Tag Archives: Yuval Ben-Itzhak

AVG AntiVirus PRO is first security app to enter Google Play Revenue Chart

AVG’s position in the Top 10 chart is according to the App Annie Index for December 2014, produced by mobile app analytics company App Annie. The report, which analyzes trends and downloads for apps across all the major app stores, looks at both the popularity of apps and the revenue they drive.

In the report, App Annie details the incredible growth that they have tracked in security apps. And one year after climbing into the top ten apps for downloads, AVG AntiVirus PRO Android Security – referred to AntiVirus Security on Google Play – has become the first security app to enter the Top 10 Revenue Chart (excluding games) on the Google Play Store.

Top Revenue Apps on Google Play

 

Proven demand

Increased demand comes after a busy 2014 for cybersecurity events and suggests consumers are more security conscious as a result.

There is demand for security apps – the continued popularity of AVG AntiVirus Security FREE, which was the first security app to exceed 100m downloads on Google Play, shows this.  People, however, are not only protecting their devices with free security apps but are willing to invest in the solutions that they trust.

This is echoed in the recent MEF Global Consumer Trust Report where 64% of those studied use software or apps to guard passwords and protect against malware and only one in ten (11%) take no steps to protect their device.

 

Highly Rated

AppAnnie’s report also highlighted that AVG AntiVirus Security FREE is receiving overwhelmingly positive reviews from the public.

During December, AVG’s AntiVirus Security FREE received an average rating of 4.6 from over 33,000 reviews, with 77% of all users awarding us a maximum score of five stars.

AVG AntiVirus FREE Reviews

 

 

The future is bright

At AVG, we’re already looking ahead to a world where mobile devices are not just secured, but integrated across the Internet of Things. Through AVG Zen, we deliver a single dashboard from which a customer can manage the security, privacy and performance of all their devices and those of their family, all in one place.

 

Internet of Things still not taking privacy seriously

It seems that companies developing the connected devices that make up the Internet of Things are in a constant race to release new technologies while potentially compromising on privacy.

It emerged this week that certain models of Samsung’s smart TVs are able to record conversations while voice recognition is active.

Samsung’s Terms and Conditions read:

“Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features.”

“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

So while voice recordings will only be made while the feature is active, the Terms and Conditions do state that:

“If you do not enable Voice Recognition… while Samsung will not collect your spoken word, Samsung may still collect associated texts and other usage data so that we can evaluate the performance of the feature and improve it.”

I have blogged and spoken on privacy and the Internet of Things several times and it is disappointing to find that privacy and security are still not part of the design process for most consumer IoT devices.

First, in 2013 I highlighted the amount of data that is being generated by each and every user of connected devices, often without their knowledge or understanding.

Then, in 2014 I revealed how voice activated technology could be used to manipulate devices into executing unauthorized commands such as sending emails, or controlling a smart TV.

Video

How Voice Activated devices can be hacked

 

Here we have the two issues combined into one

  • End users are likely unaware that their data is being collected while using the voice command feature. Likewise they don’t understand that this data is used and shared.
  • The dangers of voice activated technology and how they can be used in potentially harmful ways. If you entered sensitive data such as a password via voice recognition, it may seem safe. Voice command records can be stored and stolen just like written files.

 

Users may not understand that while Samsung’s privacy policy contemplates the use of active voice commands, voice activation features can be used both actively and passively, meaning that devices can be constantly recording sound and identifying activation commands.

There is, as such, a potential for privacy issues here.

It’s about time that manufacturers of smart devices started taking the privacy and security of its users seriously. Only a few weeks ago a wireless baby monitor was hijacked and the attacker communicated directly with the nanny through the device.

After CES 2015, I commented that privacy should be at the very heart of the Internet of Things, a sentiment echoed by the FTC and its Chairwoman Edith Ramirez in their report on the Internet of Things.

Hopefully, it will not be too long before the public and electronics producers realize that going online should not mean surrendering your privacy.

Terror on the streets leads to terror in cyberspace

Earlier this January, the Charlie Hebdo attacks in Paris shocked millions across the globe. News channels brought us almost 24 hour coverage of events and are still analyzing the effects, some weeks later.

However, there’s more to the aftermath than first meets the eye. France has received a massive spike in detected cyber-attacks, reporting over 19,000 attacks since events unfolded in the capital.

