Tag Archives: Android

It Did What? The Dirty Secrets About Digital Assistants

Are Siri and Other Digital Assistants Actually a Security Risk?

People started fearing digital assistants before they even became a reality. Before computers were even a household commodity, Stanley Kubrick was terrifying cinemagoers with HAL, 2001: A Space Odyssey’s rogue AI assistant.

Today though, our intelligent personal assistants form an important part of our lives. As AI technology advances they will become even more prevalent.

While the dangers imagined in Sci-fi movies of the 60’s and 70’s are thankfully far from being around the corner, it’s important to look at the real security risks that digital assistants could pose.

Despite being the most popular intelligent personal assistants, Siri and Cortana are not the only iterations of this growing technology on the market. Amazon, for example, now offers it’s Echo device, while Facebook has recently released its own digital assistant called M.

So what are the dangers?

Not to sound too ominous, but IBM has banned the use of Siri for its employees. The rule was set by IBM Chief Technology Officer Jeanette Horan, who cited security concerns.

You know those large license agreements you have to agree to when you first start using a device, the ones most people don’t bother reading?

Well, Apple’s iPhone Software License Agreement, quite vaguely, shows how voice commands are used after being submitted to Siri. “When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text.

What’s more, “by using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.

Sounds like jargon? The convoluted styles in these agreements often help to gloss over important information that most companies know their user’s will be glancing over at best.

Siri may not literally be watching you, but the fact is that everything you say to her is sent to a big data center in Maiden, North Carolina. IBM’s Horan decided to ban Siri because it could be storing sensitive information for an unspecified amount of time.

If Apple were breached, hackers could intercept that data. And perhaps just as alarmingly, a lot of the data is sent to third party companies. Besides the fact that you’ll receive an onslaught of targeted ads, the more companies this information is sent to the less private it becomes.

This is far from being solely an Apple issue though.

Amazon Echo, A Criminal Witness?

In a case that has seen Amazon largely mirror Apple’s resolve on handing over encrypted data to the FBI, the Amazon Echo may have been a key witness to a murder.

James Andrew Bates is suspected of having killed Victor Collins in his apartment. No one else was present at the scene of the crime, except that is, Alexa, who was being used to stream music throughout the night.

Amazon, much like Apple, have abstained from giving police the data on Alexa, saying it would set an unwanted precedent. This shows though, at the very least, that police in Bentonville, Arkansas, where the crime took place, believe Alexa may be capable of storing sensitive information. So much so, they believe it could incriminate a suspect in a murder case.

Whilst this is obviously an extreme example of a data privacy issue, what implications does it have in a regular home?

The biggest all-round concern for cybersecurity experts is that these devices are constantly programmed to listen. Amazon’s Echo device is called to action by the command “Alexa”. This seems like an obvious vulnerability that could be used by hackers to listen into conversations taking place in the home.

Aside from this, the Echo cannot differentiate between different voices, so anyone who comes into your home potentially has access to every account linked to Alexa.

Other Risks

So, whilst it is yet to have happened, or to have been allowed by any of the big tech companies, lawyers or the police could potentially subpoena sensitive information. This is, of course, if law enforcement gets their way.

If they do, they’ll have the key to a huge amount of information, Apple, Amazon and Google being amongst a growing list of companies that keeps an archive of commands.

The problem, however, goes beyond the mere use of digital assistants. As the use of integrated devices and smart homes increases, more and more devices will have the ability to store potentially sensitive information. A Smart TV, for example could easily have the capability of storing recorded information. Whilst this would seemingly be primed towards targeted ads, there is again the possibility that sensitive information could be stored unbeknownst to its users.

Keep Safe

The obvious advice is easy to uphold, and is one that most people will already be practicing. Don’t say sensitive information, like passwords or credit cards details, out loud. It’s likely to become increasingly difficult to know who (or what’s) listening within your own home.

Meanwhile, whilst operating systems such as iOS do let you manage data collection by changing privacy settings, the only option the Amazon Echo gives you is to unplug the device when not in use. It’s important, therefore, to look at your privacy settings, whatever the device.

So aside from telling us tomorrow’s weather, where the best restaurants are, and the occasional bad joke, digital assistants do pose some real risks to our cybersecurity.

Whilst the technology undoubtedly makes us more seamlessly connected to our tech devices, in turn making our lives easier, it’s important to always take into account the issue of privacy; an issue that tech is increasingly making more tenuous within our own homes, for better or for worse.

The post It Did What? The Dirty Secrets About Digital Assistants appeared first on Panda Security Mediacenter.

Your Android lock pattern can be cracked in just five attempts

 

If you use a lock pattern to secure your Android smartphone, you probably think that’s the perfect way to avoid unwanted intrusions. However, that line you draw with your finger may be a bit too simple. After all, if even Mark Zuckerberg himself used ‘dadada’ for all of his passwords, it is not surprising that your lock pattern may be a simple letter of the alphabet.

