Tag Archives: devices

New Security Measure in the US and UK: Tablets Banned on Some Flights

Laptops, handheld video games, cameras, tablets… unless it has some sort of medical use, all electronic devices bigger than a smartphone will be banned from the cabin of all flights originating in North Africa and the Middle East and bound for the US or UK.

The Trump administration announced the drastic measure, which will affect ten airports in Jordan, Egypt, Saudi Arabia, Kuwait, Morocco, Qatar, Turkey, and the United Arab Emirates.

According to the department of Homeland Security, terrorist organizations “continue to target commercial aviation and are aggressively pursuing innovative methods to undertake their attacks, to include smuggling explosive devices in various consumer items.”

The UK has adopted a similar ban against laptops and tablets. In this case, the measurements are specified and can only travel in checked luggage. The ban is effective for six countries in order to “maintain the safety of British nationals.” Recently, a bomb exploded on a Daallo Airlines flight that may have been hidden on a laptop, forcing the plane to make an emergency landing in Mogadishu.

Fear of Explosions… and Cyberattacks?

Even though the TSA (Transport Security Administration) hasn’t gone into detail about the ban, Kip Hawley, ex-director of the organization, defended the decision. According to Hawley, an explosive charge could be installed in a smartphone as well, but would be limited by size and insufficient to pose any major threat.

At the same time, a bomb in the cargo bay would be ineffective, since not only is it surrounded by suitcases that would stifle the blast, but is also itself highly reinforced.

Oddly enough, the decision arrived not long after the Federal Aviation Administration announced that lithium batteries presented the risk of catching fire while in storage under the plane. Some experts have criticized the new measures. Nicholas Weaver, researcher at the International Computer Science Institute, has taken the opposing stance that a bomb “would work just as well in the cargo hold.”

Weaver also points out that if hacking is the main concern, “a cellphone is a computer.” After the Germanwings accident, which took the lives of 150 people, some questioned whether a cybercriminal could be responsible.  As of now, however, the threat of a cyberattack is still hypothetical. Indeed, it has only been demonstrated that control can be taken of navigation systems in a simulation environment.

Recently, a Spanish researcher discovered vulnerabilities in planes’ in-flight entertainment systems. The most damage he could do, however, was to turn on and off the lights, broadcast messages over the PA, or steal card numbers from passengers making in-flight purchases.

For the time being, it seems the fears of the US and UK are not based on a potential cyberattack, but rather on the stated concern about hidden explosives. As can be expected from sensitive policy decisions, however, neither London nor Washington are offering much in the way of details.

The post New Security Measure in the US and UK: Tablets Banned on Some Flights appeared first on Panda Security Mediacenter.

The Apps That Most Frequently Appear on Companies’ Blacklists

Apps installed on smartphones and tablets are considered to be one of the biggest risks for companies today. And for good reason. In addition to diminishing the performance of the devices themselves, they can become the gateway to mobile and corporate tablets for cybercriminals.

Because of this, IT departments should be wary of employees downloading certain apps on their devices that may pose a risk, whether because of their popularity or their vulnerabilities.

A recent study looks at the applications that have been most banned by companies around the world, and the result is not surprising: although its popularity began more than five years ago, Angry Birds is the most vetoed mobile app to today.

After surveying technology leaders from nearly 8,000 companies around the world, the report’s authors concluded that globally the game has been declared the number one public enemy of corporate security. No wonder, bearing in mind that the sequel to the game, ‘Angry Birds 2’, was infected a couple of years ago by malware that affected iOS devices.

The ban of Angry Birds on corporate devices shows that, today, mobile phones and business tablets are used interchangeably for professional and personal matters. On the other hand, BYOD (‘Bring Your Own Device’) has become a trend that, either because of the vulnerability of certain applications or of employees’ own personal devices, can jeopardize the security of any company.

To carry out the study, its authors took into account both Android devices and those with iOS or Windows Phone as operating systems. In this sort of blacklist, other applications that veer more toward the personal than the professional follow on the heels of Angry Birds, Dropbox and Facebook: platforms like WhatsApp, Twitter or Netflix are also among the ten most banned applications in the business world.

