Naked Security - Sophos
Cloudflare’s privacy-focused 126.96.36.199 DNS service now available on iOS and Android
Earlier this year, Cloudfare Inc., a website performance and security company, had rolled out a new free public domain name system (DNS) resolver service with 188.8.131.52 as its IP address on April Fool’s day. The company has now released the mobile apps of the 184.108.40.206 privacy-first DNS resolver service for Android and iOS users.
“The 220.127.116.11. app makes your Internet faster and more private. It is darn easy to set up. And, the best part: it’s free!
“It is the right thing to do. We are making it easier for everyone to make their experience when they use the Internet more private. People should not have to pay to have a more private Internet.
“Beyond that, millions of websites rely on Cloudflare for performance and security. By getting more users on 18.104.22.168, we make those sites faster. That makes Cloudflare better, and it makes the Internet better, a win-win,” Mohd Irtefa the Product Manager at Cloudflare, said in a blog post.
For those unaware, DNS services are usually provided by Internet Service Providers (ISPs), and allow you to change a domain name, for instance, like Google.com into an IP address that routers and switches can understand. DNS basically changes names of websites into numbers, which could slow down your web browsing if you aren’t using a speedy DNS server.
While Cloudflare’s 22.214.171.124 DNS service is a basic DNS server, it is different from your ISP’s or other DNS alternatives like Google Public DNS and Cisco OpenDNS, as its goal is to provide users’ faster internet connection and offer utmost privacy.
“Any time you are on a public internet connection people can see what sites you visit. Even worse, your Internet Service Provider is very possibly selling all of your browsing history to the highest bidder. We have a tool called 126.96.36.199 which makes it easy to get a faster, more private, Internet experience” added Mohd Irtefa.
The mobile app uses a support feature like VPN (virtual private network), which directs your mobile traffic towards the 188.8.131.52 DNS servers. Cloudflare’s DNS server funnels DNS traffic that not only makes it difficult for your ISP to track the sites you are visiting, but it also allows you to freely browse the site you want without having your connection censored or hijacked.
Cloudflare is committed to not tracking users or selling advertising. However, it needs to keep logs of user data for 24 hours to prevent abuse and debugging issues, after which all the logs will be purged. The company has also retained KPMG, the well-respected auditing firm, to audit their code and practices annually and publish a public report to confirm that it’s not selling user information.
The Cloudflare app is user-friendly and mobile users can easily push the on/off button to operate the DNS service. You can download the free app from Apple’s App Store and Google Play to make your internet connection faster and safer.
The post Cloudflare launches its 184.108.40.206 DNS service for Android and iOS smartphones appeared first on TechWorm.
Smartphones are motivating targets for cybercriminals. Mobile devices today hold personal and monetizable data such as login credentials, financial information and company secrets — not to mention spy-friendly sensors such as microphones, cameras and location electronics.
Unsavory actors gain access to phones through breaches, physical access to the device or, increasingly, by hiding code in mobile apps that “phones home” and sends target data back to the perpetrator. This method is especially attractive for criminals because users are in control of app installations and physically carry phones right inside company firewalls.
How to Recognize App Fraud
Malicious exfiltration often originates in fraudulent apps. The Slovakian cybersecurity company ESET recently discovered six fake banking apps on the Google Play store, according to Reuters. The developers spoofed banking apps from financial institutions across multiple countries and stole credit card details and login credentials.
Trustlook Labs also discovered an Android Trojan hidden inside an app called Cloud Module, which obfuscates its existence to evade detection. The app stealthily steals data from mobile messaging apps, including Facebook Messenger, Twitter, Viber and Skype.
Fraudulent apps are often found in legitimate app stores, but an entire fraudulent app store recently emerged, according to Talos Intelligence. Called Google Play Market, the app was designed to mimic the actual Google Play Store. It tries to trick users into asking permission to gain administrator privileges and access settings, passwords and contacts.
Second-Guess the Popular Mobile Apps
According to GuardianApp, researchers discovered a series of legitimate and even popular apps extracting data. The No. 1 mapping app for finding gas prices, which claims 70 million users, and the No. 2 weather app were among the apps that contained the exfiltration code.
At least two dozen of these iOS apps were sharing location data (GPS, Wi-Fi and Bluetooth location) with companies that sell location information without the knowledge or permission of users. Some apps also shared other data, including browser histories, accelerometer data, cellular network name, GPS altitude and speed, and other data.
The firms selling the data are reportedly paying developers to install code that collects information, which they often say is used in an aggregated and anonymized form for market research services. To the app developers, it’s a way to monetize their apps. Many of these apps have even explicitly said location data will not be shared.
Understand the Threat
Far too often, these apps escape scrutiny because they sound so harmless, but it could be dangerous to underestimate their damage. Let’s say, for example, that an exfiltration app harvests only anonymized location data. What could be the harm in that?
A popular app could be used by dozens, hundreds or even thousands of users within one organization. By analyzing the location data, it would be easy to discover that some number of victims work at a specific company, because many of them spend their days in the company building.
All those users could fall victim to phishing attacks designed to target employees of that company. Further, those anonymous users at that company could be scrutinized based on where they live, which employees spend time together, what their hobbies are, whether they have children, where they shop and other data, based purely on where they go and when.
When personal information is used to construct victim profiles, phishing attacks can be far more effective. For example, let’s say 20 people at a company are found to be the parents of kids at a specific school. Scammers could blast the entire company email roster with an urgent message that sounds personalized because it specifically mentions both the company and the school, and maybe even the principle of the school. Although a generic phishing attack will likely have a relatively low success rate, a small number of those parents are sure to be duped, if only for a second. But that’s all it takes; once clicked, the payload is delivered and the damage begins.
Why You Should Invest in UEM and User Education
Although all of the malicious apps mentioned above have been removed from their app stores, as with most security threats, they were discovered only long after the damage was done. Two key actions are required to head off future risk from exfiltration apps.
First, adopt a unified endpoint management (UEM) solution that leverages artificial intelligence to spot anomalous and potentially malicious patterns. This should provide a safety net when human judgment fails.
Next, educate employees on how to spot apps that may contain exfiltration code to get ahead of human error. Data thieves are counting on user ignorance. In your training, be sure to include the following mobile security tips:
- Discourage anyone in the organization from installing obscure apps, since they are more likely to escape app store scrutiny.
- Avoid apps that are highly rated but have a small number of downloads, since fake accounts and bots can be used to inflate ratings.
- Fake apps often have similar logos to the ones they’re imitating, but can contain typos in the descriptions and other telltale signs.
- Always check the “Details” under app permissions before installation to see what permissions will be requested.
- User agreements can sometimes reveal nefarious intent. If the end user license agreement (EULA) for a flashlight app asserts the right to use location and other irrelevant data, be suspicious.
- Finally, do a search on the web for the name of the app to you intend download to see what other users and organizations are saying about it.
The arms race between threat actors and enterprise security professionals will continue, and it’s an uneven playing field. A malicious actor only needs to find one innovative way inside the organization. A security professional needs to guard against all possible attacks.
We can’t know exactly where the next attack will come from — but we do know that smartphone apps are among the best ways to smuggle payloads into an organization. As these threats proliferate, organizations will need to learn how to recognize app fraud on the fly and proactively defend against malicious applications to keep their data, employees and customers safe.