistication of cyberattacks are always in line with the development of the internet world. Recently, an international security expert group discovered that a hacker is using a new and unique technique to launch a phishing attack in a way that is less unexpected, that is, misuse of the sensor system. built into the smartphone as a support tool.

Abuse mobile sensors as a phishing attack tool

According to a report by security experts from cybersecurity organization PhishLabs, such attacks will abuse a feature available in some popular web browsers, allowing identification and information gathering. on the direction and movement of the device. In other words, this type of phishing attack will abuse two types of sensors built into every mobile phone, tablet: Gyroscope and accelerometer.

“By checking the presence and status of these types of control sensors, a website can identify mobile device information and give corresponding responses,” the PhishLabs report said. .

Abuse mobile sensors as a phishing attack tool

Method of implementation

A typical mobile sensor-based attack will start with a fake text message, usually from a financial institution or reputable brand. The attacker will attach to this phishing message a malicious URL, and trick the victim into clicking on this link using typical social techniques.

Usually, after clicking on a malicious link, the victim will be redirected to an empty website. By reflex, the victim will close the tab containing the empty website and continue to click on the link again. On this second visit, the result will be a 404 response from the server. This shows that attackers are leveraging multiple layers of countermeasures to stay undetected.

So how do mobile sensors play a role? Malicious agents will use calls to the gyroscope and accelerometer to determine what type of device the victim is using, collect some relevant information, and then use the data collected. to deploy the most optimal attack plan.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *