Tag Archives: Mobile News

‘Ghost Push’ Malware Threatens Android Users

Why should you update your Android device’s operating system? Two words. Ghost Push.

The well known trojan has had various iterations and it’s often updated to bypass new security updates.

At its peak, Ghost Push infected over 600,000 Android devices daily, a colossal number. The trojan is capable of rooting phones, displaying revenue-generating ads that drain your battery, and can be used by hackers as a means of spying on the infected party.

When infected, it is virtually impossible for the device’s owner to remove the virus, even by factory reset, unless the firmware is reflashed.

This is not an easy malware to get rid of.

The good news? A simple update of your Android operating system can make your phone much less penetrable to this type of malware.

However, even though Android has released version 7, Nougat, of its OS, there is still cause for concern. Recently released figures show that Android users are slow on the uptake when it comes to updating their OS. The majority of users are still running Lollipop, or earlier, meaning that they are vulnerable to the Ghost Push virus.

The latest iteration of the Ghost Push trojan.

In fact, the latest iteration of the Ghost Push trojan, which was discovered in September 2015, can infect devices running on Android Lollipop (version 5) or any of the OS that came before it.

In a recent blog post, Graham Cluley drove home the issue, emphasizing the root of what, on the surface, should be an easy problem to rectify. He said, “when you compare the take-up of new versions of Android compared to Apple iOS it’s clear that one ecosystem does a much better job of getting its users to upgrade to the latest version of their OS, protecting against security vulnerabilities, than the other.

There’s a reason for this. Whereas Apple has its own integrated app store, for Android it’s a different story. In their case, carriers, smartphone manufacturers and Google all have to work together to get a new update out to users. As such, the process takes longer, and updates are rolled out with much less frequency than they are for iOS.

Android Users

This, unfortunately, has a knock on effect that only serves to make Android users even more vulnerable. As Cluley puts it, Android users end up feeling abandoned, and this leads to many of them venturing “into the cloudy waters of installing third-party ROMs like CyanogenMod that receive regular updates.”

Recent research, also looked at the type of links that delivered the malware to users. Most were short links and ad links. The country most hit by the trojan infection, meanwhile, was India with more than 50 per cent of infections. Indonesia and the Philippines rank second and third, showing that the trojan is most prevalent in Asian countries. This doesn’t mean it’s not a threat in North America and Europe, though.

Be aware

Putting your trust in third-party sources can of course be risky, and that’s where infections like Ghost Push can be unwittingly installed by users. It’s important to be aware of what’s being installed.

Unfortunately installing third-party ROMs and applications can often lead to the installation of unwanted malicious malware and even ransomware. Android users should do their best to only download applications from reputable app stores and should avoid clicking on those suspect unknown third-party links, however tempting the proposition.

The post ‘Ghost Push’ Malware Threatens Android Users appeared first on Panda Security Mediacenter.

How safe are VPNs?

It’s a tough economy out there. Things are looking up, alright. But for some low-life criminals like Joe Crook, ANY work will always be too much work anyway. So what do people like Joe Crook do? They scheme. They’re on the lookout for the latest scam so that they can defraud you of your hard-earnt cash.

How does a vpn work?

Take VPN technology for example. For IT knowledgeable evil-doers, it’s as good a target as anything there is. The technology has been around for decades of course. In the beginning, it was meant for big businesses – and most probably it was never intended for the many purposes that it serves today (nope, it was not created with Netflix in mind!)

The original idea behind this technology was to create a private connection between multiple people and devices across the Internet. In other words, it was the Internet within an Internet: a secure, private and encrypted network keeping hackers, ransomware, prying eyes and anybody that was after your personal data.

In a way, VPN offered a perfect solution to those sharing sensitive data or looking to evade government censorship. VPNs typically allowed only authenticated remote access via tunneling protocols and other encryption techniques to prevent disclosure of private information. In short, no one knew where you surfed, what content you saw, nor where you were even surfing from. Your connection was fully encrypted!

VPN’s risks

But, sensing an opportunity, the Joe Crooks of this world came to realize people like Average Joe might have grown complacent in their use of VPN. For instance, millions connect to public Wi-Fi hotspots without thinking twice about the potential consequences. Fraudsters came to understand the technology’s possible weaknesses. And with over 280 million Internet users in the US alone, roughly 80% of which are using the web every single day, let’s just say there is plenty of fish to go after.

