Category Archives: Panda Security

Panda Security

Panda Security

We know “who’s viewed your Instagram” and it’s not who you think

There’s something every Instagrammer wants to know: who is looking at my photos?  We live in a show-and-tell world, with I-see-I-do-I-post-mindsets, comments, and “likes”.  No one wants to disappear at fault of a #boring photo.

Instagram makes it easy to play pretend, but what happens when someone else pretends to be you? In theory, social media sites like Facebook make it so that third parties can’t access your “secret information” but without our knowledge, hackers are taking advantage of us: robbing personal data (even those super-complicated-and-thoroughly-though-out passwords) and gaining full access to our profiles.

For Turker Bayram, hacking into social media profiles is his specialty.  On multiple occasions, this sadly popular yet elusive malware developer has been able to place his malicious “apps” in the top charts on Google Play and the App Store.  Soon after he creates them and uploads them, there are massive numbers of downloads.  By the time someone figures out what’s going on, and after hundreds of thousands (potentially millions) of users are robbed of their personal information, Google and Apple finally delete the apps.  This has happened at least twice.

Just a few weeks ago, an independent developer named David Layer-Reiss warned us on his blog about Bayram’s new malicious “software”.  The iOS version was called “Who Cares With Me – InstaDetector”, and in Android, “InstaCare — Who Cares With Me”.  These “apps” discovered by Layer-Reiss have already been eliminated and, in November 2015, both Apple and Google withdrew Bayram’s original platform, InstaAgent.  It is not the first time malware takes over a popular site (i.e. Instagram, WhatsApp, Facebook) in order to massively rob user profiles… and it won’t be the last.

FOTO 1_instagram

These “apps” always return to the top of the charts and sometimes under the umbrella of the same developer.  In the case of “InstaDetector”, the victim innocently enters their credentials, unaware that the confidential data is sent to the attacker’s server.  Instead of discovering “who has been looking at your Instagram?”, the cyber-attacker seamlessly accesses the account as if it were their own and posts spam photos on the owner’s behalf.FOTO 2_instagram

From telegrams to Instagrams, the more technically sophisticated we become the more important it is to trust the communication source, or in this case, the “app”.  “InstaDetector” is just one of the many scams designed to take advantage of the enormous interest generated by social networks.  The most worrisome thing about them is their popularity, always massive and immediate, that by the time Google or Apple are involved it’s too late for thousands of users.  Combat these threats by staying alert, ignoring false promises, and installing a tough antivirus on all of your devices.

The post We know “who’s viewed your Instagram” and it’s not who you think appeared first on Panda Security Mediacenter.

Panda Security

Your favorite sites don’t use a secure connection

HTTPSThis whole FBI-Apple debate has the technology world up in a frenzy about national security vs. personal security.  Apple’s refusal to give up classified information to a government agency tells us something about the current state of our online safety, and lots of tech companies are stepping up to fight for our privacy.

Recently, Google conducted a study to see if the most-popular websites follow something called HTTPS Protocol.  HTTPS (the added ‘S’ for secure) provides authentication of a website, ensuring its credibility for its users by encrypting the communication on its server.  This makes it so that important data like our usernames, passwords, or personal messages cannot be intercepted; kind of like having our own online-bodyguard who lets us know when we are browsing a trusted site.

The results of the study could not be more discouraging.

From the one hundred sites studied, 79 do not use HTTPS by default and 67 use an obsolete encryption technology, aka no security method at all.  “According to our calculations, the list of web sites that we have presented constitute about 25% of all global traffic”, a Google spokesperson stated.  Does this mean that these ultra-popular sites don’t worry about our online security?  It sure seems that way.

What’s even more shocking is the prestige of these sites; among them are pages like The New York Times or CNN, e-commerce platforms like eBay or Aliexpress, and well-known industry leaders such as Softonic.  Google has declared war with these non-users (it searches index sites that use HTTPS and crosses out the rest with a red x in the Chrome address bar) and offers tools so that any developer can easily implement this protocol.  This Mountain View company believes in “[making] the Web a safer place not only for Google users, but for everyone in general.”

googleImplementing this technology to add that ‘additional layer’ of security is extremely easy.  Maybe the reason companies aren’t using this protocol is due to a lack of interest rather than a technical issue.  Until recently, it took time and effort to develop a site with HTTPS but now there are platforms that facilitate the necessary certificates, for free.

Thankfully we have Google leading the crusade in making the Internet a safer place.  Let’s continue to do what we do from the comfort of our laptop, like filling up that online shopping cart or making that bank transfer, but make sure to protect yourself.  Always check for that extra ‘S’ and use a dependable antivirus service, like Panda, who will help you do it safely and smoothly.

The post Your favorite sites don’t use a secure connection appeared first on Panda Security Mediacenter.

Panda Security

The Internet of Things: Pacemakers

 

Marcapasos_imagen 2

Fit-bracelets, smart-watches, and other wearable technology have joined the “Internet of Things”, everyday objects that collect and exchange information (think: vehicles, smart thermostat systems, and any other device with online capabilities).   But did you know that there are much more advanced, health-monitoring, devices out there?

The high-tech pacemakers made today have a ton of benefits, especially for patients who require constant checks and intensive control of their health.  These machines have connections that allow them to exchange information with the hospital staff and doctors, as well as the machine’s vendor.  Although the pacemakers are not always active, these connections are used to configure and set the parameters of the devices, to remotely monitor its activity, and to transmit the data to its carrier.  So, what could be the downside?

Can a pacemaker be hacked?

Well, with any connected device we need to consider if and how it may be hacked.  Some researchers and ethical hackers have begun to work in this field to find potential vulnerabilities, but it hasn’t been easy. Manufacturers do not want to give details on the design nor on the specifications of the running software, making it difficult to follow through with research.

So what do we know so far?  In 2008, a team of researchers from Archimedes Center for Medical Device Safety at the University of Michigan in the United States confirmed that these pacemakers can be hacked, making it possible to extract personal information from devices or modify its configuration, further putting the patient’s life in jeopardy.

It was rumored that a well-known hacker named Barnaby Jack developed software to hack pacemakers, making it possible to kill anyone wearing one (no matter the distance).  He died shortly before he could prove it at the Black Hat conference in Las Vegas.  If there is a possible way to control the pacemaker through an internet connection, regardless of distance, there is still no published research that confirms or disproves it.

The most recent research has been done by PhD research scientist and security expert Marie Moe.  She has embarked on a new project to analyze the risks and weaknesses of these devices (pacemakers and other wearable technology in medicine) with the help of other professionals in the sector. Moe became very involved in the project after realizing the risks of her own pacemaker.

The aim of her project is to prove that these products are not always safe for patients, regardless of constant development.  Moe hopes her research will help prevent future attacks and allow manufacturers to fix any possible security errors on their devices.  Recently, the FDA has warned of vulnerabilities found in drug injection pumps, which administer controlled amounts of medicine at certain rates to patients.  The cracks in its system allow for unauthorized firmware updates; in theory, a hacker could alter the software and configure the machine however they want, even if that means setting the drug doses to lethal levels.

Marcapasos_imagen principal

Keep in mind:

Information is free, protecting yourself is cheap, but no one can afford to lose a loved one because of a damaged device.

The post The Internet of Things: Pacemakers appeared first on Panda Security Mediacenter.

Panda Security

They’ll hack your Android in T Minus 10 seconds

FOTO 1

The word that scared all Google users last summer is back and worse than ever. Stagefright, nicknamed by its founder Metaphor, is even more dangerous in its new version.

Much like its name’s meaning, Stagefright, hides deep in the Android library, unnoticeable to Android users as they watch videos of cute puppies and crafty DIY hacks, all the while exposing themselves to its vulnerabilities.

How many devices are affected?

Now in its second swing, these Stagefright vulnerabilities have already affected hundreds of thousands of Android devices through holes in the multimedia library. More specifically, they have even affected those who use versions 5.0-5.1 (23.5% of affected Androids) and some using versions 2.2 and 4.0 (unsafe due to old terminals that had been exposed to previous viruses).

Google fights back

After the bugs’ discovery, Google implemented a series of bug-fixes and other security measures, even creating its own group of vulnerabilities to counter the attacks. Upgrades and patches were set up to make it more difficult for Stagefright to infiltrate an Android in a real attack.

Unfortunately, Metaphor has been able to dodge these protection mechanisms that were added to the more modern versions of the Android. With this new exploit, as their own creators have shown, Stagefright can easily control devices as diverse and modern as the Nexus 5, Samsung Galaxy S5 UN, UN LG G3 or HTC One UN.

So, how exactly does Stagefright break in?

Sneakily. The user does not need to be using their smartphone during an attack, really. In the case of Stagefright, the attacker can gain access through a particular website (e.g. through a malicious video link received by email or MMS). In a proof of concept, an email with a corrupted video link promoting videos of kittens leads to a page actually containing this material. The recipient has no way of knowing, that while the video is rendering, their Android is also being attacked. It can take as little as 10 to 15 seconds for the cyber-criminal to have control of their victim’s terminal.

Spent some time today messing with Lightroom's post-processing tools to teach myself. I don't want to end up relying on them for every shot but it's nice to know what I have to work with.

Metaphor’s strategy is not exactly new. It largely relies on the attacks that were released last summer, when the holes were first discovered. However, today’s danger lies in Stagefright’s ability to bypass ASLR, which is the barrier Google raised in all versions of Android after 4.1. The problem is that this new threat binds itself not only to older devices but also to more modern ones. Those who have Android´s Lollipop 5.1 are not even safe, representing about 19% of all of Android smartphones.

No matter what, the best way to protect your Android and all other risks associated with Stagefright is to keep your operating system as up-to-date as possible and install a good antivirus. If your phone has been left out of the recent updates, take caution: you should not browse pages unless they are fully trusted. Even those who promise photos of adorable and fluffy kittens.

Panda Security

IOC: a buzz word and a hot topic, but do we really know its capabilities?

IOCs

 

In order to secure and maintain an IT infrastructure, it is vital to know what is going on in the network that the Endpoint is running on. This means that managers and other stakeholders need to know if something unusual is happening within the corporate network. When we use the word “unusual” we mean any potential threat or suspicious activity that may have happened or is currently happening within the company infrastructure.

Until now, the main service that most security-intelligence businesses could offer us was a subscription alerting us of the latest threats, malware, IPs and URLs with malicious intent; etc.  Adding this information to an infrastructure’s perimeter security system has allowed engineers to proactively plan and prepare, and has helped them to detect and prevent any threats their company may otherwise be susceptible to. In the IT industry, these updates are very common and companies will not hesitate to pay a certain amount in exchange for the latest updates offered.

With this service, it’s easy to prevent malware vulnerabilities but can we fully protect our infrastructure? The answer is yes, but the value of these services is high and the lifetime of their deliverables, in general, is very short.  So, what can we do to boost our protection?

 

The next generation in threat detection.

Every day, security analysts piece together different events related to new threats. When it comes to cyber-security, these analysts need a faster way to share information regarding the incident and must have the fastest response time possible. These incidents can be a simple observable (an IP, URL, a hash…), or can be more complex, requiring advanced analysis and reverse engineering. When all of these patterns have been assembled, the result is what we call an Indicator of Compromise (IOC). This may sound foreign to most of us, but security analysts should be familiar with the concept of an IOC and all of its capabilities.

So what exactly is an IOC?

In computer forensics, an IOC is an activity and/or malicious artifact identified on a network or an Endpoint.  We can identify these IOCs and can thus improve our abilities to detect a future attack.

 

Seems simple, right?

If we focus on their use cases, you can be described from a list of indicators to a full incident cybersecurity for analysis, research and/or response and can get answers to ‘What, Who, Why, How, Where and When ‘of the incident. Some of these use cases might be:

  • Inbox e-mails with falsified information (phishing)
  • Malware behavior patterns
  • Discovery of a specific vulnerability and actions to combat it
  • The distribution of a list of IPs related to Command and Control
  • Discovery of a specific vulnerability and actions to combat it
  • Sharing policies and patterns of behavior related to a certain incident (automatically or manually) so they can be exploited by third parties.

We can also use a list of standards to discover the IOC based on its needs (e.g., subsequent detection, characterization or sharing).

This was a brief introduction to IOCs.  We will continue to investigate this issue in the articles we publish in the future and our goal is to help security analysts understand more about the following:

  • What standards currently exist to help us find IOCs? State of the art, benefits, Use Cases…
  • How can we characterize an Indicator of Compromise?
  • How are we able to share Indicators of Compromise?
  • IOC Accuracy: Quality, life-time…

The post IOC: a buzz word and a hot topic, but do we really know its capabilities? appeared first on MediaCenter Panda Security.

Panda Security

Who are the most famous hackers in history?

 

PandaSecurity-most-famous-hackers-in-history

Since the beginning of the internet, there have been hackers who have used the Net to benefit at the expense of other users.  Some have managed to attack so many people, or companies and institutions so large, that they have become internationally infamous.  These are the great villains of the internet.

