Tag Archives: Tony Anscombe

Santa’s Security Secrets

We all think we know Santa – where he lives (to the nearest Pole!), what he likes to wear (on one day of the year!) – but what do we really know about this mysterious character? What does he do during the rest of the year, what are his hobbies, where does he work on the other 364 days of the year,  what is his ‘real’ name, and more importantly – who is on his naughty list?! None of these personal details have ever been revealed, and even in today’s connected world, Santa has managed to keep his identity a closely guarded secret – but how, and what best practices can we learn from our favorite festive character?

 He wears the AVG Invisibility glasses
Santa saw AVG’s Invisibility Glasses in February and sent us a letter saying “Dear AVG, those Invisibility Glasses are just what I need to keep me invisible during the year. I have been a good Santa, and I hope you can help me out.”

The glasses make it difficult for cameras or other facial recognition technologies to get a clear view of Santa’s identity, so Facebook can’t automatically tag him in that embarrassing picture under the mistletoe, for example! We, of course, agreed to provide a pair, enabling Santa to travel the world without being tracked, seeing sights that would have been difficult to visit due to the number of people taking pictures to post online. Santa has provided us some pictures from his travels that we can share with you here…XXXX.
Cameron, Obama and Santa

Bono and Santa

Taj Mahal and Santa

Eiffel Tower and Santa

While not generally available yet, unless you’re Santa, the concept serves as a reminder to protect your privacy online. There are, of course, many other methods Santa uses to stay private – he has shared a few of them with us in this exclusive interview!

He stays away from social media
“There are hundreds of Santa impersonators on Facebook, but I – the real Santa – am nowhere to be found,” says Santa. Staying away from social media completely might be a challenge for the rest of us, but it’s worth thinking about the information we share via these channels at this time of year. Make sure to check your security and privacy settings to ensure you’re not exposing any information you’d rather not be. “You may want to think twice about posting those pictures of the latest high-tech gadgets you’ve been gifted too – you never know who might be looking!”

He still uses a POLARoid camera
“I never take selfies,” says Santa, “they may get leaked online and that could be awkward.” But with most of us now using our smartphones to take pictures, there are privacy issues you may not have considered. Aside from pictures getting into the wrong hands – the recent VTech hack which may have enabled hackers to steal children’s photos is an example – you might not know that smartphone photos are also oftengeotagged’, meaning that others can find out exactly where your pictures were taken.

His sleigh is Wi-Fi free and disconnected
“Checking out if you have been good or bad is now even easier with people posting so much of their lives on their online profiles. I avoid being located, tracked or leaving things to chance by using an encrypted Virtual Private Network (VPN) when using the Internet,” says Santa. But It would be impractical for most of us to avoid the Internet completely. There are ways to make sure you’re surfing securely and privately though.

Secure your home Wi-Fi with encryption using a strong password. Also avoid public Wi-Fi hotspots when transferring personal details online during bank transfers for example, or follow Santa’s example and use a VPN. Phishing emails also tend to spike around the festive season as cybercriminals try to tempt us with too good to be true deals. If at any point you think the email is spam and fraudulent then do not open or click on any links, just delete the email!

He pays for everything with toys
Santa told us that his “route and present list is a closely guarded secret. I use very strong passwords and a reindeer for two-factor authentication”. If you’re doing last minute shopping online this year, it’s worth taking to time to remember good password practice – to save time, and a potential headache, later! This means using strong passwords that are different for each account, along with additional security codes or the ‘two-factor authentication’ Santa refers to where available.

So now you know a bit more about Santa and his security secrets – hopefully they’ll also help you to stay safe and secure this Christmas. Happy Holidays!

 

 

Image sources:
The British Foreign and Commonwealth OfficeErik (HASH) HersmanTANAKA Juuyoh (田中十洋)Sreejith KBrian Burk

 

4 Tips for Successful Online Sales over the Holiday Season

Christmas is nearly upon us, but is your website ready to make the most of it? In fact, let’s go one step further: are is your website, social media and IT systems all singing the same song?

Preparation and a co-ordinated set up is essential if you’re going to make the most out of any uplift in customer attention and desire to buy from small businesses instead of the big brands.

