Category Archives: Avira

Avira

Millions of Android Phones Fail to Purge Data

That basically means that your login data, mails, contacts, SMS, images, and videos can be retrieved at least partially. Not even a Full-disk encryption is of much help here: The flawed Android factory reset leaves behind enough data for the key to be recovered.

The study unveils five critical failures:

  • “The lack of Android support for proper deletion of the data partition in v2.3.x devices
  • The incompleteness of upgrades pushed to flawed devices by vendors
  • The lack of driver support for proper deletion shipped by vendors in newer devices (e.g. on v4.[1,2,3])
  • The lack of Android support for proper deletion of the internal and external SD card in all OS versions
  • The fragility of full-disk encryption to mitigate those problems up to Android v4.4 (KitKat)”

The researcher examined 21 Android phones that used version 2.3.x to 4.3 of the OS and were sold by five different vendors. Apart from being able to recover said data, they could also recover Google authentication tokens: “We recovered Google tokens in all devices with flawed Factory Reset, and the master token 80 percent of the time. Tokens for other apps such as Facebook can be recovered similarly. We stress that we have never attempted to use those tokens to access anyone’s account.”

So what to do if you want to sell your mobile? The study recommends filling up the partition of interest with random-byte files, to overwrite all unallocated space. In order for this to work you would have to install the third-party app that would fill the partition manually though because otherwise the Google credentials stored on the file system would not be erased.

Take a look at the study to find out more.

The post Millions of Android Phones Fail to Purge Data appeared first on Avira Blog.

Google Study: How Secure are Secret Questions?

Right, I’m talking about the ‘secret questions’ that have long been used as a backup mechanism to reclaim accounts (for example if you have lost your password). It’s a pretty common method used by a lot of services, since they are an easy way to provide an extra layer of security. But now a new study by Google actually questions that. The researcher conducting the study claim that their “analysis confirms that secret questions generally offer a security level that is far lower than user-chosen passwords.”

For the study they analyzed hundreds of millions of secret answers and millions of account recovery claims from Google users and concluded “that in practice secret questions have poor security and memorability […] From millions of account recovery attempts we observed a significant fraction of users (e.g 40% of our English-speaking US users) were unable to recall their answers when needed. This is lower than the success rate of alternative recovery mechanisms such as SMS reset codes (over 80%).”

The security side does not fare much better. If you’d have to guess what an English-speaking user chose for an answer to the question “What’s your favorite food”, pizza would be the way to go: 19.7% apparently have the same taste. In a Spanish speaking country you’d have a 3.8% success rate at answering the “Father’s middle name” one correctly and with only 10 guesses you would be able guess the answer to “City of birth” for 39% of the Korean-speaking users. The fact that some 37% provide fake answers in order to make them harder to guess is of no help either. Apparently their little trick has the opposite effect since they now answer the questions in a predicable way.

The Google researcher conclude that it is almost impossible to find the perfect secret question: One that is both memorable and secure. Google itself prefers SMS and secondary email addresses to confirm a user’s identity but admits that those are not perfect either.

The post Google Study: How Secure are Secret Questions? appeared first on Avira Blog.

#SECURITHON: Avira’s first hackathon

At Avira, we believe there is at least one thing multiplying faster than digital threats and that is…good ideas. Considering every day we are discovering more and more about the first ones, we wanted to also give you a chance to share with us your ideas on how we can turn the digital world into a better place.

It is our pleasure to invite you to Securithon, our very first hackathon. The event will take place one month from now, in Bucharest, and it aims at finding ingenious ways of solving ‘dirty software bundles’.  We are inviting skilled and passionate developers to write apps that work against unwanted applications from software bundles.

Who

You are a Computer Science student in your final year or a developer already turning good ideas into code and you’re looking for a cool challenge to prove your skills.

When & Where

27-28 June 2015

Connect Hub (Bucharest, Romania)

Why

Installer bundles often package more components than expected: some of them may install silently, others may come as opt-outs…either way, they represent a serious digital threat for all of us.

