Tag Archives: smartphones

Charger, the Most Costly Ransomware to Smartphone Users

Ransomware is evolving and becoming increasingly sophisticated, posing a greater threat to companies and private users alike. This malicious software has shown that it can propagate by using the viral mechanisms of a meme, that it can directly attack corporate servers, or even camouflage itself in false resumes. And now it has made its way to other devices, namely, our smartphones.

It is now the main threat to mobile devices, until now considered to be relatively virus-free compared with their PC counterparts. Recently, a new ransomware was discovered that goes by the name of Charger, which copies all the data from your agenda, text messages, etc., and seeks admin permissions from the devices owner. If the unwary user accepts the request, the malicious code begins its attack. A message warns the owner that their device has been blocked and their stolen personal data will be sold on the dark web unless they proceed to pay a ransom.

The Most Costly Ransom

Charger’s victims will have to pay 0.2 bitcoins (at about $1000 a bitcoin, it comes out to a round $200) to, supposedly, unblock their device. It may not be the first ransomware to affect smartphones, but never before has this figure been so high.

Also new is its means of spreading.  Until now, most cyberattacks targeting mobile phones found their gateway in applications downloaded outside official app stores. With Charger it’s different. Charger attacks Android devices through a power saver app that could be downloaded from Google Play, Android’s official app store.

It is vital for employees to be aware of the dangers of downloading apps from unverified sources. They should also know that it’s not such a great idea to store sensitive corporate data on their computers or mobile devices without taking the proper security precautions. Keeping passwords or confidential documents on an unprotected device could end up giving cybercriminals just what they need to access corporate platforms.

We’ve said it before, and we’ll say it again: new attacks like these come about every day and can take anyone by surprise, be they casual users or security experts. The unpredictable nature of attacks like Charger make an advanced cybersecurity solution indispensable. Perimeter-based security solutions are simply not enough anymore.

 

The post Charger, the Most Costly Ransomware to Smartphone Users appeared first on Panda Security Mediacenter.

Your Android lock pattern can be cracked in just five attempts

 

If you use a lock pattern to secure your Android smartphone, you probably think that’s the perfect way to avoid unwanted intrusions. However, that line you draw with your finger may be a bit too simple. After all, if even Mark Zuckerberg himself used ‘dadada’ for all of his passwords, it is not surprising that your lock pattern may be a simple letter of the alphabet.

Android lock patterns can be easily cracked using a computer vision algorithm.

Relax, you are not the only one. Around 40 percent of Android users prefer lock patterns to PIN codes or text passwords to protect their devices. And they usually go for simple patterns. Most people only use four of the nine available nodes, according to a recent study conducted by the Norwegian University of Science and Technology. Additionally, 44 percent of people start their lock screen pattern from the top left corner of the grid.

Even though creating more complicated patterns may seem like the best solution to make your password harder to guess, a team of researchers has demonstrated that complex patterns are surprisingly easier to crack than simple ones by using an algorithm.

Hackers can steal your lock pattern from a distance

Picture this: You sit at a table in your favorite café, take your smartphone out of your pocket and trace your lock pattern across the phone screen. Meanwhile, an attacker at a nearby table films the movements of your fingers. Within seconds, the software installed on their device will suggest a small number of possible patterns that could be used to unlock your smartphone or tablet.

Researchers from the Lancaster University and the University of Bath in the UK, along with the Northwest University in China, have shown that this type of attack can be carried out successfully by using footage filmed with a video camera and a computer vision algorithm. The researchers evaluated the attack using 120 unique patterns collected from users, and were able to crack 95 percent of patterns within five attempts.

The attack works even without the video footage being able to see any of the on-screen content, and regardless of the size of the screen. The attackers would not even need to be close to the victim, as the team was able to steal information from up to two and a half meters away by filming on a standard smartphone camera, and from nine meters using a more advanced digital SLR camera.

Surprising as it may seem, the team also found that longer patterns are easier to hack, as they help the algorithm to narrow down the possible options. During tests, researchers were able to crack all but one of the patterns categorized as complex, 87.5 percent of median complex patterns, and 60 percent of simple patterns with the first attempt.