You can have a killer website but if your social media channels aren’t up-to-date too then you’ll look behind the times and disorganised.  If your IT systems that enable you to take, process, and dispatch orders aren’t up to scratch, then any online sales you do make might go to waste.

The web is available 24/7/365 – this is as level a playing field as it gets for small business, especially when advertising and marketing budgets don’t match those of the large and well established brands.

Customers can be fickle and have short attention spans too, hopping from website to website in a matter of seconds if they don’t see what they’re looking for. This is the same for all businesses, but it underlines the importance of having everything ready, up to date and aligned.

Here are four things you can do to make the most of the holiday season for your small business online:

1. Have a dedicated webpage and keep it live all year round
Have a dedicated web page on your site for popular sales events like Small Business Saturday, Black Friday and Cyber Monday… and keep it live all year round! That might sound counter-intuitive when we’re only talking about one day in the year, but there’s a very good reason you should do this. Once a web page is live it’s far easier to manage: the basic structure can stay the same even if the copy and imagery change. Plus, people don’t always follow the rules when it comes to searching for offers and deals online – they’ll start searching for them whenever the mood takes them, wherever they happen to be. As recent research reveals, when people start looking for information about a purchase, they could be doing it using a mobile on the train, a desktop PC at work, or a tablet when they’re snuggled up in bed.

For example, If they start searching for details about Small Business Saturday in September and October – as Google search data shows – then having your web page already live will allow people to find you. Currys use this tactic with their Black Friday web page.

If you take down your page after the event, then search engines won’t be able to show it to customers whenever they start searching for it next year. They’ll draw a blank and you’ll be starting from square one all over again. Why shoot yourself in the foot? Competition for online orders is tough enough as it is.


2. Facebook is a great starting point for a conversation
“Like” it or not, Facebook is a force to be reckoned with. 84% of internet users between the age of 35-44 are on at least one Facebook service, meaning Facebook, Facebook Messenger, Instagram or WhatsApp. That figure goes up to a whopping 90% for 16-24 year-olds. This is where your customers – existing and future – are likely to be spending a lot of their social media time, so if you’re not on there, they won’t see you.

Make sure you’ve set up a Facebook business page. They won’t want to see a constant stream of sales related messages though. Imagine your business page to be a little bit like your personal Facebook page: it should express the everyday goings on and personality of your business. And in between those posts, you can publish business event or sales related messages. If you’re short on ideas, have a look at how other small businesses have used Facebook to grow their business.


3. Make sure your IT system is safe and secure
If it’s the one day in the year you definitely don’t want to be hacked it’s when you’ve just taken a large number of online orders. We can all remember the Ashley Madison scandal and countless other big brands being hacked and losing customer data over the years. A survey of UK businesses conducted this year also reveals nearly nine out of 10 large businesses said they had suffered some form of information security breach in the last year. Don’t be fooled into thinking it can’t happen to a small business. Hackers – and the viruses they release into the world – will target anyone they think might have weak website security.


4. Ask the experts
If you are concerned your ecommerce and supporting IT system aren’t as secure or co-ordinated as they could be, ask for help. There’s a whole host of free resources for small businesses all over the web to help you understand how healthy and secure your IT system is. For example, AVG’s free IT Security Health Check is a good place to start if you’re not an expert with little time on your hands. It’s short and sweet and offers straightforward tips for how to improve your IT security. The UK government is also offering Innovation Vouchers worth £5,000. These can be used to pay for advice which will help protect and grow your business by having good cyber security in place.

 

At the end of the day

Gearing up your website, social media and IT systems to make the most out of the holidays is only half the battle. Making sure they stay safe and secure, and continue to serve you and your customers well, is the other half.

10 Tips for Safe Holiday Travel

Preparing for a travel holiday involves a huge amount of planning. In today’s world where many things have become faster and easier to achieve with the aid of modern technology you’d think there would be less to consider when going away, but technology can actually add to the list of concerns rather than shortening it.

So before you head off on your travels, consider these 10 tech tips that can help make your holiday safer and less costly while still staying connected.

