Tag Archives: Android

AVG

AVG Helps Secure Obi Worldphone Smartphones

Leave a comment

SAN FRANCISCO– August 31, 2015 – AVG® Technologies N.V. (NYSE: AVG), the online security company™ for more than 200 million monthly active users, announced today a new global partnership with smartphone manufacturer Obi Worldphone to provide mobile security across its new range of SF1 and SJ1.5 smartphones. Launched in numerous countries worldwide and unveiled at a special event in San Francisco, the devices will come pre-installed with AVG’s flagship AVG AntiVirus PRO for Android™ app, giving Obi Worldphone customers the peace of mind that they can use their devices safely and securely straight out of the box.

“With mobile the primary source of Internet connectivity for many smartphone users in emerging markets, security is becoming an increasing concern for device manufacturers looking to deliver the best experience to their customers,” said David Ferguson, Senior Vice President, Revenue & Business Operations, AVG Technologies. “This partnership enables AVG to further our expansion into some of the markets where we are seeing an increase in mobile phone use, ensuring that we continue to secure and protect people, devices and data across the globe.”

Under the terms of the partnership, Obi Worldphone customers will receive a free, 30-day trial of the AVG AntiVirus PRO for Android™ app. After the trial, customers can either choose to keep the enhanced features by purchasing the annual subscription or use AVG AntiVirus FREE for Android™, which equips their smartphone or tablet with core protection.

“We have partnered with the best in the industry in bringing this new range of devices to market, and AVG is a prime example,” said Neeraj Chauhan, CEO, Obi Mobile, maker of the Obi Worldphone. “With smartphone users increasingly relying on their devices for a whole range of online activities such as gaming, shopping and even more sensitive transactions such as online banking, we are committed to providing safe, secure mobile connectivity for our customers from the outset.”

About AVG Technologies (NYSE: AVG)

AVG is the online security company providing leading software and services to secure devices, data and people. AVG’s award-winning technology is delivered to over 200 million monthly active users worldwide. AVG’s Consumer portfolio includes internet security, performance optimization, and personal privacy and identity protection for mobile devices and desktops. The AVG Business portfolio – delivered by managed service providers, VARs and resellers – offers IT administration, control and reporting, integrated security, and mobile device management that simplify and protect businesses.

All trademarks are the property of their respective owners.

www.avg.com

 

Media Relations:

US: Deanna Contreras
Tel: +1 415 371 2001
Email: [email protected]

Rest of World: Zena Martin
Tel: +44 7496 638 342
Email: [email protected]
Press information: http://now.avg.com

Avast

Dark times for Android: Examining Certifi-gate and the newest Stagefright updates

Leave a comment

Certifi-gate and Stagefright are two recent threats that have put many Android devices at risk. Photo via Ars Technica.

When it comes to security, it seems that Android has seen better days. A slew of vulnerabilities and threats have been cropping up recently, putting multitudes of Android users at risk. Certifi-gate and Stagefright are two threats that, when left unprotected against, could spark major data breaches.

Certifi-gate leaches permissions from other apps to gain remote control access

Certifi-gate is a Trojan that affects Android’s operating system in a scary way. Android devices with Jelly Bean 4.3 or higher are affected by this vulnerability, making about 50% of all Android users vulnerable to attacks or to their personal information being compromised.

What’s frightening about this nasty bug is how easily it can execute an attack – Certifi-gate only requires Internet access in order to gain remote control access of your devices. The attack takes place in three steps:

  1. A user installs a vulnerable app that contains a remote access backdoor onto their Android device
  2. A remotely-controlled server takes control of this app by exploiting its insecure backdoor
  3. Using remote access, Certifi-gate obtains permissions from others apps that have previously been granted higher privileges (i.e. more permissions) by the user and uses them to exploit user data. A good example of an app targeted by Certifi-gate is TeamViewer, an app that allows you to control your Android device remotely.

