Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google’s new open source fuzzer.
A new Google program OSS-Fuzz is aimed at continuously fuzzing open source software and has already detected over 150 bugs.
Microsoft announced a cloud-based fuzz testing service called Project Springfield that identifies software bugs in applications that could turn into vulnerabilities.
Yesterday, we walked you through a set of our 2016 predictions in regards to home router security, wearables and the Internet of Things. In addition to these important topics, mobile threats are not something that should be ignored as we move into 2016.
“Most people don’t realize that mobile platforms are not really all that safer or immune from attack then desktop platforms,” said Ondřej Vlček, COO of Avast. “Most people use mobile devices in a more naive way then they use a PC because they just don’t understand that this is a full blown computer that requires caution.”
Hackers have done their homework to prepare for the new year
Over the course of this year, we’ve seen a list of notable mobile threats that jeopardized the privacy and security of individuals. Our own mobile malware analyst, Nikolaos Chrysaidos, has a few ideas about several issues that could crop up in the new year:
- Android malware that can mutate. This superintelligent family of malware is capable of altering its internal structure with new and improved functions, changing its appearance, and if left unmonitored, spreading on a viral scale. And yes, this concept is just about as scary as it sounds.
- More security vulnerabilities that can be exploited as a result of fuzzing. This year, there was a good amount of research on fuzzing, making it more and more of a familiar concept to both good and bad guys within the digital world. Fuzzing is a technique that is used to discover security loopholes in software by inputting massive amounts of data, or fuzz, into a system with the intent of overloading and crashing it. Next year, these vulnerabilities could look similar to Stagefright, the unique and dangerous vulnerabillity that, when exploited, left mobile devices vulnerable to spyware.
- Smarter social engineering techniques. Now that most people know about certain vulnernabilities and their potential consequences, hackers can take advantage of this knowledge and use it to their advantage. For example, a hacker could trick users into installing their malware by telling them that an MMS is waiting for them but can’t be sent via text message due to risks associated with the Stagefright bug. Users are then prompted to click on a malicious download link. Although we could see more of these advancements in 2016, the concept isn’t completely new – this year, an example of this type of technique could be seen within OmniRat spy software.
- APTs on mobile. In 2016, Advanced Persistent Threats (APTs) could be used to target politicians. This could be accomplished by using spyware (similar to Droidjack or OmniRat) in combination with specific social engineering techniques that could aid hackers in gaining access to powerful and influential individuals.
With this list of potential threats and risks in mind, it becomes clear that our mobile devices hold more value than just our apps and contacts. As hackers‘ techniques grow smarter, it’s important that we do the same in regards to the way that we approach our security.
Protect your Android devices with Avast Mobile Security. That and other apps like our new Wi-Fi Finder and Avast Cleanup & Boost are free from the Google Play Store.
Buffer and integer overflow vulnerabilities have been patched in the ICU Project ICU4C library, used in hundreds of open source and enterprise software packages.