Together, we want to find other ways for users to avoid installing these additional components, send them useful notifications and make it easier to totally get rid of any kind of PUAs.

Also, we have prepared special prizes for the first three places and of course coffee and pizza are on us during the whole 24 Hours!

You’ll be working in teams of up to 4 members so prepare to share all the fun.

How

Registrations are on Eventbrite and the number of places is limited. Make sure to reserve your seat as soon as possible.

The post #SECURITHON: Avira’s first hackathon appeared first on Avira Blog.

Watch OS 1.0.1 for the Apple Watch Released

With Watch OS 1.0.1 Apple has released the first update for its watch. While it doesn’t include any flashy new features you should definitely make sure to install the patch as soon as possible, since it includes fixes for several critical security issues.

One of them is the well known FREAK bug, the SSL/TSL vulnerability which was disclosed in March. The vulnerability can allow hackers to perform a Man in the Middle (MITM) attack on traffic routed between a device that uses the affected version of OpenSSL and many websites, by downgrading the encryption to an easy to crack 512 bits (64KB).

Other than that the update includes fixes for vulnerabilities that could lead to arbitrary code execution, disclose information, cause a denial of service, redirect user traffic to arbitrary hosts, and bypass network filters.

According to Macworld Watch OS 1.0.1 also improves your Apple Watch’s performance, adds seven new languages, and support for new emoji.

To install the new Watch OS just do the following: Open your Apple Watch app on your iPhone and go to My Watch > General > Software Update. Make sure that the watch is within range of the iPhone and connected to a charger. It should also be at least 50 percent charged.

The post Watch OS 1.0.1 for the Apple Watch Released appeared first on Avira Blog.

URL-Spoofing: Apple Safari Can Be Manipulated Easily

What it’s about

All you need to do so is a bit of Javascript. With just a few lines of it Safari users can be deceived by what’s commonly known as URL-spoofing: During such an attack, a computer user innocently visits a web site and sees a familiar URL in the address bar such as http://www.avira.com but is, in reality, sending information to an entirely different location that would typically be monitored by a cybercriminal.

The security issue was discovered by David Leo, who put together a proof-of-concept for it. When clicking on OK a new website is being loaded. While the address bar tells you that you are visiting dailymail.co.uk the actual page is definitely a different one.

The URL-spoofing itself is done with just a few lines of code:

function f()
{
location=”http://www.dailymail.co.uk/home/index.html?random=”+Math.random();
}
setInterval(“f()”,10);

The last part, setInterval(“f()”,10); , makes sure that the address bar is reloaded ever 10 milliseconds (so you might as well say, that it’s kind of a DDoS attack, too), just before the browser can get the real page and so the user sees the “real” web address instead of the fake one. This causes the spoofed URL to flicker; sometimes it’s even possible to briefly see the actual URL.

What you can do

Your first step should always be to make sure that your browser is up to date so that security updates can be installed once available. In addition to that open up the Safari settings, go to the advanced tab, and choose “Show full website address”. The browser will then show the results of MathRandom in the address bar.

Alternatively you could also just use another browser for the time being: The code will not work in Google Chrome and Mozilla Firefox.

The post URL-Spoofing: Apple Safari Can Be Manipulated Easily appeared first on Avira Blog.

LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers

What it’s all about

The weaknesses that allow the so called LogJam Attack apparently have to do with how Diffie-Hellman key exchange has been deployed. Said key is a popular cryptographic algorithm that allows internet protocols to agree on a shared key and negotiate a secure connection. Since it is fundamental to many protocols like HTTPS, SSH, IPsec and SMTPS it is relatively wide spread: about 8.4% of the top one million websites and an even bigger part of servers using IPv4 are affected by LogJam.

“Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections”, the team state.

