Category: Android

Screen-exclamationChesttertown – a news release was sent out by the Independent Bankers of America and Chesapeake Bank & Trust Co. to remind consumers of the need to ensure the safety of their personal and sensitive information. Based from the same press release, since October is the Cyber Security Awareness Month, it is more likely that cyber criminals would keep on threatening and stealing personal information of U.S. residents.

The release also states that most Americans today live in a mobile security that they rely on Smartphones, computers and tablets. They make purchases, gather news, talk with family and friends and the most appealing of all, connecting with financial institutions. This would normally result in financial losses and risk to the consumers safety due to identity theft. For more information regarding this post, go to the source.

Source: MyEasternShoreMD

If we’re talking about security, Google isn’t our 100% go to source just by recalling what had happened when the Google Play app store had been plagued by malware in 2011.

Maybe, Google’s just too busy to see the loopholes in their security systems, as they’re just pretty occupied with left and right updates and innovations like the ongoing prep for the KitKat Version 4.4 and experts revealed that the company still has to address what’s missing and there’s plenty of that!

Third party security software developers—Kaspersky, McAfee and Lookout—have fixed and plugged the holes that the tech giant has failed to see.

To give you a clearer picture of security problems being discussed, let’s refer to the well-known security software, Bitdefender, ideas.

Malefactors are Google Play’s big Kryptonite as it is very vulnerable to attacks from them.

What are the results? A parade of malware, Trojans, viruses and spyware… Up to this date and time, there is no accurate data or stats to reveal the number of users who had suffered an onslaught of security attacks in the recent months.

What Google Has Done So Far?

Recently, Google has teamed up with Bouncer, an application that monitors any malicious software activity. Then, there is the Android Device Manager that helps find stolen gadgets (a service that only third party vendors use to offer).

Next there’s the Android 4.3 Jelly Bean, which has brought some for operating system security. One thing is its Android Sandbox that’s made to avoid any malicious program attacks on the operating system.

However, the capabilities of sandboxing remains hidden to developers and users and as a result then limits what third parties can do to protect mobile users outside of Google’s fence.

Bitdefender Security Ideas for Android

Hackers are unstoppable that they penetrate the world of mobile users, even while they’re asleep such as stealing credit card data and installing malicious programs in their mobile device. There are a lot of fake applications and thiefware in Google Play up to this time. Here are some security ideas from Bitdefender:

Allowing Antivirus Scanner APIs

If applications were made by different developers, they are not likely to interact with each other, a problem for security software developers as they can’t perform their scanning capabilities on those apps and so they can’t protect them from any malicious attacks but this can be addressed if they would allow antivirus system’s API to target malware and protect users through the life cycle of the app.

Controlling Over Individual App Permissions

When you’re downloading apps on android, it asks what the app is allowed to do such as collecting your location, accessing your text messages and even your calendar. Why would game apps for instance ask for that data? Bitdefender says that mobile user should have the power to grant only selected permissions when downloading the app provided that those choices won’t disable the app. This way any user can take control of his privacy and keep those apps from accessing data that they don’t need to function.

Allowing A Few Applications to Survive a Full Wipe

Thieves can ruin your digital life once they got a hold of your phone as you’ve probably used it to purchase online for instance. In addition, a thief can also wipe your phone and then sell it. One thing: You can now remotely wipe your phone or device to protect your important data. On the other hand, wiping your device will also delete any security tools that will not allow you to search for the thief or run your Find My Device app.

If Google would give the chance for some applications to run or survive a full wipe in their KitKat 4.4, then it might help improve security especially after your phone has been stolen. However, a malware, according to experts can also survive by imitating or mimicking any security software installed in your device, so it may be advisable that you delete everything to keep the enemy from getting itself into your territory.

Having Built-In Sandbox That Will Isolate Application from Any Non-Trusted Sources

When users download any non-trusted app, they will never know what the app is doing when they are not looking. They never know that their personal information and other important details are being accessed and given to other sources like advertising networks. Bitdefender thinks that those apps from non-trusted sources should be quarantined.

Separating Profiles for Business from Personal Uses

…So Users can prohibit any applications from collecting data from their business profiles (Some applications do this but Android does not have this built in the system level).

What do you think of these suggestions? Can Bitdefender’s ideas work for you? Share in your comments below.

Until Next Time, 

Peter, Your Online Security Guide 🙂

A newly discovered Trojan program exploits previously unknown flaws in Android and borrows techniques from Windows malware in order to evade detection and achieve persistence on infected devices.

Security researchers from antivirus firm Kaspersky Lab named the new malicious application Backdoor.AndroidOS.Obad.a and labeled it the most sophisticated Android Trojan program to date.

The malware is designed to send SMS messages to premium-rate numbers and allows attackers to execute rogue commands on infected devices by opening a remote shell. Attackers can use the malware to steal any kind of data stored on compromised devices or to download additional malicious applications that can be installed locally or distributed to other devices over Bluetooth.

Source: ComputerWorld

The Android threat landscape is growing in both size and complexity with cyber criminals adopting new distribution methods and building Android-focused malware services, according to a report from Finnish security vendor F-Secure.

The number of mobile threats has increased by nearly 50 percent during the first three months of 2013, from 100 to 149 families and variants, F-Secure said in its Mobile Threat Report for Q1 2013 that was released on Tuesday. Over 91 percent of those threats target the Android platform and the rest target Symbian.

Source: InfoWorld

Security researchers in China are warning Android users to be on their guard after claiming to have discovered a million-strong botnet lurking on the platform.

The Android.Troj.mdk Trojan, first spotted by security firm Kingsoft Duba back in early 2011, is thought to be hidden in over 7,000 apps today, including many popular games such as Fishing Joy and Temple Run.

Once installed it allows the attacker to remotely control the victim’s smartphone for a variety of nefarious ends including harvesting contact and messaging details, generating nuisance adware, committing click fraud and downloading additional apps, Xinhua reported.

Source: The Register

A recent FBI warning on Android malware includes the mobile version of spyware that was sold to law enforcement and governments, demonstrating how such commercial applications can pose a threat to private companies and consumers.

The FBI’s Internet Crime Complaint Center said this week that FinFisher was among the latest malware brought to its attention, along with a Trojan called Loozfon. To infect phones, criminals were sending text messages with links leading to a malicious web site.

FinFisher has been used for sometime in compromising personal computers. The commercial version was originally sold to law enforcement and governments as spyware in almost a dozen countries.

Source: CSO

Even in an age of vanishing privacy, people using Apple’s digital assistant Siri share a distinct concern.

Recordings of their actual voices, asking questions that might be personal, travel over the Internet to a remote Apple server for processing. Then they remain stored there; Apple won’t say for how long.

That voice recording, unlike most of the data produced by smart phones and other computers, is an actual biometric identifier.

A voiceprint — if disclosed by accident, hack or subpoena — can be linked to a specific person. And with the current boom in speech recognition apps, Apple isn’t the only one amassing such data.

“Maybe anything that IDs you should stay on the phone,” says Prem Natarajan, executive vice president at Raytheon BBN Technologies in Cambridge, Mass., a major center for speech recognition research.

He says it might be wiser for Apple to “transmit features from speech — and not the speech itself.”

Source: Mashable

Android users- especially the ones who have got their phones rooted have been warned against installing apps which may turn their phones into zombies.

Trend Micro have explained it by stating that a library file in many apps detected as ANDROIDOS_BOTPANDA.A, has enough root permissions to connect to its command and control (C&C) servers and invoke processes remotely.

The malware found is smart and knows how to conceal its identity. When the app is installed, the library file runs the zombie service from your Android phone which connects itself to C&C servers.

Developed using NDK, a tool-kit used by Android developers to create apps, it instates itself using the Java Native Interface and creates a malicious library in your device called libvadgo.

This zombie malware may pave its way on your non-rooted phones through third-party app stores as well.

Source: The Droid Guy

Security experts are warning of yet more malicious applications found on Google’s official online apps market Play, this time designed to steal personal data in the background while promising to show trailers for Japanese anime, video games and porn.

The new Android Trojan had been discovered in 15 applications on Google Play so far and downloaded by at least 70,000 users, McAfee malware researcher Carlos Castillo explained in a blog post.

“Due the privacy risk that these applications represent to Android customers, all of them have been removed from the market,” he cautioned.

 The malware, specifically designed to target Japanese users, is hidden in apps which show internet-based video trailers.
Source: The Register

According to a test done by a German-based security institute AV-Test, nearly two-thirds of Android anti-virus are not yet suitable for use as reliable products.

The test found that out of 41 different Android anti-virus solution, 34 scanners detected less than 65 percent of 618 different types of Android-specific malware.

Software from companies including AVG, Bitdefender, ESET, Norton and Trend Micro detected between 65 and 90 percent of malware. In the second bracket of solutions, detecting only 40 to 65 percent of malware, fell products from BullGuard, Comodo, McAfee, NQ, Total Defense and G Data, leading AV-Test to conclude that “these vendors may not yet have a sufficient infrastructure to collect a broad range of malware or they focus on a local market.”

Source: MSNBC.com