How to Tell if Your Phone Has Been Hacked
Do Not Click Here—New Android Threat Deletes Everything On Your Phone
This new Android threat has a nasty twist
AFP via Getty ImagesThere have been no shortages of Android threats reported in recent weeks, and so it's no surprise that Google is both culling its Play Store of thousands of apps and adding live threat detection to phones with the release of Android 15.
But here's a nasty twist—a new threat is making headlines that goes beyond financial, credential and data theft, and wipes infected phones after an attack, leaving no trace and hindering any investigation into why your bank account is suddenly empty.
The new Android RAT (remote access trojan) was discovered by Cleafy, which dubbed it "BingoMod" and warned it can "bypass bank countermeasures used to enforce users' identity verification and authentication, combined with behavioral detection techniques applied by banks to identify suspicious money transfers."
ForbesSamsung Upgrades Millions Of Galaxy Phones-Click Here For New iPhone Beating SecurityBy Zak DoffmanBingoMod comes at victims via an SMS, and presents as a security app, pushing users to directly install the software. The campaign mimics the names of genuine Play Store security tools to trick users making cursory checks. Clearly though, if the app is on Play Store and is reasonably well known, then you should only install it from there.
Worse, because BingoMod purports to be an antivirus app it seems plausible when it requests access to a phone's Accessibility Services to scan for threats. In reality, it then "quietly steals sensitive information, including credentials, SMS messages, and current account balances… After a successful fraudulent transfer, the infected device is typically wiped, removing any traces to hinder forensic investigations."
BingoMod is not currently present on Play Store and so falls outside its defenses. This is timely. We are now seeing a major push back on sideloading apps in this way, and we have also seen another report this week into the frightening scale of SMS campaigns to push malware across Android's ecosystem.
To be brutally honest, the details of this specific RAT's concept of operations, its devious setup to avoid detection, even its use of on-device fraud to present as a trusted entity and defeat banking security measures, blends into the general noise around Android at the moment—especially when it comes to sideloading.
ForbesGoogle Warns 3 Billion Chrome Users-We Have No Update For New Tracking 'Nightmare'By Zak DoffmanYes, BingoMod's developers have included smart techniques to stop genuine AV tools finding and stopping it on a device. But the stark reality is that if you follow the golden rules to staying safe below, then you won't fall foul to this threat or any of the countless other RATs that come afterwards:
Google assures that Play Protect will defend phones against this new malware, but more importantly it will introduce live threat detection to phones upgrading to Android 15 later this year. This will monitor on-device app behaviors including access to high-risk permissions, including Accessibility Services.
This clearly can't come soon enough.
How To Enable (Or Disable) Two-Factor Authentication On Facebook
There's nothing more important than your online security in this digital era, from maintaining your privacy to protecting your accounts and passwords. There's always someone willing to take advantage of an improperly secured Facebook account, and it shouldn't be yours!
Aside from standard security protocols (a perfect password), Two-factor Authentication (2FA) provides a code to a secondary account or phone number before you get access. When you've correctly set up 2FA on Facebook, you will receive an SMS or email message with a one-time entry code. Typically numeric, this code expires after several minutes, and it is not related to your personal information in any way (it's not your birthday or the last 4 of your SSN).
2FA, like other forms of security, isn't without its flaws, of course. There may come a time when you're safer doing away with the authentication rather than maintaining it. If someone does have your phone, they can easily log in to your Facebook account using the 2FA feature. Many times, all it takes is clicking on This was me to bypass the unique and secure password you've set up.
This article reviews setting up 2FA on your Facebook account and also teaches you how to remove it. It mentions a few other security features the social media giant offers.
There are several ways you can enable 2FA on Facebook. The following sections show you how to enable two-factor authentication on various platforms.
How to Enable Facebook 2FA using a Web Browser
If you don't have two-factor authentication enabled already, follow these steps:
Now, anytime you log into Facebook, you'll need to verify a random code sent to that security method. But do beware; if you do not have access to that method, you may be unable to log into your Facebook account in the future.
How to Enable 2FA on the Android Mobile App
If you're an Android user and need to enable Facebook 2FA while on the go, follow these steps:
How to Enable 2FA on the iOS Facebook App
iPhone users can follow these steps:
After you've enabled 2FA, verify that the phone number is one where you can receive text messages and alerts.
How to Disable 2FA
If 2FA is no longer working for you or you need to turn it off for some reason, you can disable it by following the below steps.
Now, follow the prompts to remove 2FA. Once complete, you can log into Facebook without having a verification code.
Things to Do Before Activating 2FA
As stated above, 2FA is an excellent security feature, but there are some things you need to do first to ensure that you won't have trouble logging in later.
2FA is so secure that even you (the account owner) may have difficulty logging in if you don't set things up correctly. The first thing you need to do is verify that all of your contact information on Facebook is up-to-date.
Verify that Your Facebook Contact Details are Correct
Note: The built-in Facebook 2FA option prevents that same phone number from changing your password, which is why Facebook recommends using a third-party 2FA app.
Keeping your phone number up-to-date is crucial to your security and your ability to gain access to Facebook on a new account. If this number is outdated, you won't receive a security code, effectively locking yourself out of your account. You should also update your contact information every time you change your phone number.
Facebook Built-In 2FA Alternatives
If you don't have a phone number or want to use the built-in 2FA anymore, you aren't entirely out of luck. Facebook offers an alternative way to protect your account.
How to Use Third-Party 2FA Verification Apps for Facebook
A quick and easy alternative to the Facebook 2FA option is a third-party authentication app. Google Authenticator is a widespread and trusted application available for iOS and Android users, but you're free to choose any 2FA app you want, such as Authy for Facebook.
