Tuesday, 9 January 2018

Browser Hijack: safety-us.s3.amazonaws.com

I recently came across a smart phone in the throws of a browser hijack.

The user was stuck with a message on the screen and couldn't seem to back out of it.

But as far as I could see, there was a simple way out.

The problem started when the user clicked on a link within Facebook to see a video about elephants.

A series of screens came up like this one, on the Google browser of this OnePlus 5 Android phone.

Not just one but 4 viruses!

The claim is that something real bad has happened, and that we need to download some tool to fix it.

Presumably we are supposed to think the phone's operating system has detected this problem, and in fact, the first window that appears looks like a message box. By clicking the 'back' key, the display just cycles around a few screens related to this hijacker, rather than going back through all previous sites.

Amazonaws.com (Amazon Web Services) is a legitimate cloud services platform, and "S3" seems to be associated with mass storage. But this particular location clearly contains something bad.

As these pages were urging the user to click on one of the page buttons displayed, I reasoned that nothing bad had happened so far. On the page illustrated above, I had the option of typing in a url, so I set it for the BBC website, and then rebooted the phone.

When I returned to the web browser it took me straight back to the hijackers site. So this time I reset the url to the BBC site and then looked at browser options. I was hoping I could reset the browsers default web page, but that option did not appear to be available on the Google browser installed on this phone. So I just deleted the browsing history, and rebooted the phone.

After reboot, the browser came up displaying the BBC site (hooray!). But when I hit the 'back' button the hijacker was back. I don't know why this didn't work first time, but when I repeated the process, it seemed to work and the dodgy web site link has disappeared from the History list.

Keep off my network

It has just occurred to me that mobile phones pose a security risk to my home network. I currently allow access to my network to anyone (resident or visitor) that wants internet access via my router. This may be an unnecessary risk, since mobile phone users rarely need to view or exchange files across my network, or print something, or even access network based media (e.g. music or video) on my NAS.

Looking at the options on my TP-LINK router, it seems I can easily stop users from accessing my local network, and/or isolate users from each another.

I could create a "guest" access point, or maybe isolate the existing 2.4GHz access point from the local network and just leave the 5GHz point for computer use only, with internet and local network access. I just need to determine the best balance of flexibility and security.

No comments:

Post a Comment