Category Archives: Panda Security

Panda Security

Cellphone Usage Increases by 20% since 2015

Cellphone Usage Goes Up to 5 hours a Day! Stay Safe While Out & About with Security Tips from Panda

An interesting piece of news came out recently. According to analytics firm Flurry, US consumers spend up to 5 hours each day on their mobile devices. That’s right: 300 minutes per day. Or to put it differently, a whopping 35 hours every week. It’s a lot more than television by the way. The research firm claims this level of usage is a 20 percent increase compared with the fourth quarter of 2015. If keep on the same growth in percentage, very soon we will be spending more time staring at the little screen rather than sleeping.

That’s what we call real news. But is that surprising? Well, not really.

The uptake of mobile devices has been phenomenal, experiencing eye-watering high year-on-year growth. No wonder all big industry players have launched mobile phones with ever larger screens, not to mention a broad range of tablets to suit all budgets. In the US alone, mobile connections now exceed the actual population of the country; and over half the population access social media from mobile devices – a six percent growth since last year.

So it’s fair to say mobile devices have become a hub for everyday activities, from banking to shopping. Of course, we still make phone calls with our devices… though less and less, with free texting having cannibalized our communication habits.

We’ve moved into an era where phones would be totally unrecognizable to Alexander Graham Bell, the man credited with having invented the telephone (though, perhaps more accurately, he was the first to obtain a patent for his invention, back in in 1876).

So what does it mean when it comes to security?

Are your mobile habits putting your safety at risk?

Hackers can nowadays use malicious apps or unsecured networks to access vital pieces of information sitting on your mobile device. According to software experts Panda Security, there are some simple steps you can take to stay safe:

  • Phones have become increasingly loaded with sensitive data so being hacked is more of a risk. Set a secure password from the outset and combine it with biometric protection, if the device enables it.
  • Android or iOS operating systems can be vulnerable to hacks. Installing regular updates and patches will help ensure your software is providing the best level of protection available.
  • Clean-up and backup your phone regularly, by exporting your data for safe storage. And while you’re at it delete any old apps you’re not using anymore – don’t let them access your user data such as your location!
  • Always access the Internet via secure Wi-Fi networks. Unsecured networks may allow nearby hackers to intercept your data – do not let them get you! In addition, please do not do any shopping or banking on a public Wi-Fi network, that’s a recipe for disaster.
  • If you get text messages from unknown senders asking for personal information, just delete them. If you click on links in those messages, you hackers take advantage of you and install malware on your device phone. Don’t download apps by text message as this is a popular way for criminals to infect your mobile phone.

Having in mind, some people spend a total of 35 hours a week on their phones, it is safe to say, some of the digital print they leave may contain sensitive information. If you are one of those people, keep doing what you are doing as here at Panda we are making sure you are protected!

The post Cellphone Usage Increases by 20% since 2015 appeared first on Panda Security Mediacenter.

Panda Security Detects 100% of malware, According to AV- Comparatives

Panda Security has obtained a 100% detection rate on February’s Real-World Protection Test from the independent labs of AV- Comparatives. The Real-World Test is recognized in the industry for providing an accurate reflection of the protection offered by cybersecurity solutions readily available on the market

Panda Security obtained the highest possible score, topping the list of twenty other providers that also underwent testing.

The analysis, which is available here, takes into account the same infection vectors that a user might experience on any normal day (browsing websites containing malicious content or exploits, running a virus received by email, etc.). In this case, Panda Free Antivirus was able to detect 100% of the malware to which it had been exposed. The fundamental objective of the Real-World Test is to determine if security solutions are able to protect the system as it is exposed to an array of malware samples.

Panda Security, 100% Detection and Zero False Positives in AV- Comparatives’ Most Rigorous Test

“We are especially pleased with the excellent results obtained in the AV-Comparatives Real-World Test because they validate our efforts to offer our users the best protection against all types of threats in real conditions. We are fully committed to the constant improvement of our solutions in order to provide maximum security levels with minimum performance impact, being more aggressive towards threats the bigger the risk of infection” said Alberto Añón, Consumer Product Manager in Panda Security

This result speaks to the success of the set of technologies present in the company’s cybersecurity solutions, ideal for all types of users, private or professional, and for everyone from freelancers to large corporations.