Another notable conclusion of the study is that among the prohibited applications there are also some that would seem right at home in a corporate environment. However, even these are considered by many companies to be a danger to their security. Such is the case of Skype, Outlook or Dropbox itself, which, after a leak that compromised millions of passwords, seems to have fallen out of favor of late.

The post The Apps That Most Frequently Appear on Companies’ Blacklists appeared first on Panda Security Mediacenter.

Can we trust our computers? Many have been tampered with during the manufacturing process.

3How can you prevent a manufacturing sabotage from becoming an IT disaster? Securing your company’s network with the right protection measures isn’t always enough. Of course you should install an adequate protection system and ensure that your employees use robust passwords. However, there is something that we cannot control: the manufacturing process.

Did you know that your business’s computers can be manipulated during the manufacturing process? A cybercriminal’s network is very sophisticated. In fact, these hackers have accomplices allover the world, including in factories where parts are produced (like microchips). Since the products are tampered with before the computer is finished, no one really suspects that the pieces are infected after they’re installed.

Luckily, manufacturers have discovered a complex solution that can beat this scheme. A new system was proposed by Siddhard Garg, a computer engineering professor at NYU. He believes that for the tightest security the microchips should be strategically manufactured in different phases.

Garg’s proposal makes it so that cybercriminals never know exactly where the piece will be created, making it difficult or impossible to carry out their plans.

Math makes the difference

Garg’s proposal isn’t a new one. In fact, this idea of distributing the manufacturing process to various factories is already being practiced. However, this professor has gone a step further; his method requires advanced mathematics. Instead of randomly distributing the microchip production, this will ensure the greatest security without heavily increasing the production costs. Garg’s system doesn’t just aim to prevent microchip tampering, it will also stop the production of counterfeit parts that affects both manufacturers and buyers.

With this method, since you aren’t building an entire chip in a same factory, there is no finished design to steal and copy.

The post Can we trust our computers? Many have been tampered with during the manufacturing process. appeared first on Panda Security Mediacenter.

Five things to learn from 2015

Here are my five things we discovered in the last 12 months.

  1. Big brands being hacked grabs headlines – but the story can start with a small business.
    The hack and release of personal data from the adult dating site Ashley Madison probably got the most media attention of all the security breaches in 2015, but it was far from the only one. The list of familiar brands and organizations that suffered confidential data breaches ranged from VTech the children’s toy manufacturer, to the US Internal Revenue Service, to the UK’s phone and broadband internet provider, Talk Talk. There was even a “live demo” of a Chrysler-Jeep being hacked on the highway. How do hackers get in? A common tactic is via employees innocently clicking bogus links in emails or bringing malware-infected personal devices into the workplace. Crucially, hackers can find their way into big brands via small company suppliers where security may be weaker. The message is simple: all businesses need to ensure their online defences are as strong as possible.
  1. New payment methods: faster transactions but new threats
    2015 was the year that new payment methods really seemed to take off. On the one hand, “contactless” bank cards allowed consumers to make payments by tapping a card against a terminal without having to swipe and enter a PIN. But this use of RFID technology also gives cybercriminals a new opportunity to steal data – if they can get close enough.Likewise, smartphone payments – such as Apple Pay and Android Pay – are turning phones into wallets. That means thinking about your phone’s physical and cyber security. So is your business taking every possible step to keep its data – and customers’ data – as safe as possible in this new world of faster and mobile payments?
  1. Bring your own device can allow hackers through the office door
    How many of your employees bring their own mobile devices to work and use them to check and send work-related emails, access spreadsheets or other company data? So don’t forget to protect mobile devices in business, they are as vulnerable as desktop devices and carry business critical data. Two mobile hacks in 2015 reminded us all of how vulnerable smartphones can be: the MMS messages with a hidden sting, and the Stagefright 2.0 vulnerabilities in the Android operating system.
  1. Don’t think your Mac device is a safe bet!
    Part of the Apple myth is that its devices are always malware free; indeed, remember those old “I’m a Mac, I’m a PC” ads from the late 90s with the actor representing the PC catching a terrible cold versus the healthy young Mac? That myth was truly tested in 2015 when fake developer tools that were used to create iOS apps containing malicious code known as “XcodeGhost” made their way onto the Apple App Store. The moral of the story? If you’re using Apple tech, make sure you’re taking security seriously … you can still catch a cold.
  1. We’re only human!
    An error this year by an individual at the UK holiday firm Thomson was a timely reminder that however tight your online security, human beings make mistakes. Data about the name, home address, telephone number and flight information of 458 people were attached in error to an email. The simple lesson? Everyone should take a moment to think twice before attaching documents to an email and hitting send. Just ask the question: what I am sending and should this be shared in this way?