At Panda Security, we have spent the last 25 years successfully fighting against these cyber criminals. We work every day to protect all of our users from the threats these hackers create, making your Panda antivirus purchase more than worthwhile 😉

Today we are going to recall some of the biggest hackers, whose cyber-crimes made them famous and led to arrest and jail time. Some of them even switched sides, saying goodbye to the dark side of the Internet.

1. “Cracka”: The mysterious British teenager who hacked into the CIA director’s database

The latest cyber-criminal to draw international press attention is a 16-year-old British boy who managed to hack into the personal mailings of the CIA Director, FBI Director and the Director of National Intelligence.  He was also able to hack into the Director of National Intelligence’s phone bills, revealing the identities of 31,000 US government agents (CIA, Homeland Security, and FBI).

The true identity of this kid has not been disclosed but we know that he calls himself “Cracka” and claims to be a member of the group of hackers, “Crackas with Attitude”, who act in defense of the Palestinian movement. “Cracka” was arrested last month in the southeast of England.

PandaSecurity-cracka-cia

2. “The homeless hacker” who betrayed Bradley Manning

Adrian Lamo is known as “The homeless hacker” because he was always traveling, connecting, and attacking via WiFi at Internet cafes and other public access points. Although he began his hacking career legally; analyzing security threats for large companies like Microsoft, Fortune 500, Bank of America or Yahoo!; he was later arrested for stealing data from more than 2,000 subscribers of The New York Times.

In 2002, he was sentenced to six months of house arrest and two months of probation for the above crime.  He is also remembered for his betrayal of US soldier Bradley Manning; in 2010 he reported Manning to the Federal Government for leaking classified information about the army and the Secretary of State to another famous hacker, WikiLeaks.

PandaSecurity-adrian-lamo

Adrian Lamo, Kevin Mitnick, and Kevin Poulsen (2001).

 

3. “Soupnazi”: 170 million credit cards hacked from Miami Beach

Albert Gonzalez is the hacker hiding behind the alter-ego “Soupnazi” and the person responsible for one of the largest identity thefts in the history of the Internet.  He gained access to accounts and stole more than 170 million credit cards from users worldwide.

This hacker was arrested in 2008 at a Miami Beach hotel and, in 2010, was sentenced to 20 years in prison by a New Jersey Federal Court. It is believed that Gonzalez was working with hackers hiding in other countries, making them impossible to catch.

 

PandaSecurity-miami-beach-hacked

 

4. The St. Petersburg hacker who stole $10 million from Citibank network

After the end of the Cold War, St. Petersburg became one of the main hot-spots for cyber-crime.  This is where Vladimir Levin had a remarkable career that could be straight out of a James Bond film.

In 1994, after graduating from Saint Petersburg State Institution of Technology, Levin managed to steal $10 million from Citibank clients, all from his apartment in St. Petersburg.  Unfortunately for Levin, Interpol tracked him down and arrested him in London’s Stansted airport. He was extradited to the United States, where he was sentenced to serve three years in prison and pay a fine of $240,015 (plus return all of the stolen money).  It is believed that Levin could be part of an organized group (leading it or taking orders) connected to the Russian mafia.

 

5. The Most Wanted cyber-criminal in the United States

Kevin Mitnick’s case is probably the most controversial in Internet history. In 1983, he managed to hack into the Pentagon network and into the systems of very large corporations (similar to Nokia or Motorola).  He combined social engineering practices by hacking both computers and telephone networks. This made him the most wanted cyber-criminal in the world, in a highly-publicized investigation that ended with his arrest two years later.

After serving five years in prison, Mitnick decided to leave the dark side of the Net. He became a security consultant for several companies and began to hold conferences about cyber security on universal forums. He currently runs his own security consulting company, Mitnick Security Consulting, LLC.

PandaSecurity-cyber-criminal

These are our Top 5 hackers. We are very well-informed about the malware these hackers create and we analyze it every day so that you can have the best virus protection. Who do you think is the worst hacker?

 

The post Who are the most famous hackers in history? appeared first on MediaCenter Panda Security.

Panda Security

Cyber-crooks can use your wireless mouse and keyboard!

wireless-keyboard

Remember how the problems you had with the nightmare of tangled cables going in and out of your computer went away the day you discovered wireless devices? In fact, you swore never to touch a wired device again after buying a keyboard and mouse capable of communicating with your computer without needing to be physically connected to it. You even went as far as to replace your laptop’s touchpad with a mouse that communicates with your computer via a small USB connector as if by magic.