Panda Security has developed its products in response to the rapid evolution of malware in recent years. In this regard, it offers the most effective response to threats like ransomware and proves to be the best ally in the prevention, protection and response to the latest attacks.

Latest updates

The company recently launched their Panda Protection, the multi-device antivirus protection that adapts to the user’s needs through a monthly service subscription.

The post Panda Security Detects 100% of malware, According to AV- Comparatives appeared first on Panda Security Mediacenter.

In the Wake of the CIA WikiLeaks Case, Some Tips on Corporate Cybersecurity

Year Zero, the first delivery from WikiLeaks of the “biggest document leak” the Central Intelligence Agency has ever seen, is made up of over 8,000 files. The revelations they contain are causing quite a stir. If nothing else, they’ve shown that the CIA has at its disposal an enormous cyberespionage arsenal.

The documents detail how cyberweapons were prepared to make use of “zero day” attacks (which target vulnerabilities that haven’t been made public yet, and can therefore be easily exploited). These cyberweapons would be used to compromise the security of devices using iOS, Android, Windows, and macOS operating systems.

Something of considerable note from these leaks is that the CIA would not have to break the encryption protecting apps such as WhatsApp, Signal, or Telegram. By gaining access to the smartphone’s OS using malicious software, they are able to access all the information stored on it.

According to the documents, which have been deemed authentic by several security experts, the CIA even made use of security holes in other smart devices. The US agency worked with their British counterparts to develop a cyberespionage tool called Weeping Angel to use smart TVs as hidden microphones. So, how did the affected companies react? And what can the rest of us learn from this leak?

Google and Apple’s Reaction

Apple reacted to the leak with a lengthy statement, pointing out that the security holes that the CIA used had already been patched in the latest version of iOS. The company also ensured that is would continue working to resolve any vulnerability and encouraged users to download the latest version of its OS.

Google claimed that Android and Chrome’s updates had already solved the problems, while Microsoft and Samsung have said they are investigating the issue. Although WikiLeaks hasn’t released technical aspects of the malware in question, they have announced their intention to share them with manufacturers.

For their part, the CIA is keeping pretty quiet about the whole thing. They’ve limited themselves to a “no comment” about the leaked documents and have stated that the revelations put US citizens in danger. It’s the first major challenge for CIA director Mike Pompeo, recently appointed by President Trump.

Keeping in mind that US intelligence is able to detect vulnerabilities even in the tech giants themselves and even develop cyberweapons to take advantage of them, what can a company learn from these leaks?

One of the first lessons to learn is that the security on our devices leaves much to be desired. Another, to avoid exposing our companies to zero day attacks, a perimeter-based security solution isn’t going to cut it. The only way to combat zero-day attacks: update, update, update, and spring for an advanced cybersecurity solution.

Panda Security’s Adaptive Defense 360, to name but one example, is not too shabby when it comes to top of the line security. It allows continuous monitoring through surveillance and logs of all activity at every workstation and detects advanced threats in real time. It stops untrusted software the moment it attempts to run, responds in a matter of seconds, and recovers instantaneously. It’s nice to know that your as-yet-unknown security holes (and there is always one or two lurking beneath the radar, even at companies like Google and Apple) won’t be much use to potential intruders.

The post In the Wake of the CIA WikiLeaks Case, Some Tips on Corporate Cybersecurity appeared first on Panda Security Mediacenter.

The Dark Side of Shopping Apps

Are shopping apps safe?

As we shoppers get better at identifying scams, cybercriminals are having to create new ways to try and steal our money. Effective PC security tools like Panda Safe Web can identify and block fake websites before scammers have a chance to trick us.

But increasingly we are shopping from our smartphones and tablets instead of desktop PCs. Realising this, cybercriminals have begun to develop a range of mobile-focused attacks designed to steal personal data and money.

So when you do fire up a shopping app on your mobile phone, how do you know it can be trusted?
Here are some tips.

1. Only download apps from official sources

Both the Apple App Store and Google Play Store use a very strict approval process to protect their customers. Whenever an app is submitted to one of these official stores, it is checked to ensure that it is not infected with malware, and doesn’t take personal data without your permission.

For iPhone users this is great news – every app they can download has been checked to ensure it is safe. Especially as Apple devices cannot install apps from anywhere else but the App Store.

