Monthly Archives: May 2015

Avast

The Internet of Things (to be hacked)?

Leave a comment
The Jetsons (via philosophymatters.org)

Soon, we’ll be living like The Jetsons (image via philosophymatters.org)

By the end of the decade, everyone on Earth will be connected.
–Eric Schmidt, Google chairman

As a rule of thumb, it’s good to keep in mind that anything and everything that can be connected to the Internet can be hacked. Poorly designed or implemented systems could expose serious vulnerabilities that attackers can exploit. Now, most of us are fairly familiar with certain gadgets that can be connected to the Internet, such as mobiles devices and/or laptops, smart watches, and cars, but what about the things that are still emerging within the Internet-connected world? Some of these new items include routers, sensors, and everyday gadgets such as alarm clocks, wearables, microwaves, and grills.

When dealing with the devices that we’ve come to know and love, such as our Android phones or iPads, we already encounter a multitude of shortcomings within privacy policies, unintentional data leakages, and the transmission of tracking and personal data in clear text. Taking this a step further, it’s both intriguing and frightening to think about the challenges we will face as the Internet of Things (IoT) becomes more and more of a reality. In a recent article published by the Guardian, author Marc Goodman paints an evocative picture of a world powered by the IoT:

Because your alarm clock is connected to the internet, it will be able to access and read your calendar. It will know where and when your first appointment of the day is and be able to cross-reference that information against the latest traffic conditions. Light traffic, you get to sleep an extra 10 minutes; heavy traffic, and you might find yourself waking up earlier than you had hoped.

When your alarm does go off, it will gently raise the lights in the house, perhaps turn up the heat or run your bath. The electronic pet door will open to let Fido into the backyard for his morning visit, and the coffeemaker will begin brewing your coffee. You won’t have to ask your kids if they’ve brushed their teeth; the chip in their toothbrush will send a message to your smartphone letting you know the task is done. As you walk out the door, you won’t have to worry about finding your keys; the beacon sensor on the key chain makes them locatable to within two inches. It will be as if the Jetsons era has finally arrived.

So how can we use these space-age technologies to our advantage? Although most software is still in the process of being optimized for wearables and other emerging smart gadgets, there are three main things to be on the lookout for as we move into the IoT’s heyday:

  • Issues on devices that could result in device loss, poorly programmed apps, or attacks driven by social engineering
  • Transmission issues caused by low-level encryption on Wi-Fi or Bluetooth that could result in traffic sniffing, man-in-the-middle and redirection attacks
  • Storage issues in the cloud that could directly result in data breaches

The sure-fire way to defend yourself against these vulnerabilities is to use a VPN when connecting to open, unsecured Wi-Fi networks. Avast SecureLine VPN is available for Windows, Android and iOS.

Avira

“Unicode of Death” Crashes Your iPhone

Leave a comment

The newly discovered security flaw on iOS crashes different messaging apps (like iMessage and your SMS app – basically all apps that use Apple’s CoreText library) on your iPhone and possibly your Apple watch when being sent a specific string of text. In addition to that it causes your mobile to reboot immediately. The bug was first reported on Reddit.com where some people were complaining about it.

According to TheRegister, this is what happens once your mobile receives the message containing the “Unicode of Death”, a string of text including Arabic characters and different symbols: “The bug causes CoreText to access memory that is invalid, which forces the operating system to kill off the currently running program: which could be your text message app, your terminal, or in the case of the notification screen, a core part of the OS.”

And sickestdancer98 from Reddit explains: “I can tell you it is due to how the banner notifications process the Unicode text. The banner briefly attempts to present the incoming text and then “gives up” thus the crash. On a jailbroken device, this ultimately leads to safe mode. However, on a stock iOS device, there is no safe mode hence the respring after the crash. That is why this only happens when you are not in the message because the banner is what truly crashes the entire system. Is this a possible vulnerability? Maybe. Has this been around already? Roughly since iOS 6. Can it be fixed/patched? That, my friends, is up to Apple. I hope I cleared things up a little bit if it did help in anyway, shape, or form.“

Apple is already working on fix which they’ll make available in an upcoming software update. Until then there are a couple of workarounds floating around online, one if them being to just turn off the lock screen notifications for now.

The post “Unicode of Death” Crashes Your iPhone appeared first on Avira Blog.

Security

D-Link Bypass / Buffer Overflow

Leave a comment

SEARCH-LAB performed an independent security assessment on four different D-Link devices. The assessment has identified altogether 53 unique vulnerabilities in the latest firmware (dated 30-07-2014). Several vulnerabilities can be abused by a remote attacker to execute arbitrary code and gain full control over the devices.