This cyber-terrorism represents an often ‘hidden’ side to politically motivated conflict and are neither new nor unique.

For many years, we have witnessed a close correlation between tensions in the middle-east and the number of cyber-attacks detected in conflict zones.

Political conflicts between Turkey, Syria, Lebanon, Israel, Egypt and Palestine regularly trigger waves of cyber-attacks such as website defacements and Denial of Service attacks (DDoS).

 

Here are just a few examples of this cyber-terrorism:

Just as street-level conflict can be a way to express opinion and get your voice heard; for others, cyber-attacks are the most powerful protest tool available.

“these attacks are usually unsophisticated and are not motivated by theft of data or money”.

In my experience, these attacks are usually unsophisticated and are not motivated by theft of data or money. Instead, they are brought about simply by an individual or group’s need to voice their opinions.

So as Europe experiences a wave of terror attacks, what can it learn from the middle-east and its longstanding tensions?

For one, there is a very real correlation between civil conflicts and attacks in cyberspace, although thankfully not visa-versa.

Second, consumers and businesses should make sure they protect themselves in cyberspace once terror or political conflicts hit the streets.

Visit our AVG Academy on YouTube for helpful tips on protecting yourself online.

The Internet of Things must begin with privacy

Earlier in January, thousands of attendees and exhibitors descended on Las Vegas for the 2015 Consumer Electronics Show (CES).

One of the most exciting and talked about trends was the mass market arrival of the Internet of Things, something that I have been talking about since August 2013.

The Internet of Things (IoT) is a catch-all term for the growing number of Internet enabled devices in our lives. If you wear an activity tracker, have a smart Nest thermostat, or remote access CCTV in your home, these are all part of the IoT.

What we saw at CES was a potential glimpse into the future. We saw smart dog bowls, smart baby monitors and even Belty, a smart belt.

Belty

Image courtesy of stuff.tv

 

Apart from excitement, all smart devices have something in common, they create data. They generate data that helps us as users to take more steps each day, brush our teeth for the required time, not forget to water our plants etc.

All this data is very useful but it is also very real privacy concern. In fact, shortly after CES, the chairwoman of Federal Trade Commission Edith Ramirez warned that privacy and security should be a key consideration as we add more devices to the Internet of Things.

She outlined three major concerns brought about by the IoT:

  • ubiquitous data collection
  • the potential for unexpected uses of consumer data that could have adverse consequences
  • heightened security risks

 

I couldn’t agree more with Ramirez, as we have seen with voice recognition technologies, the connected world of the IoT has witnessed a land grab. Companies are developing smart devices as quickly as possible and putting them out into the market without proper consideration for what is safe or how data should be used responsibly.

The line between our connected lives and physical lives is more blurred with each passing year and we must change the way we view data and personal information.

I don’t believe that collecting data is a bad thing, in fact its data collection that allows many of the web’s most popular services to function at all. What I do insist on, however, is that data collection is transparent, easy to understand and most important of all, consensual.

People have come to learn that their data has value, and they should be the ones to decide who they share it with, and how it can be used.

Google to remove support for old versions of Android WebView

Earlier this week, Google announced that they will no longer release patches for WebView versions JellyBean and older.

WebView is a core Android component which is used to display web pages on mobile devices and has been a target for exploitation from hackers. Google’s decision to stop patching old versions of WebView could potentially leave millions of users at risk.

Here is a video of Elad Shapira, one of our mobile security experts, executing an exploit on WebView.

Video

Demonstrating a WebView exploit

 

How many people are affected?

While it’s quite common for companies to pull support for legacy products, Android is a special case as there are many devices still running old versions of the operating system.

In fact, the latest mass-market version of Android (4.4, KitKat)- only makes up 40% of the overall Android market meaning that up to 60% of all Android devices might receive no further WebView patches.

Image courtesy of  securitystreet

 

Why does this matter?

Support in the form of patches and security fixes are one of the most important ways to keep our devices safe. New vulnerabilities in operating systems and apps are found all the time and can cause privacy and security concerns for end users.

Software developers use security patches to protect fix these vulnerabilities and protect users from harm.

Having said that, Android is by its very nature open source, so there is always the possibility for newly discovered vulnerabilities to be patched by the Android community but that is a Band-Aid fix at best.

What can be done to help you keep safe?

