Author Archives: Radhika Sarang

Warning: Crypto-Currency Mining is Targeting Your Android

Cryptocurrency, a virtual form of currency designed to work as a secure form of exchange, has gained a lot of traction in the world of finance and technology. But for many, the concept of obtaining cryptocurrency, or “crypto mining,” is obscure. Investopedia defines crypto-mining as, “the process by which transactions are verified and added to the public ledger, known as the blockchain, and also the means through which new currencies such as Bitcoin and Ethereum are released.”

The practice has been around since 2009, and anyone with access to the Internet, the required programs and hardware can participate in mining. In fact, by the end of this month, Forbes Magazine will have published its first “Top Richest” list dedicated to Crypto Millionaires.

With the rise in popularity of digital currency, it’s no surprise that cybercriminals across the globe are leveraging malicious code to obtain it. Hackers would rather develop or utilize mining malware instead of paying the expensive price tag associated with mining machines, which can be upwards of $5000. In China, the ADB Miner malware is spreading and targeting thousands of Android devices for the primary purpose of mining cryptocurrency. The malware is spread through the publicly accessible Android Debug Bridge (abd) on an opened port 5555. This port is typically closed but can be opened by an ADB debug tool. Once infected, a device will look for other devices with the same vulnerability to spread the malware and leverage other Android-based smartphones, tablets, and televisions for crypto-mining.

So why are cybercriminals now targeting Android mobile devices? This could be due to the fact that hackers know they can easily manipulate vulnerabilities in Google Play’s app vetting system. Last year McAfee Mobile Threat Research identified more than 4,000 apps that were removed from Google Play without notification to users. Currently, the app store does not have consistent or centralized reporting available for app purchasers. Even if an app is supported by Google Play at the time of download, it could later be identified as malicious and Android users may be unaware of the fact that they’re harboring a bad app.

Researchers have found over 600 blacklisted malicious cryptocurrency apps across 20 app stores including Apple and Google Play. Google Play was found to have the highest amount of malicious crypto apps, with 272 available for download. In the United States, researchers have found another crypto-mining malware that is so demanding of phone processors, its causing them to implode. Loapi, a newly-discovered Trojan crypto-miner, can cause phone batteries to swell up and burst open the device’s back cover, and has been found in up to 20 mobile apps.

Crypto-mining malware isn’t a new phenomenon. Before the WannaCry attacks last summer, cryptocurrency malware sprung up as another malicious software looking to take advantage of the same Windows vulnerabilities that WannaCry exploited. But, instead of locking down systems with ransomware, these cybercriminals were putting them to work, using a cryptocurrency mining malware called Adylkuzz.

Here are a few tips to ensure your Android-devices are protected from crypto-mining malware:

  • Download your apps from a legitimate source. While some malicious apps may slip through the cracks, app stores like Google Play do have security measures in place to protect users, and it’s much safer than downloading from an unknown source.
  • Delete any apps that you haven’t used over the past 6-months. An app’s security can change over time; applications that were once supported by an app store can be flagged as malicious and removed from the platform without notification. If an app is no longer supported in the app store, you should delete it immediately.
  • Keep all of your software up to date. Many of the more harmful malware attacks we’ve seen, like the Equifax data breach, take advantage of software vulnerabilities in common applications, such as operating systems and browsers. Having the latest software and application versions ensures that any known bugs or exploits are patched, and is one of the best defenses against viruses and malware.
  • Double up on your mobile security software. I can’t stress enough how important is to use comprehensive security software to protect your personal devices.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

 

The post Warning: Crypto-Currency Mining is Targeting Your Android appeared first on McAfee Blogs.

McAfee Blogs: Warning: Crypto-Currency Mining is Targeting Your Android

Cryptocurrency, a virtual form of currency designed to work as a secure form of exchange, has gained a lot of traction in the world of finance and technology. But for many, the concept of obtaining cryptocurrency, or “crypto mining,” is obscure. Investopedia defines crypto-mining as, “the process by which transactions are verified and added to the public ledger, known as the blockchain, and also the means through which new currencies such as Bitcoin and Ethereum are released.”

The practice has been around since 2009, and anyone with access to the Internet, the required programs and hardware can participate in mining. In fact, by the end of this month, Forbes Magazine will have published its first “Top Richest” list dedicated to Crypto Millionaires.

With the rise in popularity of digital currency, it’s no surprise that cybercriminals across the globe are leveraging malicious code to obtain it. Hackers would rather develop or utilize mining malware instead of paying the expensive price tag associated with mining machines, which can be upwards of $5000. In China, the ADB Miner malware is spreading and targeting thousands of Android devices for the primary purpose of mining cryptocurrency. The malware is spread through the publicly accessible Android Debug Bridge (abd) on an opened port 5555. This port is typically closed but can be opened by an ADB debug tool. Once infected, a device will look for other devices with the same vulnerability to spread the malware and leverage other Android-based smartphones, tablets, and televisions for crypto-mining.