AVG

Fake IRS claims: What happens when data falls into the wrong hands

Leave a comment

Over the past 18 months we have witnessed monumental data breaches affecting tens of millions of users. As consumers though, do we worry about what happens to our leaked data?  Are attackers aggregating it with other sources, are they applying for credit in my name or even using medical services?

We should be concerned and the latest disclosure from the I.R.S. demonstrates what can be done when  attackers gain access to our valuable personal information. Using Social Security numbers, dates of birth, home addresses and other personal information, cyber criminals have accessed over 100,000 past tax returns.

Once they have the past return, they can file a new return with new data including the refund destination account. As a result, the IRS issued $50 million in refunds before detecting the intrusion method.

Fraudulent tax claims are nothing new to the I.R.S. In 2013 the agency paid out a massive $5.8 billion in falsely claimed refunds. IRS spokesperson, John Koskinen, said “These are extremely sophisticated criminals with access to a tremendous amount of data.”

Cyber criminals have amassed a huge amount of data through the many data breaches but also through our own propensity to share our data without due consideration. The IRS has successfully put a stop to this particular form of attack, but  with so much data available, it’s only a matter of time before the bad guys work out another way to make fraudulent use of it.

 

What can you do to protect against identity theft?

Avoid Cold Calls: If you don’t know the person calling then do not hand over payment or personal details. If in doubt, hang up and call the organization directly to establish you are talking to legitimate operators.

Set privacy Settings: Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.

Destroy documents: Make sure you shred documents before disposing of them as they can contain a lot of personal information.

Check statements and correspondence: Receipts for transactions that you don’t recognize could show up in your mail.

Use strong passwords and two factor authentication: See my previous blog post on this, complex passwords can be remembered simply!

Check that sites are secure: When you are sending personal data online, check that the site is secure – there should be a padlock in the address or status bar or the address should have a ‘https’ at the start. The ‘s’ stands for secure.

Updated security software: Always have updated antivirus software as it will block access to many phishing sites that will ask you for your personal data.

 

If you believe that you have been affected by a data breach, be sure to take out any identity protection service offered to you as compensation. These services scour the Internet looking for your data being misused or sold.

 

You can follow me on twitter @tonyatavg

 Title image courtesy of dineshdsouza

 

 

 

ESET

Cyber risk analysis, assessment, and management: an introduction

Leave a comment

Risk analysis is the first step towards managing risks, particularly when it comes to cyber risks. This recorded webinar introduces and explains key concepts, with links to several useful risk assessment tools.

The post Cyber risk analysis, assessment, and management: an introduction appeared first on We Live Security.

Avira

Infomatrix 2015: they’ve got skills!

Leave a comment

InfoMatrix took place in Bucharest, Romania and it was organized by Lumina Educational Institutions, the Ministry of National Education and ISMB to encourage young people to apply their imagination, their passion, and their creativity to technology innovations that can make a difference in the world today.

For this year’s edition, 4651 students and teachers representing 461 schools from 63 different countries submitted a total of 1899 projects.

Avira was excited to also delegate a jury member for the competition. Alexandru Mihai, Web Backend Software Engineer in the Cloud Services & Infrastructure Department contributed to choosing the best project in the Programming section of InfoMatrix.

InfoMatrix 2015 : The Best Projects

  • Visionbot: Alexandru Ionut Budişteanu obtained the gold medal for the ‘VisionBot Pick and Place machine’ project. Visionbot is a robotic machine able to automatically create electronic products by introducing surface-mount devices (SMD) as capacitors, resistors, and integrated circuits on printed circuit boards (PCB). This machine should allow engineers and even SMBs to transform their prototypes into industrial products (electronics, computers, consumer electronics).
  • R-Walker: Victor Ricardo and Matias Garcia from Mexico also won a gold medal with the R-Walker project: a prototype of alternative energy and urban mobility consisting of three electrical systems, mechanical and hydraulic ensuring safety, comfort and speed of use. This personal scooter is not only cheap but since its main source of energy is obtained through alternative methods it can be a decisive help in reducing pollution.
  • Usertik: Haris Başici and Nedim Şişici from Bosnia received the first prize at the Programming section with an ingenious solution that allows automated delivery and integration of high quality web services. More details about the project are available on their official website.
  • Noriy.NET: Roşca Codreanu-Ionescu Alexandru, representing Romania, created a cloud service for parental control. His goal was for parents to ensure safe Internet browsing on their children’s devices as well as help them benefit from a system of notifications for potentially dangerous activities.
  • Low poly dreams: you can check out for yourself the cool 3D video animation that helped Juanro Cobian from Mexico to win the 1st place in the “Computerized Graphics” section.

We’re already looking forward to the 2016 edition of this wonderful event that brings together so many talented students from all around the world.

The post Infomatrix 2015: they’ve got skills! appeared first on Avira Blog.