The most straightforward step to help stay safe (and the one Google is likely hoping we all adopt)  is to upgrade to the latest version of Android. For some however, this would prove prohibitively expensive and would require the purchase of a new device.

Those with recent devices should be able to upgrade to KitKat without much problem and people with brand new devices should be on version 5, Lollipop.

As a complementary measure, having a fully updated security app running on your device will help keep you safe from most scams and malware.

The web gets ready for voice recognition

News broke earlier in January that Facebook has acquired Wit.ai, an 18 month old startup that specializes in voice recognition technology. At first, this might seem like a strange move but upon closer inspection, the rationale is clear.

Millions of users are turning to mobile as their preferred platform, where typing long messages and interacting with friends is far more challenging than on a PC keyboard.

It’s clear that companies like Facebook face a challenge to make mobile interaction easier and more engaging.

Using Wit.ai’s expertise, Facebook can build a mobile-first platform with a voice activated interface and text-to-speech messaging some obvious steps.

The Facebook acquisition highlights the excitement and potential behind voice recognition technology. We are potentially witnessing a fundamental shift in the way we interact with our technology forever.

As we start integrating voice activated functionality into new smart devices and services we use on a daily basis, my primary concern isn’t one of convenience but of security.

As I wrote in this blog in September 2014, there is much work to be done in securing our digital devices from voice commands.

Most voice recognition technologies scan commands for meaning and then execute them. I believe there is a need for an additional step, one of authentication.

Does the person issuing the command have the authority to do so? When I ask the device to execute a command, does it validate that it is really me and not someone else?

As I demonstrate in the below video, it is quite simple to have a device act upon a voice command issued by a synthetic voice or by a 3rd party that has an access to the device – even remotely:

Video

Voice hacking a device

 

As Facebook and other leading companies add more voice activation technologies to their roadmap, it’s important to realize that we are also increasing the number of services and devices that are potentially vulnerable to voice attacks. So considering this, , let’s build it with safety in mind.

iOS users facing new storage challenges

News emerged recently that Apple has been challenged about storage on their iOS devices.

According to news sources, Apple has come under fire for the size of their latest operating system iOS8 which can apparently occupy up to 23.1% of the devices total storage.

On top of this, the upgrade from iOS 7 to iOS 8 alone can take up more than 1.3 Gigabytes of storage space.

While the storage statistics for iOS 8 might be surprising, it’s important that iPhone and iPad users realize that often their storage can be taken up by multiple unnecessary files and not just operating system files.

Operating systems are not the only files that bloat and grow over time; in fact it’s quite common for updates to systematically increase an app’s footprint on our devices as new features and enhancements are added

That’s why it’s very important to regularly clean out your mobile device, get rid of unwanted or unneeded files and apps and create space for the things you really want.

To help you do this, AVG has developed iOS Cleaner as part of the AVG PC TuneUp performance suite. iOS Cleaner can help you reclaim back valuable storage space on your iPhone or iPad devices by locating and removing duplicate files and unnecessary clutter and temporary files.

We’ve also prepared this easy to follow guide to help you get started.

Title image courtesy of engadget

Four trends that will change mobile in 2015

In fact in the US mobile web traffic exceeded desktop web traffic for the first time. Mobile is fast becoming the most convenient and cost effective to way get online but what does the future hold for our smartphones?

Here are my predictions on how our mobile worlds will continue to evolve in 2015.

 

Apps will become the primary target for hackers

While the first generation of mobile threats was primarily using vectors and methods seen in the PC world, we are beginning to see new threats specifically designed to exploit mobile devices. The threats is not just malicious apps, but also regular apps that are vulnerable to attacks.

Until now, the centralized software distribution model seen with the AppStore and Google Play has helped protect our devices from malware. This concept came as a lesson we all learned from the PC, where software distribution is not controlled and so malware is common. Apps on official stores are less likely to be malicious, but it doesn’t mean they are not vulnerable to attacks.

Hackers love to find vulnerabilities. Almost every software program has vulnerabilities that are waiting to be discovered and mobile apps are not an exception. As official app stores make it difficult for hackers to directly upload malicious apps, they have instead begun hunting for vulnerable apps to attack.

Vulnerable Apps are not always removed from the App stores and as many have been left unmaintained by developers, creating an opportunity for hackers to exploit them.

