Are hackers using Dawn.com to infect mobile devices?
Pakistan’s largest and oldest English news daily Dawn is one of the few strongholds of journalism in the country, strongholds that are increasingly difficult to defend in a world where misinformation has been weaponized. There are signs though, that the threat already goes beyond misinformation.
I left Pakistan 13 years ago but still visit Dawn.com out of an incurable concern for the mother soil. A few months ago, while visiting the website from my iPhone, I found myself redirected to a suspicious page that looked like this:
I ignored it as another ad and moved on with my life as it did not seem to be a recurring problem that impacted my experience as a user. It was obvious that the website was infected and compromised, but I suppose I did not care to investigate further.
Months later, it happened again and got me thinking. It is a more serious and sophisticated security breach than it might appear on the surface to the ordinary user who just sees an ad that is so obviously spam.
Firstly, the redirect does not occur consistently, making it hard to detect and reproduce without conscious effort. There seems to be a layer of intelligence that determines when and how the redirect happens. For example, it seems to show up only on mobile devices and with random time intervals. Clever, as that is where most of our digital lives really happen these days.
Secondly, it likely exploits an unpatched vulnerability in iOS Safari. Using such vulnerabilities, a hacker can gain all sorts of access. For example, when you visit socialmediawebsite.com, a cookie is stored on your device that allows socialmediawebsite.com to remember who you are so you are not asked to log in each time. Simply clicking OK on the redirect screen shown above can send this cookie to the hacker who can use it to open socialmediawebsite.com as you. This could also apply to online Bitcoin wallets too if you do not use two-factor authentication. It could theoretically apply to your iCloud as that can be accessed from the browser too (something like this is probably what happened when many celebrities had their iCloud accounts hacked a couple years ago). Note that serious organizations have protections in place against such attacks but there are many that remain vulnerable.
Long gone are the days when you had to run an executable file on your device for it to be compromised. A careless click on an untrustworthy page can compromise your digital security in serious ways, which is perhaps why it paid the attacker to inject this threat through Dawn.com, a highly credible news website.
If this scares you, it should. Some companies care more about user safety than others but there is only so much they can do as new exploits and vulnerabilities are discovered all the time.
As a user, one has to be mindful about the importance of trust even before an action as simple as a single click. As an organization, this has to be taken up at the highest level as it probably has legal implications.
Dawn.com, wake up!