Tag Archives: Mobile Security

Panda Security

They’ll hack your Android in T Minus 10 seconds

FOTO 1

The word that scared all Google users last summer is back and worse than ever. Stagefright, nicknamed by its founder Metaphor, is even more dangerous in its new version.

Much like its name’s meaning, Stagefright, hides deep in the Android library, unnoticeable to Android users as they watch videos of cute puppies and crafty DIY hacks, all the while exposing themselves to its vulnerabilities.

How many devices are affected?

Now in its second swing, these Stagefright vulnerabilities have already affected hundreds of thousands of Android devices through holes in the multimedia library. More specifically, they have even affected those who use versions 5.0-5.1 (23.5% of affected Androids) and some using versions 2.2 and 4.0 (unsafe due to old terminals that had been exposed to previous viruses).

Google fights back

After the bugs’ discovery, Google implemented a series of bug-fixes and other security measures, even creating its own group of vulnerabilities to counter the attacks. Upgrades and patches were set up to make it more difficult for Stagefright to infiltrate an Android in a real attack.

Unfortunately, Metaphor has been able to dodge these protection mechanisms that were added to the more modern versions of the Android. With this new exploit, as their own creators have shown, Stagefright can easily control devices as diverse and modern as the Nexus 5, Samsung Galaxy S5 UN, UN LG G3 or HTC One UN.

So, how exactly does Stagefright break in?

Sneakily. The user does not need to be using their smartphone during an attack, really. In the case of Stagefright, the attacker can gain access through a particular website (e.g. through a malicious video link received by email or MMS). In a proof of concept, an email with a corrupted video link promoting videos of kittens leads to a page actually containing this material. The recipient has no way of knowing, that while the video is rendering, their Android is also being attacked. It can take as little as 10 to 15 seconds for the cyber-criminal to have control of their victim’s terminal.

Spent some time today messing with Lightroom's post-processing tools to teach myself. I don't want to end up relying on them for every shot but it's nice to know what I have to work with.

Metaphor’s strategy is not exactly new. It largely relies on the attacks that were released last summer, when the holes were first discovered. However, today’s danger lies in Stagefright’s ability to bypass ASLR, which is the barrier Google raised in all versions of Android after 4.1. The problem is that this new threat binds itself not only to older devices but also to more modern ones. Those who have Android´s Lollipop 5.1 are not even safe, representing about 19% of all of Android smartphones.

No matter what, the best way to protect your Android and all other risks associated with Stagefright is to keep your operating system as up-to-date as possible and install a good antivirus. If your phone has been left out of the recent updates, take caution: you should not browse pages unless they are fully trusted. Even those who promise photos of adorable and fluffy kittens.

Avast

The top 3 things to look for in a mobile security app

CEO Vince Steckler gave the crowd at CeBIT an eye-opening statistic yesterday. He said,

Avast currently has over two million malicious samples in its mobile threat detection database, and we see 12,000 new samples every day.

That fact means that your Android device needs protection. Avast Mobile Security secures your smartphone or tablet against infected files, phishing, malware, spyware, and malicious viruses such as Trojans without bogging down performance or annoying you with false warnings.

Download Avast Mobile Security for free from the Google Play Store.

AV-Test awards Avast Mobile Security

Panda Security

How to prevent your iPhone content from being lost if you forget your password

iphone

Despite being essential to protect your personal data, the security measures implemented by smartphone manufacturers to protect it from cyber-criminals can work against you. That’s the case wìth Apple and the Auto-Lock feature that automatically locks your device after six failed passcode attempts.

There are multiple reasons why that could occur. For example, your little one starts playing with your phone, you suffer a temporary memory lapse, or pay the consequences of a party that went a bit out of hand… Whatever the reason, a situation like that can have some serious consequences if you don’t take the appropriate precautionary measures.

A feature designed to prevent strangers from accessing your device in the event of loss or theft can cause you, the phone’s owner, to lose all of your photos, videos, music, and contacts.  The solution? A backup which, if you haven’t already, you should definitely make now.

iPhones usually provide two options to make backups: iTunes (which saves backups to your computer) and iCloud (which saves them to Apple’s cloud). If you choose the first option, you can do two things: connect your smartphone to your computer via a USB port, or via Wi-Fi if both devices belong to the same network. You can check Apple’s website for detailed instructions.

Iphone security

 

If you choose iCloud, there is no need for both devices to be on the same network or connected via a cable: you can make the backup from any place, any time. Additionally, you can configure your account to make daily backups automatically. Another advantage is that cloud backups are encrypted by default, an option you can also enable in iTunes.

Whatever mechanism you choose to back up your iPhone, a recent backup can save your life if your device gets locked after six wrong codes are entered.

If that ever happens to you, the only solution is to wipe the content of the locked device and retrieve it from a backup. There is no way to reset the passcode. No shortcuts. You will have to wipe the entire iPhone and start it from the backup copy (if you have one), or, in the worst case scenario, from scratch. The entire process is explained on the website of the company with the half eaten apple logo.

