Momo challenge lately has been a global threat. What is Momo Game? Momo is not really a game. Momo challenge is a cyber bullying. Usually the victim receives a Whatsapp message from an unknown number. Receiving such one assumes as new friend and proceed to chat day by day. It might be an automated chatbot. From that chat, the attacker receives privacy information. It is just an odd work by some script kiddies. Later they supply basic data to the victim to deliver a feel of knowing everything and makes to rely that everything is under control.
They may start after clicking malicious links (May be spoofed such as valid Amazon offer) or may be any malicious applications from unknown sources may control hardware like camera.
What is Momo Game? How It Started?
They ask peoples to add a contact via WhatsApp, after chat like described above, they later gives challenges and threat that failing to complete the challenge will breech phone security. Momo system can retrieve basic data of Android operating system, GPS information of images by simple easy scripts. The exploit remains installing malicious applications from unknown source or playing/opening malicious files.
Momo gained the public attention in July 2018. Mexican police has claimed that the Momo started in a Facebook group where the members used to communicate with an unknown phone number. This trick is aimed at children and youngsters. Except the server security experts, those who used with sysadmins works should not play in such conversation. Even if your phone get hacked, it is not difficult to flush by re-installing new Android by official support.
Is Momo Really Dangerous?
Not at all to the sane adults, really.
Android and iOS mobiles essentially GNU/Linux and UNIX. Everyday each website receives zillions of attacks on Linux server, which commonly protected by firewall and security tools like Fail2Ban. Of course, attacks like DDoS on servers is dangerous and for the webmasters we publish guides such as How To Stop UDP Flood DDoS Attack. But in case of server we have port 22, port 80, port 443 commonly open. Still, not every site gets compromised. Even if compromised, we have backup. Our case is different from Momo. Real hackers are security exerts. Many of them has higher earning from security works. Hackers, script kiddies always try to do odd works. Very few are efficient and they will target the financial institutions for more profit.
Probably a large volume of Momo Challenge invitations originate as pranks to spread panic. It is not exactly easy to destroy a phone unless someone installs malicious code and does not scan with security software with latest patch. It is dangerous to the children, teenager who will start to rely that the attacker knows everything personal. Motives can be blackmail and cyber fraud.
How Momo Can Be Made Not Working?
Disable the auto-download of media files in Whatsapp. Do not reply to any texts from any unknown numbers including the international numbers. It is not always dangerous to talk with anonymous people over the internet, but reason of being anonymous should be obvious.
You can always block disturbing number and report to police.
Momo Challenge game may use a girl’s distorted face with bulging eyes and a wide mouth. Initially it was thought to be copied from work by Japanese artist Midori Hayashi (artist not related with the Momo game). However, Hayashi indicated that is not her creation. Such picture may appear scary to the children.
Parents should keep an eye on their children’s mental health, notice any unusual behavior. Children may exhibit anger, show persistent low mood, unhappiness specially after using the internet being a victim. Parents should remind their children of their support in friendly manner.
Schools should teach practical things about Linux kernel, Android file structure, internet protocols to understand the real technology. iOS or Android are not Free Software. They are not safe. It is never safe to keep too much sensitive data, applications open without being extra password encrypted. It is never great to allow geo-tagging to all images. Outside Momo, those data may be abused.
Adults should not give rooted phones, phones for testing development things. They may have compromise out of relaxing SE Linux. Police, detectives everywhere quite active. It is important to give few minutes to their instructions.
Last but not the least – any computing device is intended for the intelligent beings who knows how it works. It is never safe to be an used of product without knowing basic “how-it-works”.