So there we are: five lessons from the outgoing year to remind us of the critical need to keep business security top of mind.

For more tips, insights and product information to keep your business protected, check out our web site at http://www.avg.com/internet-security-business. We look forward to helping keep you and your business safe as we head into the 2016!

In 2016, your home will be a target for hackers

Your home and the devices in it will be a viable target for cybercrooks in 2016.

Back in the good ol’ days of the early 2000s until just a few years ago, all we had to be concerned about was security on our desktop computers and laptop. In the intervening years, mobile devices have become so ubiquitous that hackers have turned their sights on them, especially Android devices.

But starting in 2015, everyone began to realize just how close to home cybersecurity really is. Home networks are the new gateway, and 2016 will be the year that vulnerabilities in the Internet of Things (IoT) and wearable devices combined with weak home router security will lead to personal attacks.

Our internet-connected world will be increasingly difficult to secure

Our internet-connected world will be increasingly difficult to secure

The weak link is your home router

“The security situation with home routers is actually pretty bad,” Ondrej Vlcek, COO of Avast told Fast Company. “Most of the companies do a relatively good job of . . . patching the vulnerabilities, but the problem is that no one updates the firmware in the routers. The user doesn’t at all, and usually the ISP doesn’t either.” He added that we saw the most attacks on routers by far in 2015.

“Right now, attackers are targeting routers en masse,” said Pavel Sramek, an Avast Virus Lab research analyst. “It’s highly probable that they’ll expand their target list to network-attached storage  and “smart” TVs as well, since the security aspect of these devices has been almost completely neglected by their manufacturers so far.”

“Many of the companies and engineers don’t really think about security,” says Vlcek. Data, for example, is often transmitted without any encryption, making it easy to steal or fiddle with.

Since this is the time of year to look forward, I asked several of our Avast Virus Lab research analysts about what to expect in 2016 for home networks, wearable devices, and all the gadgets that make up the Internet of Things.

Router and ethernet cable

2015 was the biggest year for router attacks

Is it easy for hackers to break into home networks and is there enough motivation at this time to go to the trouble?

As it stands now, home networks are still not the easiest way for cybercrooks to hack into people’s lives, our team of experts agreed. “Not the easiest way, but too easy to be comfortable with,” said Sramek.

“As more and more devices are becoming smarter and connected to the net, through the Internet of Things, cybercrooks will have more chances to get into the personal home network,” said Sramak’s colleague in the Virus Lab, Nikolaos Chrysaidos.

The motivation is already there too.

“For years, (PC) viruses were the ultimate goal for the bad guy. The goal was to get their hands on users’ data, like credit card information, or to create botnet networks to allow them to send out spam or to do DDoS (distributed denial of service) attacks,” said Vlcek. In a similar manner, cybercrooks have already started to turn internet-connected home devices into “zombies to collect data.”

“The amount of attacks will rise rapidly in 2016,” said Sramek. “Turning IoT devices into zombies is half of their plan. The other is hijacking the network connections of users with devices that are difficult to attack otherwise, like iPhones.”

How do regular people make their home gateways smarter and more secure?
“As a bare minimum, people need an automated vulnerability scanner on a PC in their network, like Avast’s Home Network Security, to check for the most common issues leading to cyberattacks,” said Sramek.

