WWW: The Hackers’ Haven
"Last year, Whatsapp changed its encryption algorithm several times and, every time, it was breached,” says Saket Modi, hacker, entrepreneur and CEO of Lucideus Technologies, which just created an app that monitors wayward activity on your smartphone. That’s geekspeak for: “Your WhatsApp chats, including deleted ones, would have been accessible to any hacker worth his salt”. And we are talking about a company that was valued at $19 billion at some point during the year. Only in November 2014 did WhatsApp finally embrace end-to-end encryption, which will ostensibly address the issue.
Photo Credit :
Interestingly, your online financial payments may be relatively more secure, thanks to Reserve Bank of India’s dogged persistence in continuing with the two-step verification process for electronic payments (a one-time password and PIN verification). The central bank drew a lot of flak for barring taxi app Uber from storing payment information and automatically deducting charges at the end of a ride. But Modi isn’t impressed. He likens the two-step verification to a batsman going onto the pitch wearing just a helmet. “The rest of your body is still exposed,” he says.
But what is the problem if somebody has all the details, you may ask. Is the potential risk greater than the possibility of a perfect match? A PTI report from 2009 talks about a confession by an Indian Mujahideen operative who used information from such sites to get a student identity card as well as a driving licence. Mukul Shrivastava, a partner in the forensic practice at EY, gives you another alarming scenario. Let’s say somebody trawls your Facebook, what is the amount of information that such a person can get access to? Your daily routine, your physical movement, your favourite restaurant or whether you will be at home at a certain time (from a status message like “Can’t wait to watch the Devils trouncing Liverpool at ManU Café tonight!”). Even if a physical attack is not on the agenda, much of the information can be used to guess security questions (favourite cat, first school) and find out required details for phone banking (date of birth, email address, mother’s name). An HDFC Bank official says there is a rise in vishing (the voice equivalent of phishing) attacks, where people with access to bank account numbers as well as personal details pose as bank executives and lure customers with special benefits and convince them to divulge their banking passwords.
With the IoT, you have devices talking to one another, opening up multiple places to be breached, says MobME’s Gopal. From your shoe to T-shirt, everything becomes a potential bot. India should be concerned. Research by securities provider Symantec says India tops the list of countries wherein Distributed Denial of Service (DDoS) attacks originate. DDoS attacks are those where hundreds of bots target a website (say, an e-commerce company) on its big discount day, thereby slowing down traffic to the site. The report says a bot’s services can be bought for as low as Rs 300 to bring down a site for a few minutes. Monthly subscription plans are available for lengthier attacks.
Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.