So why are cybercriminals now targeting Android mobile devices? This could be due to the fact that hackers know they can easily manipulate vulnerabilities in Google Play’s app vetting system. Last year McAfee Mobile Threat Research identified more than 4,000 apps that were removed from Google Play without notification to users. Currently, the app store does not have consistent or centralized reporting available for app purchasers. Even if an app is supported by Google Play at the time of download, it could later be identified as malicious and Android users may be unaware of the fact that they’re harboring a bad app.

Researchers have found over 600 blacklisted malicious cryptocurrency apps across 20 app stores including Apple and Google Play. Google Play was found to have the highest amount of malicious crypto apps, with 272 available for download. In the United States, researchers have found another crypto-mining malware that is so demanding of phone processors, its causing them to implode. Loapi, a newly-discovered Trojan crypto-miner, can cause phone batteries to swell up and burst open the device’s back cover, and has been found in up to 20 mobile apps.

Crypto-mining malware isn’t a new phenomenon. Before the WannaCry attacks last summer, cryptocurrency malware sprung up as another malicious software looking to take advantage of the same Windows vulnerabilities that WannaCry exploited. But, instead of locking down systems with ransomware, these cybercriminals were putting them to work, using a cryptocurrency mining malware called Adylkuzz.

Here are a few tips to ensure your Android-devices are protected from crypto-mining malware:

  • Download your apps from a legitimate source. While some malicious apps may slip through the cracks, app stores like Google Play do have security measures in place to protect users, and it’s much safer than downloading from an unknown source.
  • Delete any apps that you haven’t used over the past 6-months. An app’s security can change over time; applications that were once supported by an app store can be flagged as malicious and removed from the platform without notification. If an app is no longer supported in the app store, you should delete it immediately.
  • Keep all of your software up to date. Many of the more harmful malware attacks we’ve seen, like the Equifax data breach, take advantage of software vulnerabilities in common applications, such as operating systems and browsers. Having the latest software and application versions ensures that any known bugs or exploits are patched, and is one of the best defenses against viruses and malware.
  • Double up on your mobile security software. I can’t stress enough how important is to use comprehensive security software to protect your personal devices.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

 

The post Warning: Crypto-Currency Mining is Targeting Your Android appeared first on McAfee Blogs.



McAfee Blogs

Share Your Heart, Not Your Identity: Here’s How You Can Stay Safe on Valentine’s Day

I love Valentine’s day, it’s the one day of the year exclusively dedicated to sharing: we share our feelings, our affection, and special gifts with our loved ones. It’s a great time to show the people in our lives just how much they mean to us. Thanks to social media and mobile friendly retailers, giving your loved ones the world is just a few clicks away.

Tech devices have made it so much easier to share our hearts with the people we care about. But, could our emotional vulnerability ultimately leave us vulnerable to cyber-attacks? Historically, Valentine’s day has been a big day for cybercrime. Criminals have found clever ways to take advantage of retail, online dating platforms, and social media to launch attacks against romantic hopefuls. If you’re wondering how to avoid the most common V-day scams, here are a few things to remember when sharing the love online, and some useful tips to keep your precious data safe.

Dating Apps Are a Data Goldmine

Apps like Tinder or Zoosk are very attractive to hackers around this time of year. Considering the amount of intimate details shared on these platforms, dating apps are prime targets for cybercriminals looking to gain access to personal data and even payment information. In fact, online dating has seen a growing number of cyber-threats since 2015.

If you’re wondering “what’s the worst that could happen if my Tinder account is hacked?”, look no further than the hundreds of pages of data that the app keeps stored on its users. This particular dating app doesn’t just match singles looking to spark a connection, it also collects behavioral data, such as how often you connect, when and where you connect, and even your “likes” and posts from other associated accounts. Some of this data might seem trivial to unsuspecting users, but if placed in the wrong hands this information could be detrimental to the security of your identity.

Florist Are a Favorite for Phishing Scams

A bright, beautiful bouquet of roses is my favorite gift to receive when February 14th rolls around. Unsurprisingly, flowers make one of the most common gifts given around Valentine’s Day but, sending and receiving flowers may not be as harmless as it seems. In 2016, cybercriminals leveraged the popularity of flower services to attack unsuspecting vendors through a series of DDoS attacks designed to extort money from them. While these attacks did not result in leaked information, it’s important to be cautious of which vendors you allow to keep your credit card information on file. After all, you’re expecting your florist to deliver an assortment of beautiful flowers, not a bouquet of personal data to cyber criminals!

If an attack on your friendly florist isn’t enough to peak your senses, hackers have also been known to take advantage of admirers looking to send flowers. Cybercriminals prey on the likelihood that you’ve sent flowers to your loved ones to launch phishing scams, using bogus packages and “Failure to Deliver” notices to collect your data.

Social Media Isn’t Always Your “Friend” 

Valentine’s day is easily one of the most socially sharable days of the year. With so much love in the air, you can’t help but share pictures and posts about your loved ones with other friends and family online. Although most people associate cyber-attacks with some form of malware, many do not realize how vulnerable they are when sharing personal information on social media. Through social engineering, hackers use the information you share online to exploit you. The more personal information you choose to share on social media, the easier it is to exploit that information. Through social media, hackers can find out information about your job, the places you frequent, and even your mother’s maiden name. But don’t worry, we’ve got a few tips up our sleeve to help you share all of the love you want across social.

Seasonal events, like Valentine’s Day, present an opportunity for cybercriminals to leverage their schemes. But don’t be deterred from sharing the love— here’s how you can connect securely and keep your data safe from hackers:

  • Get friendly with your privacy settings on your social media apps. Social platforms like Facebook are making it easier to adjust your privacy settings through a  “privacy center” so you can stay on top of the information you share and who you share it with.
  • Be careful of which accounts you link. Being connected to your online community is great, but linking accounts across platforms only gives cybercriminals easier access to your data. While Tinder does require you to link your Facebook account to sign up, you can turn off Tinder Social so that Tinder won’t be able to post anything to Facebook. And, when possible, avoid linking your dating profiles to other personal accounts.
  • Think before you click that link. Hover over it to see if the URL address looks legitimate to avoid phishing scams. If you know you didn’t send flowers, send that scam to your spam.
  • Double up on your security software. There are plenty of apps that keep your phone safe from malicious attacks. Consider using a service for your phone that offers web protection and antivirus.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

 

The post Share Your Heart, Not Your Identity: Here’s How You Can Stay Safe on Valentine’s Day appeared first on McAfee Blogs.

McAfee Blogs: Share Your Heart, Not Your Identity: Here’s How You Can Stay Safe on Valentine’s Day

I love Valentine’s day, it’s the one day of the year exclusively dedicated to sharing: we share our feelings, our affection, and special gifts with our loved ones. It’s a great time to show the people in our lives just how much they mean to us. Thanks to social media and mobile friendly retailers, giving your loved ones the world is just a few clicks away.

Tech devices have made it so much easier to share our hearts with the people we care about. But, could our emotional vulnerability ultimately leave us vulnerable to cyber-attacks? Historically, Valentine’s day has been a big day for cybercrime. Criminals have found clever ways to take advantage of retail, online dating platforms, and social media to launch attacks against romantic hopefuls. If you’re wondering how to avoid the most common V-day scams, here are a few things to remember when sharing the love online, and some useful tips to keep your precious data safe.

Dating Apps Are a Data Goldmine

Apps like Tinder or Zoosk are very attractive to hackers around this time of year. Considering the amount of intimate details shared on these platforms, dating apps are prime targets for cybercriminals looking to gain access to personal data and even payment information. In fact, online dating has seen a growing number of cyber-threats since 2015.

If you’re wondering “what’s the worst that could happen if my Tinder account is hacked?”, look no further than the hundreds of pages of data that the app keeps stored on its users. This particular dating app doesn’t just match singles looking to spark a connection, it also collects behavioral data, such as how often you connect, when and where you connect, and even your “likes” and posts from other associated accounts. Some of this data might seem trivial to unsuspecting users, but if placed in the wrong hands this information could be detrimental to the security of your identity.

Florist Are a Favorite for Phishing Scams

A bright, beautiful bouquet of roses is my favorite gift to receive when February 14th rolls around. Unsurprisingly, flowers make one of the most common gifts given around Valentine’s Day but, sending and receiving flowers may not be as harmless as it seems. In 2016, cybercriminals leveraged the popularity of flower services to attack unsuspecting vendors through a series of DDoS attacks designed to extort money from them. While these attacks did not result in leaked information, it’s important to be cautious of which vendors you allow to keep your credit card information on file. After all, you’re expecting your florist to deliver an assortment of beautiful flowers, not a bouquet of personal data to cyber criminals!

If an attack on your friendly florist isn’t enough to peak your senses, hackers have also been known to take advantage of admirers looking to send flowers. Cybercriminals prey on the likelihood that you’ve sent flowers to your loved ones to launch phishing scams, using bogus packages and “Failure to Deliver” notices to collect your data.

Social Media Isn’t Always Your “Friend” 

Valentine’s day is easily one of the most socially sharable days of the year. With so much love in the air, you can’t help but share pictures and posts about your loved ones with other friends and family online. Although most people associate cyber-attacks with some form of malware, many do not realize how vulnerable they are when sharing personal information on social media. Through social engineering, hackers use the information you share online to exploit you. The more personal information you choose to share on social media, the easier it is to exploit that information. Through social media, hackers can find out information about your job, the places you frequent, and even your mother’s maiden name. But don’t worry, we’ve got a few tips up our sleeve to help you share all of the love you want across social.