Since we’re still in early days, can threats for IoT devices be eliminated before it gets out of control?

Just like with PC and mobile security, home users can prevent many attacks by applying safe practices and using existing solutions like Avast’s Home Network Security to understand what the vulnerabilities are.

Jaromir Horejsi adds that in addition to educating users about badly configured and insecure home IoT devices, we could use “more secure web browsers, because Firefox, Chrome, and IE are so easy to hack.” He predicts that cybercrooks will create DDoS malware to infect various IoT devices with weak passwords and it will take a combination of home user’s knowing what they’re up against along with manufacturers and ISPs taking more responsibility for safety to overcome the looming threat.

Do you expect to see an increase in attacks through wearable devices?

“In 2015, we have seen many vulnerabilities in wearables. Those vulnerabilities could be used by attackers to extract stored data and use them in personalized social engineering attacks,” said Chrysaidos.

“Today we are seeing a big shift toward social engineering attacks which are ingenious and sophisticated,” said Vlcek. Social engineering uses techniques to trick people into installing malware or adjusting settings that they don’t fully understand.

The biggest target for 2016 is mobile

Phones and tablets are the data collection points for most wearables and Internet of Things devices, so they are targeted for the data they store or the data that passes through them. Mobile devices – smartphones and tablets – are where people are now, and the bad guys know this.

“Bad guys today realize that most people are moving their computing to mobile,” said Vlcek. “They are catching up by coming up with new techniques that gets the job done even without malware.”

“Phones store a lot of personal information nowadays that can be monetized in underground forums. As valuable data exist in our devices those can be treats, and targets, for the cybercrooks,” said Chrysaidos.

Visit our blog tomorrow to read about the upcoming mobile threats for 2016.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

 

Keep track of your family’s devices using your Avast Account

The average US family owns four mobile devices, plus Internet-connected computers and other devices. Your Avast Account helps you manage their security.

Avast Account screenshot

Manage all your devices with a free Avast Account.

Keeping your security software up-to-date on all of these devices can quickly get confusing, and with today’s risks you want to make sure everything has adequate protection. Your Avast Account can simplify that task greatly.

Here’s what you get with an Avast account

Management made easy

  • Register any Avast free product which you have installed and which requires registration.
  • Manage multiple Avast-protected devices (PC, smartphone, tablet) from one place.
  • Remotely control Android mobile devices with Avast Mobile Security and Avast Anti-Theft installed. This is especially useful in case of loss or theft of the device .

Information at your fingertips

You can find information about your connected devices.

  • License status
  • Expiration date
  • Basic statistics
  • Version of virus signature database
  • Logs of activities, and more

Earn Avast Reward points for free stuff

You can generate your own special Avast Free Antivirus link to give to your family members and friends. When they download their own protection using your link, you collect “Karma” points to earn a free copy of Avast Internet Security. In your Avast Account, you can see how many points you have, earn badges and even see how you’re doing compared to other users.

Give Avast feedback

We provide links to the Avast Community Forum where you can ask questions of our experienced “evangelists,” and the Feedback page, where you can give suggestions, report a problem, or just say thanks.

Secure your Facebook profile

You can secure your Facebook profile using Avast Social Media Security. We help you navigate thorough the frequently changing security and privacy settings in Facebook. In the future we plan to add security profiles on other social networks.

How do I get an Avast Account?

New registrations of Avast Free Antivirus will automatically create an Avast Account and connect your device automatically. Visit https://my.avast.com or click Account in the Avast user interface. Use of the Avast Account for accessing other Avast services is completely optional.

NOTE: It’s especially useful to connect any mobile devices that have Avast Mobile Security installed because it gives you remote control over your device if the device is stolen. These remote control features have not yet been implemented for PC or Mac devices, therefore if you are not interested in the activity log or other information, you don’t have to connect your device to your Avast Account at all.

When you do connect your device, please be patient because of the large amount of data we have to process; the device status isn’t updated in real-time. It could take up to a half hour before the actual security status and other device information appears on the devices page, so check again later.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.