It’s not just traditional VPN that can be targeted

Research conducted just last year revealed that nine in 10 SSL VPNs were using insecure or outdated encryption. The large-scale study randomly scanned over 10,000 live and publicly-accessible SSL VPN servers (SSL refers to Secure Sockets Layer – it’s a form of VPN that can be used with a standard web browser).

Users’privacy

Although VPNs are meant to protect users’ privacy by setting up an encrypted tunnel between the device being used and the VPN provider’s servers, vulnerabilities are known to exist. Hackers like Joe Crook are keen to steal your data mid-transit and unfortunately are getting better at it.

So what more should you do to protect your privacy online?

When making payments online, are you unwillingly allowing hoodlums to help themselves to your credit card details? One thing for sure, our devices are getting more and more connected every day. Having access to a VPN should form part of your set of digital tools – though it isn’t a foolproof sort of firewall by any stretch of the imagination.

And for the highest level of protection look nowhere else but to Panda Security. We have developed a cyber-security platform designed to eradicate threats. Security systems are activated before threats are executed, and advanced protection for endpoints and servers helps destroy the malware before it’s too late. Now, that’s what we call protection!

We’d like to ask you about the VPNs, do you have 2 minutes ?

 

The post How safe are VPNs? appeared first on Panda Security Mediacenter.

The worst passwords ever created

For many online services, the only thing keeping your personal data safe from hackers is a password. If a hacker can get hold of that password, they immediately gain access to the account.

Your choice of password is absolutely vital

Your choice of password is absolutely vital which is why most services force you to use a combination of letters and numbers to make it harder to guess. Despite this, many people continue to choose the same, easily-guessed passwords year after year.

Every year mobile app developer SplashData publishes a list of the 25 most common passwords worldwide. Not only are these passwords extremely simple to hack using automated cracking tools, but the fact they are so popular means that cybercriminals will try this list first.

The top 5 passwords

According to SplashData the top 5 passwords are:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty

If any of these passwords look familiar, you could be in trouble.

Most people choose passwords very easy to remember

Most people choose these passwords because they are very easy to remember, and only take a second to type in. The fact that they are all letters or numbers, and all in lower case means that they require the minimum number of keypresses to enter – perfect for the small keyboards on smartphones.

Ignoring password best practice

When you first set up a new account online, you will be encouraged to choose a memorable word of phrase – preferably one that contains upper and lower case letters and numbers to make it harder to guess. But as we discussed on the Panda Security blog previously, these measures are not enough to fully protect yourself.

To increase security, upper and lower case letters need to be used in the middle of the password. They should also include special characters, like !?*(), making them almost impossible to guess. Not unbreakable, but certainly much more difficult.

Reusing passwords

The other major problem with SplashData’s list of most common passwords is that people tend to reuse them for all their accounts. So if cybercriminals gain access to your Facebook account using an easily-guessed password, they can then log into your email, online bank account, and virtually any other system.

More worrying still, if you use these same passwords at work, you place their systems and data at risk too. If the breach is significant, you could even lose your job.

Get creative with your passwords

Although you must include specific characters in your password, you can choose any word you like. Better still, you can string several words together to make very long, very complex password that is almost impossible to guess.

And if you must use the top 25 most popular passwords, try stringing several of them together instead. It’s not a perfect solution, but your password will be more secure.

Use a Password Manager

There are great security solutions that offer a larger degree of protection and include a password manager… all you need is a master password to access all of your favourite internet services. This way, you will only have to remember one password and, as you don’t have to memorize all of them, you can set different, more complex passwords for each service. It maintains your online privacy… at all times!

The post The worst passwords ever created appeared first on Panda Security Mediacenter.

WhatsApp, message encryption and national security

Is Whatsapp the perfect communication channel for terrorists?

The devastating terrorist attack that took place in London last week has brought grief to the UK and the rest of the world. The police that investigation into the incident has raised a number of questions, that could have far-reaching consequences.

