Tag Archives: News + Threats

AVG and Sony partner to protect devices right out of the box

Mobile devices have become the cornerstone of our connected lives and we use them for everything from gaming to banking and tracking our health. This makes life incredibly convenient for smartphone users but it also carries a risk to our privacy and security.

Many apps on our smartphones stores generate and store information about us as people. With the average Android users having as many as 95 apps installed on their device, it quickly becomes clear that our devices are portable databanks that carry our contact, financial, health and location data.

With so much personal information stored on our devices, it’s never been more important for smartphone users to protect their data with basic security measures such as setting up a passcode or installing a security app that will check links and scan for infections when you download software or surf the web.

That’s why AVG is delighted to announce that we’ve teamed up with Sony Mobile to make it easier than ever for Sony Xperia customers to protect their devices and their data.

From autumn 2014, all Xperia Z3 smartphones and tablets will come with a free 180 days of AVG AntiVirus PRO so that devices are protected straight out of the box.

 

After the trial expires, users can either renew or downgrade to AVG AntiVirus FREE for Android so that their device is protected free of charge.

AVG AntiVirus FREE for Android was the first mobile security application to exceed 100 million downloads on the Google Play Store and has powerful tools to help you protect your device, keep it running smoothly and even locate your device should it get lost or stolen.

Amazon announce Fire Phone UK launch

The Amazon Fire Phone, which launched in the US in July was launched in the UK this week.

The Fire Phone, which has a unique Dynamic Perspective feature which alters the display to offer the user a 3D screen from any angle. It achieves this via four front facing cameras which track the user’s face and allow gesture input.

The AVG team took full advantage of the unique head movement gesture control and built into the AVG Alarm Clock Extreme app so that users get can get the full Fire phone experience. This means that users who download the AVG app can nod or shake their head to ‘snooze’ or turn off their alarm and other physical gestures will provide a richer, more impactful experience.

We have developed two new apps, AVG AntiVirus PRO for Fire phone and AVG Alarm Clock Xtreme Free for Fire phone, both available to download from the Amazon store for FREE and are designed to take advantage of all the exiting new functionality built into the Amazon Fire phone.

Just as Amazon has done with the device, we wanted to provide users with a great experience that is engaging and exciting.

Download AntiVirus PRO for Fire phone

Download Alarm Clock Xtreme Free for Fire phone

What if smart devices could be hacked with just a voice?

Smartphones and wearable devices have introduced a brave new world in the way that humans and computers interact. While on the PC we used the keyboard and mouse, touch-based devices and wearables have removed the need for peripherals and we can now interact with them using nothing more than our hands or even our voices.

This has prompted the arrival of the voice activated “personal assistant”. Activated by nothing more than our voices, these promise to help us with some basic tasks in a hands-free way. Both Apple and Google added voice recognition technologies to their smart devices. Siri and Google Now are indeed personal assistants for our modern life.

Both Siri and Google Now can record our voice, translate it into text and execute commands on our device – from calling to texting to sending emails and many more.

However, these voice recognition technologies – that are so necessary on smart devices – are perhaps not as secure as we give them credit for. After all, they are not configured to our individual voices. Anyone can ask your Google Now to make a call or send a text message and it will dutifully oblige – even if it’s not your voice asking.

What if your device is vulnerable to voice commands from someone else? What if it could call a premium number, send a text message abroad, or write an email from your account without your knowledge. Over–the-air-attacks on voice recognition technologies are real, and they are not limited just to smartphones. Voice activation technologies are also coming to smart connected devices at home, like your smart TV.

As I demonstrate in this short video, the smart devices in my home do respond to my voice, however they also respond to ANY voice command, even one synthesized by another device in my home.

 

 

The convenience of being able to control the temperature of your home, unlock the front door and make purchases online all via voice command is an exciting and very real prospect. However, we need to make progress with the authentication of the voice source. For example, will children be able to access inappropriate content if devices can’t tell if it is a child speaking or a parent?

Being able to issue commands to my television might not be the most dangerous thing in the world but new smart devices, connected to the Internet of Things are being introduced every day. It may not be an issue to change the station on my television, but being able to issue commands to connected home security systems, smart home assistance, vehicles and connected work spaces is not far away.

Utilizing voice activation technology in the Internet of Things without authenticating the source of the voice is like leaving your computer without a password – everyone can use it and send commands.

