Tag Archives: highlighted

Apple Watch: nothing prevents thieves from resetting the password and using a stolen one (even for shopping)

apple watch

It is one of the longest awaited gadgets in recent times and is set to become one of the technological gadgets of the year, but it has already given rise to the first scare: Apple Watch is vulnerable.

Apple’s smart watch, which has been on the market for just over a month, has given a hint to the public of its security flaws: security gaps which can end up being expensive for this wearable first buyers.

Apple Watch lacks an Activation Lock feature

On the one hand, Apple’s watch may become an object of desire for thieves, something the iPhone tried to prevent with certain security measures. The smart watch lacks of an ‘Activation Lock’ feature, which was created to dissuade criminals from illegally obtaining one of the company’s devices.

This feature first appeared with iOS7, and makes that the only way of disabling the ‘Find my iPhone’ option –which allows the user knowing where his device exactly is- is with the user’s Apple ID and password. In other words, unless the thief has your username and password, he won’t be able to disable the option that will allow you to find your stolen iPhone.

However, the smart watch doesn’t have the ‘Activation Lock’ feature. In addition, resetting the device and erasing all data- password included- is simple, even without having the PIN code which protects the watch, as you can see in the following video:

Shopping at your expense

A second vulnerability of the Apple Watch may work out to be even more expensive for the pioneers who have already bought it.

Thanks to its sensors the device detects when it is placed on a user’s wrist. While it is being worn it doesn’t require a password to unlock it, to enable its owner to access the screen and to make payments with Apple Pay.

If we take the watch off our wrist, Apple Watch will ask you to re-enter the password, so that, if it gets stolen, your data is safe, especially your financial one.

However, the watch’s sensors have a delay of about a second to re-enable the PIN code and, in addition, they don’t detect whether the watch is on the wrist or on any other body part, so some crafty thieves can take the watch off of a wearer’s wrist and then quickly cover the sensors with his fingers to keep the watch from locking.

Here the thief was not only able to access the information stored in your Apple Watch, but also to make purchases with your Apple Pay account.

So, the cracks in the security of the so long awaited Apple Watch are starting to undermine the fame of the device that Apple fans wanted to have on their wrists. The fact that with some tattoos the sensors of the Apple’s Watch don’t work is just a mere anecdote, now the security of its users is at stake.

The post Apple Watch: nothing prevents thieves from resetting the password and using a stolen one (even for shopping) appeared first on MediaCenter Panda Security.

WhatsApp Trendy Blue, the program which signs you up to a premium rate. Watch out!

One more, there have been so many, we’ve lost track! WhatsApp Trendy Blue is the last hoax to deceive the users of this instant messaging application.

whatsapp trendy blue

WhatsApp Trendy Blue, the new “version” that promises new options to customize the users’ WhatsApp. In fact, it is only subscribing the user to a premium rate service, which it is not exactly cheap.

From Movistar, a Spanish telephone company, they warn that for the program to work, it asks the user to invite at least 10 contacts, who will receive a message recommending them to sign up for this fraudulent website.

So please, don’t fall for these traps, only trust the versions offered by the official stores!

The post WhatsApp Trendy Blue, the program which signs you up to a premium rate. Watch out! appeared first on MediaCenter Panda Security.

How to protect your SIM card when it is the key to your WhatsApp

whatsapp app

Finally you have your new smartphone in your hands. Whether it is a Nexus, an iPhone or a BQ we are sure that one of the first things you do is download WhatsApp. You are so focused on setting up the app that you haven’t stopped to think about the implications of your WhatsApp identification being carried out by your SIM card.

In social networks you create a new profile with a user number and a password, but in the instant messaging service par excellence (it already exceeds 700 million users) you identify yourself exclusively with your cell phone number. Once you have connected your number to WhatsApp, the app is associated with the terminal, whether or not the SIM card is inside.

Our phone number is also a way of identifying us in other services we use daily, such as email. Gmail allows you to add a phone number to your account in order to protect it and to ensure that if someone intercepts it or you forget your password you can get it back. Google’s support web page explains that associating your phone number is safer than an alternative email or a security question, because your phone number is something you have physically thanks to your SIM card.

