#mobile security

BTSARMY Security Awareness Edition

Securing Mobile Devices Part 1: Identifying Fake Apps (with Mister World Wide Handsome Kim Seokjin)

Contributors:

ddaengsec

emandro1d

ArmyCompsci

Devika⁷

btsarmysafety

Last Updated: 29 March 2023

Google's Project Zero found numerous vulnerabilities in the Exynos chipset used by a variety of Android phones. The most severe of them could allow an attacker to remotely compromise a phone, without the phone owner needing to do anything. The attacker just needs the phone number. That said, it doesn't seem to be under active exploit yet, at least as far as public news goes.

Affected Devices: Only phones with certain Exynos chipsets are vulnerable. Adding to the confusion is the fact that in some cases, the same phone model has different chips, depending on where in the world it was sold.

The Samsung S22 is one example: the version sold in Europe has Exynos, but those sold in many other places have a Qualcomm chip.

Affected Chipsets: Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5123.

Google provided this list of likely affected devices based on the chipset list:

Samsung Galaxy phones including those in the S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12, and A04 series

Vivo phones including those in the S16, S15, S6, X70, X60, and X30 series

Google Pixel 6 and 6 Pro, Pixel 6a, Pixel 7 and 7 Pro

Any vehicles that use the Exynos Auto T5123 chipset

Exploited?: I haven't yet found information saying the vulnerabilities are known to have been exploited, but the Project Zero researchers stated "With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely".

Mitigation: Google recommends you turn off Wi-Fi calling and Voice-over-LTE (VoLTE) on the affected devices. However, they have acknowledged that depending on carrier, you may not be able to turn off VoLTE.

Furthermore, you may not be able to use your phone for voice at all if VoLTE is off, depending on carrier, etc. So realistically, your best bet is a patch. See below.

Fix: As of the latest update to this post, Google has said the Pixel 7, Pixel 6, Pixel 6 Pro, and Pixel 6a have the critical vulnerabilities patched in the March 2023 security update.

It looks like at least some of the Samsung models have some patches available, so install any security updates you have pending and keep an eye out for more.

Reference:

Ars Technica article

Google Project Zero entry

What is a DDoS attack, and how can it affect you?

What is a DDoS attack, and how can it affect you? What is a DDoS attack, and how can it affect you? |  DDoS attacks are overgrowing today, especially a few months ago at the same time that services such as Twitter, Netflix, or Spotify were used to render them inaccessible. Such cases have stopped being the word that only computer security experts know how to be a person we should better…

I started noticing this one afternoon while I was waiting in line. I unlocked my phone to reply to a message, then ended up opening an account I had already checked earlier. Nothing had changed. I didn’t expect anything to change. But I still opened it anyway.

That was when it clicked for me: there is a difference between signing in and checking in out of habit.

When opening an app stops being a decision

Signing in usually means you have something in mind. You want to look at a specific detail, confirm something, or finish a task. There is a reason behind it, even if it only takes a few seconds.

Checking in feels different. It happens when you open something just to see if anything is new, even when you do not expect anything to be. It shows up in small moments, like opening an account before bed, checking again during a commute, or tapping the same app a few minutes after you just closed it.

On mobile, this is easy to fall into. Phones are always within reach, and everything is connected. In the Philippines, one device often handles messaging, payments, entertainment, and account access. Because of that, switching between apps becomes automatic. You do not always stop to think about why you are opening something. You just do it.

Over time, account access becomes a routine instead of a choice.

Why login pages matter more than they seem

Part of the reason this happens is convenience. Saved passwords, auto-fill, and quick OTP delivery remove most of the friction from signing in. That is useful when you actually need access. But it also means there is almost no pause before entering an account.

That pause used to matter more than we realized.

Without it, it becomes easier to sign in while distracted. You might be watching something, talking to someone, or scrolling through multiple apps at once. In that state, you are less likely to notice small details, like whether you are on the right page or whether you even needed to open the account in the first place.

A login page like JLMMM log in can be treated as a checkpoint, even if it does not feel like one anymore. Taking a second to recognize where you are and why you are signing in helps prevent that automatic flow, where one tap leads to another without much attention.

The small risks people ignore

This becomes more important in everyday situations that people do not think twice about.

Shared phones are a common example. Someone borrows your device to check something quickly, or you hand it over for a call or to use mobile data. If accounts are already logged in or passwords are saved, access becomes immediate. That is convenient, but it also means control over those accounts is looser than you might expect.

Another situation is OTP fatigue. When you receive verification codes often, it is easy to treat them as routine. You see the message, enter the code, and move on. After a while, you stop paying attention to what the code is for. That can lead to mistakes, especially if you are signing in while distracted or responding to something quickly.

