Importance of educating the public to avoid fraud: Experts

PETALING JAYA: With Macau and other scams becoming common, and victims in the country losing hundreds of thousands or even millions of ringgit from their bank accounts daily, cyber security experts have called for urgent public education programs.

Universiti Sains Malaysia Assoc Prof Dr Selvakumar Manickam said generally all messaging apps such as WhatsApp, Telegram and WeChat are being hacked.

He said most hacking incidents are caused by user negligence and the accidental download of malicious apps, which are beyond the control of the main messaging app’s security design.

He added that there are several ways apps can be hacked.

“One of the ways is through social engineering, where users are tricked into thinking a hacker is another user on a group chat. This inadvertently connects devices and allows them to gain access through web interfaces.

“The hacker then controls third-party apps installed on the user’s phone to steal information and control the device without the user ever knowing. It’s best to read community reviews of an app before installing it. Also, download apps that have been verified, such as by Google Play Protect.

“Attackers will exploit vulnerabilities in messaging apps, which the app developers are not aware of. This is called a zero-day attack.”

Selvakumar said encryption is between devices and not users.

“When a message leaves an app, it’s encrypted and it’s decrypted when it’s received.

“This ensures that no hackers can steal or manipulate messages while they are in transit across the network. It prevents what we call man-in-the-middle attacks.

“However, when the messaging app decrypts it, it is no longer the job of the app’s encryption engine, but it is now up to the user to ensure that he is not socially engineered or hijacked by third-party apps.”

Selvakumar said all genuine app developers have built security and privacy mechanisms into their software, and the apps are regularly updated with new patches and countermeasures.

“But if users don’t do their part to ensure they don’t fall victim to tricks or install potentially harmful apps, there’s only so much technology can do to protect them.”

He said hacking is a global problem and will never go away as long as we depend on smart devices and the internet.

“This is why the government must launch an education program so that people do not become victims of hackers. The government must create a comprehensive awareness and education program for Malaysians from all walks of life, starting with school children.”

eSecurity and Privacy Channel and Cybersecurity Malaysia founder Assoc Prof Datuk Dr Husin Jazri said hacking into messaging apps is not that easy if it is well-funded, but it is not impossible if the technique involves zero-day attacks.

“In many cases, the attacker does not need to hack into apps, but rather use publicly available information obtained from social media and reuse it to spoof intended victims.

“Messaging app codes are not encrypted. They are compiled and converted into binary codes that are understood by the system. What is encrypted is the message that is sent between sender and receiver end to end. Any interceptor in between cannot read these messages during transmission and storage.

“These messages can be read by the service provider and those authorized by them. Again, message codes that make up the app are usually not encrypted.”