 

New threats will emerge

As a result I expect to see a rise in the discovery of mobile app vulnerabilities during 2015. Here are a few examples:

  • Voice activation – Voice activated software is a standard feature on smartphones and are also appearing in smart TVs and other Internet-connected devices. However many of the implementations are vulnerable to voice activation attacks. This is because it does not authenticate the source of the voice – it could be you speaking, or equally it could be a synthesized voice coming out of an app – yes, even a game can play a sound an send an email to your contacts on your behalf.

Video

How Apps Could Hijack Google Now

 

  • Mobile browsers – For the average user, browsers on mobile are very difficult to operate. Small screens mean you see only a fraction of the URL, making it easy disguise a malicious URL. Drive-by infections, which are well known to PC users, will soon come to mobile users as well. Not surprising, mobile browsers are also vulnerable to JavaScript exploits that can be triggered by a hacker remotely. That could mean streaming video to or from a device, even if it is locked.
  • Radio-based threats (Wi-Fi, Bluetooth, NFC) – mobile devices are constantly broadcasting over radio frequencies in order to connect and transfer data. Rough access points and over-the-air sniffers can capture transmitted data, reply with malicious content or even modify the values in the data over-the-air.
  • Masque Attacks and malicious Profiles – as mobile users have less visibility on the files being downloaded on the device, like the running processes and settings, hackers will continue to use these limitations to mislead the user to download and install malicious files to their devices from outside the Appstore. However apps on app store are also vulnerable and I predict the number of malware detections from recognized app stores to increase in 2015.

 

Data will become more valuable and more threatened

Mobile devices are much more personal than our PCs ever could be. The data on them is much more intimate and is a much more rewarding target for hackers. In 2015, I expect data, especially that held on our mobile devices, to come under much greater scrutiny.

In particular, I foresee three threats to our data in the coming year:

  • Physical tracking – criminals or law enforcement can use location data stored on your phone to identify important places (such as home or place of work), analyze behavior such as a daily route or absence from home.
  • Data stealing – in mobile, everything is broadcast through the air, that means data is vulnerable to being intercepted as it travels. Credentials, financials, transactions or payments can all be captured and recorded by 3rd
  • Commercial tracking – mainly done by retailers to better understand the behavior of their visitors. Think online analytics but for the physical world.

 

Payments will also go mobile

The public’s positive reception of Apple Pay heralded a new phase of consumer payment methodology. Although Apple is not the first to introduce mobile payment, their offering came at a good time and the implementation seems to be practical and secure.

As mobile payments are a new experience for consumers, I expect to see social engineering attacks where hackers will try to confuse and mislead in order to steal credentials and personal data. This is expected to be the first phase of attacks. Once consumers are more familiar with the technology, attacks on vulnerable apps and even on the payment services are expected to soar.

Is your data secure in the cloud?

It’s a very broad topic so I chose to focus my answers on three particular things.

 

When you put your data in the cloud, someone else holds it?

There’s a security gap between the private and public cloud. You might have invested heavily in your own private cloud or on premise systems, but data on the public cloud are not secured by you. Who controls this data? Who is responsible for it and who is accountable should something go wrong? This needs to be addressed as a priority. Consider that CTOs and CIOs must as part of SOX compliance procedures sign off on their company data being secured and under control. Yet if that data is held in the cloud and you cannot audit the security measures there, then the reality is that it is being managed by someone else – the cloud service provider.

So what we need to focus on is understanding how we can help businesses get back control of securing their data.

 

Cloud and mobile has changed the assumptions businesses had that they can control all the devices being used within their organizations to access their data.

With cloud services, businesses have limited authority to define what security is being used by their provider to protect their data. Company executives might not like this situation, but they will still have had to confirm that their data is secure and compliant with regulations. This is a no-win scenario for businesses.

That fact that critical data is stored on cloud services means that the business is now effectively in someone else’s hands. There is the additional challenge of how the IT department can control a situation where an employee has their own device and wants to use it to connect to this cloud-based data using tools like Salesforce, for example.

If the malware is running on that device, the IT manager is not in control of identifying and fixing that. They are in the position of having to guarantee to the business that company data is secured when in fact that might not be the case.

Hackers realized this pretty quickly. They started to target individuals within organizations when they were off the network and interacting with the cloud via a device in order to retrieve data they needed.