According to the researchers LogJam can be used to downgrade connections to 80% of TLS DHE EXPORT servers. They also estimates that a skilled team can break a 768-bit prime and that  – due to the available resources – a state-sponsored campaign could break the common 1024-bit prime.

This is especially scary since they estimate that a successful 1024-bit prime attack would allow for eavesdropping on up to 18% of the top one million HTTPS domains.

Their research paper goes even further: “Our calculations suggest that it is plausibly within NSA’s resources to have performed number field sieve precomputations for at least a small number of 1024-bit Diffie-Hellman groups. This would allow them to break any key exchanges made with those groups in close to real time. If true, this would answer one of the major cryptographic questions raised by the Edward Snowden leaks: How is NSA defeating the encryption for widely used VPN protocols?” How about that! It definitely opens up room for a lot of discussions.

As with FREAK, the vulnerability is actually quite old already. “To comply with 1990s-era U.S. export restrictions on cryptography, SSL 3.0 and TLS 1.0 supported reduced-strength DHE_EXPORT ciphersuites that were restricted to primes no longer than 512 bits”, the released paper reads.

What you can do

Luckily the team has already been in touch with most of the browser developers which means that there are either already fixes available (namely for the Internet Explorer) or will be very very soon.

Make sure you have the most recent version of your web browser installed: Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack. If you run a web or mail server you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group.

More information on LogJam can be found on the dedicated page.

The post LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers appeared first on Avira Blog.

LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers

What it’s all about

The weaknesses that allow the so called LogJam Attack apparently have to do with how Diffie-Hellman key exchange has been deployed. Said key is a popular cryptographic algorithm that allows internet protocols to agree on a shared key and negotiate a secure connection. Since it is fundamental to many protocols like HTTPS, SSH, IPsec and SMTPS it is relatively wide spread: about 8.4% of the top one million websites and an even bigger part of servers using IPv4 are affected by LogJam.

“Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections”, the team state.

According to the researchers LogJam can be used to downgrade connections to 80% of TLS DHE EXPORT servers. They also estimates that a skilled team can break a 768-bit prime and that  – due to the available resources – a state-sponsored campaign could break the common 1024-bit prime.

This is especially scary since they estimate that a successful 1024-bit prime attack would allow for eavesdropping on up to 18% of the top one million HTTPS domains.

Their research paper goes even further: “Our calculations suggest that it is plausibly within NSA’s resources to have performed number field sieve precomputations for at least a small number of 1024-bit Diffie-Hellman groups. This would allow them to break any key exchanges made with those groups in close to real time. If true, this would answer one of the major cryptographic questions raised by the Edward Snowden leaks: How is NSA defeating the encryption for widely used VPN protocols?” How about that! It definitely opens up room for a lot of discussions.

As with FREAK, the vulnerability is actually quite old already. “To comply with 1990s-era U.S. export restrictions on cryptography, SSL 3.0 and TLS 1.0 supported reduced-strength DHE_EXPORT ciphersuites that were restricted to primes no longer than 512 bits”, the released paper reads.

What you can do

Luckily the team has already been in touch with most of the browser developers which means that there are either already fixes available (namely for the Internet Explorer) or will be very very soon.

Make sure you have the most recent version of your web browser installed: Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack. If you run a web or mail server you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group.

More information on LogJam can be found on the dedicated page.

The post LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers appeared first on Avira Blog.

Avira Offers PRIVATE WiFi Encrypted VPN in new bundle

Users who purchase the new bundle will be fully protected against malware and data theft. Our Antivirus Pro is built upon some of the most cutting-edge antivirus technologies available, allowing millions of users around the world to no longer worry about malware.

PRIVATE WiFi Encrypted VPN completes the package perfectly, as it provides users with a personal VPN (Virtual Private Network) to automatically encrypt data transferred over any WiFi network.