Android users on the other hand are not limited to the Google Play store – they can download and install apps from virtually anywhere. Although this is much more flexible, not all app stores or websites apply the same security checks. Cybercriminals exploit this weakness by tricking Android users into downloading infected apps from email attachments or fake app stores. Once installed, this malware allows scammers to steal credit card details, or to encrypt your files so you cannot access them without paying a ransom.

When it comes to downloading shopping apps you must ensure they come from the official app store – otherwise you could be inviting cybercriminals onto your phone.

2. Install a mobile Security tool

You wouldn’t dream of leaving your PC unprotected against malware – so why ignore your mobile phone? Just this week mobile hacking hit the headlines again as government officials tried to highlight the risks.

It is absolutely essential that Android owners install a mobile security tool to protect themselves against fake shopping apps. Panda Mobile Security scans installed apps to detect malware and alert you to potential problems before your data can be stolen.

Using Panda Mobile Security you can also control what each app does, preventing them from accessing your data, or from triggering your camera or microphone. You can also prevent apps – good or bad – from uploading your information to the cloud, adding an additional layer of protection.

Stay alert

As well as installing security software on your mobile phone, you need to treat apps, web downloads and email attachments with caution. In the same way that you don’t open attachments from people you don’t know on your PC, you shouldn’t download unknown apps from untrusted websites.

As our phones become an important part of our shopping habits, criminals will devote more of their time and effort to attacking them. So it pays to protect yourself now before they attack you.

The post The Dark Side of Shopping Apps appeared first on Panda Security Mediacenter.

It Did What? The Dirty Secrets About Digital Assistants

Are Siri and Other Digital Assistants Actually a Security Risk?

People started fearing digital assistants before they even became a reality. Before computers were even a household commodity, Stanley Kubrick was terrifying cinemagoers with HAL, 2001: A Space Odyssey’s rogue AI assistant.

Today though, our intelligent personal assistants form an important part of our lives. As AI technology advances they will become even more prevalent.

While the dangers imagined in Sci-fi movies of the 60’s and 70’s are thankfully far from being around the corner, it’s important to look at the real security risks that digital assistants could pose.

Despite being the most popular intelligent personal assistants, Siri and Cortana are not the only iterations of this growing technology on the market. Amazon, for example, now offers it’s Echo device, while Facebook has recently released its own digital assistant called M.

So what are the dangers?

Not to sound too ominous, but IBM has banned the use of Siri for its employees. The rule was set by IBM Chief Technology Officer Jeanette Horan, who cited security concerns.

You know those large license agreements you have to agree to when you first start using a device, the ones most people don’t bother reading?

Well, Apple’s iPhone Software License Agreement, quite vaguely, shows how voice commands are used after being submitted to Siri. “When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text.

What’s more, “by using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.

Sounds like jargon? The convoluted styles in these agreements often help to gloss over important information that most companies know their user’s will be glancing over at best.

Siri may not literally be watching you, but the fact is that everything you say to her is sent to a big data center in Maiden, North Carolina. IBM’s Horan decided to ban Siri because it could be storing sensitive information for an unspecified amount of time.

If Apple were breached, hackers could intercept that data. And perhaps just as alarmingly, a lot of the data is sent to third party companies. Besides the fact that you’ll receive an onslaught of targeted ads, the more companies this information is sent to the less private it becomes.

This is far from being solely an Apple issue though.

Amazon Echo, A Criminal Witness?

In a case that has seen Amazon largely mirror Apple’s resolve on handing over encrypted data to the FBI, the Amazon Echo may have been a key witness to a murder.

James Andrew Bates is suspected of having killed Victor Collins in his apartment. No one else was present at the scene of the crime, except that is, Alexa, who was being used to stream music throughout the night.

Amazon, much like Apple, have abstained from giving police the data on Alexa, saying it would set an unwanted precedent. This shows though, at the very least, that police in Bentonville, Arkansas, where the crime took place, believe Alexa may be capable of storing sensitive information. So much so, they believe it could incriminate a suspect in a murder case.

Whilst this is obviously an extreme example of a data privacy issue, what implications does it have in a regular home?