WhatsApp and messaging encryption hits the headlines

The discovery that terrorist Khalid Masood had been using the messaging app WhatsApp shortly before the attack presents police with a problem. WhatsApp uses a technology called end-to-end encryption to encode text messages.

This encryption is intended to protect messages from being intercepted by hackers and cybercriminals. If a text is intercepted, it cannot be read without the decryption key – and only the authorised sender has that key. The text is completely garbage without decryption.

Unfortunately this also means that legal investigators cannot access those texts either – the data is completely inaccessible without access to Masood’s phone. Which means that the police may be missing vital evidence of other terrorist activities because the texts are encrypted.

UK government criticises encryption

Speaking in the media, UK Home Secretary Amber Rudd has criticised the use of end-to-end encryption, calling it “completely unacceptable”. She even went as far as suggesting that these encrypted messaging apps are “places for terrorists to hide”.

Ms Rudd’s main concern is that traditional surveillance techniques used to prevent terrorism and crime simply do not work in the age of complex encryption. As such, police and intelligence services are limited in what they can do to keep people safe.

A difficult issue globally

The London terror attack is not the first time security services have run into problems. The FBI has run into similar problems in the US too, unable to access encrypted smartphones belonging to criminals.

Service providers like Apple, Google and Facebook have complied with requests to access data in the past, but in the case of WhatsApp, they remain powerless to act. All encryption keys are specific to the phone owner – services providers like WhatsApp do not store copies, so even they cannot read messages.

Clearly there is no easy answer

.
For the majority of people, encryption is a vital tool to protecting their sensitive personal data. However criminals will exploit that anonymity – placing lives in danger in the process.

In future we may see WhatsApp and other messaging providers being forced by governments to create a “backdoor” in their apps that allows for proper surveillance. Although useful for the intelligence services, this approach could also be exploited by hackers, immediately weakening security of law-abiding citizens too.

How this situation will be resolved remains to be seen. But it could be that your favourite messaging app will undergo major changes security-wise in the near future.

The post WhatsApp, message encryption and national security appeared first on Panda Security Mediacenter.

The best ways to speed up your android device

Six top tips for speeding up a sluggish Android device

It’s soul-destroying and one of the hardest things you’ll ever have to deal with. No, not Sunday lunch with your mother-in-law. We’re talking about Android devices operating at frustratingly slow speeds. It wasn’t like that when you bought it of course. So what’s going on? Why is speed such a big issue half a year down the line? “Is my service provider at fault?” we hear you ask.

It probably isn’t. 88% of all US connections are 3G or 4G, so there should be enough juice available for everyone. Sorry to disappoint you but in all likelihood, your problem is closer to home. Like, with the device itself and the way you are using it. But the good news is that help is available. It’s a fact of life; Android devices will stop performing at top condition after any prolonged period of use. Nobody said you have got to settle for that.

You’ll find below six useful tips to speed up your sluggish Android device.

  1. Back things up. All those photos & videos from that last holiday are so last year anyway… export, weed out, or cull them – whatever you want to call it: it’s time to backup your device. That should be the first step you take. Doing it will free up some space on your phone, and this eventually creates a better working device.
  2. Reboot. When was last time you switched it off? You can’t remember, can you? Well, maybe it’s time to switch it off and restart the device. Your mom will be proud of you!
  3. Clear up that cached data. Cached data will build up in your applications over time. This affects the performance of your device – you’ll find it hard shifting the blame on this one… To delete individual caches simply open up the settings on your phone and go to Storage and press the Cached Data button. It will delete all this useless data choking your beloved cell phone.
  4. Be realistic about your device’s capabilities. Did you overburden your phone with resource-hungry apps gnawing away relentlessly? They’re degrading your phone’s performance, so weed out or cull those apps – whatever you want to call it: it’s time to make some space. Do you really need everything you’ve installed anyway?
  5. Make sure your OS is fully up to date. You should always keep your OS up to date. Yes it’s time-consuming, yes it’s annoying, but just like visiting your mother-in-law it’s got to be done. There are good reasons why Google releases improvements to the Android operating system: those updates deliver stability, higher performance and plenty of benefits. It’s not worth missing out, and they are for free.
  6. Disable unnecessary animations. No matter how great they look, animations and special effects are known to slow things down. Boost performance by taking a closer look at your launcher’s settings.