There is also the habit of opening accounts just because there is a notification or because the app is already in front of you. Not every alert needs an immediate response, and not every account needs to be checked multiple times in a short period.

Making sign-ins more intentional

This does not require strict rules or major changes. It mostly comes down to being more aware of how often you open accounts and why.

A simple way to do that is to pause for a moment before signing in and ask yourself what you are trying to do. If you have a clear answer, then it makes sense to continue. If not, it might just be a habit kicking in.

Other small adjustments can help as well. Log out on shared devices. Avoid saved passwords on phones that other people use. Take a second to read OTP messages instead of entering them automatically. Avoid signing in while multitasking or distracted.

These are not complicated steps, but they add back some intention that mobile use often removes.

The part that actually matters

Phones are built to make things quick and easy, so it is normal for habits to form around them. The goal is not to stop using apps or to overthink every login.

It is just to notice when signing in is something you chose to do, and when it is something you did without thinking.

বর্তমান সময়ে স্মার্টফোন আমাদের দৈনন্দিন জীবনের একটি গুরুত্বপূর্ণ অংশ। ব্যক্তিগত তথ্য, ছবি, ভিডিও, এমনকি ব্যাংকিং অ্যাপ—সবকিছুই এখন একটি ফোনের মধ্যেই থাকে। তাই হঠাৎ করে ফোন হারিয়ে গেলে অনেকেই দিশেহারা হয়ে পড়েন।

তবে আতঙ্কিত না হয়ে সঠিক পদক্ষেপ নিলে আপনি সহজেই বড় ক্ষতি এড়াতে পারেন। এই পোস্টে আমরা জানবো—ফোন হারিয়ে গেলে কী করা উচিত এবং কীভাবে নিজের ডাটা নিরাপদ রাখা যায়।

ফোন হারালে প্রথমে যা করবেন

ফোন হারানোর পর প্রথম কাজ হলো নিজের নম্বরে কল করা। অনেক সময় ফোনটি কাছাকাছি কোথাও পড়ে থাকতে পারে বা কোনো সৎ ব্যক্তি পেয়ে থাকলে রিসিভ করতে পারে।

এরপর দ্রুত ফোন ট্র্যাক করার চেষ্টা করুন। Android ব্যবহারকারীরা Find My Device এবং iPhone ব্যবহারকারীরা Find My iPhone ব্যবহার করতে পারেন। এর মাধ্যমে ফোনের লোকেশন দেখা, লক করা এবং ডাটা মুছে ফেলা সম্ভব।

ডাটা সুরক্ষা সবচেয়ে গুরুত্বপূর্ণ

ফোন হারানোর পর সবচেয়ে বড় ঝুঁকি হলো ব্যক্তিগত তথ্য ফাঁস হওয়া। তাই দ্রুত:

Google Account এর পাসওয়ার্ড পরিবর্তন করুন

Facebook ও অন্যান্য সোশ্যাল মিডিয়া লগআউট করুন

Mobile Banking (bKash, Nagad) নিরাপদ করুন

সিম কার্ড ব্লক করুন

বাংলাদেশের যেকোনো অপারেটরের কাস্টমার কেয়ারে কল করে খুব সহজেই সিম ব্লক করা যায়। এতে করে কেউ আপনার নম্বর ব্যবহার করতে পারবে না।

ফোন খুঁজে পাওয়ার উপায়

যদি আপনার কাছে ফোনের IMEI নম্বর থাকে, তাহলে সেটি দিয়ে আইনগতভাবে ফোন ট্র্যাক করা সম্ভব। এজন্য নিকটস্থ থানায় একটি জিডি (GD) করা ভালো।

গুরুত্বপূর্ণ টিপস

সবসময় ফোনে PIN/Password ব্যবহার করুন

গুরুত্বপূর্ণ ডাটার ব্যাকআপ রাখুন

ফোনে লোকেশন ট্র্যাকিং চালু রাখুন

👉 বিস্তারিত গাইড পড়ুন

ফোন হারালে করণীয় সম্পর্কে সম্পূর্ণ ধাপে ধাপে গাইড জানতে নিচের লিংকে ক্লিক করুন:

👉 ফোন হারালে প্রথম ১০ মিনিটে কী করবেন

🏁 উপসংহার

Google is changing how sideloading works on Android, adding new steps instead of removing the feature entirely. Installing apps outside the Play Store will still be possible, but it won’t be as quick or simple as before.

A new “advanced flow” introduces a one-time setup process for users who want to install apps from unverified developers. This includes enabling developer settings, confirming actions, restarting the device, and even waiting 24 hours before completing the process.

Google is also rolling out developer verification, meaning apps will increasingly be tied to verified identities. The goal is to reduce scams and malware, especially cases where users are pressured into installing harmful apps.