The biggest all-round concern for cybersecurity experts is that these devices are constantly programmed to listen. Amazon’s Echo device is called to action by the command “Alexa”. This seems like an obvious vulnerability that could be used by hackers to listen into conversations taking place in the home.

Aside from this, the Echo cannot differentiate between different voices, so anyone who comes into your home potentially has access to every account linked to Alexa.

Other Risks

So, whilst it is yet to have happened, or to have been allowed by any of the big tech companies, lawyers or the police could potentially subpoena sensitive information. This is, of course, if law enforcement gets their way.

If they do, they’ll have the key to a huge amount of information, Apple, Amazon and Google being amongst a growing list of companies that keeps an archive of commands.

The problem, however, goes beyond the mere use of digital assistants. As the use of integrated devices and smart homes increases, more and more devices will have the ability to store potentially sensitive information. A Smart TV, for example could easily have the capability of storing recorded information. Whilst this would seemingly be primed towards targeted ads, there is again the possibility that sensitive information could be stored unbeknownst to its users.

Keep Safe

The obvious advice is easy to uphold, and is one that most people will already be practicing. Don’t say sensitive information, like passwords or credit cards details, out loud. It’s likely to become increasingly difficult to know who (or what’s) listening within your own home.

Meanwhile, whilst operating systems such as iOS do let you manage data collection by changing privacy settings, the only option the Amazon Echo gives you is to unplug the device when not in use. It’s important, therefore, to look at your privacy settings, whatever the device.

So aside from telling us tomorrow’s weather, where the best restaurants are, and the occasional bad joke, digital assistants do pose some real risks to our cybersecurity.

Whilst the technology undoubtedly makes us more seamlessly connected to our tech devices, in turn making our lives easier, it’s important to always take into account the issue of privacy; an issue that tech is increasingly making more tenuous within our own homes, for better or for worse.

The post It Did What? The Dirty Secrets About Digital Assistants appeared first on Panda Security Mediacenter.

Your Android lock pattern can be cracked in just five attempts

 

If you use a lock pattern to secure your Android smartphone, you probably think that’s the perfect way to avoid unwanted intrusions. However, that line you draw with your finger may be a bit too simple. After all, if even Mark Zuckerberg himself used ‘dadada’ for all of his passwords, it is not surprising that your lock pattern may be a simple letter of the alphabet.

Android lock patterns can be easily cracked using a computer vision algorithm.

Relax, you are not the only one. Around 40 percent of Android users prefer lock patterns to PIN codes or text passwords to protect their devices. And they usually go for simple patterns. Most people only use four of the nine available nodes, according to a recent study conducted by the Norwegian University of Science and Technology. Additionally, 44 percent of people start their lock screen pattern from the top left corner of the grid.

Even though creating more complicated patterns may seem like the best solution to make your password harder to guess, a team of researchers has demonstrated that complex patterns are surprisingly easier to crack than simple ones by using an algorithm.

Hackers can steal your lock pattern from a distance

Picture this: You sit at a table in your favorite café, take your smartphone out of your pocket and trace your lock pattern across the phone screen. Meanwhile, an attacker at a nearby table films the movements of your fingers. Within seconds, the software installed on their device will suggest a small number of possible patterns that could be used to unlock your smartphone or tablet.

Researchers from the Lancaster University and the University of Bath in the UK, along with the Northwest University in China, have shown that this type of attack can be carried out successfully by using footage filmed with a video camera and a computer vision algorithm. The researchers evaluated the attack using 120 unique patterns collected from users, and were able to crack 95 percent of patterns within five attempts.

The attack works even without the video footage being able to see any of the on-screen content, and regardless of the size of the screen. The attackers would not even need to be close to the victim, as the team was able to steal information from up to two and a half meters away by filming on a standard smartphone camera, and from nine meters using a more advanced digital SLR camera.

Surprising as it may seem, the team also found that longer patterns are easier to hack, as they help the algorithm to narrow down the possible options. During tests, researchers were able to crack all but one of the patterns categorized as complex, 87.5 percent of median complex patterns, and 60 percent of simple patterns with the first attempt.

Now, if tracing a complex pattern is not a safe alternative, what can you do to protect yourself, especially if you store sensitive data on your smartphone? Using your hand to cover the screen when drawing your lock pattern (just as you do when using an ATM), or reducing your device’s screen color and brightness to confuse the recording camera are some of the recommendations offered by researchers.