Panda Mobile Security

If after following all these tips your Android device is still not working at an optimal speed, keep in mind that Panda Mobile Security maximizes the performance and battery life of your smartphone by analyzing in real time the activity of the apps installed on it.

These are just a few tips

There are plenty of other things to consider too. For example, why not use a high-speed memory card to your device? Not only you will increase your storage space (up to 2TB depending on your phone’s capabilities), but your device will start working faster. Also, if you’re are a gamer, check out one of the RAM memory optimizers.
Obviously, we’re all for cleaning things up… but make sure you don’t disable your Panda Security anti-virus software by mistake.

Stay safe!

The post The best ways to speed up your android device appeared first on Panda Security Mediacenter.

Music lovers, are your Sonos devices safe?!

Shout out to a crowd “Hands up if you like music!” Cue plenty of hands going up, with some ‘whoohoo’ screams added on. Rock stars know how to win a crowd over. And not just rock stars… music is one of those universal pleasures passed down generations, with percussion being (probably) the earliest form of music known to humankind. Heck, the Egyptians were at it 6,000 years ago! Other civilizations developed musical instruments too until Guido D’Arezzo reportedly invented solfege a thousand years ago – thus making improvements to music theory that remain in place today (do, re, mi, fa, so, la, si, do… ).

Music and technology

The way we came to appreciate music has changed massively as technology evolved. From outdoor performances in public squares to enclosed theaters, to the invention of the humble gramophone all the way up to Sony’s Walkman, it looks as though the trend for “any music, anywhere… right now” is here to stay. The ability to listen to one’s favorite tunes while out and about is now a given and as common place an occurrence as can be.

At the turn of the millennium, four music visionaries founded Sonos in California. They forever changed music with the introduction at the CES showing off their smart speaker, an intelligent piece of technology operating wirelessly. The company’s Digital Music System bundle won the “Best of Audio” award at the CES Innovations Design and Engineering Awards in November 2005.

The rest, as they say, is history.

Today, Sonos offers many powered speakers that utilize Wi-Fi, Bluetooth, and other standards to extend usage beyond audio playback; a soundbar “PLAYBAR”; and a subwoofer (for those craving that deeper sound!). The company also offers a device to link its system to conventional audio equipment such as and CD player and amplifiers for example.

For music lovers, this means multiple devices within a single household can be connected to one another wirelessly, or through a wired Ethernet network or a mixture of the two. The Sonos system operates with a proprietary AES-encrypted peer-to-peer network known as SonosNet.

In theory, this allows for each unit to play any chosen input. If desired, synchronized audio with one or more zones can also be achieved. Latest versions developed by the company integrate MIMO (an essential element of wireless communication standards) that function on 802.11n hardware, this provides a more robust connection.

Is the system hackable?

Can I get my mate’s audio device to blast out some weird music as a prank? Well, one hack reported a few years ago was much creepier: called “Ghosty”, this Sonos hack freaked people out with haunted mansion sounds. We’re not joking. Developer Aaron Gotwalt combined an unofficial Sonos API, some spooky audio files, and a Raspberry Pi to achieve scary effects.

Taking control of a Sonos system isn’t exactly easy, but that’s beyond the point. Almost everything is hackable nowadays. In today’s era of plentiful connected, hackable devices… it’s good to know help is available. Take Panda Security for example. We operate toll-free, seven days a week phone lines with a human being picking up the phone. We resolve all your home IT and security issues providing much-needed piece of mind.

No need to call Ghostbusters if your Sonos system goes wild, call us – we’ll sort it out.

The post Music lovers, are your Sonos devices safe?! appeared first on Panda Security Mediacenter.

Should You Share Your Netflix Password?

What you need to know before sharing your Netflix account details

Is it illegal to share your Netflix password? As of July last year, a court ruling in the US asserted that it is, in fact, a federal crime to share passwords for online streaming services.

If you share your Netflix password with people you trust though, the truth is that there’s no real need to stress out. It is very unlikely that Netflix are actively coming after password sharers.

Reed Hastings, Netflix CEO, spoke on the subject at CES last year:

We love people sharing Netflix whether they’re two people on a couch or 10 people on a couch. That’s a positive thing, not a negative thing.

