PETALING JAYA: With Macau and other scams becoming commonplace, and victims in the country losing hundreds of thousands or even millions of ringgit from their bank accounts daily, cybersecurity experts have called for urgent education programmes for the public.

Universiti Sains Malaysia Assoc Prof Dr Selvakumar Manickam said in general, all messaging apps such as WhatsApp, Telegram, and WeChat are being hacked.

He said most hacking incidents are caused by the negligence of users and inadvertent downloading of malicious apps, which are beyond the control of the main messaging app’s security design.

He added that there are several ways apps can be hacked.

“One of the ways is through social engineering, whereby users are tricked into believing a hacker is another user on a group chat. This inadvertently links devices and allows them to gain access through web interfaces.

“The hacker then controls third-party apps installed on the user’s phone to steal information and control the device without the user ever knowing about it. It is best to read the community reviews of any app before installing it. Also, download apps that have been verified, for example by Google Play Protect.

“Attackers will exploit vulnerabilities in messaging apps, which the app developers are not aware of. This is called the zero-day attack.”

Selvakumar said encryption is between devices and not users.

“When a message leaves an app, it is encrypted and it is decrypted when it is received.

“This ensures that no hacker can steal or manipulate messages while they are in transit over the network. It prevents what we call man-in-the-middle attacks.

“Nevertheless, once the messaging app decrypts it, it is no longer the job of the app’s encryption engine, but the onus is now on the user to ensure he is not social-engineered or hijacked by third-party apps.”

-Source from thesundaily.my