Protection on the move with your personal VPN

“Avira and PRIVATE WiFi Encrypted VPN have a common mission: to offer people best-in-class digital protection, wherever they are. In a world with increasing mobility, we decided to provide our customers with protection on the move: our German engineered antivirus that fights against all types of viruses, combined with a professional encryption service that prevents any phishing attacks from happening” said Thorsten Bruchhaeuser, EVP Sales and Business Development at Avira.

With all the hidden dangers encountered by users accessing public WiFi hotspots, it has become essential for users to add an extra layer of protection for their sensitive data. An encrypted VPN will stop hackers from intercepting private data from their devices, regardless of the method chosen by the attackers: rogue WiFi access points, man-in-the-middle attacks or software sniffers.

Alok Kapur, President and Chief Operating Officer of PRIVATE WiFi said “We are excited to join forces with Avira in creating a complete protection bundle. Users who purchase the package will be in possession of the best weapons to fight against all types of digital attacks and they will no longer have to worry about their private data ending up in the hands of others without their consent”.

Our new product bundle from Avira will be distributed via its partner network globally and will be available both in German and in English.

The post Avira Offers PRIVATE WiFi Encrypted VPN in new bundle appeared first on Avira Blog.

Avira Offers PRIVATE WiFi Encrypted VPN in new bundle

Users who purchase the new bundle will be fully protected against malware and data theft. Our Antivirus Pro is built upon some of the most cutting-edge antivirus technologies available, allowing millions of users around the world to no longer worry about malware.

PRIVATE WiFi Encrypted VPN completes the package perfectly, as it provides users with a personal VPN (Virtual Private Network) to automatically encrypt data transferred over any WiFi network.

Protection on the move with your personal VPN

“Avira and PRIVATE WiFi Encrypted VPN have a common mission: to offer people best-in-class digital protection, wherever they are. In a world with increasing mobility, we decided to provide our customers with protection on the move: our German engineered antivirus that fights against all types of viruses, combined with a professional encryption service that prevents any phishing attacks from happening” said Thorsten Bruchhaeuser, EVP Sales and Business Development at Avira.

With all the hidden dangers encountered by users accessing public WiFi hotspots, it has become essential for users to add an extra layer of protection for their sensitive data. An encrypted VPN will stop hackers from intercepting private data from their devices, regardless of the method chosen by the attackers: rogue WiFi access points, man-in-the-middle attacks or software sniffers.

Alok Kapur, President and Chief Operating Officer of PRIVATE WiFi said “We are excited to join forces with Avira in creating a complete protection bundle. Users who purchase the package will be in possession of the best weapons to fight against all types of digital attacks and they will no longer have to worry about their private data ending up in the hands of others without their consent”.

Our new product bundle from Avira will be distributed via its partner network globally and will be available both in German and in English.

The post Avira Offers PRIVATE WiFi Encrypted VPN in new bundle appeared first on Avira Blog.

ErsatzPassword Gives Fake Passwords to Hackers

The system, called ErsatzPasswords (German for: Replacement Password ), should make it much harder for hackers to crack passwords. That could especially come in handy with data breaches, where cybercriminals gain access to a lot of hashed passwords from the leaks.

Since passwords are normally encrypted (storing a plain-text password would be a huge security risk!) hackers need to decrypt them somehow. A common approach would be the brute-force attack, where one would try guesses repeatedly for the password and check them against the available cryptographic hash of it. Ordinary desktop computers can test over a hundred million passwords per second using password cracking tools like John the Ripper. And that’s where ErsatzPassword comes into play:

“[…] when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords he will get are the ersatz passwords — the “fake passwords”. When an attempt to login using these ersatz passwords is detected an alarm will be triggered in the system that someone attempted to crack the password file”, says Mohammed H. Almeshekah, one of the authors of the paper. “Even with an adversary who knows the scheme, cracking cannot be launched without physical access to the authentication server.”

Sounds pretty cool and secure, right? If you want to find out more about the idea behind ErsatzPassword, take a look at the research paper or the code directly.

The post ErsatzPassword Gives Fake Passwords to Hackers appeared first on Avira Blog.