The new court ruling was part of the 30 year old Computer Fraud and Abuse Act (CFAA). For obvious reasons, it’s difficult to legislate for online activity, and the CFAA is known for its uncertain, ambiguous and sometimes murky rulings.

Whilst password sharing may be a contentious subject, drawing widely differing opinions from legislators and the CEOs of streaming services, it’s important to look at the impact that account sharing could have on a user.

Reed Hastings recently told Business Insider that, “as long as they aren’t selling them, members can use their passwords however they please.”

Is this advisable though? Probably not.

The first question on your mind when someone asks if they can use your Netflix account, is do you trust that person? Even if they pinky promise they’ll stop using it after that House of Cards binge. This may seem obvious, but bad things can happen if your Netflix password is passed on enough times that it falls into the wrong hands.

Without you knowing, it’s possible, for example, that your account details could be sold on the black market. It could become part of a Netflix scam that sees your account being used a lure to infect people’s systems with ransomware. If you’re “recently watched” section is coming up with shows you’ve never seen, it may be that your account is being used by strangers.

Or the friend who promised to stop after House of Cards simply couldn’t resist.

It’s Safe To Share, If You Trust The Other Person

The truth is that Netflix also have their own way of dealing with over sharing of passwords. Their basic account setting allows for one stream at a time. The standard account allows for two. It’s a simple way of stopping one password being shared with hundreds of people.

Netflix is famous for having encouraged binge watching of shows, and it simply wouldn’t be possible if users had to co-ordinate and share out the use of one account. Hastings relies on the concurrent streaming limit, as well as their relatively inexpensive service being enough of a draw to stop people sharing passwords. It is very unlikely that they would ever try to prosecute users.

“Password sharing is something you have to learn to live with”

Hastings has emphasized as well that there’s no plan to add any other type of restriction to account sharing. “Password sharing is something you have to learn to live with, because there’s so much legitimate password sharing, like you sharing with your spouse, with your kids… so there’s no bright line, and we’re doing fine as is,” he said.

Anyone remember, the early days of online sharing when Metallica received a mighty backlash for having called out thousands of their own fans -who had shared their music online- as criminals? Maybe Hastings knows this type of stance would be bad press, especially for a company whose modus operandi, after all, is online sharing.

There is talk of what’s appropriate ethically though. Something that seems completely fair, considering Hasting’s and Netflix’s relaxed stance towards their service’s members.

We usually like to think that a husband and wife can share an account and that’s perfectly appropriate and acceptable,” said Hastings during a 2013 earnings call. “If you mean, ‘Hey, I got my password from my boyfriend’s uncle,’ then that’s not what we would consider appropriate.

The post Should You Share Your Netflix Password? appeared first on Panda Security Mediacenter.

Cellphone Usage Increases by 20% since 2015

Cellphone Usage Goes Up to 5 hours a Day! Stay Safe While Out & About with Security Tips from Panda

An interesting piece of news came out recently. According to analytics firm Flurry, US consumers spend up to 5 hours each day on their mobile devices. That’s right: 300 minutes per day. Or to put it differently, a whopping 35 hours every week. It’s a lot more than television by the way. The research firm claims this level of usage is a 20 percent increase compared with the fourth quarter of 2015. If keep on the same growth in percentage, very soon we will be spending more time staring at the little screen rather than sleeping.

That’s what we call real news. But is that surprising? Well, not really.

The uptake of mobile devices has been phenomenal, experiencing eye-watering high year-on-year growth. No wonder all big industry players have launched mobile phones with ever larger screens, not to mention a broad range of tablets to suit all budgets. In the US alone, mobile connections now exceed the actual population of the country; and over half the population access social media from mobile devices – a six percent growth since last year.

So it’s fair to say mobile devices have become a hub for everyday activities, from banking to shopping. Of course, we still make phone calls with our devices… though less and less, with free texting having cannibalized our communication habits.

We’ve moved into an era where phones would be totally unrecognizable to Alexander Graham Bell, the man credited with having invented the telephone (though, perhaps more accurately, he was the first to obtain a patent for his invention, back in in 1876).

So what does it mean when it comes to security?

Are your mobile habits putting your safety at risk?