  1. Roaming Fees
    Check that your mobile is going to work internationally. Even if you don’t intend using it’s there in case of emergencies. Contact your carrier to see if they have a calling plan for the country you are visiting. For example, some phone carriers offer travel packs or roaming options for most places you might visit. Spending between $20-95 initially, dependent on location, can end up saving you hundreds of dollars expense when roaming without a plan.
  1. Controlling Data Usage
    Apps running in the background can eat away at your data and run up expensive charges without you knowing. Going through every app and adjusting data usage settings is a big task, so switching off data roaming completely and only using apps when connected to Wi-Fi is a simple way of keeping data costs under control.
  1. Wi-Fi Safety
    Using public networks in coffee shops, airports and hotels can help you stay connected, however caution should be taken when connecting to them. Avoid disclosing any sensitive information when using a free Wi-Fi hotspot, including banking, credit card information or other personal data. Consider using a virtual private network (VPN) — software that protects your data by encrypting it — so that when using public Wi-Fi networks your data can’t be intercepted.
  1. Audit Apps
    Make sure that you update all the apps on your device before leaving home. Also, take the time to remove the ones that you no longer need, they may be using valuable space, consuming power or using data in the background.
  1. Security Software
    The most important software for your protection online is an antivirus app, as it will help keep you safe when browsing for tourist information on the go. If you don’t already have one, you should install one like AVG AntiVirus for Android.
  1. Anti-theft Software
    Enable and register your device to protect it against theft. AVG Antivirus for Android has an anti-theft option that allows you to lock, locate and, if necessary, wipe your device if it is lost or stolen.
  1. Location Data
    Switch off location based services for apps that don’t need them. Posting a picture online with location data switched on can reveal to burglars that you aren’t home. It may also reveal to pickpockets and thieves your exact location and make you a potential target.
  1. Credit Cards and ATMs
    Inform your bank that you’ll be travelling and where you’re travelling to. This will avoid any transactions being declined because they’re outside of your normal banking habits.Unfamiliarity with the environment might tempt you into using ATMs in locations that aren’t necessarily safe. If possible always use an ATM at a bank. Also, watch out for devices or odd attachments on ATMs — they might be devices that criminals use to skim (copy) your card.When shopping try and use a credit card instead of your debit card that connects to your bank account. If you have new wireless payment cards consider getting a protected wallet.
  1. Using the cloud
    Using cloud storage for your data can be really convenient. If someone steals your device it means you can still have access to your data, be it photos, travel documents or flight itineraries.
  1. Lastly, use your instinct and have a great vacation.

 

 

Top 10 Phishing Emails to look out for this Holiday Shopping Season

Black Friday and Cyber Monday are huge shopping occasions, not only in the US but across the world. Last year it was reported that the US spending over Thanksgiving reached an all time high with $89 billion being spent online.

Email campaigns offering deals and discounts are commonplace these days and every week retailers try to tempt me with discounts in an attempt to generate online sales. This dynamic method of communicating means that offers can be targeted based on my purchase history and the preferences I may have shared with the retailer.

On my shopping list this year are things I’ve been holding back purchasing in anticipation of discounts and offers that will surely land in my inbox, or that I might able to find online. One of them is a new laptop for my son.

But there’s also a dark side to some email that arrives in inboxes. Cybercriminals know that we get excited by deals and offers, or need to maintain our online payment methods, and they use this knowledge in an attempt to scam us. Most of us think of this as spam and just delete it, but sometimes it is difficult to identify the real emails from the fake ones.

Recently, I asked our research team which organizations in the US are being impersonated the most in emails. Specifically the ones used in “phishing” emails that attempt to gain access to your accounts, or trick you into providing your credentials so they can steal your hard earned cash.

The list below is compiled by AVG’s Web Threats Team from anonymous data from more than 200 million users and our own spam honeypot system.

  1. American Express
  2. Apple
  3. Bank of America
  4. Chase Bank
  5. Ebay
  6. FedEx, UPS, DHL
  7. Intuit (Taxes)
  8. Paypal
  9. Wells Fargo
  10. Westpac Bank

If you live outside the US then your list will look fairly similar with local banks from your country taking the place of the US banks in this list.

