The term may not be very familiar, but it has been around for many years. The vault apps or vault applications are programs that provide a private space on mobilehidden from the eyes of other users who can access it.
For this it is hide under the guise of a apps innocuoususually a calculator and they work as such. Someone who accesses it will find an ordinary calculator without knowing that entering a certain code gives access to that secret space that who has installed the apps has created. In it you can save all kinds of files that you want to keep private and it also includes functions such as a browser with which you can access all kinds of platforms without having to have an application installed.
This type of apps is an ingenious way to keep mobile content private if it falls into the wrong hands, but also are used by minors to bypass security measures Parental control. Something that can put them at risk as has happened in a case reported by eldiario.es.
The medium echoes an investigative process in which he has worked the computer judicial expert Pablo Duchement, who has recounted his experience in a Twitter thread. Duchement explains that an 11 year old boy had been the victim of a case of phishing in which they had stolen 3,000 euros through charges on the card of one of the parents.
The question that the expert had to answer is How did the theft take place? taking into account that the parents used tools of parental control and had never detected anything suspicious on the minor’s mobile.
-Professor Duchement, our son has been phished and we have been scammed.
Do you want me to investigate the scam?
-No. We want you to find out how they got in touch with him and collected the data. There should be no way. He is 11 years old.
#CaseOfComputerForensics 👇👇— P. Duchement (@PDuchement) March 5, 2023
Duchement verified that the phone’s operating system does not expressly say so, but from some of its references it seems to be a iphone, had not been compromised. He also checked browser history, searched for traces of incognito browsing, social media and emails without finding nothing suspicious.
The only thing that drew attention to the mobile was the presence of a second calculator in addition to the one of the operating system. The expert identified her as a vault app or vault app that required the clue established by the child to access its content.
What the vault app hid
Once the parents obtained the password for the vault app, the result was as expected. Pornography and use of TikTokwith an account set as adult and unknown to the parents, via the vault app browser.
The expert found the how of the scam in the use that the minor had made of the short video platform of TikTok and managed to hide from his parents with the apps of vault. he identified urls entered directly into the navigation bar and made up of long strings of alphanumeric characters that are very difficult to remember, indicating that hhad been provided by a third party.
The source of these web addresses was in the TikTok video history where they appeared videos that published those links through which he could access what the expert called “inappropriate content”. This material is promoted on TikTok with videos that show the prelude to a pornographic scene.
These types of links do not lead directly to the promised content, but rather circulate the user through a series of insecure and ad-filled pages before reaching it.
“Some leave unwanted surprises on your device. Some offer you to download and instead provide you with malicious files. The most usual? Request that you create an account on their website if you want to be able to access the video”, explains Duchement. And she also asks bank details with the excuse that it is to prove the age of majority and that no charge will be made. This is the trap the 11-year-old fell into.
According to the expert’s experience, one should not rely too much on parental control tools and “The only effective parental control is for dad to accompany the little one when he uses his mobile, and for them to share their browsing experience. Together.”
Discussion about this post