However, there is yet another, more extreme scenario. If you have complete faith in your memory, there are no kids around and you think that the only reason to have a wrong code entered on your smartphone is that it gets stolen, you can choose to erase your device automatically (without locking it) after ten failed passcode attempts. In that case, keeping an up-to-date backup copy is even more necessary.

iphone disabled

A good example of all this is what has happened with the iPhone of one of the perpetrators of the recent San Bernardino (California) shooting after being arrested by the police. As you may already know, the FBI has asked Apple to make a special version of iOS that doesn’t lock the device after six failed passcode attempts or wipes it after ten attempts. That would allow the FBI to brute-force attack the criminal’s phone to break into it without fear of turning it into a paperweight.

That is precisely what happened with the iPhone of another criminal that ended up in the hands of a not-so-skilled member of the Massachusetts Police Department. When trying to access the phone in search of evidence, the agent entered ten wrong passcodes, setting the device back to its factory defaults. Goodbye to any possible evidence…

So be careful. If you ignore our advice and don’t make backup copies regularly, the same could happen to you. Are you really willing to run that risk?

The post How to prevent your iPhone content from being lost if you forget your password appeared first on MediaCenter Panda Security.

Panda Security

Think your cell phone is tapped? Don’t panic!

smartphone

At the end of last year, the US government put an end to the secret surveillance program carried out by the National Security Agency (NSA).  Not bad. Apparently, citizens have one less reason to worry about the privacy of their phone calls. However, the suspicion that someone else is listening to your conversations not only stems from the existence of organizations like that.

Experts have warned us that certain types of spyware can be used to remotely open a smartphone’s microphone and listen to the nearby sounds to find its location. If that weren’t enough, researchers from different universities have developed programs to record conversations in the same surreptitious manner.

Additionally, some Internet users claim that Google and Facebook have shown them ads and search results related to information they have only communicated over the phone. They are convinced that these companies are eavesdropping on their telephone calls and using the information they obtain to customize ads for them.

 headphones

In light of these events, the first question that comes to our mind is this: Can an app be used to open a device’s microphone without you realizing?

Security experts have demonstrated that yes, it’s possible and not too complicated. To develop an Android spy app, you simply have to take advantage of the Android capabilities to assign permissions to the app to use the microphone, and program a server that collects the information.

While it is not confirmed whether or not apps are available today that use those techniques to spy on users, the advisable thing to do is always check the origin of the apps you download to your phone, just in case.

The second question has to do with big companies: Do they actually use the recordings they get of background noises and user conversations?

Google affirms that it doesn’t use the information it collects when users say ‘OK Google’ (and enable the voice recognition feature) to display personalized ads. It also denies sharing the information it obtains with other companies for them to deliver personalized advertisements.

Additionally, the Mountain View company states in its developer policies that its apps cannot collect user data without authorization, something that would happen if users’ conversations were monitored.

Facebook also explains that it doesn’t allow companies or advertisers to design personalized advertising from the information obtained through users’ microphones, indicating that the ads it displays are exclusively based on the activities performed by users on the social network.

A mathematician from the Imperial College London, author of the book ‘The Improbability Principle’, claimed on the BBC that human beings are designed by evolution to always look for an explanation, even when there isn’t one. That’s why we are always establishing connections between events. Therefore, the coincidences that exist among the people who share their fears in Internet forums could be just that, coincidences. In principle, and leaving conspiracy theories aside, there should be nothing to worry about.

The post Think your cell phone is tapped? Don’t panic! appeared first on MediaCenter Panda Security.

Panda Security

A single infected smartphone could cost your business thousands of euros

smartphones

A few months ago, Apple devices were the victim of a large-scale cyber-attack, the largest in the company’s history. The company had to withdraw more than 50 iPhone, iPad and Mac apps from the App Store as they installed malicious software that allowed criminals to control users’ devices remotely and steal personal information.

So you see, not even the company with the half eaten apple logo, which boasts about the security measures applied to their technologies, is free from falling into cyber-criminals’ traps.  Smartphone attacks pose a great risk to device security and data privacy, and this is even worse in work environments.

According to a recent report from renowned research institute Ponemon, the number of employees using personal devices to access corporate data has increased 43 percent over the last few years, and 56 percent of corporate data is available for access from a smartphone.

The consequences of this situation can be translated into economic figures. A single infected smartphone can cost a company over €8,0000 on average, and the estimated global figure for all cyber-attacks over an entire year can reach €15 million.

meeting

Researchers interviewed 588 IT professionals from companies in the Forbes Global 2000 list (a list of the word’s biggest public companies) to know their opinion about mobile security. 67 percent of respondents believed it was very likely that their company had already suffered data leakage, as employees could access sensitive and confidential corporate data from their smartphones.

However, there are still more reasons for concern.