Checking my inbox from last week I count six emails that look like they are from Paypal, inspecting the emails closely I find that two of them are fraudulent phishing emails, both trying to get my login and password.

 

PayPal scam

 

The email looks and feels as though it came from Paypal, but there are some clues that point to its true nature.

 

  • If your email provider or security product, such AVG Internet Security, marked the email as Junk or Spam, then there is a very high probability that it is.
  • Look at the email address that sent the email, does it look correct? The address may include other parts for example [email protected] would be a legitimate address but if the address is [email protected], then this would be incorrect as it needs to be paypal.com on the last part of the address.
  • In the example you can see its asking for incomplete account details to be submitted, I know my account is up to date so why are they asking such questions.
  • Has the email got the mandatory elements that companies need to use, registered office details, unsubscribe options, etc.
  • If you have clicked on it, and you shouldn’t if any of the above are true, then check the URL in the address bar, is the address https://www.paypal.com, is the padlock there and does part of the address go green to show that the site has a valid digital certificate. If no to any of these then close the browser.

If at any point you think the email is spam and fraudulent then do not open or click on any links, just delete the email. Opening the email will download the content which the cybercriminals mark so that they know the email was opened and that your email account is active, they will send you more!

If you did click the link and you have up to date anti-virus software, such as AVG AntiVirus FREE, or AVG AntiVirus FREE for Android, then you should see a detection screen like the one below or your browser may also show a warning screen.

phishing warning

phishing detected

What do you do if you think the email was real and have not clicked or opened it, that’s an easy one. Open your browser and go to paypal.com and login. I am sure if there is important account information they need they will ask for it when you login.

It’s important to have updated Anti-Virus software, as these types of attacks use websites that change and disappear in minutes to try and hide from detection. Having up to date security software gives you the best possible chance of being protected.

All this should not put you off finding that great deal or bargain online, but I hope these tips help you check what you click on or open and visually check it looks real. I know I will be looking for that deal this week and will be delighted if I find it online so I don’t need to join the crowds in store.

 

Brazil faces unique cybersecurity challenges

Futurecom is Brazil’s major conference and exhibition for the mobile industry to come together and look at the specific requirements that this unique country and culture need.

I was fortunate enough to be asked to be on a panel of industry experts, which included companies such as Tefonica, TIM, Telebras, Deloitte IBM, KPMG and of course AVG. The discussion was promised to be about cybersecurity with the following questions asked by the moderator through the 1.5 hours to get the discussion going.

  1. How does the advancement of mobile applications and the use of new devices (and any connected “thing”) make even greater challenges for cybersecurity?
  2. What are the most critical aspects which users need to worry about?
  3. How can suppliers, operators and providers contribute to increase the level of protection in these environments?
  4. What are the main trends in cybersecurity compared to mobile and the internet of things which just tend to grow?

Each participant gave a view point, and what interested me was how the entire conversation, regardless of the question, seemed to revolve around two topics: data breaches and consumer privacy. This dominated the answers, yet if the same questions had been asked 3 years ago this would have been about malware and protecting devices, but now the conversation is about us, the consumer.

Brazil has some unique challenges in this area as there is no legislation requiring companies to disclose any data breach, and therefore the consumer never knows if their data has been compromised. The consensus of the panel was that governments need to legislate. While I agree with the need for ‘some’ legislation there is also an opportunity for industry to self-regulate and show a responsible path. Self-regulation in any industry allows companies involved to find innovative ways to provide solutions and allows new business practices that may not have been permitted by the strictness of specific legislation.

The fact that data breaches and consumer privacy topped the agenda is not surprising. If we look at the trend of security stories in the US and Europe you’ll notice that the news coverage is all around these topics and the many data breaches that have taken place.

We, whether knowingly or not, disclose and share more information with companies than any generation has ever done before us: our preferences for food, where we shop, our location — the list of data is endless. It is only when this data falls into the wrong hands do we take time to think about the consequences of having shared it, and then maybe regretting it a little. As consumers we need greater choice and control on what is being collected about us and ultimately how it may be used.

It’s not surprising that in one of the world’s major populations, in which a large number of people moved straight to mobile skipping the PC generation, that mobile applications are used in slightly different ways to the rest of the world.  I recommend watching to see how Brazil handles the challenges of data breaches and consumer privacy, whether legislated or self-regulated.

AVG wraps up a successful week in Latin America

Last week AVG took part in Latin America’s largest and most important telecoms, IT and Internet event – Futurecom. It is the first time AVG has exhibited and presented at the event and we wanted to enter the show with some significant news and noise, which we achieved.

Brazil has been a strong market for AVG – a large base of users taking advantage of the AVG Free products on both Windows and Android. There has also been a strong presence in the AVG Business products for over a decade through our partner Winco, who became the first AVG Latin America office after we acquired them in July 2014. As with most technology companies, we see Brazil as a key market for our continued expansion strategy. Futurecom has allowed us to share some of this strategy and announce local partnerships and products developed specifically for the local market.

The first announcement of the week was the launch of AVG Family Graph – a new product from our Location Labs business unit. Knowing where our kids and loved ones are is becoming part of everyday life. In fact, when a parent communicates with their child 72% of them start with “where are you?” I can even hear myself saying it, as it’s usually the first question out of my mouth. This becomes a serious conversation in countries with crime issues that involve kidnap and ransom scenarios.

AVG Family Graph provides the ability to locate family members’ phones regardless of their mobile operator through a simple and easy to use app. If a family member is in trouble, there is a panic button that alerts all the other family members of your location. Of course, we hope that no one needs to use the panic button, and for most parents just knowing where their kids are at any given moment will give them peace of mind. AVG is looking to partner with carriers in Brazil to provide the app to families while giving carriers the advantage of knowing your family a little better. This way, carriers can customize services to meet the demands of a connected family.

The second of this week’s announcements was the news that our security and performance products, AVG AntiVirus PRO for Android and AVG Cleaner for Android, are now featured in the Samsung Galaxy’s Latin American app store, and are also featured in the gift section of the store. Both apps will be available with a 90-day trial, after which time customers in Brazil, Mexico, Chile, Argentina, Colombia and Peru will be given the choice of upgrading to keep the enhanced features or migrate to the free protection or performance features.

Our last announcement of the week was our partnership with Conecta, one of Brazil’s leading mobile insurance companies. When you purchase a new phone, the sales people often ask if you want to insure it. In order to help protect your new device, AVG is providing Conecta customers with anti-theft and anti-virus protection. Customers who purchase a Conecta mobile insurance policy will receive a complimentary one-year subscription to AVG Internet Security and AVG AntiVirus PRO for Android.

With more than 60 smartphones stolen every hour in Brazil’s four largest cities, the anti-theft functionality within AVG AntiVirus PRO for Android might come in handy!

TalkTalk data breach

Over the last few days, more details pertaining to the recent news that TalkTalk has suffered a data breach have been made public, but there are still many questions about exactly what was taken. In many data breach cases, details are limited by the need for the company and law enforcement agencies to ascertain the extent of the breach and to collect evidence.

With the news that a suspect has been arrested in connection to the cyber attack, I am sure more details will start to become available over the coming days.

So far, it appears the data exposed – some of which may have been encrypted – could include: names, addresses, DoBs, email addresses, phone numbers, TalkTalk account information, bank details and partial credit card details. But what could this mean practically?

Take account information, for example – is a user’s Active Choice information held within their account settings? If so, I wonder how many people would be embarrassed by people discovering they have disabled porn filters on their broadband. With this sort of personal information, could we be looking at ‘Ashley Madison 2.0′?

Looking at recent data breaches, spear phishing is a frequent method of entry – targeting individuals within a company or organization to reveal details allowing hackers access to internal systems.

This means implications for both companies and consumers. Organizations should limit employee access to sensitive information in order to limit the risk of falling victim to attacks like this. Employee education – ensuring workers are aware of the dangers – is also paramount.

My advice to consumers:

  • Ensure other online accounts aren’t using the same email and password combination as stored with TalkTalk. If so, change them.
  • Be wary of spammers sending emails that look like they’re coming from TalkTalk. Scrutinize these emails carefully and, if in doubt, contact TalkTalk directly to ensure it’s an official communication.
  • If you are concerned that credit card details have been breached, then call your card company and have the card suspended or stopped.