The good news here is that Avast Mobile Security blocks the installation packages that make it possible for Certifi-gate to exploit the permissions of your other apps. Breaking this down further, Avast Mobile Security would block the package before the action in Step 2 is carried out, making it impossible for a remotely-controlled server to take control of an insecure app that contains a vulnerable remote access backdoor.

Google’s Stagefright patch can be bypassed

We’ve already told you about the Stagefright bug, which has exposed nearly 1 billion Android devices to malware. Whereas Certifi-gate uses Internet access to control your device, Stagefright merely needs a phone number in order to infect users.

Due to the scope and severity of this threat, Google quickly put out a security patch that was intended to resolve the Stagefright issue once and for all. Unfortunately, it hasn’t been fully successful — it’s possible for the patch to be bypassed, which leaves Android users with a false sense of security and a vulnerable device.

As Avast security researcher Filip Chytry explains in his original post examining Stagefright, Avast encourages users to disable the “auto retrieve MMS” feature within their default messaging app’s settings as a precautionary measure. You can read our full set of instructions for staying safe against Stagefright in the post.

Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avira

‘Serialization’ vulnerability: 6 in 10 Android devices can be hijacked

Leave a comment

If one day, you were asked by your dearly trusted Facebook Messenger app to log in because your session had expired, would you do that? If the answer is yes, you might have just shared your Facebook credentials with an impostor app disguised in, otherwise legit, Facebook Messenger app.

The post ‘Serialization’ vulnerability: 6 in 10 Android devices can be hijacked appeared first on Avira Blog.

ESET

Are you still vulnerable to Stagefright? Get your Android device checked

Leave a comment

Security Researcher Joshua Drake has published about a vulnerability in the heart of Android that could allow attackers to steal information from Android devices through remotely execute code via a crafted MMS. Potentially 95% of Android devices should be vulnerable. Have you checked yours?

The post Are you still vulnerable to Stagefright? Get your Android device checked appeared first on We Live Security.

Security

Zero Day in Android’s Google Admin App Can Bypass Sandbox

Leave a comment

The Android security team at Google is having a busy month. First the Stagefright vulnerabilities surfaced last month just before Black Hat and now researchers at MWR Labs have released information on an unpatched vulnerability that allows an attacker to bypass the Android sandbox. The vulnerability lies in the way that the Google Admin application […]

Avast

Free Avast Cleanup app cleans and optimizes Android phones and tablets

Leave a comment
Avast Cleanup is a free app for Android

Avast Cleanup is a free app for Android

After a while, your phones and tablets accumulate obsolete files and superfluous data, system caches, gallery thumbnails, and programs. This ‘junk’ slows down your device and eats up precious storage space.

Avast Cleanup identifies and cleans unwanted files from your Android device so it will run like a champ again.

Our new free app, Avast Cleanup & Boost for Android, cleans away all the unwanted files and programs so that your device is running smoothly and quickly with storage space to spare. But don’t take our word for it.

Longtime Avast customer, Thomas M. from North Lanarkshire, Scotland wrote us to tell how pleased he is with Cleanup’s performance. Thomas has used Avast for years, and uses Avast Free Antivirus to protect his home computers.

Thomas M.

Thomas M.

“Having installed Avast Free Antivirus 2015 on two of my PCs and a laptop, which for me is the best yet, I came across the new Avast Cleanup app which I installed on my phone and both my tablets.

I had been having a few performance issues with at least one of my tablets and my phone. After installation and running the application, both run great. The app freed up a nice amount of space and discarded lots of clutter left behind by old apps, etc.

The interface, as well as being intuitive, looks great too. I especially like the spiral animation whilst cleaning is in action. So slick!

I also like the option to store/back-up deleted items to cloud storage (if required), in this case Dropbox being the choice offered.

Nice work, Avast, once again on offering another quality fully functional free product.”

It’s our pleasure, Thomas. Thanks for taking the time to write to us.

Avast Cleanup gets rid of junk files on Thomas M.'s tablets and phone.

Avast Cleanup gets rid of junk files on Thomas M.’s tablets and phone.

How to run a Cleanup scan

Cleanup can disable or remove certain files and programs to optimize your system. Follow these steps and get started now:

  • Install Avast Cleanup & Boost for Android for free from the Google Play store or from the Avast Cleanup website when accessed with your mobile device
  • When the application is running, you can run the basic cleaning by tapping the Safe clean button. The configuration window will appear automatically the first time you run the application.
  • Select Start cleaning to start this process right away or select Configure. The Configure option redirects you to Settings where you can choose the type of files to be deleted.

Learn more about how to use Avast Cleanup on the FAQ.

 

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Avast

Big Brother(s) Could be Watching You Thanks to Stagefright  

Leave a comment

Earlier this week, security researchers unveiled a vulnerability that is believed to be the worst Android vulnerability yet discovered. The “Stagefright” bug exposes nearly 1 billion Android devices to malware. The vulnerability was found in “Stagefright”, an Android media library. Hackers can gain access to a device by exploiting the vulnerability and can then access contacts and other data, including photos and videos, and can access the device’s microphone and camera, and thus spy on you by recording sound and taking photos.

All devices running Android versions Froyo 2.2 to Lollipop 5.1.1 are affected, which are used by approximately 95% of all Android devices.

The scary part is that hackers only need your phone number to infect you. The malware is delivered via a multimedia message sent to any messenger app that can process MPEG4 video format – like an Android device’s native messaging app, Google Hangouts and WhatsApp. As these Android messaging apps auto-retrieve videos or audio content, the malicious code is executed without the user even doing anything – the vulnerability does not require the victim to open the message or to click on a link. This is unique, as mobile malware usually requires some action to be taken to infect the device. The malware could also be spread via link, which could be sent via email or shared on social networks, for example. This would, however, require user interaction, as the video would not load without the user opening  a link. This exploit is extremely dangerous, because if abused via MMS, victims are not required to take any action and there are neither apparent nor visible effects. The attacker can execute the code and remove any signs that the device has been compromised, before victims are even aware that their device has been compromised.

A cybercriminal’s and dictator’s dream

Cybercriminals can take advantage of the vulnerability to collectively spy on millions of people – and even execute further malicious code. Repressive governments could abuse the bug to spy on their own people and enemies. The vulnerability, however, could also be used for non-political spying. Hackers can easily spy on people they know, like their spouse or neighbour – all they need to know is their victim’s phone number. Hackers can also steal personal information and use it to blackmail millions of people, or use the data for identity theft. The possible consequences of this vulnerability need to be taken seriously.

Fixes are urgently needed

Now comprehensive fixes need to be provided by the phone’s manufacturers in an over-the-air (OTA) firmware update for Android versions 2.2 and up. Unfortunately, updates for Android devices have historically taken a long time to reach users. Hopefully, manufacturers will respond quicker in this case. On a positive note, Google has already responded. HTC told Time “Google informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.”

In the meantime, what can you do to protect yourself?

We recommend users disable “auto retrieve MMS” within their default messaging app’s settings, as a precautionary measure for the moment. We have put together step-by-step instructions on how you can disable auto retrieve for MMS in various Android messaging apps:

Messages App:

Step 1: Open the Messages app and click on the three dots in the upper right hand corner Messages app Step 2: Click on “Settings” in the dropdown menu Messages Settings Step 3: Click on “Multimedia messages” Messages settings Step 4: Uncheck “Auto retrieve” Messages settings Your Messages “Multimedia messages” settings should now look like this:

Messages settings Google Hangout

Step 1: Open the Google Hangout app and click on the three lines in the upper left corner Google Hangout settings Step 2: Click on “Settings” Google Hangout SettingsStep 3: Click on “SMS” Google Hangout settings Step 4: Scroll down to “Advanced” and uncheck “Auto retrieve MMS” Google Hangout settings Your Google Hangout “SMS” settings should now look like this: Google Hangout settings