The post Your Android lock pattern can be cracked in just five attempts appeared first on Panda Security Mediacenter.

Online harassment: is it time we do something about it?

The real old, witty insult has come a long way since it was first blurted out by Mr. Caveman back in pre-historic times. That first grumble started everything and the rest, as they say, is history. Fast forward to 2017 – there’s now plenty of ways to deliver an insult to anyone, whether you know the person or not. And it can be done from a very familiar location: the relative safety of your home, sat at your desk, using a computer, typing furiously (instead of barking around as your distant ancestors did).

Online harassment is reaching epidemic proportions.

In the beginning, wasn’t the Internet promising a new era of civilized conversations? Here in the United States, freedom of speech is protected from government restrictions by the First Amendment to the United States Constitution. So what’s the difference anyway between a good old joke and harassment? Well, a joke is usually funny. Yep, that’s right: the fun has got to be both ways. A line is crossed when there are tears (we’re not talking about tears of joy here). Maybe it’s time to call time on the bullies.

Twitter seems to be thinking so. Everyone agrees there will always be trolls out there. Apparently, it’s a sad side to human nature. But since last month the company is making it harder for people who have been suspended for harassment previously to create new accounts. For obvious reasons, Twitter can’t disclose just how exactly it’s doing this. But the fact it is taking action has to be a good thing. Insiders say that in all likelihood users are still going to see some of the usual roughness, though it is hoped most of the mindless drivel will be flushed out. Phew!

“Safe search” feature

Also Twitter is working on a “safe search” feature, this is meant to remove those tweets that have sensitive content or come from muted and blocked accounts. These changes are being rolled out progressively so keep an eye out for them and be sure to share your thoughts about that with us. Are these changes making a difference? Are the tone of your exchanges better – if only a little bit?

Think before you tweet!

It’s important always to remember and follow the usual safety rules when online, so here are some Twitter-specific tips for you. Malicious people will sometimes try to take over accounts so they can send private messages or spam to a person’s followers. To guard against this don’t click links in Direct Messages unless you were expecting a link from that person! Also, many hacks will happen when Twitter login details are entered into a fake website. So be careful of sites that look like Twitter.com it’s easy to get spoofed.

Why not double check anti-virus protection while you’re at it? Granted, Twitter is doing its part to stop the insults flowing. How about you stop the hackers in their tracks with Panda Security? The company’s products include some of the most advanced cyber-security services available on the market. It may not stop the insults, but at least it will prevent you from becoming a victim of a cyber-crime.

The post Online harassment: is it time we do something about it? appeared first on Panda Security Mediacenter.

NSA and CIA were spying on you! So what?

A few days ago WikiLeaks released information clarifying CIA have developed a whole lot of hacking tools that allow them to spy on everyone somehow connected to the internet.

Unfortunately,it’s not news NSA, and CIA are spying on you, this has been a well-known fact for years. According to NSA and CIA, the primary goal of the global internet monitoring is the fight against terrorism. There is no precise statistics of how many terrorist attacks have been prevented thanks to the patriot act and the hard-working guys at NSA and CIA. However, we are sure they’ve been doing a good job so far – with small exceptions there haven’t been any major incidents here on US soil since 9/11.

Even though no one is euphoric CIA and NSA seem to have access to virtually everything digital in the world, regular folks have accepted it.

So why is all the fuzz around WikiLeaks and their latest Vault 7 leak?

The problem is that according to Julian Assange, the tools CIA and NSA have developed could also be classified as cyber weapons. Briefly, it’s the equivalent of the discovery of the atomic bomb. If these cyber arms end up in the wrong hands, things can go horribly wrong. Imagine if a 16-year-old stoner from FYROM manages to access your router, and record everything connected to it. Imagine if they can do the same thing to a top government official.

Or if a piece of hardware used in airplanes has a backdoor allowing unauthorized access to the equipment located at captain’s cockpit. This is scary, isn’t it? We live in a digital era where adults in the US spend an average of 5 hours a day staring at their cell phones. We monitor our children with baby monitors, and we pay bills and shop online on a daily basis. There is barely any cash seen in the modern world; all our finances are in digital bank accounts. We no longer work for hard cash, we work for ‘doubloons’ in our bank account. Our life is starting to feel as we are in a video game, and as in many video games, villains want to take advantage of the regular people. Everything we do and that matters to us is somehow visible as a digital print.

So let’s get back to what’s scary.

The scary part is that CIA and NSA obviously are having issues keeping all this information secure and it is possible those cyber weapons will end up in the wrong hands. How would you feel if you know Iran, Russia or China have this power too? It would be a chilling fact to realize that a foreign government knows more about you than your own.

It will surely give you the chills to understand that a country with completely different beliefs and culture has access to your personal and professional life. Such hacking scandals also cause a stir around the globe as other nations say the USA needs to stop spying on them.

The good news is…

And if we try to somehow forget about governments fighting each other in cyber wars, such weapons could end up in the hands of groups of hackers who are after the regular people. The good news is that cyber criminals do not have nationality or beliefs; most of the times they are not after you; they are after your money. And using the weapons developed by CIA and described at WikiLeaks, gaining access to your bank account seems like a child’s play if you are not protected.

Julian Assange says the information released a few days ago is only 1% of what it is to come. According to WikiLeaks, the Vault 7 series will be the largest intelligence publication in history. We can surely expect extraordinary findings over the course of the next few months!

The post NSA and CIA were spying on you! So what? appeared first on Panda Security Mediacenter.

Mobile World Congress 2017: Are Future Technologies Safe?

“Technology is very hard to predict.”

So said Reed Hastings, Netflix CEO, during his keynote at this year’s Mobile World Congress when asked what his forecast was for future technologies over the next five to twenty years.

This year’s Mobile World Congress (MWC) was full of tech that gets us excited about the future though. From 5G, which could be up to a thousand times faster than 4G, to new real-world VR applications, the event over the years has become so much more than just a showcase for mobile devices.

We were able to check it out, and have put together a list of some of the technologies that got us most excited, and that we feel will form a big part of our future lives.

As Hervé Lambert, Global Consumer Operations Manager at Panda Security, was quick to point out though, there is a flipside. As he put it, as these new technologies advance, cyber criminals “will become more specialized with each type of attack and will go deeper into the system.” For every new exciting piece of tech, there is of course, the question of cyber security.

How will this tech shape our future and will it be one where we can feel safe in the physical and digital world?

Robots / AI

Driving home the MWC’s futurist appeal, as well as the fact that the event is more than a simple mobile device exhibition, was the amount of robots on display this year. PaPeRo, the human companion robot was demoed by various companies. Its impressive face recognition capabilities can be utilized for public safety, even being able to track lost children in shopping malls.

At the Ubuntu stall, meanwhile, REEM and REEM-C were both on display. REEM-C, which was designed by Barcelona-based PAL Robotics, is a flexible full-size humanoid biped robot that is used for different types of research, including AI.

Being connected to the Internet of Things (IoT) obviously poses potential risks.

REEM-C, for example, weighs 80 kg. In a future where robots are more widely available, a malicious attacker could cause real damage by taking control of such a heavy piece of machinery.

AI and big data analysis is actually being used today to make people safer though. During a keynote speech at the MWC, Takashi Niino, CEO and president of the NEC Corporation, described how real-time analysis with face recognition technology is being used in Tigre, Argentina to reduce crime. The highly accurate face recognition technology can be used to identify criminals, and even to detect suspicious behavior. Since the “urban surveillance system” was implemented, vehicle theft has gone down by 80 per cent in Tigre.

“AI will soon become a reality of most people’s daily lives”

As always, there’s another side to the coin though. Whilst high-speed data analysis allows law enforcement to act more efficiently, it also does the same for cybercriminals. “Cyber crime is increasingly becoming automated and the number of incidents are escalating exponentially”, said Hervé Lambert. “AI will soon become a reality of most people’s daily lives, so it is very important that its development is overseen responsibly by engineers that are specialized in intelligent security.

Virtual Reality (VR) / Augmented Reality (AR)

Virtual reality has been touted for a while as the next big thing in entertainment. We’ll be able to fully immerse ourselves in distant locations and invented realities. Arguably, its close relative, augmented reality (AR), is where the most life-changing innovation is going to take place though.

Several new VR/AR applications were on show at the MWC. Relúmĭno –which was on show at Samsung’s C-Lab VR projects stall– demonstrated an impressive practical application for VR. The Relúmĭno app, designed for Samsung’s Gear VR headset, acts as a smart visual aid for visually impaired people by remapping blindspots. The effect, when using the headset, can be described as seeing the world as a cartoon with edges and surfaces in your surroundings rendered as sharp black lines.

Other separate standalone projects, like Inflight VR, aim to enhance our inflight experience with VR entertainment. Flight notifications will appear at the bottom of the screen as you navigate the hand-tracking controlled system. LiveRoom, on the other hand, will allow people a more immersive retail experience with its AR capabilities, and can also be used to enhance the classroom experience.

What dangers do we face when it comes to VR/AR though?

VR and AR can be compared to social media, but on a whole other level. This means that when it comes to online privacy, the stakes will be much higher. An unfortunate example has already been seen of this in real life. Users have reported sexual harassment on VR, with inappropriate gestures by some gamers towards other players. Much like with social media, some users sadly see the anonymity afforded by their digital avatars as allowing them to act inappropriately in the digital world.

This type of problem could reverberate beyond just VR gaming though. It’s very likely that our digital avatars will become an even more important part of our lives in VR than they are now in the likes of Twitter and Facebook. If hackers can carry out ransomware attacks after retrieving information on social media, it’s possible that this type of attack will be an even bigger danger with VR in the future.

Connected and Autonomous Cars

One of the visions of the future presented at the MWC was one of people sitting back on their commute to work, in their driverless cars, as the vehicle safely takes control of everything.

Whilst this future may still be in the distance, some cars on display at the MWC are certainly taking us in that direction. Roborace showed off its “robocar” at the even, whilst Peugeot revealed its Instinct concept car, a futuristic and stylish vehicle that wouldn’t look out of place in a sci-fi movie. One of the Instinct’s capabilities is that it can change the ambience inside the vehicle, depending on the passenger’s mood. Stressed out after work? It’ll put you into a relaxed seating position and change the lighting to ‘ambient’.

As the car will connect to the IoT using Samsung’s Artik cloud platform, it will be able to seamlessly integrate your vehicle’s operating system with other devices. This could make your car remind you that a drive to the supermarket is in order, for example. Haven’t been keeping up with your fitness regime? Your car could encourage you to stop and jog the rest of your journey.

Potential risks

Of course there are potential risks when it comes to this technology. Though the technology doesn’t exist yet, there were many 5G demonstrations at the MWC. Most of these focused on reduced latency speeds, meaning that we’ll have a future where almost anything can be controlled in real-time. Could hackers take control of a vehicle that’s connected to the IoT and take it off course without the passenger realizing? It’s a scary prospect.

“Online security’s Achilles’ heel is the Internet of Things”

According to Panda Security’s Hervé Lambert, “online security’s Achilles’ heel is the Internet of Things”. It’s important for cyber security experts to keep up with tech innovations, as there’s no doubt that cyber criminals will too.

Lambert says that hackers aren’t the only worry though. It’s a possibility that in the future, “insurance companies could exploit driving data. This could include data about the way people drive and it could be used to increase insurance prices based on new criteria.” Insurers could have access to a huge amount of data, including where people drive and where they park.

Third-party data gathering could be taken to a whole new level. The IoT will massively benefit our lives, but sadly, it could also open a door to hackers and companies that are looking to financially exploit its users.

Honorable Mentions

“Smart cities, smart factories, smart cars, and anything ‘smart’ will also create a necessity for smart security.”

There was so much tech on show at this month’s Mobile World Congress that will undoubtedly shape our futures and improve our lives in many ways.

Just as autonomous cars look to be brining sci-fi predictions to real life, IIT’s grapheme electrode prosthetic is set to change people’s lives in a way that was previously only imaginable on the big screen. Think Luke Skywalker’s robot hand in The Empire Strikes Back. Graphene, a material that is invisible to the naked eye, will allow electrodes to be embedded comfortably into a robot-like prosthetic hand; a big advance in prostheses.

Drones were also a big draw at the MWC. Though they can be used for games as well as to record things from a distance, their most prominently discussed capacity at the MWC was for use in security systems. Whilst the flying machines will allow efficient surveillance, we also face the Orwellian prospect of drone surveillance as a means for law enforcement. Will they keep us safe or be used to control us? Only time will tell.