Now, if tracing a complex pattern is not a safe alternative, what can you do to protect yourself, especially if you store sensitive data on your smartphone? Using your hand to cover the screen when drawing your lock pattern (just as you do when using an ATM), or reducing your device’s screen color and brightness to confuse the recording camera are some of the recommendations offered by researchers.

The post Your Android lock pattern can be cracked in just five attempts appeared first on Panda Security Mediacenter.

A cat and mouse game: catch the bad guy if you can

A cat and mouse game with the government: catch the bad guy if you can, Regierung

In today’s connected world, governmental agencies spend tax money investigating new ways to breach software created to protect people, cyber-threats are getting more and more complex due to the diversity of devices, and users are less and less interested in protecting their privacy. Who’s the bad guy in this story and how can security vendors […]

The post A cat and mouse game: catch the bad guy if you can appeared first on Avira Blog.

Access Cards Will Disappear from 20% of Offices within Three Years

 

You arrive at the office, you approach the security gates, you swipe your card and start the day. It’s one of the motions that a large percentage of the workforce goes through daily, because today, and it seems that for a while yet, the access card is still the reigning security device for entering corporate offices.

By 2016, less than 5% of organizations had incorporated the use of smartphones to access their facilities or restricted parts of them. By 2020, according to a report by the consultancy Gartner, this percentage will have tripled: 20% of companies will have replaced access cards with smartphones.

Although the vast majority of mobile phones on the market already have Bluetooth and NFC technologies, there are still few companies that have taken the next step and put these technologies to use. Which, to be fair, may be seen as a wasted opportunity, since the necessary devices are ever-present in the pockets of authorized employees.

The progressive replacement of access cards by smartphones will go hand in hand, according to Gartner, with the adoption of biometric systems such as fingerprint or iris scanners, or facial recognition, because it is much easier and safer to implement them if accompanied with a mobile phone.

“Rather than having to add biometric capture devices in or alongside readers, the phone itself can easily be used as a capture device,” said David Anthony Mahdi, director of research at Gartner. “This approach also mitigates the risks from an attacker who gains possession of a person’s phone.” If an intruder were to steal an employee’s device, biometric authentication would still have to be overridden.

Given its advantages (convenience, cost reduction, etc.), the only thing that stands between the smartphone and access to the vast majority of offices is a company’s willingness to implement the change – many of the access control systems and card readers installed today in companies require a major update to be compatible with smartphones that use wifi, Bluetooth, or NFC to establish identification parameters.

It’s just a matter of time. In a few years, if Gartner’s predictions are correct, many employees will have a new way to start their day at the office. They will arrive, they will approach the security gates, they will take their mobile out of their pocket and take a selfie, they will enter and begin the workday. They no longer have to worry about getting the card before leaving home. Their phone is always with them.

The post Access Cards Will Disappear from 20% of Offices within Three Years appeared first on Panda Security Mediacenter.

Digital detox: 5 tips to get your life back!

Digital Detox - Disconnect to reconnect, digitale Entgiftung, détox numérique, disintossicazione digitale

A lot of people get down to work although they’re not in the office. With a smartphone or tablet it’s easily enough and although they’re on their vacation, on the toilet, or in a restaurant people are still reading their working related stuff. That’s not healthy — do you need a digital detox, too?

The post Digital detox: 5 tips to get your life back! appeared first on Avira Blog.

Are you willing to gamble your company’s security with the new iPhone 7?

iphone panda security

Apple has taken the world by storm once again with the release of the latest version of its top-of-the-range smartphone. Two new iPhones, the 7 and the 7 Plus, are on the Smartphone market with some standout novelties: the absence of the classic headphone Jack and the addition of two new and improved cameras. Unfortunately, the topic of cybersecurity was absent from the keynote presentation, in fact, Tim Cook and his team did not devote a single minute to this important issue.

This isn’t to say that the lack of conversation regarding security in the brand new iPhones makes them a danger to your business or your employees. In fact, if businesses decide to use it as a corporate phone, users could actually benefit in regards to security thanks to some of its new standout characteristics and changes.

Novelties in Apple Mobile Security

The new Home button, for example, is not a button at all.  On the new version the Home button is actually a touchpad with a Haptic system that permits users to perform various functions—from exiting applications to using the multitasking function—while some of the other features were designed specifically for user convenience, security and privacy such as the Apple Pay or Touch ID.