Messenger App:

Step 1: Open the Messenger app and click on the three dots in the upper right hand corner Messenger 1 Step 2: Click on “Settings” in the dropdown menu Messenger 2 Step 3: Click on “Advanced” Messenger app settings Step 4: Uncheck “Auto retrieve” Messenger app settings Your Messenger “Advanced Settings” should now look like this: Messenger app settings

Messenger:

Step 1: Open the Messaging app and click on the three dots in the lower right hand corner Messaging app settings Step 2: Click on “Settings” Messaging app settings Step 3: Scroll down to “Multimedia (MMS) messages” and uncheck “Auto retrieve MMS” Messaging app settings Your Messaging “Settings” should now look like this: Messaging app settings

WhatsApp

Step 1: Open WhatsApp and click on the three dots in the upper right hand corner WhatsApp settingsStep 2: Click on “Settings” Whatsapp settingsStep 3: Click on “Chat Settings” Whatapp settings Step 4: Click “Media auto-download” Whatsapp settings   Step 5: Click “When using mobile data” and/or “When connected on Wi-Fi” Whatsapp settings Step 6: The “When connected on Wi-Fi” settings are automatically set to download videos, so it is important to uncheck the checkmark Whatsapp settings Step 7: The “When connected on mobile data” settings are NOT automatically set to download videos, but in case you did enable it, you should disable it Whatsapp settings Your WhatsApp “Media auto-download” should now look like this: Whatsapp settings

AVG

A text message with a lot more than just abbreviations and emojis!

Leave a comment

A blog released this week by Cybersecurity firm Zimperium details how Android phones can be infected when receiving an MMS (multimedia messaging service), giving hackers complete control of your phone. The report estimates that the security vulnerability is present in 950 million devices.

All the hacker needs for the attack is your phone number, and they can send you the message. In some cases the clever attackers have the message delete itself after delivery. The phone needs to be running Android 2.2 or later for it to be effected, that’s the majority of phones.

MMS Messages sent to Android phones that use the default messenger app use a piece of software called Stagefright that processes the messages.  It is this component that potentially vulnerable to attack.

The real danger in the attack is that it requires no user intervention or action and can be installed completely without the victim’s knowledge.

Zimperium are a responsible company and not only alerted Google to the issue but also provided them with the necessary code to resolve the issue, and Google being responsible as well patched the software quickly, within 48hrs.

The big question is how do you get the fix and what is required? Generally this is dependent on your handset provider building the fix into their Android software and then pushing the fix to you. Typically, new software updates are not pushed to devices older then 18 months, this is of course due to the way we, as consumers, churn our mobile phones and always want a new one.

Disabling Auto-Retrieve

Alternatively, you can reduce the risk by switching off the ‘auto-retreive’ option in the Android MMS service, this would then mean that any MMS destined for your phone would need to be accepted by you. I have just taken these preventive steps on my Nexus 6 as follow:

  • Open the messenger app
  • From the menu (top right corner) take the option for ‘Settings’
  • Then select ‘Advanced’
  • You can then change the ‘auto-retrieve’ option to off
Auto-retrieve

If you are running Google Hangouts as the default way to receive MMS messages then switching back to the standard messenger and switching the auto-retrieve option off will help mitigate the risk.

There are other vendors who also use the Stagefright code, some of whom have responded quickly and already released and delivered the fix to their users, they include Mozilla, Silent Circles Blackphone and CyanogenMod.

The research paper detailing the exact details of the vulnerability is due to be delivered at the Black Hat conference in Las Vegas next week. Every year around this time hacker’s use the conference to publish major issues found in our everyday devices. Just last week Charlie Miller published a report on taking control of a Chrysler Jeep.

I wonder what devices are next on the list and isn’t it worrying that they wait for Black Hat to publish the details rather than raise the concern when they actually find it.

Follow me on Twitter @TonyatAVG