Is someone trying to hack your phone? The answer to this question is most likely “yes” – regardless of whether you are a person of particular interest to hackers or not. The average Joe may not be the CEO of a petroleum or pharmaceutical company, but there is still money to be made in hacking their device and extracting data. Here is how attackers do that.
At the end of last month, Google announced it had blocked a new family of malware that had spread through its Play Store. Dubbed Lipizzan, the malicious code wasn’t spectacular in terms of spying capabilities. The part that has bigger implications for mobile security is how it got through Google’s filters in the first place.
WikiLeaks posted last week 8,761 documents revealing an arsenal of hacking tools used by the US Central Intelligence Agency (CIA). The ability to turn smart TVs into listening devices, or take remote control of smart cars made the most headlines. However, this was no news for the cybersecurity community, which has been vocal about the weak security of many Internet of Things (IoT) products. In a similar way, the unveiled Android exploits came as no surprise to Secure Group. They are, in fact, the same thing we have been telling users for years.
You can’t overstate how central smartphones have become to people’s lives. The average time a person spends using their mobile device is about five hours a day – one-third of the time a person is awake. Nothing wrong with that really. Until you consider how much data – often personal – this activity involves. Android phones are inherently insecure in the way they handle this data. And while volumes of it leak all the time, there is no shortage of parties looking to put your data to malicious use.
Mobile devices are no longer the future – they are the reigning kings of the present. October 2016 marked the tipping point, at which mobile devices accounted for a bigger share of Internet usage than desktop computers. Close to 2 billion people use mobile devices to access the Internet. Google has already reported mobile searches surpassing desktop ones by some 10 percentage points – and that its search algorithm will start favoring mobile sites. Not to mention that marketing and ad spending is already shifted towards mobile. But what does this brave new world mean for mobile security?
Your phone knows an awful lot about you. Your location, your bank account, the names of all your contacts, the passwords to all your accounts… You name it. And different apps on it have access, and permissions, to transmit this data to God knows who. You may trust the manufacturer of your phone has put only software on it that respects your privacy. But what about third-party apps that have the same permissions? And what if you have no idea how these apps got on your phone?
A quickly rising threat is hiding within literally thousands of Android apps available on various app stores, CSO Online has recently reported. It's dubbed DressCode and is particularly dangerous because it can infiltrate whatever internet network the infected device connects to.
There is a wide-held misconception that Android is unsecure and prone to attacks...
Welcome to the September mid-month installment of Secure Group’s Security and Privacy Roundup. Our newsletter focuses on relevant news articles about security and privacy issues in the world today, in order to inform our customers and anyone interested in these issues.This is the third installment of our bi-monthly compilation, and we hope it proves informative.
There are a few compelling stories this month worth following. In order to keep things as relevant as possible, the stories are posted in descending order, with the latest entries first. Remember, check out our previous entries as well!
- September 11th - Half of iOS devices running out-of-date versions, putting users at risk
- September 9th - Data Breach captures data from 10.5 million health-care insurance customers
- September 9th - Library Bows to Police Pressure, Suspends Tor Node
- September 7th - New Android Porn malware takes photo and demands your money
- September 3rd - Department of Justice (DOJ) now requires Warrants to be issued for use of ‘Stingrays'
- August 31st - EFF Want to Overturn Florida Case Allowing Warrantless searches of Americans’ Cell Phone Location Records
Two weeks ago, a frightening vulnerability was discovered on Android phones. Dubbed Stagefright, it allows an attacker potential access to higher functions of your phone by simply sending you a text message with attached and infected media, such as a video or audio clip, or a photo. Luckily, this flaw was discovered relatively early by Zimperium zLabs VP of Platform Research and Exploitation, Joshua J. Drake. A patch was also provided by Drake and co. and Google was quickly alerted to the problem and solution both. End of story? Unfortunately no. Patching issues and new vulnerabilities have complicated things, and your android phone may be vulnerable a while yet.