Unlike the original iPhone button, the new Haptic button is designed to last over time.

iphone panda securityIn addition to the physical iPhones, a new operating system is also added to the new 7. The iOS 10 is presumed to be more robust in terms of cybersecurity (this is great news, especially after discovering various faults in the beta operating system).

It also permits users to respond to messages without introducing a security code or having to use Touch ID to unblock the device.

In conclusion, although Apple has given little or no attention to cybersecurity in their keynote, the combination of the iPhone 7 with the new operating system continues to be an excellent option for preventing IT risks in the corporate mobile sphere. If these devices become a growing danger for your company, make sure to combine them with the best advanced security solution.

The post Are you willing to gamble your company’s security with the new iPhone 7? appeared first on Panda Security Mediacenter.

Infographic: tips and tricks for smartphone parenting

Back to school, Smartphone, tips tricks infographic

Lay the groundwork for responsible smartphone use, and manage the challenges and opportunities they bring. Our tips and tricks in the infographic below work best when used openly and honestly in partnership with the children – not as a stealth spying method.

The post Infographic: tips and tricks for smartphone parenting appeared first on Avira Blog.

Encryption Apps: Smartphone security is a concern to all

A growing number of apps are popping up promising to encrypt your emails, messages and more. There are several places where encryption can play a role on your smartphone device.

A growing number of apps are popping up promising to encrypt your emails, messages and more. There are several places where encryption can play a role on smartphones – securing voice, messages, chat, emails, files and pictures, basically any file or data in transit.  What are the pros and cons of these new features and apps and how do they work?

Let’s take a look at voice encryption, which I know may sound like something from a spy movie. Voice is complex to encrypt because both of the parties talking to each other on the phone would need to have the same app that offers voice encryption.  Voice encryption apps, like Cellcrypt and Guardlock, require the user to register, add or accept an invite from the other party. This extra step can complicate communication for the average user and their motivation to use it is probably around a “I’ll worry about it later or it’s just not important to me” level.

When it comes to encrypting data, if your phone is secured with a PIN and you have not changed the encryption defaults then your data should be safe. If you’ve been following the developments of the Apple vs FBI case surrounding the data on smartphones, you know that newer smartphones are by default encrypted and that it’s difficult to break. But once the phone is unlocked by the user, they are immediately open and the data is then accessible and potentially at risk from theft if the phone is accessed by a third party, even remotely. Think of it as an encryption layer over your entire house, with the downside being that once you get in through the front door, you can move around relatively easily.

Let’s talk about apps that offer encrypted storage. You drop the files in there and lock it with a pin, much like locking away files in a vault.  The benefit here is that you can make a judgement of what data is sensitive and store it accordingly, in the same way you would with physical documents by placing them in a safe. Examples of apps that do this are Vault-Hide and Vault!.

There are many chat apps that offer encryption in the same way as those encrypting voice encryption– both parties need to have the same app downloaded with a connection to the other person.  This is so that they can send message and files/photos to each other without someone in the middle intercepting them. Some of these also offer the ability to lock the app with a pin, so the beauty of that is even if someone unlocks your phone they are not going to see what you’ve been chatting about in that app.

Beware of apps promising encryption that do not have a pin/password to unlock the app, for the above reason.  If someone can access your phone either physically or remotely while in an unlocked state, then there is potential for them to access the app and see your chat and file transfers. Examples of encrypted chat apps are Whatsapp or Theema; however, Whatsapp does not offer the added protection of a password or pin.

The other place where caution is needed is on WIFI networks at public places such as coffee shops and libraries.  We connect to send and receive data and if we don’t have a VPN installed on the device, then our apps could be sending that private data in plain text to unknown services and would-be thieves.  There are simple and widely available tools that allow for someone to gain access to your data via a public WIFI.  Adding a VPN ensures that when data leaves your device, it’s encrypted and protects all data and app communication, although notes that this protection does not extend to voice. One good VPN to use is Hide My Ass!, part of the AVG family of apps, that obscures your location.

Now, if you want to take the ultimate step towards absolute privacy, you can purchase a Blackphone.  CBS’s 60 Minutes had a good episode that talks about the Blackphone and its ability to do everything I’ve mentioned above.  A “must-have” for anyone wanting to be like a character in a spy movie!