Tag Archive | Android

Facebook Home complicated with security problems: better wait!

vulnerability

fbhome

Seems like Facebook Home, new launcher app for certain Android apps, will allow you to put updates from Facebook News Feed right onto your lock screen. While this brings Facebook to life for you, it isn’t exactly the safest. There are many reasons.

Let’s put it this way: adding a PIN code lock to your phone doesn’t keep people locked out of your Facebook account. People, even if they don’t access your phone, can still access the Facebook account on the lock screen, because the PIN code does not secure Facebook Home.

Maybe it’s a good idea to wait to use Facebook Home, so security features can be enhanced.

 

Do you have a phone enabled with Facebook Home and a PIN code? Let me know, comment below!

Google disallowing Ad-Blockers in Play store

While Google Play has operated in an odd fashion, by mostly approving apps correctly, except for a few slipping by. But, it has also approved ad-blocking apps. Most of the time these apps either operated in browser environment (like Firefox add-on: AdBlock Plus) or in a rooted environment (which helps disable all device ads).

Google says no more, as many report on social networks that ad blockers are removed from Google Play. Most of the time, the reason for removal: “Violation of section 4.4 of the Developer Distribution Agreement.”

Supposed that Google is disallowing updates to current versions, which means that even if you have ad blockers on your device, they will eventually dysfunction, if not already.

Vulnerability: Samsung-branded Android Phones Allow Bypass of Lock Screen

vulnerability

A vulnerability was recently found in Samsung mobile Android devices, OS version 4.1.2, that would give an attacker (unauthenticated users) the ability to circumvent the screen lock, viewing the home screen. It can also give them rights to run apps, send arbitrary messages to contacts, rack up illegitimate phone services, etc. It could also lock out the original user of the device.

Terence Eden posted a video about the Galaxy Note II:

This isn’t the first time we’ve seen flaws on Samsung-branded Android smartphones. Before this, kernel trouble was the topic, where attackers can gain easy access to the Android kernel in some Samsung devices.

Are Mobile Devices the Next DDoS Threat?

The question that many have had on their minds is if mobile devices will become a source of DDoS attacks. Whether mobile phones will be used as zombies is currently under speculation by many researchers, who say “It may be imminent.”

It can be figured due to the amount of trojans found on Android devices, how iOS devices got attacked, and Windows Phone being vulnerable. Trojans are masks that cover an legitimate looking program. Basically, a program appears to be legitimate, but has hidden features to do something different. Most of the time, either the trojan will steal data and mine some cash, or use your computer as a zombie (using your resources such as CPU, RAM, etc.) to launch a DDoS attack.

A distributed denial of service is used to cause a server to take too many requests that it cannot handle. This is usually done by blackhat hackers or cybercriminals to either protest a specific ideal, or just for fun.

A highly used DDoS tool by Anonymous called “Low Orbit Ion Cannon” (LOIC) was recently redesigned for use on the Android platform. The porting over to Android from the Desktop app took no programming skills. In fact, it’s easy to use old tools and port them over to Android.

With device manufacturers slowly releasing updates to device operating system, firmware, etc. – this leaves an open hole for exploit/cyberattack. Android is particularly vulnerable because of the ability to use ‘unknown source’ apps, or apps outside of the Google Play store.

Although, if it is thought out, it would take thousands of devices to be able to have the power to construct a DDoS attack. However, this would make it a lot simpler for a pre-constructed attack, that can come from many countries – thus making it hard to trace the origin of the attack(s).

It is sure that as carriers and app developers are distributing e-wallet apps, the ability to rob personal data, credit card, etc. will increase. Heads up!

Security Concerns This Winter – Android Malware, Facebook Problems, Anonymous, among other things

We’ve discussed over the past couple of weeks some of the things that happened in 2012, and things we’re focused on coming into the new year. There is a surge in a lot of security concern over several different issues, including Android malware, Anonymous, cyberwar, among other things. Here is a comprised list of the top concerns this Winter that we’ll be investigating on a continual basis.

  1. Identity Theft – this can be a problem for most people that get viruses and other malware on their computer. It can also be a problem on social networks. It is best to have a good antivirus and keep your social networking information safe. You don’t have to enter everything in your profile. Leave some fields blank so it is more trivial for the unsuspecting stalker. Sadly, you cannot know who’s viewed your profile, which makes it more difficult to discover stalkers. Hmm…hint Facebook.
  2. Spear-Phishing – plain and clear, spear-phishing is similar to identity theft. This is done by email-spoofing, which the attacker is masking him-or-herself as a legitimate company with legitimate looking emails. However, these emails are only subject to make you click and to either steal your information, or distribute malware, or even both. Normally, this is a big problem over the holidays, but now it’s starting to become widespread no matter the time of year.
  3. Human Error and the Failure to Update – Vulnerabilities – It is true that humans forget a lot of things. One of the biggest security risks we have always faced is that users fail to update their browser plugins and programs on their computer. However, through the use of this vulnerability, attackers exploit and send malware your way. Using a vulnerability scanner can help you keep managed of this atrocity.
  4. Browser Hijackers and Junkware – we still continue to see the problem of browser hijackers and junkware being distributed in installers for legitimate programs. What’s sad is, the royalties are so high for software developers to add in the install code for junkware, that the developers don’t know how bad the issue is. From Babylon Toolbar to Claro Search…these toolbars and homepage hijackers are unnecessary and technically need to be done away with. Good thing our security community has the ability to remove this crap with our special tools.
  5. Malware growth on Other Platforms – it’s no surprise that malware problems are lighting up on the iOS now, as well as Linux. It sure will start to become a problem this year. Even more on Windows 8 and Android than any other device.
  6. Android Malware Growth – This has become one of the biggest problems right now in the computing world is the steady high growth of malware on the Android platform. It will continue to be a problem, sadly.
  7. Anonymous Cyberattacks, and Government Cyberwar – we will still see cybercrime and cyberwar problems continue this year.

Stay in tune with this blog for further updates.

Will 2013 Be a Challenging Year for Computer Security?

Much of the attention in 2013 in computer security will be mainly focused on industrial control systems (ICS), Android, and the all new Windows 8 OS. With the dealings of malware like Stuxnet and other government threats, to the normal hackers and attackers on consumer devices – it will be a challenge in both business and consumer markets.

Supervisory software runs on dedicated workstations and programmable hardware devices, and this is called a control system. They’re used to monitor and control many different operations, such as power grids, trains, airplanes, water distribution systems, military installations, and many more. Many times, control systems are used in critical infrastructures, especially systems for big populations that depend on electricity, clean water, transportation, etc.

Many worries that we’d be watching in 2013 that other security authorities are watching as well include the rise of more government malware. Especially, when it comes to control systems, which are believed to be widely targeted and surveyed.

For other problems to be faced include intense rises of mobile malware, particularly in the Android marketplace. The problem is that Android malware is becoming more widespread. It looks like hackers are retrying some old methods of Windows operating system exploitation on Android devices. This can prove to become a big problem to watch out for.

The big issue with Android attacks also seems to point at privilege escalation attacks, which like to work through malicious apps installed by the user to gain root access and take control of the device. With hundreds of millions of Android devices already infected since its birth, the size of botnets have gotten to be big, and there may still be a lot of devices infected.

Also, keep in mind that when you use a smartphone, you’re leaking a lot of information. This is mainly through App usage, which most of them collect a bit of data from your phone. It isn’t exactly personally-identifiable information, however, it’s enough to make some people nervous.

Android is very open, and you can download apps from almost anywhere for Android. This is much like Windows OS has been. But, that’s a whole different long story.

Windows 8 will be a challenge for security, because researchers, hackers, security experts, etc. want to get in on testing just how secure it is.

Read more about threats in 2013

Android Exploit Found on Samsung Devices

vulnerability

There is an Android kernel implementation flaw being investigated a lot closer by Samsung Electronics in their devices. Since Google does not have any official devices that Android can solely run on, that means specific device-makers have to implement the Android kernel into its devices.

Apparently, any app can use this vulnerability to exploit and gain root access to the device. Affected devices include the following Samsung devices:

  • Galaxy Note
  • Galaxy Note II
  • Galaxy Note 10.1
  • Galaxy Note Plus
  • S2
  • S3

Hackers have increasingly targeted the Android OS. This past Saturday was when this kernel vulnerability was found by user “alephzain” on XDA Developers, a forum for mobile (device/OS) developers. Alephzain noted that this was a “huge mistake” and that people should be very wary of this problem. Another forum user, Chainfire, helped note some more information, including about the affected devices. This flaw was thoroughly tested and confirmed.

It is best to have good mobile protection against any type of threat: Buy Kaspersky Mobile Security and protect your Android smartphone for 1 Year – only $19.95Holiday price: $9.95!

%d bloggers like this: