A security researcher disclosed a passcode bypass just a week before Apple has planned to release the new iOS 13 operating system, on September 19.
Apple users are thrilled for the release of the iOS 13 mobile operating system planned for September 19, but a security expert could mess up the party.
The security researcher Jose Rodriguez discovered a passcode bypass issue that could be exploited by attackers to gain access to iPhones contacts and other information even on locked devices.
Below the step by step procedure to exploit the passcode bypass:
- Reply to an incoming call with a custom message.
- Enable the
- Disable the
- Add a new contact to the custom message
- Click on the contacts image to open options menu and select “Add to existing contact”.
- When the list of contacts appears, tap on the other contact to view its info.
Below the video PoC published by Rodriguez that shows how to see a device’s contact information.
Rodriguez reported the flaw to Apple on July 17th, 2019, at the time the new
Experts hope that Apple will be able to fix the bug
Rodriguez discovered many other passcode bypass issues in the past, in October 2018, a few hours after Apple released iOS 12.1 the iPhone bug hunter Jose Rodriguez found a new passcode bypass issue that could have been exploited to see all contacts’ private information on a locked iPhone.
A few weeks before, he discovered another passcode bypass vulnerability in Apple’s iOS version 12 that could have been exploited to access photos, contacts on a locked iPhone XS.
The researcher also disclosed a new passcode bypass flaw that could have been exploited to access photos and contacts on a locked iPhone XS.
(SecurityAffairs – iOS 13, passcode bypass)
The post Expert disclosed passcode bypass bug in iOS 13 a week before its release appeared first on Security Affairs.
Ever experienced buggy features on your phone? Well, there’s a way to solve them and it does not involve sending your phone packing to the nearest repair shop – it’s called the safe mode and, yes, it works just like Microsoft Windows’ repair and debugging environment. So, what is safe mode on my phone? Long story short, it could be your only shot at making that phone off your works again.
Screen freezes, unresponsive features, cascading restarts – all could be symptoms of a conflictive application. Unfortunately, uninstalling the application in question may not resolve the issue. Anyway, here’s how to switch on the safe mode on your phone.
What happens when your phone reboots in safe mode?
Basically, the safe mode is an environment where you debug faulty applications, turn off the feature that is otherwise hidden in normal mode. A Windows user knows best that in order to completely uninstall an app, you would need to go into safe mode. Well, that’s, more or less, what happens when you use this smartphone feature.
The environment is not at all different from your regular UI – all the apps are there, menus, connectivity options. However, while running in safe mode, you won’t be able to use widgets and some third-party applications; you won’t need them anyway since your goal here is to determine what went wrong with your phone. Well, that’s about it in safe mode. Yes, I know that it’s not a lot, but then again, you can’t get more straightforward than this.
Oh, by the way – most of the smartphone mishaps are generated by latent malware. On that note, I would wholeheartedly recommend using Thor Mobile Security, our latest malware-busting tool. Take it for a spin – first month’s on the house. If you don’t like it, you can always cancel your subscription and rely on your tool of choice.
How do you turn on the safe mode on your phone?
The quickest answer would be that it depends on what operating system your phone runs. Interestingly enough, the procedure’s the same across all iPhone devices, regardless of the OS. I’ll start with this one.
Turning on safe mode on your iPhone
Here’s a rundown on how to switch on the safe mode feature on your iPhone.
Step 1. Power down your phone by holding the power button.
Step 2. Wait until the phone’s completely powered off.
Step 3. Press and hold the power button again.
Step 4. When the screen lights up, hold down the Volume down button. Keep the two buttons pressed until the Apple logo appears on the screen.
Step 5. Your phone will now boot up in safe mode. Now you can safely remove any malfunctioning applications.
That was suspiciously easy, wasn’t it? Told you that the procedure’s the same when it comes to iPhones. Now that the fun part is over, let’s see how to switch on the safe mode on your Android device.
Turning on safe mode on Android
Let me start by showing you how to switch on this feature on most Samsung Galaxy phones.
Step 1. Drag down the notification bar.