When pushed to give an answer for his forecast of the future, Reed Hastings said, “[at Netflix] we’re not sure if we’ll be entertaining you or AI.” While such advances in artificial intelligence are still a long way away, the Mobile World Congress has shown this year that technology will increasingly become a seamlessly integrated part of our very existence. Though future predictions are largely positive when it comes to new technologies, there’s a negative side that also merits attention.

As Hervé Lambert puts it, “smart cities, smart factories, smart cars, and anything ‘smart’ will also create a necessity for smart security.

Cyber security is undeniably a big part of the puzzle when it comes to a future of safe, smart, integrated cities.

The post Mobile World Congress 2017: Are Future Technologies Safe? appeared first on Panda Security Mediacenter.

Sticky Attacks: When the operating system turns against you

Cyber-attackers are always finding new ways of bypassing the protection systems installed on computers in order to avoid detection and steal user data. In that respect, Black Hat hackers have always turned to malware-based attacks (phishing, network worms, or the dreaded Trojans with ransomware as the most dangerous example) to reach their goals: break into companies to steal credentials and huge amounts of other data in exchange for a ransom… At least, until now.

PandaLabs has recently detected a quite clever attack targeting a company in Hungary. What makes it so special? Well, the attack does not use any malware as such, but scripts and other tools belonging to the operating system itself in order to bypass scanners. This is just another example of the increased self-confidence and professionalization we have been observing among cyber-crooks in recent months.

Analysis of a malware-less attack

First, and as has become the norm in the latest security incidents analyzed at the lab, the attack starts with the attackers launching a brute-force attack against a server with the Remote Desktop Protocol (RDP) enabled. Once they get the computer’s login credentials, they have complete access to it.

Then, the first thing that the attackers do is run the sethc.exe file with the parameter 211 from the computer’s Command Prompt window (CMD). This turns on the system’s “Sticky Keys” feature. We are sure you have seen this message before:

panda-security-pandalabs

Next, a program called “Traffic Spirit” is downloaded and run. “Traffic Spirit” is a traffic generator application which in this case is used to make extra money out of the compromised computers.

panda-security
Traffic Spirit website

Then, a self-extracting file is launched that uncompresses the following files in the %Windows%cmdacoBin folder:

  • registery.reg
  • SCracker.bat
  • sys.bat

The attackers then proceed to run the Windows registry editor (Regedit.exe) to add the following key contained in the registery.reg file:

This key aims at ensuring that every time the Sticky Keys feature is used (sethc.exe), a file called SCracker.bat gets run. This is a batch file that implements a very simple authentication system. Running the file displays the following window:

The user name and password are obtained from two variables included in the sys.bat file:

This way, the attacker installs a backdoor on the affected machine. With this backdoor, the attacker will be able to connect to the targeted computer without having to enter the login credentials, enable the Sticky Keys feature (for example, by pressing the SHIFT key five times), and enter the relevant user name and password to open a command shell:

The command shell shortcuts will allow the attacker to access certain directories, change the console color, and make use of other typical command-line commands.

However, the attack doesn’t stop here. In their attempt to make as much profit as possible from the targeted company, the attacker installs a bitcoin miner to take advantage of every compromised computer for free money. Bitcoin mining software aims to use the victims’ computer resources to generate the virtual currency without them realizing. A cheap and very effective way to monetize computer infections.

How does the Sticky Keys feature aid cyber-crooks?

If an attacker can actually access a targeted computer via an RDP connection, what do they need a backdoor for? The answer to this question is quite simple: By installing a backdoor on the affected machine, even if the victim realizes that their system has been compromised and changes the Remote Desktop credentials, all the attacker has to do is  press the SHIFT key five times to enable Sticky Keys and run the backdoor to be able to access the system again. And remember, all of this without running malware on the affected computer.

Adaptive Defense 360, Panda Security’s advanced cyber-security solution, was capable of stopping this targeted attack thanks to the continuous monitoring of the company’s IT network, saving the organization from serious financial and reputational harm. Protect your corporate network with the security solution that best adapts to your needs.

 

The post Sticky Attacks: When the operating system turns against you appeared first on Panda Security Mediacenter.