Now, you can log in to Facebook with 2FA using a third-party app without needing a phone number.
How to Use Facebook Friends to Unlock Your Account
Another Facebook 2FA alternative is to use your friends. Although this method is mainly used when you get locked out of Facebook, it still serves as a 2FA method since it uses keys. Your trusted friend sends a code and URL from Facebook to help you log back in.
Deprecated/Removed 2FA Options
In the past, Facebook included the "Add a Backup Method" section under "Security and Login," which had universal two-factor authentication (U2F) via a browser or 2FA-supported USB devices, as well as near-field communication (NFC) support, but it no longer includes them as an option. The Add a Backup Section got replaced with Setting Up Extra Security.
First off, Chrome deprecated the U2F security protocol in support of FIDO2/WebAuth security keys. Other browsers have followed in their footsteps. Second, Facebook decided to let you use three to five "trusted" friends to help unlock your account, which you'll find under the Setting Up Extra Security section.
Therefore, you only have two login options for Facebook: 2FA (via SMS or an authenticator app) and friends.
How to Update Your Phone Number
2FA mainly relies on your phone number unless you're using an authenticator app. But, what do you do if your telephone number is incorrect or outdated? Well, you can update it, of course!
The new phone number should appear, but if it doesn't, or you receive an error code, you can turn off 2FA and then turn it on again. Doing this will let you input a brand new phone number.
Frequently Asked Questions
Securing your Facebook account is all too important these days. We've included this section to answer more of your questions.
Do I need 2FA?
2FA or a similar alternative is highly recommended, especially for Facebook. The social media site has access to a lot of your personal information you probably haven't thought about, for one thing. You don't want a hacker having that information. Things like your location, identity, and even payment information are all stored on Facebook.
If your account gets hacked, Facebook may take it upon themselves to completely deactivate your account. This type of action means you won't get your account back, and you'll lose all of your pictures, friends, and meaningful memories.
What can I do if I can't receive the 2FA code?
Assuming you don't have a backup option established and you no longer have access to the phone number on file, you'll need to use an alternative method to log in. Your best option will be using a recognized device to get your security codes in the Settings.
If you don't have a recognized device with you, don't have your security codes, and don't have access to one of the forms of contact listed on your account, use the 'Trouble signing in' option from the login page.
I can't turn off 2FA on Facebook. What's happening?
There are a few possible reasons why Facebook won't let you turn off 2FA. If you have specific apps connected to Facebook, one may prevent you from turning off the feature because it's required for security purposes. Try removing any linked work or school apps, then follow the instructions again.
If you are receiving an error, try another web browser to turn the security feature off because it could be an issue with the browser itself.
Assuming you're using the correct password when logging in, you may need to contact Facebook support for more help. Generally, Facebook gives you no issues turning off this feature, so if you are running into a problem, it's likely account-specific, which is why you'll need the support team to help you out.
What do I do if someone else logged in and turned on 2FA on my account?
If you've already experienced an attack and the hacker turned on 2FA, you can't log in until the matter gets resolved. Fortunately, Facebook is prepared to help.
Visit this webpage to recover and regain access to your account so that you can turn off or manage 2FA.
Do I need a verification code to turn off 2FA?
No, but you do need one to turn it back on. You will need your password to access the security settings, but you will not need a text message verification code to turn it off.
Facebook Will Now Let You Use Physical Security Keys To Login From Your Mobile Phone
Earlier available on the desktop version, Facebook has now expanded the support of physical security keys for two-factor authentication (2FA) on mobile devices.Starting from Friday, the users can set up two-factor authentication and log into Facebook on iOS and Android mobile devices globally, including India, using a security key.
Facebook had allowed security key support for the desktop version since 2017.
"Since 2017, people on Facebook have been able to use physical security keys to log into their accounts on desktop to better protect their information from malicious hackers," the3 social network said in a statement, adding that people can now set up 2FA on on iOS and Android mobile devices as well.
Two-factor authentication is a security feature that helps safeguard your account every time you log into your Facebook account from an unknown device by requiring something you know (your password) and something you have.
Typically, an SMS code is sent to your mobile phone or Authenticator app.
"It's much harder for a bad actor to obtain both factors, which keep your password from being your last line of defense against phishing or other malicious attempts to compromise your information," said the company.
Earlier this week, Twitter announced to let people use security keys as the only authentication method soon, adding that the micro-blogging platform will allow multiple security keys per account instead of just one.
Currently, Twitter users can use a security key to sign in and also need an authenticator app or SMS code as another 2FA (two-factor authentication) method.
Physical security keys which can be small enough to fit on your keychain notify you each time someone tries accessing your Facebook account from a browser or mobile device we don't recognize.
"We ask you to confirm it's you with your key, which attackers don't have," Facebook said.
High-risk users like politicians, public figures, journalists and human rights defenders need extra account protection.
"We strongly recommend that everyone considers using physical security keys to increase the security of their accounts, no matter what device they use," Facebook said.
One can purchase security keys directly from companies that make them (Facebook doesn't manufacture hardware keys).
The keys can either work through Bluetooth technology or by plugging it directly into your phone.
One can enroll security key in two-factor authentication within the Security and Login section in the settings, Facebook added.
SEE ALSO:$4$4Kishore Biyani vs Amazon – Delhi High Court brings up 'civil prison' for violation by Future Group, asks for recall of approvals granted to Future Retail-Reliance deal>$4
Comments
Post a Comment