Android lock patterns can be easily cracked using a computer vision algorithm.

Relax, you are not the only one. Around 40 percent of Android users prefer lock patterns to PIN codes or text passwords to protect their devices. And they usually go for simple patterns. Most people only use four of the nine available nodes, according to a recent study conducted by the Norwegian University of Science and Technology. Additionally, 44 percent of people start their lock screen pattern from the top left corner of the grid.

Even though creating more complicated patterns may seem like the best solution to make your password harder to guess, a team of researchers has demonstrated that complex patterns are surprisingly easier to crack than simple ones by using an algorithm.

Hackers can steal your lock pattern from a distance

Picture this: You sit at a table in your favorite café, take your smartphone out of your pocket and trace your lock pattern across the phone screen. Meanwhile, an attacker at a nearby table films the movements of your fingers. Within seconds, the software installed on their device will suggest a small number of possible patterns that could be used to unlock your smartphone or tablet.

Researchers from the Lancaster University and the University of Bath in the UK, along with the Northwest University in China, have shown that this type of attack can be carried out successfully by using footage filmed with a video camera and a computer vision algorithm. The researchers evaluated the attack using 120 unique patterns collected from users, and were able to crack 95 percent of patterns within five attempts.

The attack works even without the video footage being able to see any of the on-screen content, and regardless of the size of the screen. The attackers would not even need to be close to the victim, as the team was able to steal information from up to two and a half meters away by filming on a standard smartphone camera, and from nine meters using a more advanced digital SLR camera.

Surprising as it may seem, the team also found that longer patterns are easier to hack, as they help the algorithm to narrow down the possible options. During tests, researchers were able to crack all but one of the patterns categorized as complex, 87.5 percent of median complex patterns, and 60 percent of simple patterns with the first attempt.

Now, if tracing a complex pattern is not a safe alternative, what can you do to protect yourself, especially if you store sensitive data on your smartphone? Using your hand to cover the screen when drawing your lock pattern (just as you do when using an ATM), or reducing your device’s screen color and brightness to confuse the recording camera are some of the recommendations offered by researchers.

The post Your Android lock pattern can be cracked in just five attempts appeared first on Panda Security Mediacenter.

Google Kicks Out Largest Android Adware Family From The Play Store

With the rise in the mobile market, Adware has become one of the most prevalent mobile threats in the world. Adware has traditionally been used to aggressively push ads like banners or pop-ups on mobile screens to make money.

The troublesome part is that Adware is now becoming trojanized and more sophisticated, as it aggressively collects personal data from the mobile device it’s installed on

Androidwear 2: is your smartwatch protected?

http://www.pandasecurity.com/mediacenter/src/uploads/2017/03/pandasecurity-smartwatch-antivirus-300×225.jpg

Once upon a time… many, years ago, telephones were meant to call people up, and watches were made to tell the time. Life was simple then. Well, kind of. That all changed when things got smaller, and once they got smaller they got smarter: the phones got smarter, and so did the wristwatches. Don’t get me wrong, the benefits of miniaturization are immense. But “smart” comes at a price. Increased capabilities and connectivity are leaving our latest gadgets and devices exposed to baddies. That begs the question: is your smartwatch protected?

How can a digital watch win the battle against hackers?

The idea of anyone hacking into your old Timex does sound ludicrous. However, newer smartwatches present severe challenges to developers: how can a digital watch win the battle against hackers? Remember, we’re talking about a device that goes far beyond telling the time. It can be used to monitor health conditions, or make payments by linking up with your bank. Nobody sensible fancies sharing their medical files around… or bank details for that matter!

A brand new area of cybercrime

Many manufacturers of smartwatches, from Asus, Huawei, and LG to Samsung, Moto and Tag Heuer, have chosen Google’s Android Wear 2.0 operating system for their products. Android Wear integrates Google Now and provides the ability to download applications from Google Play Store, amongst other benefits. In the coming years, the smartwatch market will develop further with device shipments expected to keep growing through the year 2021 to reach 70 million units. That presents criminals with a brand new area where to operate. Don’t let them short-change you.

Security risks are growing exponentially

Analysts expect Apple devices to continue leading a big portion of the smartwatch market. But Android Wear devices will quickly catch up as the technology gets adopted increasingly in emerging markets. Functionalities are growing exponentially driven by technological advances and so does the risks to security. It’s no wonder consumers are looking for better protection for their wearable products.

Smart devices collect an awful lot of data these days, so if this data isn’t properly stored and managed, it can lead to security breaches of monumental proportions. All it takes is a malicious and unscrupulous commercial entity acquiring this data to make your life a misery. Increasingly, consumers across the country realize the need to protect themselves. Anti-virus software from companies like Panda Security has got the answer, covering many operating systems all at once. What’s best, it’s even possible to try out this protection for a month free of charge.

Panda Security won’t let you down

It’s worth looking into. You wouldn’t let your wallet on a table, or share credit card details around, would you…? Of course not! Now, you’re carrying your financial details around your wrist, and this requires careful consideration. Isn’t it time you protect your assets? Check out today what Panda Security can do for you.

The post Androidwear 2: is your smartwatch protected? appeared first on Panda Security Mediacenter.

A Smartwach Social Coach? New Tech Can Read Your Emotions

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/pandasecurity-MC-android-wear-3.jpg

Technology gets a bad reputation at times. It’s supposed to connect us, but really, it drives us apart. It’s making us less in touch with the world around us and less inclined to deal with emotional issues.

That may be a very one-sided view of things, but it’s hard to deny that people don’t hide behind their brightly lit screens on a daily basis.

Introducing MIT’s wearable AI system app, a piece of software designed to make people more in touch with their emotions.

How does it do this? Well, by putting them on a screen right in front of you, that’s how. The concept almost feels tailored to not allowing one to hide from their feelings by acquiring a glazed expression and burying their face into their device.

Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and Institute of Medical Engineering and Science (IMES) have recently come up with the idea for the tech device.

How Will It Work?

The device wasn’t designed specifically to prevent people using their devices to hide from their emotions, but rather to help people who may do so compulsively because of an underlying psychological issue.

The tech is based on the principle that human communication goes far beyond being purely verbal. People are constantly sending out signals through other means, like mannerisms, voice intonation and eye contact. These non-verbal signals can be difficult to read though for people with anxiety or for those who have developmental disorders such as Asperger’s syndrome.

This is what lead researchers at MIT to develop software that could capture audio data of a person speaking and analyze the speaker’s tone, pitch, energy, and vocabulary.

Imagine if, at the end of a conversation, you could rewind it and see the moments when the people around you felt the most anxious,” says graduate student Tuka Alhanai, who co-authored a paper on the subject with PhD candidate Mohammad Ghassemi. “Our work is a step in this direction, suggesting that we may not be that far away from a world where people can have an AI social coach right in their pocket.

According to MIT News, the students captured 31 different conversations of several minutes each before training two algorithms on the data. After analyzing the conversations, one algorithm classified them as either happy or sad, while the second labeled five-second blocks of the conversations as either positive, negative or neutral.

The model is 7.5 per cent more accurate than other existing approaches, however, it is not yet reliable enough to be used as part of a handheld social coaching device. According to Alhanai, this is very much the goal. To make this possible though, they will have to collect data on a much larger scale.

The model is 7.5 per cent more accurate than other existing approaches, however, it is not yet reliable enough to be used as part of a handheld social coaching device. According to Alhanai, this is very much the goal. To make this possible though, they will have to collect data on a much larger scale.

Cybersecurity Implications?

There is a slightly eerie implication to having our emotions read by an artificial intelligence. It might evoke images of HAL going haywire after lip-reading the protagonist’s plans to shut him down in 2001: A Space Odyssey.

While the tech obviously isn’t on the verge of allowing an AI to hatch a murderous plan, the team have urged caution in the way the system is used in the future.

The algorithm is run locally on the user’s device in order to protect personal information. Alhanai also emphasizes that a consumer version would have to set out clear protocols for getting consent from people involved in the conversations.

The thought of this type of technology being used for third-party data gathering and targeted ads is an uncomfortable one. Despite this, we can see the tech forming an important part in the future of wearables and AI. A huge technological step in a similar direction could also see lie detection playing a role in data security, something that could even be integrated into the security of a futuristic smart home.

MIT’s wearable emotion-reading technology is an interesting step towards integrating technology into the outside world. Augmented Reality companies like Magic Leap are promising a future of enhanced reality, projecting images seamlessly over the real world instead of cutting it out with virtual images. MIT’s new tech can, in one particular respect, be seen very much in the same vein.

Our tech will arguably be enhancing our emotional lives rather than dulling them.

Björn Schuller, professor and chair of Complex and Intelligent Systems at the University of Passau in Germany, seems to share this sentiment. Though he wasn’t involved in the project, he is fascinated about where this step could lead us:

“Technology could soon feel much more emotionally intelligent, or even ‘emotional’ itself.”

We’ll be keeping our eye on this new tech; a tantalizing step towards making technology form a seamless part of our lives instead of distracting us from things that are important in life.

The post A Smartwach Social Coach? New Tech Can Read Your Emotions appeared first on Panda Security Mediacenter.

The Dangers of Using an Old Android are Real for Everyone (Even the President)

The presidency of Donald Trump kicked off with some controversy in the area of ​​cybersecurity. The NSA modified the BlackBerry of his predecessor, Barack Obama (who ended up having to part with it for security reasons), the new leader of the United States seems to be less concerned about the vulnerabilities of mobile devices and continues to use an old Android.