Seasonal events, like Valentine’s Day, present an opportunity for cybercriminals to leverage their schemes. But don’t be deterred from sharing the love— here’s how you can connect securely and keep your data safe from hackers:

  • Get friendly with your privacy settings on your social media apps. Social platforms like Facebook are making it easier to adjust your privacy settings through a  “privacy center” so you can stay on top of the information you share and who you share it with.
  • Be careful of which accounts you link. Being connected to your online community is great, but linking accounts across platforms only gives cybercriminals easier access to your data. While Tinder does require you to link your Facebook account to sign up, you can turn off Tinder Social so that Tinder won’t be able to post anything to Facebook. And, when possible, avoid linking your dating profiles to other personal accounts.
  • Think before you click that link. Hover over it to see if the URL address looks legitimate to avoid phishing scams. If you know you didn’t send flowers, send that scam to your spam.
  • Double up on your security software. There are plenty of apps that keep your phone safe from malicious attacks. Consider using a service for your phone that offers web protection and antivirus.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

 

The post Share Your Heart, Not Your Identity: Here’s How You Can Stay Safe on Valentine’s Day appeared first on McAfee Blogs.



McAfee Blogs

The Future of IoT: What to Expect From Our Devices This Year

The beginning of the new year is always an exciting time for consumer technology enthusiasts. Business leaders, pioneers and forward-thinking companies gather in Las Vegas to showcase their latest devices at The International Consumer Electronics Show (CES), where next-generation innovations take center-stage and the world gets a glimpse into the future of IoT. I had the pleasure of attending CES with my colleagues this year and was blown away by the breadth of technology showcased. While the innovations stretched across many industries, I’d like to focus on the reoccurring themes in home and personal technology and how we can secure ourselves through the gadget-filled year ahead:

Smart Homes Will Become “Smarter” 

My favorite devices are the ones designed to enhance the smart home. Companies are striving to advance technology and make our lives easier in the comfort of our homes. From smart thermostats to smart assistants, there is certainly no shortage of household innovation; and companies like Google and Samsung are making strides to contribute to the smart home ecosystem. During CES, Samsung pledged to make all of its devices “smarter” by 2020, linking together all devices via its SmartThings cloud. Meanwhile, Google announced that Google Assistant will now be built in (or compatible) with a range of household products including your smart doorbell and ceiling fan.

As our homes become increasingly connected, the need to secure our internet-connected devices is critical. More IoT devices mean more points of data to attack and leverage for cybercrime. Hackers have the ability to access your personal information through connected home devices, which poses a threat to your identity. Consider using a service with built-in security to ensure every device in your home is well protected― especially the ones that often fly under the radar. Secure routers and gateways can protect all of your connected devices, even the ones without screens.

Smart Technology Will Track Your Sleep 

Technology is even changing the way we sleep, with smart sleep solutions for consumers. At CES 2018, Terraillon announced HOMNI, a device designed to help improve a user’s sleep environment. This device tracks the sleeper’s movement, sending your sleep data to a free app so that users can see how well they’ve slept. There’s nothing technology can’t solve for, including a good night’s sleep. However, when it comes to our personal data, it’s wise to be aware of how your data is being tracked or used.

As the use of connected devices in our homes and personal lives grow, so does the need for security beyond your PC or mobile phone. Many of the devices that we welcome into our daily routine aren’t equipped with proper security controls. It’s important to remember that these connected devices often run on our personal information, information such as your name, age, location –and in this case, your sleeping habits. While a sleep tracker may collect your information with the intentions of helping perfect your sleeping patterns, it has the potential to put your information in places that you might not intend. This is another example of why it’s exceedingly important to secure the connection at its source: your home.

“Ask Alexa” Will Live in Your Eyewear

Amazon Alexa has the ability to communicate with just about every connected device, so it’s no wonder that the Alexa Voice Service will have the ability to connect with your glasses soon, too. During CES, Vuzix announced that its latest pair of AR glasses, the Vuzix Blade, can communicate with Amazon Alexa. Blending augmented reality with AI assistant’s functionality, this headset acts as a fully functional computer with the ability to send email and text notifications via Bluetooth through the processing power of Android and unparalleled display.

Amazon Alexa has become a pseudo-family member in many households, offering assistance in the kitchen and even reading bedtime stories to children. To keep Cybercriminals from gaining access to your personal data , be sure you enable an extra measure of security, like setting up a PIN code for your voice command purchases.

Adding an extra layer of security to your smart devices is key to becoming an empowered consumer in today’s day and age. By taking these extra steps you’ll be able to enjoy the benefits of a secured smart home.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

 

The post The Future of IoT: What to Expect From Our Devices This Year appeared first on McAfee Blogs.

5 Ways to Be Proactive When Protecting Your Personal Data

WannaCry, Equifax and Uber—in the wake of a data emergency, I often find myself hyperconscious of my online security measures: I immediately change my passwords, I’m careful about what emails I open, and what links I click. However, once the news cycle passes, I admit I fall back into my old habits, which aren’t always as secure as they should be. It’s important to incorporate good practices into your daily routine to keep your digital life safe even before a breach happens, and well after the latest hack becomes old news. Here are 5 simple ways you can help improve your online security.