Hackers can nowadays use malicious apps or unsecured networks to access vital pieces of information sitting on your mobile device. According to software experts Panda Security, there are some simple steps you can take to stay safe:

  • Phones have become increasingly loaded with sensitive data so being hacked is more of a risk. Set a secure password from the outset and combine it with biometric protection, if the device enables it.
  • Android or iOS operating systems can be vulnerable to hacks. Installing regular updates and patches will help ensure your software is providing the best level of protection available.
  • Clean-up and backup your phone regularly, by exporting your data for safe storage. And while you’re at it delete any old apps you’re not using anymore – don’t let them access your user data such as your location!
  • Always access the Internet via secure Wi-Fi networks. Unsecured networks may allow nearby hackers to intercept your data – do not let them get you! In addition, please do not do any shopping or banking on a public Wi-Fi network, that’s a recipe for disaster.
  • If you get text messages from unknown senders asking for personal information, just delete them. If you click on links in those messages, you hackers take advantage of you and install malware on your device phone. Don’t download apps by text message as this is a popular way for criminals to infect your mobile phone.

Having in mind, some people spend a total of 35 hours a week on their phones, it is safe to say, some of the digital print they leave may contain sensitive information. If you are one of those people, keep doing what you are doing as here at Panda we are making sure you are protected!

The post Cellphone Usage Increases by 20% since 2015 appeared first on Panda Security Mediacenter.

The Dark Side of Shopping Apps

Are shopping apps safe?

As we shoppers get better at identifying scams, cybercriminals are having to create new ways to try and steal our money. Effective PC security tools like Panda Safe Web can identify and block fake websites before scammers have a chance to trick us.

But increasingly we are shopping from our smartphones and tablets instead of desktop PCs. Realising this, cybercriminals have begun to develop a range of mobile-focused attacks designed to steal personal data and money.

So when you do fire up a shopping app on your mobile phone, how do you know it can be trusted?
Here are some tips.

1. Only download apps from official sources

Both the Apple App Store and Google Play Store use a very strict approval process to protect their customers. Whenever an app is submitted to one of these official stores, it is checked to ensure that it is not infected with malware, and doesn’t take personal data without your permission.

For iPhone users this is great news – every app they can download has been checked to ensure it is safe. Especially as Apple devices cannot install apps from anywhere else but the App Store.

Android users on the other hand are not limited to the Google Play store – they can download and install apps from virtually anywhere. Although this is much more flexible, not all app stores or websites apply the same security checks. Cybercriminals exploit this weakness by tricking Android users into downloading infected apps from email attachments or fake app stores. Once installed, this malware allows scammers to steal credit card details, or to encrypt your files so you cannot access them without paying a ransom.

When it comes to downloading shopping apps you must ensure they come from the official app store – otherwise you could be inviting cybercriminals onto your phone.

2. Install a mobile Security tool

You wouldn’t dream of leaving your PC unprotected against malware – so why ignore your mobile phone? Just this week mobile hacking hit the headlines again as government officials tried to highlight the risks.

It is absolutely essential that Android owners install a mobile security tool to protect themselves against fake shopping apps. Panda Mobile Security scans installed apps to detect malware and alert you to potential problems before your data can be stolen.

Using Panda Mobile Security you can also control what each app does, preventing them from accessing your data, or from triggering your camera or microphone. You can also prevent apps – good or bad – from uploading your information to the cloud, adding an additional layer of protection.

Stay alert

As well as installing security software on your mobile phone, you need to treat apps, web downloads and email attachments with caution. In the same way that you don’t open attachments from people you don’t know on your PC, you shouldn’t download unknown apps from untrusted websites.

As our phones become an important part of our shopping habits, criminals will devote more of their time and effort to attacking them. So it pays to protect yourself now before they attack you.

The post The Dark Side of Shopping Apps appeared first on Panda Security Mediacenter.

It Did What? The Dirty Secrets About Digital Assistants

Are Siri and Other Digital Assistants Actually a Security Risk?

People started fearing digital assistants before they even became a reality. Before computers were even a household commodity, Stanley Kubrick was terrifying cinemagoers with HAL, 2001: A Space Odyssey’s rogue AI assistant.

Today though, our intelligent personal assistants form an important part of our lives. As AI technology advances they will become even more prevalent.

While the dangers imagined in Sci-fi movies of the 60’s and 70’s are thankfully far from being around the corner, it’s important to look at the real security risks that digital assistants could pose.

Despite being the most popular intelligent personal assistants, Siri and Cortana are not the only iterations of this growing technology on the market. Amazon, for example, now offers it’s Echo device, while Facebook has recently released its own digital assistant called M.

So what are the dangers?

Not to sound too ominous, but IBM has banned the use of Siri for its employees. The rule was set by IBM Chief Technology Officer Jeanette Horan, who cited security concerns.

You know those large license agreements you have to agree to when you first start using a device, the ones most people don’t bother reading?

Well, Apple’s iPhone Software License Agreement, quite vaguely, shows how voice commands are used after being submitted to Siri. “When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text.

What’s more, “by using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and other Apple products and services.

Sounds like jargon? The convoluted styles in these agreements often help to gloss over important information that most companies know their user’s will be glancing over at best.

Siri may not literally be watching you, but the fact is that everything you say to her is sent to a big data center in Maiden, North Carolina. IBM’s Horan decided to ban Siri because it could be storing sensitive information for an unspecified amount of time.

If Apple were breached, hackers could intercept that data. And perhaps just as alarmingly, a lot of the data is sent to third party companies. Besides the fact that you’ll receive an onslaught of targeted ads, the more companies this information is sent to the less private it becomes.

This is far from being solely an Apple issue though.

Amazon Echo, A Criminal Witness?

In a case that has seen Amazon largely mirror Apple’s resolve on handing over encrypted data to the FBI, the Amazon Echo may have been a key witness to a murder.

James Andrew Bates is suspected of having killed Victor Collins in his apartment. No one else was present at the scene of the crime, except that is, Alexa, who was being used to stream music throughout the night.

Amazon, much like Apple, have abstained from giving police the data on Alexa, saying it would set an unwanted precedent. This shows though, at the very least, that police in Bentonville, Arkansas, where the crime took place, believe Alexa may be capable of storing sensitive information. So much so, they believe it could incriminate a suspect in a murder case.

Whilst this is obviously an extreme example of a data privacy issue, what implications does it have in a regular home?

The biggest all-round concern for cybersecurity experts is that these devices are constantly programmed to listen. Amazon’s Echo device is called to action by the command “Alexa”. This seems like an obvious vulnerability that could be used by hackers to listen into conversations taking place in the home.

Aside from this, the Echo cannot differentiate between different voices, so anyone who comes into your home potentially has access to every account linked to Alexa.

Other Risks

So, whilst it is yet to have happened, or to have been allowed by any of the big tech companies, lawyers or the police could potentially subpoena sensitive information. This is, of course, if law enforcement gets their way.

If they do, they’ll have the key to a huge amount of information, Apple, Amazon and Google being amongst a growing list of companies that keeps an archive of commands.

The problem, however, goes beyond the mere use of digital assistants. As the use of integrated devices and smart homes increases, more and more devices will have the ability to store potentially sensitive information. A Smart TV, for example could easily have the capability of storing recorded information. Whilst this would seemingly be primed towards targeted ads, there is again the possibility that sensitive information could be stored unbeknownst to its users.

Keep Safe

The obvious advice is easy to uphold, and is one that most people will already be practicing. Don’t say sensitive information, like passwords or credit cards details, out loud. It’s likely to become increasingly difficult to know who (or what’s) listening within your own home.

Meanwhile, whilst operating systems such as iOS do let you manage data collection by changing privacy settings, the only option the Amazon Echo gives you is to unplug the device when not in use. It’s important, therefore, to look at your privacy settings, whatever the device.

So aside from telling us tomorrow’s weather, where the best restaurants are, and the occasional bad joke, digital assistants do pose some real risks to our cybersecurity.

Whilst the technology undoubtedly makes us more seamlessly connected to our tech devices, in turn making our lives easier, it’s important to always take into account the issue of privacy; an issue that tech is increasingly making more tenuous within our own homes, for better or for worse.

The post It Did What? The Dirty Secrets About Digital Assistants appeared first on Panda Security Mediacenter.