According to various reports, the real estate tycoon has a Samsung Galaxy S3 from 2012. The lack of caution on the part of the newly-inaugurated head of state holds a valuable lesson for any top manager of a company. Although Trump’s smartphone may not be the gateway to all the secrets of an entire nation, using a phone without proper security can be fatal to your company.

The main problem derived from the use of an old Android is the lack of updates. Although Google usually reacts quickly whenever a vulnerability is found in its operating system, security patches only come quickly to a few devices, including the company’s own Nexus.

Meanwhile, other smartphones, and especially older models, have to wait months until the patch arrives (if at all).

For this reason, to use an outdated phone in the corporate environment is to be exposed to all types of cyber threats. Everything from a phishing campaign to the installation of malware that takes advantage of an uncorrected vulnerability of the device.

That’s why it is essential to have the right protection and also to make sure that both the phone and its applications have the latest versions of the software installed.

That a cybercriminal can access the outdated telephone of someone in charge, be it the owner of a company or the leader of a country, can have more serious consequences than simply having access to the device itself. Through an unprotected smartphone, attackers could sneak into the networks to which the mobile is connected and steal valuable corporate information.

There are also known vulnerabilities that track what the phone’s owner is typing, take control of the camera, or listen through the device’s microphone. In short, it is too great a risk for the privacy of company data.

Private email should stay at home

Another lesson we can glean from recent US policy is that under no circumstances should a personal email account be used for professional matters. Hillary Clinton already made that mistake, and now Trump’s high-ranking officials seem to be following in her footsteps.

Using personal mail to send corporate information is risky indeed. Unlike corporate mail servers, whose protection is in in the hands of the company’s security department, the services that are usually used to send emails in the domestic sphere are beyond the control of the company.

This does not mean that they are unsafe, but ensuring the absolute privacy of corporate communications is impossible if those responsible for cybersecurity cannot control which accounts are used and how they are configured.

The post The Dangers of Using an Old Android are Real for Everyone (Even the President) appeared first on Panda Security Mediacenter.

Hackers Are Using Android Malware To Spy On Israeli Military Personnel

A group of highly sophisticated state-sponsored hackers is spying on the Israeli military by hacking into the personal Android phones of individual soldiers to monitor their activities and steal data.

A newly released research by Lookout and Kaspersky suggests that more than 100 Israeli servicemen from the Israeli Defense Force (IDF) are believed to have been targeted with spyware.
<!–

The Ten Apps that Bog Down Performance on Android Smartphones

The Android operating system is the undisputed king of smartphones. According to the latest data from Kantar Media, Android continues to enjoy a solid lead in market share. Companies and individual users alike are turning to Android as their principal OS for their devices.

Despite the success of this operating system, we have all complained about our smartphone at some point or other. Maybe the battery doesn’t last an entire day on a single charge, or it’s drained our mobile data usage too quickly, or it’s running low on storage space. Yes, we should all probably take a breather and stop complaining so much, but it’s also good to know that in most cases it’s not the phones themselves that are lagging, but rather the apps that are the main drivers of smartphone performance issues.

Snapchat, Spotify… even Clean Master

You can check for yourself which applications are most detrimental to the performance of your device. Accessing the Settings menu of your mobile, you can consult the consumption of each app in Power Saving Mode, look at the RAM that each application consumes in Memory or consult the amount of space they occupy from the option Internal Storage.

Be warned that there are some applications in particular that will hamper the productivity of your phone. These include social networks, such as Snapchat, the rising star among millennials, or the dating service Tinder. Spotify, the music streaming app par excellence; Line, a rival instant messaging service to WhatsApp; or Amazon Shopping, which conveniently lets you make purchases from the ecommerce behemoth, are other famous services that cause our phones to slow down.

Google Sheets, the spreadsheets application that many companies use to share and edit documents in a collaborative way, also figure among them. You’ll probably be surprised to hear that Clean Master, which is designed to clean out and optimize your phone, also consumes a lot of resources. Of course, other famous apps that we couldn’t live without also consume large amounts of battery or RAM, as is the case of Facebook, Instagram and Google Maps.

Some tricks to improve performance

There are some steps you can take to improve the speed of your Android phone. One is to uninstall the apps you do not use from the Application Storage menu. You can also delete the data that the application has downloaded or clear the cache to speed up the processes.

Another, somewhat more cumbersome, alternative is to enter the Android developer options from the Settings menu, About Phone and Software Information (you’ll have to press Build Number seven times) and disable animations.

On your business phone, make sure you are using applications in a way that does not needlessly consume resources and that you are protecting your device with the cybersecurity solution that best suits your business.

The post The Ten Apps that Bog Down Performance on Android Smartphones appeared first on Panda Security Mediacenter.