 

 

There is no question that voice activation technology is exciting, but it also needs to be secure. That means, making sure that the commands are provided from a trusted source. Otherwise, even playing a voice from a speaker or an outside source can lead to unauthorized actions by a device that is simply designed to help.

 

An Emerging Threat

While we haven’t discovered any samples of malware taking advantage of this exploit in the wild yet, it is certainly an area for concern that device manufacturers and operating system developers should take into account when building for the future. As is so often the case with technology, convenience can come at a risk to privacy or security and it seems that voice activation is no different.

Shellshock vulnerability: should we be concerned?

We are continually hearing about bugs and vulnerabilities that could potentially be serious. The latest one named ShellShock can potentially be used to remotely take control of almost any system that is using a software component called Bash. This sounds devastating and it course of could be, but don’t start running for the hills or deciding to unplug from the Internet quite yet though.

Bash is a software component that exists on many Linux systems including Apple’s Mac OSX. As Linux is the operating system used on a large number of the web servers, a bug like this could mean cybercriminals have the potential to exploit the vulnerability and cause harm to users of the web server or indeed to the company whose web server it is. They do this by inserting malware on the server that could potentially collect data, cracks passwords or do something particularly malicious.

At the time of writing this blog there is already a large number of patches available that address this vulnerability for servers and reputable companies have teams in place that watch for these alerts and update their servers to protect them and the users of the services they offer. A good example is our own security team here at AVG who immediately ran an audit to see if we had any servers that may have this vulnerability, and they have already confirmed that our servers are safe.

 

If you are a Mac user should you be concerned and what do you need to do?

Apple has, as expected, reacted quickly and is releasing an automatic update to OSX that users will be prompted to install. They have also made it clear that the issue does not affect the majority and is an issue for power users that take advantage of the advanced UNIX services within OSX. If the previous sentence has baffled you then you are in the group that Apple say are not at risk.

Even as a power user at home you are likely to be sitting behind a firewall that would detect someone trying to execute commands on your machine and they would be blocked. However bad guys may well try and trick users to into installing files that could leave them more vulnerable to attack, a good rule is to not click something that you don’t recognize and remember the update will only come directly from Apple. When you see the update appear through on your Mac, install it immediately so that you stay safe.

There are also other devices in our homes that run Linux. Many of the routers and broadband modems we use to connect to the Internet also utilize Linux as an operating system and because of this we recommend you watch for updates from those vendors and take the action to install them. If your router is provided by your ISP then they should push the update to the router automatically.

It is good practice to allow the automatic updates on your devices so that they are maintained by the manufacturer of the device to protect you from issues like this. Having up to date anti-virus software installed and active is also of paramount importance in today’s environment where more of our data than ever before is held by us on our devices. The protection provided will detect and block an exploit such as this where cybercriminals attempt to install malware on your machine. AVG’s Free Antivirus is available for Mac and PC users and can be downloaded from www.avg.com

What to do with your old smartphone?

This September, Apple will start shipping the new iPhone 6 devices. There are apparently record numbers of pre-orders, and you may be one of the millions.

If you’re thinking of getting rid of your current smartphone and upgrading— whether it’s for a new iPhone, Android or Amazon Fire Phone—you’re not alone. Every few years, smartphone users turn to newer models for more functions and better features.

Part exchange

If you are ready to upgrade, many carriers offer the opportunity to exchange your old phone for credit. This can help take the sting out of some expensive handset or contract costs. You should contact your service provider to see if they have a scheme and they should be able to tell you up front what rate they can give you on your old device.

Selling online

If you would rather sell your device, there are a number of sites and tools that you can use to ensure you get a fair price and a safe transaction. Here are some tips for those of you looking to sell your old device online:

  • Act quickly. Smartphones depreciate in value with time. For example, Usell.com, one such smartphone vendor, calculates the following: One week after a new iPhone launch, old iPhones lose about 5% in value; two weeks after launch, old iPhones depreciate about 12%. By weeks three and four, old phones are worth about 20% less.
  • Other sites also encourage you to act fast. For example, online behemoth eBay is offering an added incentive for turning your older model around. It’s offering a $100 coupon to you if your smartphone doesn’t sell by Oct. 24.
  • Make sure you price it right. Many sites will use algorithms to advise you on the going price range. It’s very similar to sites that advise you what to pay for a car.  For example, to mention eBay again, it will suggest what price to pick depending on make, model, year, packaging, etc. Glyde compares the amount you can sell it for on its site against prices on Apple and Amazon, among others.