Protecting your wallet in the digital age

In days gone by, keeping your wallet safe while out and about just meant making sure it was still in your pocket. But with a variety of new payment technologies such as contactless payment or Chip and PIN being developed and rolled out, and hackers becoming increasingly creative about how they access and use your information, times are changing fast.

While we all want speedier, more convenient payment options, have you stopped to consider the level of personal information you now carry around about yourself, and whether you are still doing such a good job of keeping your wallet safe in today’s digital age?

As National Cyber Security Awareness month continues, I’ve jotted down a few of my top tips:

When is a wallet, not a wallet?

There has been much talk of the ‘digital wallet’ in recent years, but with NFC payments now enabled through schemes such as Apple Pay and Android Pay, your smartphone could now be considered a wallet on its own. As such, you’ll need to consider both its physical and cyber security. This means taking steps such as considering where you’re carrying and using your phone, making sure you have software to protect it from malware, and ensuring you only use it at trusted locations for sensitive transactions such as money transfers.

Does you wallet speak for itself?

With contactless payment systems becoming more popular, especially in Europe, even cards in your wallet could speak without you knowing. If you card has the ‘contactless’ Wi-Fi type symbol on it then it most likely has RFID technology that allows details to be read from the card without the need to swipe or insert into a chip and pin reader. This also means that if a cybercriminal can get close enough to your card then they might be able to read some of the data from it. Wallet manufacturers are now producing wallets that add pockets of protection for you to store cards of this type. I recently purchased one and now it stores both my driver’s licence and contactless cards in the protected zone.

Putting a PIN in your security

With the increase in payment technologies such as Chip and PIN and contactless, the contents of your traditional wallets are also more vulnerable than ever before. So what steps should you take here?

Just as you wouldn’t leave your house keys in your front door, your card or phone’s PIN number should never be written down and certainly not left with the card or phone itself. If you have trouble remembering the PIN provided by your bank, you should change it to a number that’s easier for you to remember – but not so easy that others could guess it. When entering your PIN, you should also hide it from anyone who might be looking!

While not yet mainstream in the U.S., ‘touch and go’ NFC payment from a phone or ‘contactless’ RFID from a credit card is already common in Europe. Making a payment in seconds is appealing to many of us, but this convenience comes with a number of other security considerations. In the UK, there is currently a cap of $45 (£30) on such purchases – minimising the risk of significant purchases being made on a stolen card or phone. For anyone still feeling nervous, it is possible to ‘opt out’ and request a simple Chip and PIN card.

Beyond these more ‘high-tech’ tips, there are other points of best practice that should always be observed in protecting your financial security.

Check what you’re paying for

As cashless payment becomes the norm, it’s easy to lose track of what you’re spending, and even if you’re the one spending it! Always make sure to check your bank statement, even if online, for any ‘rogue’ payments. Many of us have the attitude that ‘it won’t happen to me’, but fraudsters will often start with small amounts that may go unnoticed to those who aren’t vigilant.

Bin those receipts

Is your wallet bulging with six months’ worth of receipts? If so, de-clutter! Receipts can carry a whole host of valuable information including your credit card details or signature. Keep any important receipts for returns, warranties or business expenses, at home and make sure to shred the rest. Expired cards should also be cleared out of your wallet. While you can’t use them anymore, your information could still be of use to a potential fraudster.

Having taken my wallet with me on various travels abroad recently, I know I’ve kept these tips in mind, and fingers crossed, remained fraud free! Hopefully they will help you do the same!

AVG Debates the Impact of Trust on Innovation at the MEF European Consumer Trust Summit

AMSTERDAM– October 19, 2015 – AVG Technologies N.V. (NYSE: AVG), the online security company™ for more than 200 million active users, today announced that Tony Anscombe, the company’s Senior Security Evangelist, will be participating in a panel debate at the MEF European Consumer Trust Summit on October 20, 2015.

Taking place in London’s Canary Wharf, and open to both MEF members and non-members, the Summit will bring together brands, mobile operators, regulators, developers and innovators to examine the business-critical issue of how to foster consumer trust in today’s mobile age.