Well, we have news for you: A group of security experts have discovered that these devices, as convenient as they are, are not very safe. Cyber-criminals can take control of users’ computers remotely by exploiting flaws found in wireless keyboards and mice from seven major manufacturers (Logitech, Dell, Microsoft, HP, Amazon, Gigabyte and Lenovo).

The security hole affects millions of devices that use chips sold by the Norwegian firm Nordic Semiconductor. These chips allow devices to establish a short-wave radio communication with the target computer. Although these chips are capable of encryption, they require that vendors write their own firmware to implement that encryption and secure the connection between computers and peripheral devices. However, many companies don’t take the precaution to encrypt those communications.

And even if they did, it wouldn’t be much use. The companies that do encrypt their communications do not properly authenticate communicating devices, allowing rogue devices to inject unencrypted keystrokes over the same connection. Actually, the security experts that unveiled this vulnerability found several flaws in the firmware of the keyboards and mice that use those chips.

crazyradio-usb

A simple and affordable USB adapter with an antenna and a laptop was all they needed to demonstrate that it is possible to interfere with the radio protocol used by these devices to communicate with their USB dongle and send commands to the target computer. To do that, the target computer must be relatively close to the antenna, although they have been able to control Lenovo wireless devices from 180 meters away.

So, any attacker that used the method discovered by these researchers could take over a computer without laying a finger on its mouse or keyboard. The commands sent by the hacker would be interpreted by the computer as coming from the legitimate device.

Now, what could an attacker that took advantage of this flaw actually do on the affected system? Nothing much, really. Even if they managed to access the targeted computer, they wouldn’t be able to see its screen, so even unlocking the computer would be a difficult task not knowing the relevant password.

According to these experts, if the computer were actually unlocked, the cyber-crook would be able to download malware that could allow them to take full control of the computer.

However, the attacker would only have the same privileges as the legitimate user. If the computer were in an office, for example, they probably wouldn’t have the necessary permissions to install malicious programs on it.

keysweeperA Logitech spokesperson has already claimed that the “vulnerability would be complex to replicate” and “is therefore a difficult and unlikely path of attack.”  Despite that, the company has decided to develop a firmware update for the affected devices.

Similarly, Lenovo has announced that it will give users the option to replace the affected devices.  Microsoft, however, has simply stated that it will only launch an update as soon as possible.

This is not the first time that researchers warn of the dangers of wireless keyboards and mice. Last year, renowned security expert Samy Kamkar developed Key Sweeper, a keylogger hidden in a fake USB charger that logged the keystrokes typed on any Microsoft wireless keyboard.  With the help of an Arduino board, anyone could develop this keylogger software and find out what others were typing.

This research is extremely significant as it demonstrates that millions of devices are vulnerable. Taking into account that it may encourage cyber-criminals to start doing some tests, it may be a good idea to start updating your devices’ firmware whenever possible, and even replace vulnerable keyboards and mice with wired peripherals or, better still, wireless devices that communicate with computers via Bluetooth.

Bear this in mind, however: as cyber-crooks need to be close to the target device to carry out this attack, it seems logical that they set their eyes on companies rather than home users. But don’t lower your guard: prevention is better than cure…

The post Cyber-crooks can use your wireless mouse and keyboard! appeared first on MediaCenter Panda Security.

Panda Security

How to prevent your iPhone content from being lost if you forget your password

iphone

Despite being essential to protect your personal data, the security measures implemented by smartphone manufacturers to protect it from cyber-criminals can work against you. That’s the case wìth Apple and the Auto-Lock feature that automatically locks your device after six failed passcode attempts.

There are multiple reasons why that could occur. For example, your little one starts playing with your phone, you suffer a temporary memory lapse, or pay the consequences of a party that went a bit out of hand… Whatever the reason, a situation like that can have some serious consequences if you don’t take the appropriate precautionary measures.

A feature designed to prevent strangers from accessing your device in the event of loss or theft can cause you, the phone’s owner, to lose all of your photos, videos, music, and contacts.  The solution? A backup which, if you haven’t already, you should definitely make now.

iPhones usually provide two options to make backups: iTunes (which saves backups to your computer) and iCloud (which saves them to Apple’s cloud). If you choose the first option, you can do two things: connect your smartphone to your computer via a USB port, or via Wi-Fi if both devices belong to the same network. You can check Apple’s website for detailed instructions.