When asked about what data could be accessed by employees, most of the interviewees showed little knowledge.  Workers could access far more information than IT security heads thought, including workers’ personal data, confidential documents and customer information.

Luckily, there is also good news. According to the report, 16 percent of a company’s budget is invested in mobile security, a percentage that is expected to reach 37 percent.

Additionally, more than half of the companies that took part in the study had some type of system in place to manage the data accessible to employees through their smartphones, as well as security measures such as lists of malicious apps, authentication systems and platforms to manage user access and accounts.

Researches don’t believe that going back to the past or banning the use of personal devices for work purposes are effective measures, as working in the cloud and virtual environments is increasingly common. That’s why they suggest that the solution should be to set clear limits to the information that can be accessed from personal devices, and educating employees about the risk of such practices and the available tools to neutralize them, such as those provided by Panda Security.

The post A single infected smartphone could cost your business thousands of euros appeared first on MediaCenter Panda Security.

Avast

How to have the safest phone in the world

connecting-at-cafe.jpg

Avast SecureLine VPN keeps you safe when connected to an unsecured Wi-Fi

Unsecured networks can expose you to a hacker who can easily read your messages, steal your logins, passwords,  and credit card details.

The danger is that you never know when it could happen, or where, so having a way to secure your device when connected to an unsecured Wi-Fi hotspot is the best protection.

How to avoid the dangers of open Wi-Fi

To avoid the potential of a snoop stealing your private information, you basically have two choices: Stop using unsecured Wi-Fi hotspots or make sure you always have a secure connection by using a VPN (virtual private network), like Avast SecureLine VPN.

A VPN sounds extremely techie, and it is, under the hood. Avast mobile security developers created SecureLine to give you a secure and reliable private connection for your data between computer networks over the Internet. Your outgoing and incoming data is encrypted and it travels in its own private “tunnel” and is decrypted at the other end.

When you use Avast SecureLine VPN, everything you do is anonymous. We don’t keep logs of your online activity, and thanks to SecureLine, no one else will either.

Get a 7-day free trial of Avast SecureLine VPN

Avast SecureLine VPN for Android and iOS takes all that tech goodness and puts it in a simple-to-use app. All you do is tap a connect button, and the app does the rest.

Install Avast SecureLine VPN on your iPhone or iPad and try it free for 7 days.

Install Avast SecureLine VPN on your Android smartphone or tablet and try it free for 7 days.

After you install Secureline, click connect and choose a server from 27 locations in 19 countries, or let SecureLine choose the closest one. You can turn the secure connection on and off with one click.

Panda Security

Knowing how many calories you’ve consumed is great, but be careful with fitness bracelets

smartwatches

Thanks to their inbuilt sensors, bracelets and other wearables have become the perfect tool for monitoring our fitness and wellbeing – they inform us of our sporting progression and of how many calories we are burning at the gym. However, the growth in sales of these devices has also lead to a growth in the number of experts that warn of the risks that come associated with them in terms of data security.

The latest ones to raise concerns is a group of investigators at the IEEE Center for Secure Design in the United States, which has recently released a report about some of these threats.

The main risks, according to these experts, are based on the development of the device: those designed with less precision and care don’t usually include the necessary security specifications to protect the data that they collect. Their popularity, combined with the large quantity of information that they store, has made them a prime target for cybercriminals.

running

For the analysis, they have focused on the bracelets made for physical activity that measure variables such as vital signs. They also come with movement sensors such as accelerometers and they connect to the Internet to send the data to a centralized server.

The investigators claim that the attacks are directed at the software systems that control the flow of information between the device and the server. The same happens with other types of connected devices, such as smartphones or computers, which means that these vulnerabilities are taken advantage of quite often.

One of the methods that the criminals can use to access the user information is with an SQL injection. This technique means taking advantage of a security lapse to insert a malicious code in one of the IT applications that controls the database server.

Other known options are phishing and a technique which transmits unauthorized orders to a server, such as an information request. There is also the flooding of the buffer or the excess of data in an area of the hard drive, which would allow for the program that manages the storage to be modified.

smartwatch

Also, cybercriminals can carry out denial of service attacks via a fraudulent firmware update. The action leaves the device unusable, without battery, and blocks users from their accounts. It could also, therefore, affect other elements associated with the wearable, such as a telephone or computer.

The report highlights health data as delicate information that could be falsified or stolen by cybercriminals. Its authors affirm that more security measures are needed to guarantee that this information isn’t shared with other parties, even if the user publishes this information on social media.

The vulnerabilities of trackers could allow a cybercriminal to not only access the data of its owner, but also to launch attacks on a website and server of others.

With all of these risks in mind, the experts advise that, more than focusing on patching up the holes and vulnerabilities, it is necessary that we review the design process of wearables and analyze the whole ecosystem of software that surrounds them – from computers, to smartphones, and even data servers.

The post Knowing how many calories you’ve consumed is great, but be careful with fitness bracelets appeared first on MediaCenter Panda Security.