This comes as the latest MEF Global Consumer Trust Report ranked trust as the single, largest obstacle to growth in the mobile content and commerce industry – with two-fifths of survey respondents naming a lack of trust as the number one dissuasive factor when downloading items.

Anscombe will be joining representatives from Mozilla, Vodafone, Smart e-Money and CitizenMe to discuss, “Trust as a Driver for Innovation.”

What: Tony Anscombe, AVG Technologies, at the MEF Consumer Trust Summit

When: Afternoon Session (between 14.00-17.00), Tuesday, 20 October 2015

Where: Level 39, Canary Wharf, London

The Consumer Trust Summit forms part of a week of activities from MEF, kicking off with the annual Meffys award gala dinner on 19 October 2015. Now in their twelfth year, the Meffys aim to recognize the most successful and innovative players across the mobile ecosystem. This year, AVG has been shortlisted in the Consumer Trust category for its one-page privacy policy.

For further information about the Consumer Trust Summit, or other MEF events, please visit the organization’s website: http://www.mobileecosystemforum.com/

 

About AVG Technologies (NYSE: AVG)

AVG is the online security company providing leading software and services to secure devices, data and people. AVG’s award-winning technology is delivered to over 200 million monthly active users worldwide. AVG’s Consumer portfolio includes internet security, performance optimization, and personal privacy and identity protection for mobile devices and desktops. The AVG Business portfolio – delivered by managed service providers, VARs and resellers – offers IT administration, control and reporting, integrated security, and mobile device management that simplify and protect businesses.

All trademarks are the property of their respective owners.

www.avg.com

Contacts:

North America:
Deanna Contreras
Tel: +1 415 371 2001
Email: [email protected]

Rest of World:
Zena Martin
Tel: +44 7496 638 342
Email: [email protected]

Press information: http://now.avg.com

Stagefright the sequel – Android devices vulnerable again

Researchers at Zimperium, a specialist cybersecurity company, has announced that it has found another major vulnerability in the Android operating systems that many of us use on our mobile devices.

A blog post published by Zimperium says “Meet Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files.” Nearly every single device since Android 1.0, released in 2008, is affected according to the blog post. The researchers were able to exploit the flaw in devices running Android 5.0 and later, and conceptually nearly every single device since Android 1.0 (2008) could be affected. According to Zimperium, earlier devices could be impacted through media players and instant messenger that use the Stagefright library.

Media files carry additional information called metadata, which is processed when the file is opened or previewed. This means the video or audio file on the device would not even need to be opened by the user for the attack to occur. Once the device was infected, the most likely method an attacker would use would be via a web browser.

How might this happen in a real environment?

  1. An attacker will try to convince you to visit a link that points to an infected website via either a malicious ad campaign or using spear-phishing techniques.
  2. An attacker on the same network as you could inject the exploit by intercepting your mobile network traffic destined for the browser.
  3. Infection of 3rd party apps that are using the vulnerable software library.

Zimperium has said that they notified Google’s Android Security team in August, and that Google responded quickly to try and fix it. They’ve also said that full technical details of the exploit will not be released publicly until Google has confirmed that the issue has been fixed and is available to users.

Bugs and vulnerabilities in operating systems are not uncommon. This exploit highlights the need for users to ensure that their devices are running the very latest version of their operating system and applications.

Unfortunately, unlike the first time Stagefright appeared, when disabling the automatic retrieval of MMS messages could prevent your device from being infected, this time we need to wait for the update from Google, our phone carrier as well as our handset manufacturers to make it available to us.

In the meantime there are some precautions you can take:

  • Check with your handset provider or carrier for a patch/update.
  • Update all the apps you have on your device.
  • Avoid downloading media files from untrusted sources, and even when trusted, use caution.
  • If you haven’t disabled the ‘Auto retrieve MMS’ feature, switch it off now.

Remember, the most important thing you can do is keep your operating system and apps up to date. For that extra layer of protection, download AVG AntiVirus for Android to help protect your devices against malicious phishing sites.

Follow me on Twitter @TonyatAVG