I expect that this risk will soon become untenable. And in the near future, that we will start to see companies pushing back on signing documents that their data stored in the cloud is secure because in reality, that data is no longer part of their business, no longer within their control.

In small to medium sized businesses, there is less likelihood they will even have any sort of systems in place to manage this and so they ultimately have less control and less confidence that their private, business data is safe in the cloud.

 

The Internet of Things means businesses need long-term perspective for their cloud strategy.

This brings me to this last point. If we fast forward two or even five years, and look at the impact of the Internet of Things, it’s clear we need to start thinking already about how to connect and manage these new devices and sensors for business. More importantly, we need to harness the data that is coming out of them. We’ll want them to be under control and we will all start to use services.

We also have privacy to consider. This is one of the rising stars in security. It’s a big challenge and even law enforcement agencies are becoming more active in this area.

As the panel drew to a close, I emphasized that things will start to change. Cloud service providers should start to work with their client teams on premise to give back to that business a degree of control. This will be the first step towards giving CIOs and CTOs that confidence to sign compliance documents because they will be able to verify that company data is indeed secure.

The secret life of apps revealed

Have you ever noticed that your smartphone has surprisingly little storage space left for things like photos or even the latest updates? Or that battery life and reliability have begun to deteriorate over time? Or perhaps that your monthly data usage is growing inexplicably? Over time, the apps we love and use day in and day out affect our tablets or phones and impact their performance – sometimes while you’re using them, and sometimes completely invisible in the background.

 

The study

We decided to investigate to see if we could better understand how apps influence devices over time in our first Android App Performance Report.

When it comes to the performance of our phones, we noticed that users care about three things above all else:

  • Storage consumption – how much space do you have left for the files you love?
  • Battery consumption – is your phone making it to the end of the day or not?
  • Data plan consumption – are you constantly hitting your mobile data limit?

 

We felt that in order for the report to reflect what is happening to people’s phones out there in the real world, we needed to use data from real devices. Unlike other tests that might conduct benchmarking in a lab environment it was important to us that these results applied to everyday smartphone users.

 

Methodology

 

So with that in mind, we analyzed anonymized data from over one million AVG Android app users, so that we could better understand which apps they are using and how those apps affect their devices.

Some of the results were quite surprising.

 

Key Findings

 

Pre-installed apps

One of the most interesting learnings we made in the first report is that many devices are still carrying around a lot of apps that were installed by the manufacturer. These can take up a lot of storage space but more importantly can drain battery life – something that is already under strain with the constant use of most smartphones.

 

Apps with background activity

Another thing that became clear was that as we add more apps to our devices, we seldom remove the ones we no longer want or need. Over time this means that the limited resources of our devices are divided over an ever growing number of apps, affecting performance.

The reason for this is simple: the “always on” nature of apps means that they often-times continue to run in the background to check for notifications, updates or download data which uses valuable battery and data.

 

Social and News apps

It will come as little surprise that with its constant background notification checks, which run even when the app is not open, the social networking app from Facebook emerged as having the biggest impact on your mobile device when it comes to overall performance. The constant demand and transmission of data makes the app a real drain on both battery life and data use.

 

 

App growth

As we ran the report over several months, we observed some interesting behavior amongst apps that are automatically updated. Over time, their storage footprint and battery drain both increased. This is mostly due to downloaded content (songs for Spotify, items in games etc.), but is also in part thanks to automatic updates. With automatic updates enabled, developers can push out new versions and features that take up more space and are more resource heavy without having to ask the users permission. Combine this with the steadily growing number of apps we have on our devices (including those that we’ve downloaded and no longer use) and very soon you begin to observe a noticeable dip in performance.

 

What can you do to improve your device performance?

One of the most fundamental issues that the report has raised is that keeping your smartphone running in top condition is quite a labor intensive task. Keeping check of which apps are running in the background and removing apps that you don’t use is more than enough for most of us to commit to.

There are products that are designed to make your life easier though like AVG Cleaner for Android which can show you how much data, storage and battery life each of your apps is consuming to help you take the right actions to tackle any issues.

 

Our full report doesn’t just detail what apps are the most consuming of them all, it also details best practices and helps you get rid of performance hogs on your Android smartphone or tablet.

 

Full Report

Androidâ„¢ is a trademark of Google Inc. in the US and other countries.