It is surprised to know that BackStab technique helps criminals get their hands on your private data, via unprotected phone backups is not a new discover these days.
In this age, there is no doubt that our mobile devices carry more personal and business information than any other electronic devices. Then attackers surely want to have access to them. But sometimes they can’t find a way in, and come along with the second-best option: stealing mobile backup files from the victims’ computer.
BackStab technique helps malware steal local mobile data backups
A recent report from Palo Alto Networks describes an attack technique dubbed BackStab where malware steals local mobile data backups and uploads them to a server under the attacker’s control.
Instead of stealing data from mobile devices per-se, the technique gets it from computers where users create backups for their phones, or where software solutions create automatic backups of their phones whenever they connect it to their computer.
“Law enforcement of cials and jealous lovers around the world have used simple tools to capture and extract private phone information from computers to which they have gained access.”
The researchers have identified 704 samples of six Trojan, adware and HackTool families for Windows or OS X systems that steal private user data from backup files of iOS and BlackBerry devices ( as the table below).
The researchers have identified 704 samples of six Trojan, adware and HackTool families
As it can be referred from the table, the trojans that employ BackStab can steal backup data from both Mac and Windows infected computers, and can only discover and exfiltrate iOS and BlackBerry backup files. Apparently, there’s no support for Android backups. Thus, iOS users were/are the most targeted. It’s also interesting that, for once, Android users are mostly safe from (these) attacks. “Unlike iOS and BlackBerry, there isn’t any desktop software developed by Google for Android device backup,” the researchers explained.
Nevertheless, there are other ways for Android backups to be stolen, but this particular technique is not effective enough.
Since most mobile backup tools don’t employ encryption, hackers can open these data easily and access to sensitive information within minutes.
Things are worse than we’d think because the technique does not require the malware to have higher-level privileges or root access to the device or the infected computer.
Attackers can get the personal information from unencrypted backups
For a BackStab attack to be effective, the malware or adware doesn’t have to have any special privileges on the infected computer, and the mobile devices from which the backups are extracted don’t have to be jailbroken or rooted.
Attackers can get the following information from unencrypted backups: call logs, messages (SMS and MMS), voice mail, contacts, email, calendars, noted, photos, audio and video recordings, web browsing history, cookies, geolocation history, documents saved on the device, device info, and more.
BackStab is not a newly discovered technique, Palo Alto reporting on five-year-old samples that have been found in computers spread across 30 countries.
Even, in fact, the technique has been familiar to the security and forensic community for over seven years. There are many public articles and video tutorials describing how to conduct the attack using tools and/or open source projects available to the public. In fact, even though the technique is well-known, there are just a few users are aware of the fact that malicious attackers and data collectors have been using malware to execute BackStab in attacks around the world for years,” they noted in a recently published whitepaper.
Security researchers recommend users to use a backup solution that supports encryption, always update to the latest version of their mobile OS, use an antivirus product, and do not click “Trust” on the popup that appears every time they connect their phone to a new computer