Donating

Consider donating. Your contribution can be deducted from your income tax to the extent allowed by law. One national nonprofit that is worthy of these donations is Cell Phones for Soldiers. It takes your phone, then re-sells it and turns that money into calling cards for the troops.  It’s an impressive organization: Since 2004, Cell Phones for Soldiers has provided more than 210 million minutes of free talk time and currently it mails approximately 3,200 calling cards each week.

There are many other nonprofits that would love your phone too. Even if you’re not upgrading,  you may have an older cell phone lying around. Chances are you do. One survey by ecoATM estimates 60% of American households have an older phone lying around. Nonprofits would love to take these off your hands.

Keep, gift or recycle

Of course, there is no concrete reason why you need to sell or give your phone to charity when keeping it as a backup could be very useful. Parents especially might enjoy giving their device to a child who is nagging for an “upgrade”. If you aren’t thinking of keeping your phone as a backup, use these tips to get the best value in regenerating and recycling your phone. Anything is better than your phone ending up in a landfill…You can read some pretty stunning information about e-waste here.

Clean up your device

Whatever you decide to do, make sure your smartphone is cleaned before you do sell or give it to anyone. I can’t stress this enough! Remember that your mobile device is a vast bank of your personal data, contacts, saved passwords and web history. Handing it over to a stranger or even a friend could result in a loss of your privacy. Check out this blog post by Tony Anscombe for how to safely recycle your old technology.

Enjoy your new phone, and make the most of your older model.

Apple Pay and The New World of Mobile Digital Credit Cards

Amid the extravaganza of the Apple Watch and iPhone product launch this week, Apple also unveiled Apple Pay – a new mobile digital payment system, which is being touted by some as death for the “plastic” credit card.

By registering your MasterCard, Visa, and American Express cards to your Apple Pay wallet through iTunes, you will be able to use your Apple devices (the newly announced iPhone 6 and forthcoming iWatch) to make easy and secure mobile payments to merchants.

The payment system uses a one-time transaction-specific dynamic security code –meaning your actual credit card number never gets transferred to the merchant and reduces the chance of fraud. You can hear immediate analysis from our Tony Anscombe on Bloomberg TV here.

Lots of information around implementation remains to be seen. However, the Apple pay system does boast early support by major credit card companies and banks.

Apple is using short-range radio waves technology known as NFC (near-field communication), in both its smartwatch and the new iPhones in support of the application. NFC has been a feature in many other smartphones (including by Google) but has failed to take hold to date. Market researcher Gartner estimated NFC was used for just 2% of total mobile payments last year, though expected to nearly double to $8.2 billion this year. Up until now, analysts say banks couldn’t see a business case for NFC instead of simply issuing their own smart cards.

Smart cards aka EMV cards (an acronym for Europay MasterCard and Visa) are revamped credit cards with microchips that store your data on the card. This approach also limits the retailer from holding your data; data resides on your card and the embedded microprocessor chip encrypts transaction data differently for each purchase.

The catch with the chip cards, until now, is that most retailers don’t have the technology for them yet…But that is also expected to change quickly. Walmart is already there.  Major retailers like Target and Home Depot have announced plans to roll out the EMV payment systems. I just received replacement Amex card with the EMV technology.

(BTW, in other related news, Home Depot revealed this week that its payment systems had been hacked, possibly compromising customer data over its 2,000+ outlets in the U.S and Canada. This is potentially a bigger data breach than the one that unfortunately befell Target last December.)

There is also added incentive for EMV adoption: in October 2015, new standards will go into effect, changing how liability falls between credit-card issuers and retailers. While EMV compliance won’t be mandatory, liability for fraud will fall on the party that hasn’t upgraded their systems. You can read more about EMV and the upcoming so-called “liability shift” here.

In the meantime, what can you as a consumer do to keep your credit data safe?

Here are a few recommendations:

  • Report lost cards or discrepancies immediately.
  • Review your account often.
  • Keep your receipts, and match them against your credit card statement.
  • Shred your statements.

 

And what if you are a business owner? You should familiarize yourself with EMV, and the upcoming standards, and if possible, look to upgrading to a credit-card machine that is EMV capable.  (You can also take AVG’s data security Health Check to make sure you are on top of your responsibilities in the case of any data compromises.)

