Category Archives: mobile security
Young Brit iOS app developer churns ‘em out
Rating: Modular approach to app development
Having written up the exploits of a young British app developer turned hackeer – Aaron Bond (see our previous story here), it seems only fair to mention his latest iOS creations. Aaron appears to be focusing in particular on two of his apps – MyReward + and iice SOS. Version 1.5 of the latter should appear this week [March 2012] and version 1.2 of MyReward + should come out shortly after that. Incidentally, Aaron tells GoMobile News that his vehicle for creating iOS apps is now iPhoneappz rather than SeRiiOn. “I’ve moved onto bigger and better things,” he told GoMobile News. Which is lucky because iPhoneappz is much easier to spell. Continue reading
An Android/iOS app that spies on employees’ smartphones
Rating: Copy9 crosses line between data protection and snooping
When we stumbled across Copy9‘s range of mobile apps, we really weren’t sure whether they were genuine or malware. The company itself describes the product as ‘spyware’ and cites child protection; monitoring cheating spouses or errant employees as reasons to install its apps. The catch is that you have to provide the Copy9 app will exactly the kind of capabilities you would for a nasty piece of malware. So we asked our old buddies at mobile security software specialist, avast! Software, their opinion. This is what Alena Varkockova, Android analyst with the AVAST Virus Lab, said. “This app is an example of the thin line between malicious and PUP (Potentially Unwanted Program).” So GoMobile News bit the bullet and installed Copy9 on an old Android handset lent to us by ZTE. The app does what it claims to do. It spies on the handset for you. For free. Continue reading
Spanish speakers hit by fake Android banking apps
Rating: Just exactly is this malware escaping into the wild?
It seems a number of players in the mobile security sector are getting hot under the collar thanks to the discovery of ‘fake’ mobile banking Android apps. At present, it seems to GoMobile News that these attacks are targeting Spanish speakers – particularly as the banks in question are Banesto, BBVA and Santander. What’s really worrying the security experts is that they are not quite sure how these Android malware apps are escaping into the wild. However, at least one security software provider, ESET, is confident that its Android security app will pick up these nasty example of malware ‘heuristically’ as a variant of the Android Trojan – SMS Stealer C. The issue has been highlighted by The Hacker News here which in turn spotted mention of the outbreak on McAfee blog post here. Continue reading
avast! free mobile security gets top AV-test ranking for Android malware
Press release
March 9th 2012. avast! Free Mobile Security got a top malware detection ranking in the new study from AV-Test, the independent testing organisation. “avast! Free Mobile Security is available for free, easy to use and has many features to protect your device. With its very good detection rate it is one of the best security products for your Android device,” stated Andreas Marx, CEO of AV-Test, in the report. Continue reading
With mobile cloud storage the problem with BYOD is LLYOD
Rating: TeamDrive reckons it has the secure answer
The drawback to many cloud based synchronisation offerings is that for certain sectors – like financial – data has to be held securely. All business are scared of leaking confidential data or intellectual property when employees access files on the go. With version 3.0 of its offering, TeamDrive believes it has overcome all of the obstacles. TeamDrive doesn’t push customers into the public cloud. Instead, it can offer customers a free choice of private cloud, public cloud, TeamDrive cloud or enterprise server. On top of this, TeamDrive 3.0 adds secure clients for iOS and Android smart phones and tablets to the existing Mac, PC and Linux secure clients. In fact, the system is so secure that certain governments (the USA, Saudi Arabia, etc) might get scared of their citizens using it. Continue reading
The facts behind user privacy according to Mobclix
Rating: Advertising network issues resolute rebuttal to Channel 4 show
Velti/Mobclix has respond to a story that ran on the UK’s Channel 4 News sounding a privacy alarm on Android apps sharing personal data with advertisers and alluding to the possibility that Mobclix facilitates the storage of private user data. The TV programme provided the basis for this earlier GoMo News story. Mobclix points out that the entire programme only suggests that it’s ‘possible‘ for all kinds of bad things to happen with user data on mobile devices, specifically when users download apps that use networks to target advertising. The reporter cites no actual evidence that a network indeed is compromising user privacy in this way. Continue reading
Channel 4 claims exclusive interview with Reding on data theft
Rating: Commissions MWR InfoSecurity to prove allegations
Viviane Reding, vp of the European Commission has spoken exclusively to Channel 4 News about smartphone apps developed to mine personal data and pass it to advertisers. A quarter of all UK mobile users are on Android. They downloaded 100,000,000 Apps in January alone.These users grant apps permission to access certain features on the phone and Channel 4 News has discovered that these permissions are then being ‘handed on’ to a network of advertisers. Continue reading
Data theft via mobile apps exposed
Rating: Sunday Times points finger at US based LeadBolt
A dramatic report compiled by two journalists for the Sunday Times – Robin Henry and Peter Newlands has exposed how personal data is being stolen from victims phones through downloaded apps. The victims can’t possibly have thought they had agreed to provide such information. Why, for example, is an app called Extreme Flashlight sending the app user’s email address and telephone number to servers based in India. The list of other countries receiving this ‘stolen’ personal data is intriguing because it includes Israel and the USA as well as India and China. The report singled out LeadBolt in particular becuase its own privacy statement claimed it didn’t indulge in such practices. Continue reading
Manufacturers of Android phones continue to compromise users’ security
Rating: So says MWR InfoSecurity in light of MWC 2012
According to MWR InfoSecurity, a UK based IT security consultancy, users of mobile phones are still being put at considerable security risk because manufacturers of Android devices are not doing enough to safeguard users security worldwide. “Android mobiles are being compromised daily exposing users to a real security risk,” said Ian Shaw, md with MWR InfoSecurity. He warns users to beware because manufacturers that they are just not doing enough. Shaw continued, “Manufacturers of Android mobile phones will once again be launching their latest models and as before, we will be warning users and manufacturers at the Mobile World Congress in Barcelona that not enough is being done to safeguard user information.,” Shaw says. The increasing lack of security controls on the phones are exposing users to fraud and other criminal activity, the company maintains. Continue reading
Warning of increased GSM + TETRA attacks
Rating: We’re back to Squidgygate and police radio scanners again
Here’s a bit of an ominous warning. Much worse than mere voicemail hacking. Greg Jones, a director of wireless security specialist, Digital Assurance, is warning of the dangers posed by the increasing availability of low cost software defined radio (SDR) solutions. He says, “It’s extremely likely that criminal gangs, hacktivists and others will all show a growing interest in [SDR]. And we’re not just talking about the hacking of individual mobile phones here but the possible compromise of critical infrastructure.” In a nutshell, what Mr Jones is suggesting is that thanks to SDR it’s no longer possible to assume that calls made over commercial and specialist wireless networks are inherently secure. We’re back to the bad old days when ham radio enthusiasts could list into analogue cellular calls. Who remembers the infamous Squidgygate tapes, for example? Continue reading
Android app provides security of Wi-fi links
Rating: Apparently it sees off Cain & Abel, FaceNiff, DroidSheep, and WifiKill
We’ve run plenty of stories about mobile phone security, but we hadn’t noticed that there might be a gap in protection. Yup, attacks over Wi-fi. GoMo News has discovered that there seem to be plenty of these type of attacks doing the rounds. Heinrich Gurke informs us that they mostly come under the category of ‘Man In The Middle (MITM)’ attacks and guess what? He’s built an app that protects Android users from these kinds of threats – it’s called Wifi Protector. Continue reading
Ghana pips Nigeria and Israel for biggest source of fraudsters
Rating: 400 per cent increase in fraud via mobile devices in 2011
Transactions originating from the country of Ghana are most likely to correlate to fraud, according to iovation. Next in the list of naughty boys comes Nigeria followed by the Philippines, China and Israel. Using its patented ReputationManager 360 solution, iovation stopped 50 million fraud attempts in 2011 alone. Now the company’s system tracks more than 800 million different devices and the majority of attempts are being made from PCs or Macs. However, iovation detected a 400 percent increase in fraud via mobile devices in 2011. The system recognises the major mobile hardware brands but the company says its figures indicate that recognising and stopping mobile fraud will only become more challenging in 2012. Continue reading
F5 offers secure network access for Android 4.x Ice Cream Sandwich
Rating: Network nasties can’t keep you off the intranet now
Hong Kong’s F5 Networks is enabling owners of Android 4.x (Ice Cream Sandwich) devices to combat the worries of corporate network nasties by providing a full SSL VPN connection. That’s about as secure as you can get. As John Girard, an analyst with Gartner says, “‘Bring Your Own Device’ (BYOD) programmes are creating challenges for companies interested in enforcing common security policies.” The answer F5 Networks provides is two versions of it Android BIG-IP Edge Client: – a regular one and one for ‘rooted’ devices. The latter can be used by IT professionals (and ‘hackers’) to extend client support to previous Android OS versions. Furthermore, F5 is introducing enhanced support for its BIG-IP Edge Portal, which provides managed application access to enterprise web applications such as SharePoint and Intranet sites. Continue reading
A way to avoid O2′s accidental security breach
Rating: Create your own proxy server
Readers may have seen Press reports that between January 10th and 14.00 on January 25th [2012], those using web browsers on the UK’s O2 network may have accidentally exposed their mobile phone number to third party web site. Don’t worry because O2 has very definitely fixed the problem and has posted a FAQ about the incident here. GoMo News was immediately curious to know – if those O2 customers had been running security software would it have protected them? The short answer is No. But, and it’s a big but, it would have been possible to swerve this disclosure had you been routinely routing all of the traffic from your smartphone through a secure proxy server. Continue reading
Security threats in M2M comms tackled
Rating: Coverity and Wind River combine forces
At a recent pre-MWC event organised by the UK’s DTI, one of the judges – Mike Short, a vp with Telefonica Europe – mentioned that M2M (machine-to-machine) communications will almost certainly one of the major themes at the show. However, one aspect of M2M which is frequently overlooked is security. Which is why two companies have just got together to address this problem. Their combined solution enables software developers to build security into the embedded software development process and effectively address security vulnerabilities as software code is written. The two firms involved are Coverity, which specialises in development testing and Wind River, whose skills encompass embedded and mobile software. Continue reading