Take a Break to Update

We all know how frustrating it can be to receive pop-ups for a software update when you’re busy. They can take time, slow down what you’re working on, and often seem unimportant. But, they are important. Updates fix bugs—bugs that potentially could leave your device vulnerable to an attack. In fact, operating systems and browsers require regular updates to stay on top of vulnerabilities. So, take the time to let the updates run as needed—think of it as investing time in your security.

Delete, Delete, Delete

Does your device have pages of apps that haven’t been used in months? If so, it’s time to delete. It’s a good security practice to take a minimalist approach to your application use, especially since some older apps may no longer be supported by the Google or Apple stores. Over time apps can get infected with malware and could be part of a larger data problem. Check the status of your mobile apps regularly, and delete them if they’re no longer supported in stores, and you haven’t used them in months.

Keep Your Private Passwords, Private

The age-old saying, “sharing is caring” should never apply to personal passwords. Last year’s survey showed that 59% of people were open to sharing their passwords. But when it comes to online safety, passwords should never be shared with anyone under any circumstance. It may be exciting to share the latest video streaming app with your friends and loved ones, but your privacy could be compromised. It’s simply not worth the risk, so keep your passwords to yourself.

Stay Current on Your URLs

Hackers are masters of disguise, and often hide behind convincing URLs to launch phishing attacks. Pay close attention before you click on a link — if the link looks “phishy,” go directly to the company site to confirm that the URL is legitimate.

Enlist Some Backup

As major data breaches continue to hit the scene, it’s important to be proactive in protecting your identity. Reviewing your account info, and setting up alerts if there’s a chance your personal data has been compromised is a key component to securing information that has been compromised. Consider using a comprehensive monitoring and recovery tool that can help you take action.

Interested in learning more about mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

The post 5 Ways to Be Proactive When Protecting Your Personal Data appeared first on McAfee Blogs.

5 Cybersecurity Resolutions to Consider for the New Year

2018 is officially here, and you know what that means: a bunch of resolutions that will probably take a back seat come mid-February. While I’m not one for setting unrealistic expectations of myself, there is something to be said about learning from the previous year so I do not repeat the same mistakes.

As I look back on 2017, I can’t help but think of all of the teachable moments in mobile and IoT security. From fraudsters phishing with social media bait to bitcoin mining at your local coffee shop, this year was full of moments that remind us just how tricky our connected lives can be.

So, in light of all the events in 2017, here are the top five “cyber-resolutions” to consider for 2018.

Secure your Social Media

If there’s one thing phishing scams have taught me, it’s that scammers have gotten savvier at social engineering. While social media does a great job at connecting us to our loved ones, it can also connect us to people we don’t want to share our personal information with. Cybercriminals know how to use the information you share on social media to gain access to your personal data. I’ve said it once and I’ll say it again, always make sure your account is set to “private” and is only visible to family and friends.

Don’t skip your updates

With the holidays in our rear-view, many of us probably have a few new devices in our homes. There are so many new and exciting tech toys on the market, it’s hard to avoid getting caught up in the IoT way of life. When you’re interrupted from your shiny new device by a software update, it’s tempting to hit “skip” when you’re eager to get back to your gadgets. But if our hackable gifts have shown us anything, it’s that skipping your updates leaves the door open for hackers. Software updates are important because they often include critical patches to new bugs or flaws in the system. So, resolve to keep your software up to date!

Don’t fall for the free Wi-Fi

When it comes to public Wi-Fi, a VPN is a VIP. Access to the internet on the go is a privilege of the times. But while the Wi-Fi at your local coffee shop may claim to be secure, public Wi-Fi networks lack encryption. If you’re in the habit of using Wi-Fi on the go, get a VPN to scramble the data being sent over the network. Private online activity such as shopping or accessing your banking information without a VPN could expose your sensitive information to hackers. Investing in a VPN is a smart way to keep your private information, private.

Set Better Passwords

I can’t stress enough that using a secure password is one of the best practices for protection on the web. When you’re trying to keep up with all of your logins, it can be tempting to use the same simple combination for every account. But, choosing a solid password should always take priority. Mix it up, throw in some numbers and symbols to complicate the password, stay away from using your birthday, and remember ‘123456’ is never an acceptable password!

Secure your home

Our homes are more connected now than they’ve ever been. It’s important to make sure each individual device is secure. However, securing your connection at the source is as important as securing your front door. Consider using a home gateway with built-in security to ensure every device in your house is well protected.

Let’s start the year off on the right foot. Don’t give cybercriminals the upper hand when it comes to your personal data.

Interested in learning more about mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

 

The post 5 Cybersecurity Resolutions to Consider for the New Year appeared first on McAfee Blogs.

Hacked for the Holidays: Preparing Your Home for Hackable Toys

The holidays are in full swing and all my kids can think about is their wishlist. With so many new and exciting tech toys on the market, who can blame them? From flying drones to smartphones, the advent of the Internet of Things (IoT) has brought holiday shopping to new and unexpected heights.

I’ll be the first to admit, I look forward to welcoming some of these connected toys into our home and life as much as my kids do. But, as this year’s hackable gifts show us, it’s important to keep security in mind when shopping for presents that could be a potential target for hackers.

Connected toys offer a fun and unique way to show our loved ones we appreciate them. Whether it’s the gift of unlimited streaming to a movie buff, or a virtual experience to a gaming guru, IoT has made the art of gift-giving that much more personal. However, shoppers should be aware that these devices are just as appealing to cybercriminals because of their access to our personal information.

In our digital lives, we’ve come to understand the importance of adding an extra layer of security to our laptops, smartphones, and tablets. But some devices such as smart home appliances, media players, and streaming sticks often fly under the radar when it comes to proper security. In fact, this year’s Most Hackable Holiday Gifts survey found fewer than 30% of consumers considered the security of popular devices such as drones and VR headsets.

What’s the worst that could happen? It’s just a toy.

You may wonder, what cyberattacks could impact a drone? Believe it or not, drones are near the top of our Most Hackable Gifts list and can be compromised by hackers in mid-flight. If a cyber-hijacking isn’t enough to put a damper on your holidays, consider the threats that connected toys might bring into your home without your knowledge. Earlier this year it was discovered that the interactive Cayla doll not only allowed cybercriminals to record video and audio of you without your consent, but also gave them the ability to unlock smart doors. The severity of attack can vary when it comes to connected devices in the home, so it’s important to add a few extra measures of security to them before they cross your threshold.

So, what can you do to keep your family safe from the hackable toy army? Follow these tips:

Get smart about your smart toys: Before you purchase a connected device, research the latest threats and ensure your intended product has security built-in. For example, if you’re considering purchasing a drone, purchase one that has encrypted communication.

Update: Do not default to the factory security settings on your devices. Update your security settings immediately! Make sure you reset your devices with a new and unique password as soon as you get them. Also, remember to update your device software to account for any new bugs or flaws in the system.

Talk to your kids: Talk to children about cyber threats that could affect the devices they have access to. Make sure they’re in the know on security breaches and scams, and are aware of the dangers of password sharing.

Secure your home: Always secure your connection at its source: your home. Consider using a solution like McAfee Secure Home Platform to ensure every device in your house is well protected.

It’s easy to get in the holiday spirit of giving, just don’t get tricked into giving hackers access to your home!

Interested in learning more about mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

 

The post Hacked for the Holidays: Preparing Your Home for Hackable Toys appeared first on McAfee Blogs.

5 Apps To Be Thankful For This Season

If ever there was a time of year to reflect on the little things that make life wonderful, it’s the holiday season. While friends, family, and food always top the list of things I’m grateful for, there is also a special place in my heart for the gizmos and gadget that also make life great. The internet of things (IoT) has literally given the world access to technology at our fingertips, allowing us to live well-connected lives.

But know that this well-connected life can also be difficult to navigate; the world of IoT and smart phones coupled with cyber safety can often feel like a complicated waltz.  Once we take the necessary steps to ensure we’re safe online, there is nothing wrong with enjoying the apps that make our lives easier.

Since it is the season of giving thanks, here are the five apps I’m most thankful for this year. Some are well known, and some are welcomed new additions to the mobile world.

Venmo

When I want to go to dinner with my friends, Venmo takes the pressure out of splitting the bill when it’s time for the check. Thanks to this free app, sending and receiving money from loved ones is simple and uncomplicated.  The best part is, this application offers a two-factor authentication that will alert me via text or email if someone attempts to sign in from an unknown device. Talk about instant gratitude.

Skype

If you have loved ones all around the world like I do, it’s likely this application which makes it easier to connect with them. When a phone call simply isn’t enough, Skype lives up to its promise by giving me a chance to share cherished moments, in real-time, with loved ones far away. Calls are encrypted so private moments stay private. Just be sure that you’re logged into a secure network and ensure your connection is secure. If secure WiFi isn’t available, consider a personal VPN to help keep your connection safe.

Facebook

It’s always fun to reflect during this time of year. When I’m feeling nostalgic for friends I haven’t seen in a while, Facebook can connect me with a click of a button. It’s great to share important life moments with friends via Facebook, as long as you remember to adjust your settings to “private” and only allow your friends to view your posts. In the world of digital oversharing, we all know Facebook is a culprit, but if we take the extra steps in securing our posts, I don’t see why we shouldn’t still enjoy it.

Waze

Planning a trip to grandma’s house this holiday? Waze will show you the way. If you spend a lot of time on the road, Waze is like a trusted companion to accompany you on your journey. With real-time traffic insights from other “Wazers”, it’s like having a personal travel guide. I couldn’t imagine navigating without it. But, always be cautious when giving other applications access to your location settings.

Postmates

Food on demand—enough said! Not only does Postmates bring delicious food right to my home, it can also deliver my dry cleaning, or anything else I need at the moment. This app is the epitome of convenience; just remember to stay up to date on your software installments as a security measure.

We should all take a moment to appreciate the little things that make our lives easier. While we revel in the convenience of our apps, it’s important to keep these tips in mind to ensure your devices stay safe:

  • Authenticate! If you’re using an application like Venmo, it’s important to set up your two-factor authentication immediately, to reduce the risk of having your account compromised.
  • Avoid Risky WiFi. I’ve said it once, and I’ll say it again, unsecured networks are an easy target for hackers to gain access to your devices. Steer clear of open networks because you never know who your data could be going to.
  • Exercise safety on social media. It’s important to make sure your account is set to “private” and is only visible to family and friends. Cybercriminals know how to use the information you share on social media to gain access to your personal data. Make sure you know who has their eyes on your account.

Can’t get enough mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

The post 5 Apps To Be Thankful For This Season appeared first on McAfee Blogs.

Warning: Lokibot Is Looking to Access Your Android

This time of year is always busy for me. Between pre-holiday online shopping, and the push to connect with friends before the season gets underway, it’s especially a busy time of year for my online activity.

In an age of social technology, we use our apps to help get through our active holiday calendar. We use our messaging apps to connect with friends on the go, and our banking apps to balance accounts, as well as send and receive money from loved ones. We need our apps to make the holidays happen. Which, unfortunately, makes the new LokiBot malware the perfect Trojan horse to infiltrate your mobile device.

What is Lokibot?

Lokibot is a new Android banking trojan that’s targeting mobile banking applications and communication apps like WhatsApp, Skype, and Outlook. Much like its banking Trojan counterparts, Lokibot disguises itself as the login screen of your banking app, hoping to trick you into giving it administrative access. Once it has access, it can use your browser and SMS texts against you to share your personal information with cybercriminals and spread spam to all of your contacts. According to researchers, this Trojan has targeted at least 119 apps already.

How Does Lokibot work?

Lokibot is like an unwanted guest, it just won’t leave. When users realize they’ve been duped and try to remove the trojan’s administrative privileges, it automatically locks the device and turns into ransomware. Fortunately, the Lokibot ransomware feature is faulty and has only been successful at renaming files instead of encrypting them. Unfortunately, Lokibot still has the ability to lock you out of your phone.

How do I protect myself?

The good news is: if your device has been infected, you can give Lokibot the boot by putting your phone into Safe Mode and removing the malicious application along with its admin user privileges. When it comes to cybersecurity, everybody knows that the best defense is a good offense. You can keep your devices safe by following these tips:

 

  • Don’t fall for the money bait. If you see an unanticipated “deposit” notification from your banking app, contact your bank directly. Lokibot is known to use fake notifications to lure unsuspecting users into its trap.
  • Keep an eye out for fishy looking login screens. Trojans are masters of disguise and often gain access when users give up their access for login to what appears to be a trusted app. If it looks suspicious, proceed with caution.
  • Download your apps from a legitimate source. Google Play has strong security standards for their applications. If an app is no longer supported in the play store, you should delete it immediately.

 

Following these steps will help keep you out of Lokibot’s way, so you can enjoy your busy holiday season.

 

Can’t get enough mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

The post Warning: Lokibot Is Looking to Access Your Android appeared first on McAfee Blogs.

Conquering Fear at McAfee

By Radhika, Director of Global Consumer Product Marketing.

With the U.S. school year beginning, I’ve been in touch with the jitters my three kids feel as they get their own “startup” energy going. This is especially true with my older son, who is starting college with plans to study bioengineering. He’s experiencing what anyone feels when entering a new space with a big goal: excitement about the possibilities and fears about the challenges.

I can relate. It sounds a bit like my cybersecurity pursuits here at McAfee (I’ll save the emotional roller coaster about seeing my first child go to college for another day).

Recently, my team and I ventured into unchartered territory with a new, innovative product idea. Like my son, I was faced with both excitement about starting something new and of course that underlying fear that always come with something ambitious. Thankfully, the team and I didn’t succumb to fear and work for a company that not only encourages, but also rewards, creative thinking. Otherwise the world would never have known the Secure Home Platform.

Stage 1: Idea Generation

As director of global consumer product marketing at McAfee, I spend my work time zeroed in on consumer cybersecurity, where the notion of “threat” or fear is always present. And it doesn’t stop when I leave the office. As a mother, and a consumer myself, I want to keep my home and my family safe while taking advantage of all the advancements of modern technology. Whether it’s phones, tablets and PCs or the plethora of now internet-connected devices at home such as baby monitors, thermostats, front door cameras, smart door locks and smart lighting systems. Either way you look at it our homes are, unfortunately, an attractive target for cybercriminals.

To address this threat and meet this need, a few years ago, some of my brilliant engineering colleagues conceived a solution. You guessed it—the Secure Home Platform. This new technology is built-in to your home router and allows you to use the above mentioned connected devices and more, with peace of mind that no one will be hacking into your baby monitor or smart fridge.

Stage 2: Idea Exploration

After every new idea comes the grindingly hard work to transition from innovation to execution and delivery: making the product real, scaling it for global requirements, building relationships with partners and customers, collaborating across our teams, customizing for customers, selling into the marketplace, and constantly re-evaluating and adjusting our competitiveness and value proposition.

And at each step in bringing our new product to market, there was always a voice, or many voices, saying a version of “you won’t succeed.” Sometimes the voice existed in our own heads. Sometimes it emerged in a combination of data, research and varied opinions saying, “I love the product, but don’t you think you’re too early” or “do you think there’ll be market demand?” or “you don’t have the partner relationships.”

We’ve all faced some version of this. Of course, we didn’t ignore possibly good insights or warnings about our new idea. We listened carefully. We assessed. We completed the analysis with our teammates, our managers. Then we decided. This was the right product at the right time that would help cement our position as a market leader. From that point, we rallied to push through the fear and silence any voice saying “you’re going to fail.”

Stage 3: Idea Implementation

To bring the Secure Home Platform to life, my role focused on creating buzz and excitement in the market and creating a strategic go-to-market plan while the engineering team perfected the product itself. Our strategy introduced the right mix of media and business partners to the product and many quickly saw what we did: the Secure Home Platform filled a critical cybersecurity gap.

When it finally came time for product launch, my team and I felt both confident and anxious. Even though we secured key partnerships a number of Telcos and ISPs and we’d just won the coveted Mobile World Congress Innovation Award, it’s impossible not to fear failure.

But with perseverance and teamwork, we got through all the fear and speculation and, one year ago, successfully launched Secure Home Platform.

As I reflect on the last year, my strongest feelings aren’t about fear; they are about the team of people who gave the product life—and who continue to drive the platform’s huge and never-ending mission. Without the wonderful teams spanning engineering, user experience, product management and marketing, partner management and customization—and many more, we wouldn’t have reached success.

What I’ve learned is that the fears don’t actually end. I spend much of each day worrying about threats—threats from competitors trying to catch up to us, from partners looking at competing products, or from market forces that might surprise us. Those are the fears that any product team would have—and should have.

Here’s what makes the difference—working for a company that encourages innovations, risks and experimentation. And knowing that if we do fail—because at times we will—we face it, learn from it, regroup quickly, and begin again, stronger and more resolute. Surrounded by a team with that mentality, a team that pushes through their fears to overcome barriers, is what makes our noble mission possible. We protect all that matters, together.

 

For more stories like Radhika’s, follow @McAfee on Twitter.

The post Conquering Fear at McAfee appeared first on McAfee Blogs.

Working 9 to 5 on Mobile Security

I love watching old movies, like the classic “9 to 5” and realizing how antiquated the tools used in the workplace are. Rolodexes, typewriters and fax machines – oh my! While devices like these were the standard of their time, technology has evolved, bringing in new equipment that allows employees to be more efficient, but also brings about security concerns.

In the age of technology, there is a growing trend around Bring Your Own Device or BYOD, specifically with mobile devices in the workplace. Companies want employees to have the flexibility to use devices they’re comfortable with, but placing gadgets in the hands of employees can take a turn for the worse.

Security breaches happen, but often times, the source of a breach comes from an internal employee. Think about it. If you use your device (that has data from your work) to check your email and get caught up in a phishing scam or ransomware attack, your company information is exposed.

Most companies do as much as they can to keep their data secure, but what can you do as an employee to make sure you’re keeping yourself and your company safe from threats? Here are some strategies that can potentially reduce the risk of a mobile security breach:

  • Ask questions: Think there’s something fishy or insecure on your phone? Talk to your IT department, they’ll be more than happy to help you stay secure.
  • Pay attention: If your company has an internal training or guide to keeping your devices safe, tune in. As our devices evolve, so do security methods.
  • Follow protocol: If you’re victim to attack, be sure to follow the directives of your IT team and alert them as fast as you can. A quick response to a threat can help to minimize the damage.

Of course, good mobile security hygiene wouldn’t be complete without simple best practices that you can implement every day:

  • Multi-factor authentication: Keep your devices and your accounts (social media channels, emails, etc.) secure with an added layer of security.
  • Complex passwords: It’s 2017, you know better than to have “password” or “1234” as a safeguard for your devices.
  • Selective Wi-Fi: Avoid connecting to unsecure Wi-Fi, especially if you plan on connecting to an internal corporate system.
  • Security, security, and security: Always use comprehensive security software to protect your personal devices. If your company provides you with a device, be sure to follow their directives on the type of security to load on your device.

Can’t get enough mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

The post Working 9 to 5 on Mobile Security appeared first on McAfee Blogs.