We in the industry are working to evolve data security and make it better.  In the meantime, as a consumer, an owner or an operator, stay alert and protect yourself.

One thing is for certain, we are on the verge of a whole new era of credit card security risks.

 

****

On a separate note: Congratulations to Megan Smith on her appointment as the US  CTO. Bravo!

The Net Neutrality Battle Is Like Gangs .. It Never Dies

Today companies and public interest organizations across the country are protesting to urge the U.S. Federal Communications Commission to maintain the principle of net neutrality on the Internet. This battle has been going on for many years as different interests try to create public policies that best serve their own business goals. This isn’t inherently bad except when if it’s at the expense of users and broader public interests. ISPs and cable providers are proposing a scheme that would allow web sites and services providers to pay more so their sites could be accessed faster by users online, effectively creating a “fast lane” and a “slow lane” on the Internet. This is a fine idea if you can pay and you’re in the fast lane, but unfortunately for those that can’t pay, their users (perhaps you and me) will likely get a degraded and slower Internet experience. It will also make the web sites and services for those that can’t pay less competitive and further accelerate the digital divide.

Net neutrality is a core principle that’s made the Internet work for a long time. It ensures that all content is treated equally and without discrimination by those that pass the bits along. For example, imagine if Comcast, the largest ISP, concludes the proposed merger with Time Warner, the second largest ISP (and which also owns HBO), could make online access to their own HBO content faster than other video content provided by their competitors like Apple, Netflix, Roku. Suppose they didn’t like editorials that were critical of their organization, and they made it harder for people to access it by making it slow. The Internet wouldn’t work and we wouldn’t have the robust market of ideas that the Internet affords us. Of course there are reasonable network management requirements that may impinge on the ideological goal, but net neutrality as a principle enables the Internet to fulfill its potential as an information medium that provides a rich, uncensored, although sometimes messy, diverse set of ideas and information.

Today, AVG joined many others in the “Internet Slowdown” campaign to encourage the FCC to take a stand and reject policies that would undermine net neutrality. And just like in the movie “Colors” unless you take action, this issue will never die. You can learn more in this nifty infographic called A Guide to the Open Internet or find out how to let your voice be heard at Fight for the Future.

Hackers in Hollywood, and Beyond

Many celebrities got an unpleasant shock this past weekend. You may have heard that up to 100 celebrities – film stars, etc. – had nude photos hacked and leaked on renegade Web site 4chan.org. Many of the photos were apparently genuine.

Now that the FBI is investigating how these photos were hacked and posted, it’s an unfortunate reminder of the difficulties of maintaining our privacy in this digital age.

I won’t name the celebrities involved, but it’s safe to say it’s a huge invasion of privacy. Some experts are theorizing that the hacker or hackers exploited weaknesses in Apple’s iCloud platform. Apple is now investigating, according to reports and released this statement. Here’s an excerpt: “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

As a major player in the data security business, we think that this is just a reminder to everyone that when data goes digital, there are security risks involved. It’s a hard lesson.

As British actress Emma Watson (who was not targeted in the hacking) wrote on Twitter: “Even worse than seeing women’s privacy violated on social media is reading the accompanying comments that show such a lack of empathy.â€

Protecting yourself

How to protect yourself, even when you’re not a celebrity? Here are some tips, which we’ve stressed before but can’t stress enough:

  • Create difficult passwords. Besides the speculation that iCloud was the victim, it has been suggested the hacker or hackers exploited each of the 100+ accounts’ passwords. As I’ve mentioned before, don’t use your birthday, and create multiple passwords for multiple accounts!
  • Consider switching off automatic Cloud photo sharing and backups/Photo Stream. This is a convenience tradeoff. To turn off automatic iCloud sharing, go into your Settings, then iCloud, then scroll down to photos and slide the option to Off.
  • Use encryption. Here I will proudly put in a plug for our own mobile phone encryption software, which protects your data against intrusion by encrypting your documents. This is a must for anyone storing private personal or important business intelligence on their phones.
  • Think about using a USB drive. If you want to share personal information or photos with a specific person, just use a USB.

 

As celebrities, Apple, and the FBI come to grips with this specific hacking instance, it’s important to realize everyone’s information is at stake these days – celebrity or not –

And an excellent reminder that we need to actively protect ours.

Image courtesy of ITV.com

AVG Technologies Announces Intention to Acquire Location Labs

Today, we announced our intention to acquire Location Labs, which is best known for its “mobile security for humansâ€.

AVG has been talking for some time about the need for a more holistic approach to security; one that protects not only devices, but also data and, ultimately, the people using those devices and data. Products that encompass all these elements must be easy to understand and easy to use.

AVG’s security for Android smartphones is one the top security apps on the Google Play store. Location Labs products, sold by major mobile operators and running on both the Android and iOS platforms, provide exceptional security and safety for people – you and those you care for.

Additionally, Location Labs’ mobile products and services draw on the value of the mobile operator network to provide features and functionality that are not possible otherwise. Having multiple distribution channels delivers good choices for customers. They may want to download our apps directly from App stores, or they may prefer to choose a service that has been validated and integrated with their network provider, including their billing and customer support services. Currently, AVG’s mobile offerings use the first method; Location Labs’, the second.

At AVG and Location Labs, we understand that for our customers, safety and security for connected devices is first and foremost about ensuring that their families, or those they care deeply about, are protected. This is where the combination of AVG Zen and the Location Labs’ products will really shine. With AVG Zen, customers can connect to, and manage the device and data security of their own, and others’, phones, laptops, and PCs.

With Location Labs offerings, they can also manage the content, applications, and permissions available on each of those devices, and see the location and status of the users. As massive numbers of mobile devices are adopted worldwide, and as we all connect more and more items to our own personal networks, this promises to be an important and growing market.

We are particularly pleased that the leadership and the team at Location Labs will be joining AVG. They have built a compelling business within the mobile industry – not an easy thing to do – and helped grow the company to over 1.3 million paying subscribers. We are looking forward to working with them to grow the business further to improve safety and security for all mobile users.

Today’s announcement is the first step in a longer journey and we believe it marks the start of a new approach to mobile security for consumers. We understand that to really enjoy the rich experience of today’s connected world, we all need to feel comfortable and safe, and to have confidence and trust in the smart devices that enable us to monitor and secure the people we care about. As we move forward, we’ll be working hard to make this vision a reality for our customers.

California Earthquake serves up privacy reminder

This weekend’s earthquake near American Canyon has highlighted the risk of living in the Bay Area and also given us all insight to how people behave in today’s connected world.

The speed at which tweets started appearing of people sharing their experiences shows that many of us are sleeping with a connected device next to the bed that is the first thing we grab for when awoken in the middle of the night. Now though, our connected devices are no longer relegated to the nightstand, but instead are in bed with us.

After the quake, an interesting story emerged from Jawbone, the manufacturer of a fitness/sleep tracker UP. They have released data on the number of people that were woken by the earthquake based on location and the epicenter. The data is interesting, 93 percent of UP wearers in Napa, Sonoma, Vallejo and Fairfield woke up instantly, while just over half in the areas of San Francisco and Oakland. And 45 percent of those within 15 miles of the epicenter then remained awake for the remainder of the night. The data gives you some indication on the magnitude and effect the earthquake had on people.

jawbone

While the information is very interesting and offers fascinating insight into human behavior, it does also serve as a gentle reminder that as connect our lives to the Internet, that data takes on a life of its own.

I wonder if the users of fitness/sleep devices are aware that their data could be used for analysis such as this? While the data Jawbone shared was anonymous and pretty much harmless, it does make me think, what else is being collected? What other insights do they have into our daily lives?

Fitness/sleep trackers collect information about the user and most of it is of a very personal nature and includes name, gender, height, weight, date of birth and even what you eat and drink if you are logging this in the app. Now couple this with location data that is being collected and you may even be able to understand where people regularly work out or go to eat..

I use a fitness tracker and as a user I limit the sharing of my data, I have switched off the sharing through social media as I don’t think my friends and family really need to know how many steps I took today. But I do understand that many users bounce off their friends as motivation to do more exercise which is not a bad thing if that’s the way you get your motivation.

 

Checking privacy policies

It sounds boring but I would absolutely advise reading the privacy policy of a fitness tracker before purchasing/installing. It cannot hurt to be more informed about what you are agreeing to reveal about yourself and who you are happy to share that information with.

After all its your data, it should be up to you how it gets used.