Thiruvananthapuram, May 10
The Covid-19 pandemic has accelerated use of mobile health apps and virtual care. Gartner predicts that threat to APIs of mobile health apps is ‘real’ and that by 2022 API attacks will become the most frequent attack vector for application breaches.
There are genuine apps, too, that come with wearable devices such as Apple Watch and Garmin, notes Nandakishore Harikumar, Founder and CEO, Technisanct, a three-year-old big data cybersecurity startup headquartered in Bengaluru.
Opportunity for criminals
But these apps also provide an opportunity to cyber criminals, Harikumar told BusinessLine. He cited an instance in June last year in which messages widely circulating on Whatsapp advised clients to install an app which claimed to detect oxygen level by ‘just keeping fingers over the camera.’
After installing, multiple permissions including access to phone gallery and SMS were asked for by the app. But these are data that could be potentially used by cyber criminals to access confidential information. By placing the finger, one would have also revealed biometric information to them.
The SMS and biometric data could be potentially used for instigating banking frauds. No information was available with respect to origin of these apps, Harikumar said. “From an advisory perspective, it’s good to cross-check with verified sources when you receive a message with a request to install any app.”
Non-tech savvy elderly group
In this context, he mentioned the vulnerable case of aged people not being tech-savvy but forced by circumstances to go digital overnight. The elderly group does always seem to advocate Whatsapp forwards. The crucial issue is verification of these messages, says Harikumar.
“In the virtual world, we rely on friends in our network for information and it is unexceptional that we receive forwards in family as well as friends’ groups. This is also replete with the possibility of an elder ending up installing a malware app that could cost him/her even banking passwords.”
Many elders do not use the two-factor authentication to protect accounts. Some of them have been found to use old passwords that would have been breached already. Harikumar recalled that the Co-Win platform had faced instances of ‘themed phishing’ relating to Covid vaccine registrations in the initial stages.
Data breach with impunity
Ever since the pandemic broke out, numerous instances have been reported where data has been breached with impunity, especially with ransomware gangs getting busier than ever in the Dark Web. There is even a huge demand for ‘ransomware as a service’ targeting the competition, Harikumar said.
A lot of stolen digital footprint data is popular in the Dark Web. This could be used to target individuals, he warned. “We have been working with a few brands wanting to check whether their data has been leaked. VIP executives of companies could become victims of potential phishing attacks,” he added.