A Wake-up Call For Everyone On The Issue Of Vulnerability

S Mohini Ratna, Editor, VARINDIA

When we compare the pre, present and post COVID-19 pandemic scenario the adoption of technology has grown to more than four times with the use of existing and new technologies and tools as consumers went into lockdowns, millions are forced to work from home and digital connectivity will take even more of a hold on everyday habits post the pandemic.

We are witnessing what will surely be remembered as a historic deployment of remote work and digital access to services across every domain. For some consumers this may be totally new behavior (such as shopping for groceries online for the first time), while for others this may mean increased online usage or the addition of new technology, tools and software.

Owing to the rapid rise of COVID-19 cases across the country, state governments and large municipalities are coming up with strict surveillance mechanisms to ensure that those quarantined adhere to the norms, and stay at home. Health surveillance in this context seems to be taking multiple forms - a mixture of human intelligence and technology. At the same time, Payments on Unified Payments Interface (UPI) in June hit an all-time high of Rs 1.34 billion in terms of volume with transactions worth nearly Rs 2.62 lakh crore, as per National Payments Corporation of India (NPCI) data and in the month of May, the number of UPI transactions stood at 1.23 billion valued at Rs 2.18 lakh crore.

But the surprising part is no one is talking about the vulnerability associated with hardware/software and Work From Home solutions (Hardware/software) including the CCTV and UPI payments, but everyone is busy in selling and users are in desperate buying whatever is best available. Demand surged thanks to the shift towards home working.

The traditional DVR-based CCTV systems leave companies vulnerable to attack from malevolent intruders. Cyber-attackers can exploit weaknesses in visual surveillance systems, find vulnerable devices and hijack connections to the device’s IP address. With cyberattacks on CCTV systems making news headlines on a weekly basis of late, there is a good deal of concern and uncertainty about how at risk these systems are, as well as why they are being attacked.

Once a hacker has gained control of a device, they could use the camera for hostile reconnaissance, they could inject their own video stream in a Mission Impossible style attack, or they could use the device to pivot into other devices on the same network, all of which would make for a really bad day. The Router and Modem have been used to gain access to the network and CCTV cameras were to be the targeted victim. Remote Hacks: This attack happens when videos are transmitted over the Internet. Camera Hackers take the advantage of the data breach or unsecured passwords to hack into security cameras. That is how many security cameras live hacked.

Secondly, the Unified Payment Interface app is a payment system that allows users to make and receive payments anywhere around the globe by just using a smartphone. UPI allows customers to pay directly from linked bank accounts to merchants without using credit card, debit card and bank account details like the account numbers, IFSC code or net banking.

UPI is considered to be a very safe medium for online transactions but the security levels are not that high because if someone figures out the M-Pin, the attacker can easily transfer money from a bank account. According to NPCI, UPI has End-to-End encryption secure verification methods and much more. Also it doesn’t include third party software to be installed in the user’s smartphone. There are many security flaws in UPI.

There are various types of published vulnerabilities that have been found in payment companies including Amazon Pay, Phone Pay, BHIM, PayTM, Mobikwik, Mastercard and Visa etc.

Banks have started creating awareness programs regarding not disclosing your UPI pin, M-PIN, sharing of UPI ID, spamming warning and many more. But still beware of engaging with fraudsters’ alert to transfer or receiving untrusted payment requests. Unverified application that request to allow permission to access the payment applications and do not click on any given payment link to make a payment, Sharing OPT and not to download any open source untrusted application (games, social media networking etc.), as such applications are the main cause of malwares and crashing of the smartphone.

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats.