Tag Archives: Mobile

AVG

Malware Is Still Spying On You Even When Your Mobile Is Off

Leave a comment

Most of us have seen Hollywood movies where hackers trace and spy on mobile devices even though they are switched off. Like most things in spy movies, we disregard it as fiction.

However, a recent malware discovered by the AVG mobile security team may change this preconception.

This malware hijacks the shutting down process of your mobile, so when the user turns the power off button to shut down their mobile, it doesn’t really shut down.

After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is black, it is still on.

While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user.

How does this happen?

First, we have to analyze in detail, the shutting down process.

On Android devices, when the power off button is pressed it will invoke the interceptKeyBeforeQueueing function of the class interceptKeyBeforeQueueing. interceptKeyBeforeQueueing will check if the power off button is pressed and go to certain process.

When the power button is released, intereceptPowerKeyUp is invoked and it will trigger a runnable to continue.

So according to above code snippet, we could see that in LONG_PRESS_POWER_GLOBAL_ACTIONS switch, some actions will be done after power off button is released. showGlobalActionsDialog is what we care about, which will open a dialog for your to select actions, such as power off, mute or airplane mode.

So if you select power off option, mWindowManagerFuncs.shutdown will be called.

But mWindowManagerFuncs is an interface object. It will actually call the thread ShutDownThread’s shutdown function. ShutDownThread.shutdown is the real entry point of the shutting down process. It will shut down radio service first and invoke the power manager service to turn the power off.

So finally in power manager service, a native function is called to turn the power off.

Now we have understood the whole process of shutting down your mobile. So if we want to hijack the power off process, we definitely need to interfere before mWindowManagerFuncs.shutdown  as that shuts down the radio service.

Now let’s turn back to the malware which executes a similar attack.

First, it applies for the root permission.

Second, after root permission is acquired, the malware will inject the system_server process and hook the mWindowManagerFuncs object.

Third, after the hook, when you press the power button, a fake dialog will pop up. And if you select power off option, it will display a fake shut down animation, leaving the power on but the screen off.

Last, in order to make your mobile look like really off, some system broadcast services also need to be hooked.

Let’s see some examples:

Recording a call

 

Transmitting private messages

Luckily, this malware has been detected by AVG. And next time if you want to make sure your mobile is really off, take the battery out.

AVG Mobile Malware Research team

AVG

AVG AntiVirus PRO is first security app to enter Google Play Revenue Chart

Leave a comment

AVG’s position in the Top 10 chart is according to the App Annie Index for December 2014, produced by mobile app analytics company App Annie. The report, which analyzes trends and downloads for apps across all the major app stores, looks at both the popularity of apps and the revenue they drive.

In the report, App Annie details the incredible growth that they have tracked in security apps. And one year after climbing into the top ten apps for downloads, AVG AntiVirus PRO Android Security – referred to AntiVirus Security on Google Play – has become the first security app to enter the Top 10 Revenue Chart (excluding games) on the Google Play Store.

Top Revenue Apps on Google Play

 

Proven demand

Increased demand comes after a busy 2014 for cybersecurity events and suggests consumers are more security conscious as a result.

There is demand for security apps – the continued popularity of AVG AntiVirus Security FREE, which was the first security app to exceed 100m downloads on Google Play, shows this.  People, however, are not only protecting their devices with free security apps but are willing to invest in the solutions that they trust.

This is echoed in the recent MEF Global Consumer Trust Report where 64% of those studied use software or apps to guard passwords and protect against malware and only one in ten (11%) take no steps to protect their device.

 

Highly Rated

AppAnnie’s report also highlighted that AVG AntiVirus Security FREE is receiving overwhelmingly positive reviews from the public.

During December, AVG’s AntiVirus Security FREE received an average rating of 4.6 from over 33,000 reviews, with 77% of all users awarding us a maximum score of five stars.

AVG AntiVirus FREE Reviews

 

 

The future is bright

At AVG, we’re already looking ahead to a world where mobile devices are not just secured, but integrated across the Internet of Things. Through AVG Zen, we deliver a single dashboard from which a customer can manage the security, privacy and performance of all their devices and those of their family, all in one place.

 

AVG

Why iOS devices could be one tap away from disaster

Leave a comment

Users who don’t pay attention to warning messages on their iPhones or iPads run the risk of becoming infected with malware that can steal their personal information such as text messages, contact lists, pictures and even their location.

If you’ve followed our advice in the past for keeping your iOS device secure, you’ll know that you should be doing the following:

  • Install updates – keep up to date, and that includes your apps too.
  • Keep a backup – use iCloud or Dropbox for photos and backup your device.
  • Never “jailbreak” – this is the method for breaking the factory security.
  • Activate anti-theft – such as “Find my iPhone/iPad” to locate a lost or stolen device.

BUT despite this, did you know you could still be just one tap away from disaster?

As reported in Macworld, security researchers uncovered spyware dubbed “XAgent” that is delivered via a phishing attack and can spread to other iOS users via contacts in your address book.

For more tips on staying safe from phishing, check out my blog “How To Protect Yourself from Phishing Attacks”

The good news is that you can do something about this, as all the users affected by this particular threat (and previous ones using the same technique) almost certainly “infected themselves” by ignoring vital warning message prompts.

Apple advise iOS users here to be mindful to only download and install apps from the Apple App Store and to be cautious of so-called “enterprise apps” that are only intended for employees of large businesses.

Therefore, if you don’t work for a company that is specifically requesting you to install an app and you see these following prompts – make sure you answer them correctly to protect yourself from inadvertently installing malware.

iOS Install Warning

To protect yourself in this example you click CANCEL

 

iOS Trust Warning

 

To protect yourself in this example you click DON’T TRUST

You might have also seen a similar Trust or Don’t Trust option available when connecting your iPhone or iPad to a friends computer – and again the safer option is always Don’t Trust.

Until next time, stay safe out there.

Title image courtesy of iMore

AVG

Trust remains a key obstacle for mobile

Leave a comment

2014 was the biggest year to date for security and privacy online. With high profile companies announcing security breaches and data hacks throughout the year, 2014 became a year of lost innocence for the web.

People around the globe have begun to realize that their data, once shared with the World Wide Web, takes on a life of its own.

Because of this, trust and privacy have become more important than ever to our digital lives. Trusting people with our data and keeping hold of our privacy have become real every day concerns.

Nowhere is this more relevant than in mobile. And mobile devices are increasingly the gateway for most of us in the connected world.

The importance of trust and the relevance of mobile are why this year; we have once again collaborated with MEF to create the Global Consumer Trust Report 2015.

Here are two key points that I’d like you to take away from the report:

 

Trust is a growing concern

Last year, the report highlighted the growing issue of trust as a barrier to purchase on mobile devices and this year is no different.

  • A lack of trust is again the single most influential factor preventing more downloads and purchases via mobile. 34% named it as such as compared to 30% the previous year.

It won’t come as any surprise after the multitude of hacks we saw in 2014, that awareness and concern around data privacy and trust is up around the globe.

  • China reported the highest trust concerns at 41% and the US saw the largest increase in a lack of trust, up nine points year-on-year to 35%

 

Trust really does affect people’s behavior

Trust is such a difficult concept to understand, especially when it is concerning something as abstract as the Internet. How do you know if you trust an app? Moreover, how does that trust actually influence your behavior?

This year’s report shows that trust, or lack thereof, really does have an impact (and a growing one at that) on how we engage with apps and services on our devices.

  • 49% of consumers surveyed say a lack of trust limits the amount of apps they download or use compared to 37% in the previous year
  • 72% of mobile media users are uncomfortable sharing personal data such as location or contact details with apps.

 

It’s also great to see that, in the report, 64% of those studied use software or apps to guard passwords and protect against malware.  Only one in ten (11%) take no steps to protect their device.

MEF Global Consumer Trust Report

 

We still have a long way to go to ensure that the web is a safe and trustworthy place for everyone, including the next wave of digital citizens coming on line, but we are making progress.

The issues of trust and privacy are starting to come to the fore and with them, they will bring change.

We’ll see changes in the way that users behave online, changes in the way that businesses explain how they use our data and changes in the way that governments form new modern data laws.

Nevertheless, with change comes responsibility. We must all play our own role in forging a brighter, safer and more trustworthy Internet. We must all become responsible digital citizens.

 

 

Avast

How to turn off Avast Mobile Security’s Anti-Theft Siren

Leave a comment

Avast Mobile Security includes many handy anti-theft features that can help you locate your stolen or lost phone. You can wipe it remotely, it informs you if your SIM card has been stolen, and even allows you take pictures of the person who took your phone. Another cool feature of Avast Anti-Theft is the siren. I decided to test the siren with my friend, who had just downloaded Avast Mobile Security, to see how it could affect a phone thief.

 What does the Avast Anti-Theft siren do?

The Avast AScreen Shot 2015-01-27 at 11.49.44nti-Theft siren was developed by the Avast mobile team to be activated when you either lose your phone (even if it is misplaced in your room and on silent) or if it gets stolen. The siren continuously and loudly says the following, by default, when activated: “This device has been lost or stolen!”. In the advanced settings of Avast Mobile Security you can customize what message the siren will sound, if you do not want to use the pre-set message. You can do this under “Select Sound File” or “Record Siren Sound”.

The siren is designed to frighten phone thieves, or to warn people surrounding the thief that the phone might be in the hands of the wrong person. When the first siren cycle began, we tried to turn down the volume. However, the alarm would begin again at the loudest possible volume. We then decided to see what would happen if we took out the battery, this stopped the siren of course, but as soon as we put the battery back in, the siren started to go off again. To say the least, we agreed that it would effectively frustrate and annoy a thief too.

How to turn off the siren

After a minute of testing the app, we decided to turn off the siren using one of these two possible methods:

MyAvast: You can control your phone remotely via your MyAvast account. In your MyAvast account you can keep track of all your devices that have Avast products installed on them. From within your MyAvast account you send numerous Anti-Theft commands to your phone, including activating and deactivating the Anti-Theft siren. Once you are logged into your MyAvast account click on the name of the mobile device you want to control and then click on the siren symbol. From there you can send a command to turn the siren on and off.

SMS command: Using the Avast PIN you set up when you downloaded Avast Mobile Security, you can send SMS commands to your phone to remotely control it. To turn the siren off, text your Avast PIN followed by “SIREN OFF” to your phone.

Screen Shot 2015-01-27 at 11.46.02

You can read more about how to set up your smartphone for remote control here on our blog and you can find a full list of the Anti-Theft controls on our website.

Have fun checking out Avast Mobile Security’s cool and handy Anti-Theft features, but, please, use caution when testing the siren :)

AVG

Lack of Trust Hampering App Downloads

Leave a comment

4th February 2015: MEF, the global community for mobile content and commerce, today announced the results of its third annual Global Consumer Trust Report.

The report, supported by AVG Technologies N.V. (NYSE: AVG), analyses data from 15,000 mobile media users in 15 countries across five continents.

The study explores the key areas of trust, privacy, transparency and security to identify their impact on mobile consumers globally from purchasing a new device to downloading apps or paying for goods and services.

Key findings:

  • Half of all consumers surveyed (49%) say a lack of trust limits the amount of apps they download, compared to 37% last year
  • 72% of mobile consumers are not happy sharing personal data such as location or contact details when using an app
  • A third (34%) say trust prevents them from buying more goods and services using their mobile device

 

The impact of trust

Trust remains the largest single obstacle to growth in the mobile content and commerce industry. 40 per cent of respondents indicated that a lack of trust is the number one factor that prevents them from downloading items more often.

This is particularly the case with apps – where almost half of respondents (49 per cent) said that trust prevented them from downloading apps or using them once they are installed. Over a third (34 per cent) said it stopped them buying any mobile apps and services. The US experienced the largest increase in a lack of trust of the markets studied, at 35 per cent (up nine per cent year-on-year).

 

App privacy expectations

Alongside this growing mistrust, the study also revealed an increase in resistance to sharing personal information such as location, address book details or health records, with apps. 72 per cent of mobile users said that they are not happy sharing such information and almost two in five (39 per cent) claimed never to do so.

Linked to this unease, is the need to improve the way apps communicate about the data they collect. Many consumers feel that app stores and device manufacturers should take greater responsibility for protecting their personal information. 30 per cent of respondents said this would foster greater trust in the mobile platforms and 63 per cent said that they considered transparency important or extremely important (compared to 49 per cent last year).

Methods of self-protection have also decreased across the board – with less people taking the time to read app store descriptions, long privacy documents or ask friends and family for advice. The most popular method for self-protection was ‘downloading a privacy protection app’, at 31 per cent.

 

The need to protect devices

While the results showed that the threat of malware is rising in consumers’ consciousness – with most people acknowledging that it is likely to affect them – caution around malware has decreased. Only 48 per cent of respondents said malware would make them think twice when downloading apps compared with 74 per cent last year.

“Andrew Bud, MEF Global Chair, said: “Trust is the most important asset of any business, and consumer confidence must underpin the mobile ecosystem.  The sustainability of the mobile industry depends on it. As mobile devices and services evolve, consumers will hold business ever more accountable.

“MEF’s 2015 Consumer Trust Report highlights how trust issues are impacting consumer behaviours in different markets.  It is absolutely clear that the mobile industry must create equitable, informed partnerships with consumers, putting trust at the centre of the relationship. Consumer trust must be earned by consistently applying high levels of transparency, security and privacy to every mobile interaction.”

 

Judith Bitterli, Chief Marketing Officer at AVG Technologies, added: “Building consumer trust is an integrated process. While the mobile industry across the board must step up and take responsibility for increasing transparency across user privacy policies, it is equally important that consumers take their own steps to educate and protect themselves in order to better protect their rights and understand their choices online. This research shows that while consumers are taking certain proactive steps towards greater protection there is still some way to go in order to ensure their privacy and security are not at risk.”

Part of MEF’s ongoing activities to champion and advance consumer trust in the mobile industry, the annual Global Consumer Trust Report is now in its third year and provides vital data, analysis and insights on how consumers consider the efforts of the mobile industry in tackling the trust issues that affect their ongoing participation in every aspect of mobile content and commerce.  

 

About MEF

MEF is the global community for mobile content and commerce and the leading international trade association for companies wishing to monetize their products and services via mobile. Headquartered in London with operational chapters and offices in Asia, EMEA, Latin America, the Middle East, Africa and North America, MEF is a member network with international reach and strong local representation, ideally placed to drive market growth.

Established in 2000, MEF represents the total mobile ecosystem, providing an impartial and powerful voice for pioneering companies from across the mobile content and commerce value chain. On 17th – 19thNovember, MEF will host its 2nd annual MEF Global Forum in San Francisco where the findings of this join report will be discussed as part of a 3-day agenda looking at innovation, global growth and monetization.

www.mefmobile.org

Avast

Apps on Google Play Pose As Games and Infect Millions of Users with Adware

Leave a comment

A couple of days ago, a user posted a comment on our forum regarding apps harboring adware that can be found on Google Play. This didn’t seem like anything spectacular at the beginning, but once I took a closer look it turned out that this malware was a bit bigger than I initially thought. First of all, the apps are on Google Play, meaning that they have a huge target audience – in English speaking and other language regions as well. Second, the apps were already downloaded by millions of users and third, I was surprised that the adware lead to some legitimate companies.

Durak App Google Play The Durak card game app was the most widespread of the malicious apps with 5 – 10 million installations according to Google Play.

Durak interface
When you install Durak, it seems to be a completely normal and well working gaming app. This was the same for the other apps, which included an IQ test and a history app. This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colors. After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right? :)

Threats detected malcious appsEach time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie. You are then asked to take action, however, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value.

An even bigger surprise was that users were sometimes directed to security apps on Google Play. These security apps are, of course, harmless, but would security providers really want to promote their apps via adware? Even if you install the security apps, the undesirable ads popping up on your phone don‘t stop. This kind of threat can be considered good social engineering. Most people won‘t be able to find the source of the problem and will face fake ads each time they unlock their device. I believe that most people will trust that there is a problem that can be solved with one of the apps advertised “solutions” and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources.

Avast Mobile Premium detects these apps, protecting its users from the annoying adware. Additionally, the apps’ descriptions should make users skeptical about the legitimacy of the apps.  Both in English and in other languages such as German, were written poorly: “A card game called ‘Durak‘ – one of the most common and well known game“.

The apps‘ secure hash algorithm (SHA256) is the following: BDFBF9DE49E71331FFDFD04839B2B0810802F8C8BB9BE93B5A7E370958762836 9502DFC2D14C962CF1A1A9CDF01BD56416E60DAFC088BC54C177096D033410ED FCF88C8268A7AC97BF10C323EB2828E2025FEEA13CDC6554770E7591CDED462D

AVG

Google to remove support for old versions of Android WebView

Leave a comment

Earlier this week, Google announced that they will no longer release patches for WebView versions JellyBean and older.

WebView is a core Android component which is used to display web pages on mobile devices and has been a target for exploitation from hackers. Google’s decision to stop patching old versions of WebView could potentially leave millions of users at risk.

Here is a video of Elad Shapira, one of our mobile security experts, executing an exploit on WebView.

Video

Demonstrating a WebView exploit

 

How many people are affected?

While it’s quite common for companies to pull support for legacy products, Android is a special case as there are many devices still running old versions of the operating system.

In fact, the latest mass-market version of Android (4.4, KitKat)- only makes up 40% of the overall Android market meaning that up to 60% of all Android devices might receive no further WebView patches.

Image courtesy of  securitystreet

 

Why does this matter?

Support in the form of patches and security fixes are one of the most important ways to keep our devices safe. New vulnerabilities in operating systems and apps are found all the time and can cause privacy and security concerns for end users.

Software developers use security patches to protect fix these vulnerabilities and protect users from harm.

Having said that, Android is by its very nature open source, so there is always the possibility for newly discovered vulnerabilities to be patched by the Android community but that is a Band-Aid fix at best.

What can be done to help you keep safe?

The most straightforward step to help stay safe (and the one Google is likely hoping we all adopt)  is to upgrade to the latest version of Android. For some however, this would prove prohibitively expensive and would require the purchase of a new device.

Those with recent devices should be able to upgrade to KitKat without much problem and people with brand new devices should be on version 5, Lollipop.

As a complementary measure, having a fully updated security app running on your device will help keep you safe from most scams and malware.