Iphone security

 

If you choose iCloud, there is no need for both devices to be on the same network or connected via a cable: you can make the backup from any place, any time. Additionally, you can configure your account to make daily backups automatically. Another advantage is that cloud backups are encrypted by default, an option you can also enable in iTunes.

Whatever mechanism you choose to back up your iPhone, a recent backup can save your life if your device gets locked after six wrong codes are entered.

If that ever happens to you, the only solution is to wipe the content of the locked device and retrieve it from a backup. There is no way to reset the passcode. No shortcuts. You will have to wipe the entire iPhone and start it from the backup copy (if you have one), or, in the worst case scenario, from scratch. The entire process is explained on the website of the company with the half eaten apple logo.

However, there is yet another, more extreme scenario. If you have complete faith in your memory, there are no kids around and you think that the only reason to have a wrong code entered on your smartphone is that it gets stolen, you can choose to erase your device automatically (without locking it) after ten failed passcode attempts. In that case, keeping an up-to-date backup copy is even more necessary.

iphone disabled

A good example of all this is what has happened with the iPhone of one of the perpetrators of the recent San Bernardino (California) shooting after being arrested by the police. As you may already know, the FBI has asked Apple to make a special version of iOS that doesn’t lock the device after six failed passcode attempts or wipes it after ten attempts. That would allow the FBI to brute-force attack the criminal’s phone to break into it without fear of turning it into a paperweight.

That is precisely what happened with the iPhone of another criminal that ended up in the hands of a not-so-skilled member of the Massachusetts Police Department. When trying to access the phone in search of evidence, the agent entered ten wrong passcodes, setting the device back to its factory defaults. Goodbye to any possible evidence…

So be careful. If you ignore our advice and don’t make backup copies regularly, the same could happen to you. Are you really willing to run that risk?

The post How to prevent your iPhone content from being lost if you forget your password appeared first on MediaCenter Panda Security.

Panda Security

Think your cell phone is tapped? Don’t panic!

smartphone

At the end of last year, the US government put an end to the secret surveillance program carried out by the National Security Agency (NSA).  Not bad. Apparently, citizens have one less reason to worry about the privacy of their phone calls. However, the suspicion that someone else is listening to your conversations not only stems from the existence of organizations like that.

Experts have warned us that certain types of spyware can be used to remotely open a smartphone’s microphone and listen to the nearby sounds to find its location. If that weren’t enough, researchers from different universities have developed programs to record conversations in the same surreptitious manner.

Additionally, some Internet users claim that Google and Facebook have shown them ads and search results related to information they have only communicated over the phone. They are convinced that these companies are eavesdropping on their telephone calls and using the information they obtain to customize ads for them.

 headphones

In light of these events, the first question that comes to our mind is this: Can an app be used to open a device’s microphone without you realizing?

Security experts have demonstrated that yes, it’s possible and not too complicated. To develop an Android spy app, you simply have to take advantage of the Android capabilities to assign permissions to the app to use the microphone, and program a server that collects the information.

While it is not confirmed whether or not apps are available today that use those techniques to spy on users, the advisable thing to do is always check the origin of the apps you download to your phone, just in case.

The second question has to do with big companies: Do they actually use the recordings they get of background noises and user conversations?

Google affirms that it doesn’t use the information it collects when users say ‘OK Google’ (and enable the voice recognition feature) to display personalized ads. It also denies sharing the information it obtains with other companies for them to deliver personalized advertisements.

Additionally, the Mountain View company states in its developer policies that its apps cannot collect user data without authorization, something that would happen if users’ conversations were monitored.

Facebook also explains that it doesn’t allow companies or advertisers to design personalized advertising from the information obtained through users’ microphones, indicating that the ads it displays are exclusively based on the activities performed by users on the social network.

A mathematician from the Imperial College London, author of the book ‘The Improbability Principle’, claimed on the BBC that human beings are designed by evolution to always look for an explanation, even when there isn’t one. That’s why we are always establishing connections between events. Therefore, the coincidences that exist among the people who share their fears in Internet forums could be just that, coincidences. In principle, and leaving conspiracy theories aside, there should be nothing to worry about.

The post Think your cell phone is tapped? Don’t panic! appeared first on MediaCenter Panda Security.