Your phone’s security starts on that card. That’s why security experts recommend taking preventive measures to avoid anyone from spying on your WhatsApp conversations if your SIM card gets duplicated or someone takes it temporarily.

pin cards

How to protect your SIM card when it is the key to your WhatsApp

  • Keep your PIN and PUK code in a safe place: some people have the bad habit of writing them on a piece of paper and putting that paper in their wallets. If you leave your personal belongings unattended for a few minutes, someone might put your SIM in his phone, enter the PIN to which he has had access before and then spy on your conversations indefinitely. If this person is careful to leave everything exactly as it was you will never realize what has happened.
  • Another possibility is that someone clones your SIM and impersonates you. Although in current SIM cards the process is quite difficult, if you are one of those who has cut his card to adapt it to the new terminals there are ways to carry out attacks and clone the information that your card contains.
  • The third method (and most likely) is that a cyber-attacker will keep the information in your card, it is called the ‘SIM Swapping Attack’. The SIM Swap is the process through which a user can transfer a phone number to another company. A cybercriminal can perform a phishing attack or identity theft which will allow him to know the transfer information, keeping all the SIM’s information. This type of attack has been long used for accessing bank accounts: the offender manages to replace your phone number and starts getting all notifications and calls from your bank, including those in which the bank sends you confidential information about your account, for example, to verify a transaction.
  • If you lose your phone or it gets stolen and you have a WhatsApp account associated, we recommend you to associate your number to another telephone as soon as possible so that if the stolen terminal asks for a verification test the offender cannot complete it. To prevent anyone from reading your conversations if the phone falls into their hands, you can deactivate your account here. You will only have to send an email to the support team that will deactivate the account for a period of 30 days, after which you can decide whether to reactivate it or eliminate it altogether. Of course, it may take several days for WhatsApp to process your request and disable your user account, a time during which your account will be unprotected.

So, now you know that your SIM card can be a potential source of interest for real and virtual criminals, that’s why is not enough to keep making sure your phone is in your pocket: you also have to start making sure that the card inside is as secure as possible.

The post How to protect your SIM card when it is the key to your WhatsApp appeared first on MediaCenter Panda Security.

Tinder, the app where you can have your heart stolen, but also your information and your pictures

tinder contact

To find a ‘match’ in Tinder we have to share personal information with other users. If you don’t have at least one picture and you don’t describe yourself a bit, how will anyone know if they are interested in you? The same happens when you visit other profiles.

However, each person can decide what to make public and what not. At least in theory, because a recent study by the University of South Australia questions the privacy of the eight most popular dating apps in Google Play, including Tinder and Grindr.

The research done by these computer security experts shows how easy is to access the data stored in these tools (hidden from the rest of the community), as email addresses and private messages exchanged with other users.

The first thing they did was to create a fake profile on each of the dating apps and from a cell phone try to steal other users’ information. They became cyber thieves for research purposes intercepting the network’s traffic data and tracking the apps supposedly private directory.

For major concern, they discovered that all these apps had huge security gaps which made them vulnerable to these kinds of attacks, achieving their goal: they obtained personal information of many profiles and saved it in their phone.

tinder match

In Tinder, which has over 50 million customers, they stole the pictures of all the profiles they visited with their fake account. In addition, they obtained their Facebook ID (a different sequence of numbers and letters assigned to each person), and with it they were able to identify every one of the accounts in the social network and access them.

If we take a look at Grindr, the findings are even more alarming. The research team amassed amounts of personal information of the different users they had visited with their fake account; from their birthdate to the distance between them and the owner of the last profile they viewed, through a complete record of all sent and received emails and their email account.

In light of the results, the authors warn us to be careful with the applications we choose for meeting people. They also recommend developers to add more strict security measures to prevent attacks, like the ones the researchers performed without many difficulties.

In addition, they claim that the cell phone is the cybercriminals’ main target: most users, regardless of their age and sex, have one. In them we store personal information which not even friends or family know.

This is not the first time a research questions Tinder’s security level. In 2013, another research team founded that is possible to know the longitude and latitude where a user is due to another vulnerability in the tool.

The post Tinder, the app where you can have your heart stolen, but also your information and your pictures appeared first on MediaCenter Panda Security.

Watch out! A simple Arabic text message can crash your iPhone!

iphone 6 plus

Do you have an iPhone? Yes? Well, then the following news may be of interest to you!

A new security flaw has been discovered in iOS, Apple’s operating system. This vulnerability affects iPhones running iOS version 8.3, although other versions could also be affected.

According to the BBC, a specially crafted text message can cause vulnerable devices to crash and reboot. More precisely, the malicious message, containing Arabic characters, causes iMessage to crash and the iPhone to reboot.

sms iphone

Apple is aware of the issue and has announced they will make a fix available in a software update. We’ll keep you updated with any new developments!

The post Watch out! A simple Arabic text message can crash your iPhone! appeared first on MediaCenter Panda Security.

Scams have arrived on Instagram, watch out!

For several days now we have been seeing many brands promoting their Instagram accounts with contests and giveaways. But sadly, once again, this is a scam! The Spanish National Police has warned about it through their Twitter account.

The alleged prize are gift brochures to spend on these clothes shops. To be able to win them you just have to follow that account and share it in your Instagram account.

michael kors instagram

Tips to help you distinguish a fake Instagram account from an official one

  • Check its description
  • See if it has publications
  • Confirm the accounts it follows

Here you can see some examples:

springfiel instagram oficialspringfiel instagram falsa

Despite having seen this scam in Spain, we wanted you all to know, because we can find examples of these scams all over the world, so please be cautious, there is not such thing as a free lunch!

The post Scams have arrived on Instagram, watch out! appeared first on MediaCenter Panda Security.

Smart Lock: Enjoy your unlocked phone while you are in a ‘trusted’ place

smartlock android

We already know the importance of choosing well our passwords. In addition, if we want to do anything on our cellphone we have to follow this steps: enter our PIN, our code or pattern we have set to unlock the screen… something we are continuously doing as the phone locks itself every two seconds to save battery.

As far as security is concerned, laziness makes for a poor counselor, but sometimes all these boring actions are too much. We do not face the same risks at home watching TV than when we are walking on the street, at a bar or at any other place.

That is why, Google’s new initiative seems logical: Android versions 5+ (Lollipop) allows you to distinguish between what you consider safe locations and which pose a risk.

But, the operating system does not detect the danger itself (we haven’t reached that point yet), you have to indicate it. Something similar to what happens when your computer connects to a new wireless network and Windows asks you if it is a public access point, your work or your home. The difference is that when using Android, there are no warning pops-up reminding you to change the configuration.

Once the place is specify, the phone will recognize via GPS if you are actually there or not, and will activate or deactivate the feature that asks you to enter your PIN to unlock the screen.

If you pinpoint your home as a safe place, for your convenience this option will be disabled whenever you are inside, so you won’t have to continuously enter the code. On the contrary, as soon as you leave the perimeter, it will automatically activate and restore the protection standards.

If you want to start using the system, go to “Settings”, then to “Security”. Once deployed the tab, go to “Trusted agents” and there you tap on “Smart Lock”, to enable it.

Smartlock mobile

Then you just have to select your trusted locations and add them to “Trusted places”. To add a place, the phone asks for an address or location to find it in Google Maps.

Each time you want to change these options, you will have to enter the password, PIN or the pattern you chose to unlock the device, this is a security measure which prevents someone unauthorized from making changes.

Despite that the option is useful and that it saves us from wasting time locking and unlocking our phone, setting it up has some implications. The most important is that the screen lock not only disappears while you are in a trusted place, but also for 80 meters around. ‘Google Lock’ can be an advantage, if you use it wisely.

The post Smart Lock: Enjoy your unlocked phone while you are in a ‘trusted’ place appeared first on MediaCenter Panda Security.

How to find your phone – 3 alternatives to the rescue

how to find phone

Have you ever wonder if there is a way of locating your phone in case you lose it or it gets stolen? Well, relax, because the answer is yes! There is a way you can find your phone, how? Here we explain to you three ways of doing it! Keep reading. You have 3 ways of doing it.

How to find your phone

With Panda Mobile Security

Thanks to the mobile and tablet location system in our antivirus for Android, you can recover your device if you lose it!

Panda Mobile Security tracks and displays on a map your lost or stolen tablet or phone so you can find it quickly. You will also be able to block the device and erase all your personal information remotely to prevent others from accessing your most valuable information.

find phone

In addition, our service has an antitheft application that protects the user and ensures the phone’s safety. Panda Mobile Security makes a picture of the user and sends it via email together with the device’s location every time the user fails to enter the password.

If the device runs out of battery, Panda Mobile Security will geo-locate it and save this information, so it can be used later if necessary.

You can also use Google…

To find your Android phone or tablet with Google, you must do it through the site in English, since this feature it is only available in this language.

Once you are in the web site you will only need these three magic words: ‘Find my phone’. This Google search will result in a map, which will display your phone’s location with a precision that may vary a few meters, as the service informs.

In addition, if it is nearby but you still can’t find it, Google can make it ring, even if the device is in silence.

And if you have an Apple device: Find my iPhone

If you are an Apple user and you have lost any of your devices, don’t worry! You can find them with iCloud. Don’t know how, just follow this few steps:

  • Access your iCloud account or use the Find my iPhone app in another device to locate your iPhone, iPad, iPod touch or Mac on a map.
    find my iphone
  • Using Lost Mode you can track your phone, see where it is and where it has been.
  • Once you locate it, you can lock it and send a message with your contact number. So, whoever finds it can call you but can’t access the rest of your information.
  • If you think your device has fallen into the wrong hands, you can remotely erase it and restore your iPhone, iPad, iPod touch or Mac to its original settings.

And last but not least…

Phone locators

When we wrote this article we found lots of webs that offer a series of services which they call ‘phone locators’. But what they actually do is take advantage of those users who have lost their phone or tablet.

So, if we use these web pages, in addition to not finding our cell phone, we will waste our time and money. That is why, we recommend you not to trust any web if it asks you for any kind of financial compensation or personal information!

The best thing you can do to find your cell phone is to use official services like iCloud, Google or the feature included in our antivirus for Android.

The post How to find your phone – 3 alternatives to the rescue appeared first on MediaCenter Panda Security.

Venom: the security vulnerability in your floppy drive

venom snake

A new security vulnerability is putting at risk computers all over the world.

It is called “Venom” and the most odd thing is that exploits a vulnerability in something that almost no one uses anymore: the floppy drive.

The bug itself is quite dangerous as it allows the owner of a virtual machine to execute code in the host machine and from there move on to the network.

In other words, Venom takes advantage from a vulnerability in the virtual floppy drive controller to enter the system and obtain root privileges, as high as possible, not only of that machine in particular but also for all those connected to the same network.

The chart published in the web page created to gather information about Venom explains it very well.

venom vulnerability

The greater risk is that this vulnerability enables the cybercriminal to access the host system through his virtual machine. Once he is inside the physical machine, he will be able to access any virtual machine running in this system.

If you want to prevent Venom, you can download the already published patches here.

We will keep you updated!

The post Venom: the security vulnerability in your floppy drive appeared first on MediaCenter Panda Security.

Seven things your kids shouldn’t do online

Online Children

It’s not unusual nowadays to hear people say that if you want to know how to operate any technical device, ask a child, and they’re not kidding! Computers, tablets or smartphones with Internet access are all a part of children’s lives and kids seemingly take to the digital world likes ducks to water.

Such access to technology and the Internet from such an early age means parents now have to control not only what kids watch on TV, but also the content they can be exposed to over the Web.

The Internet offers so many positive things for children but it can also leave them unprotected against threats or even dangerous people.

Seven things your kids shouldn’t do online

1. Talk to strangers

Kids Talk to Strangers

Social networks, WhatsApp… there are now many channels through which strangers can contact your children. The naivety of children often means they aren’t aware of where danger can be lurking. The anonymity afforded by the Internet is almost more dangerous than in real life.

2. Share personal information

Many of the things we do on the Internet involve sharing, in one way or another, confidential information. Adults tend to be far more aware of what data they can reveal than children are. You should talk with your children and make them aware of the dangers of providing certain information online.

3. Play without time limits

Almost all children want to download games to keep themselves amused and to have new challenges. In theory, this doesn’t become a problem until they end up spending all their free time doing it. This can affect their relationship with their environment and with other children of their age and they can ignore other responsibilities in order to keep playing. What do we recommend? Set a time limit for everything.

4. Having a profile in Social Networks

Facebook, Tuenti, Twitter, Ask.Fm, Instagram… Nowadays, there are multiple platforms in which children would like to be present, but is it recommended? The age at which someone can have an account depends on the platform. Find out more about it when talking to your child about this, and most importantly, control the privacy of their information once they have logged in.

5. Download inappropriate apps

Google Play and Apple Store offer thousands of apps, many of which are designed to make our everyday lives easier, but it is essential to know exactly what you are downloading and what information you give to and receive from these apps. Not all download sources are safe or trustworthy. Even within Google Play there are malicious apps that subscribe you to premium-rate SMS services or install other programs without your consent. Tell your children to ask your permission before downloading an app and find about it yourself first.

6. Enter websites with inappropriate content for children

Frightened-child

Deliberately or not, children may visit websites with content that is ill-suited for their age group. In many cases, just checking the browser history on the computer, tablet or smartphone is not enough. Parental control features let you decide the websites that kids can visit and block those that are inappropriate.

7. Believe they’ve won something

We all receive constant invitations to take part in a prize draw or even messages claiming that we have won some fantastic prize. In order to claim the prize, you are almost always asked to provide some personal information. It’s important to teach children that nobody is going to give them a latest generation smartphone just because they send in their personal data.

8. Suffer cyber-bullying

Given the seriousness of these attacks, children often hide the truth about cyber-bullying from their own parents. Cyber-bullying is bullying among children but carried out across the Web. It is carried out by people from the child’s environment, so it’s important to observe their reactions when using the Internet or interacting with other children on social networks. This way you can detect if there is anything wrong or if their behavior changes.

The post Seven things your kids shouldn’t do online appeared first on MediaCenter Panda Security.