Step 2. Tap on the “Safe mode enabled” button.
Step 3. Confirm and wait until your phone restarts. Congrats! Your phone is now operating in a safe mode.
Pitch-perfect! But that’s hardly the only way to switch on the celebrated safe mode. As I might have mentioned, the procedure depends on the type of phone you have. The list below will show you to unlock the feature on your Android phone.
Safe mode on HTC phones
If you have an HTC device, here’s how to switch on the safe mode.
Step 1. Press and hold the Power key. It should be located on the right side of your phone.
Step 2. Hold the Power key for about three seconds.
Step 3. From the power down menu that appears on the screen, tap and holds the Power off icon. After a couple of seconds, a new power down option will appear on your screen – “Reboot to safe mode”.
Step 4. Hit the Restart button. Your phone will now boot up in safe mode.
Safe mode on LG phones
To switch on the safe mode on your LG phone, start by holding the Power key and select the Restart option. Once the LG logo appears on the screen, hold down the Volume Down key. To see if safe mode is enabled, take a closer look at the bottom left corner of the screen. If you followed the above-mentioned steps, a Safe mode icon should appear.
Safe mode on Moto G phones
If you have a Motorola smartphone, please follow these steps in order to enable safe mode.
Step 1. Press and hold the Power key.
Step 2. Please release the power key when the Shut Down menu appears.
Step 3. Long-press the power off button.
Step 4. When the Reboot to Safe Mode option appears on your screen, tap on OK to initiate safe mode.
Safe mode on Huawei smartphones
It’s trickier to switch on the safe mode on Huawei phone since it involves removing the battery. Just follow the steps below.
Step 1. With the phone turned on, remove the back cover.
Step 2. Remove the battery.
Step 3. Put the battery back in the slot.
Step 4. Hold down the Menu.
Step 5. Long-press the Power Key. Don’t let go of that Menu key.
Step 6. If done correctly, the message “Safe Mode” should appear in the lower part of the screen.
Safe Mode on Blackberry PRIVs
Here’s a quick guide ton how to turn off the feature on your Blackberry PRIV phone.
Step 1. Long-press the Power button.
Step 2. When the Power Off menu appears on the screen, long-tap the Power Off button.
Step 3. After a couple of seconds, a safe mode prompt will appear on your screen.
Step 4. Tap OK to confirm.
Safe mode on Xiaomi smartphones
There are two ways to enable this feature on your Mi smartphone. Check out the guide below.
Step 1. With the device powered on, long-press the power key.
Step 2. When the power menu appears, let go of the power key.
Step 3. Long-press the Power Off button.
Step 4. After a couple of seconds, the Android Safe Mode message will appear on your screen.
Step 5. Hit the Reboot button to restart the device into safe mode.
Step 1. Restart your device. You can do that by selecting the Restart option from the Power Off menu.
Step 2. When the Xiaomi logo appears on your screen, tap the Menu key.
Step 3. Continue tapping the menu key until you see the lock screen.
Step 4. The Android Safe Mode message should now be on your screen.
Safe mode on your Oppo smartphone
Oppo phones are the latest addition to the market. Can’t say I’ve had too much contact with them, but from what I’ve gathered, they’re cheap and surprisingly high-performing. So, here’s how to switch on the safe mode on your Oppo phone.
Step 1. Press and hold the Power key.
Step 2. In the Power Off menu, tap and hold the power off. Keep it pressed for a couple of seconds.
Step 3. A second power off menu till appear.
Step 4. Tap on OK to confirm booting into safe mode.
Well, that’s about everything you need to know about the issue at hand (what is safe mode on my phone). As I’ve mentioned, sometimes it may be the only way to get rid of buggy applications and unresponsive features. And, if all else fails, there’s always the restore to factory settings feature. Hope you’ve enjoyed the read and, as always, for comments, rants, beer donations, shoot me a comment.
Still thinking about buying a new phone? Well, trading your old one (and probably some extra cash) for a spanking-new smartphone would be the most sensible thing to do. However, there’s still the issue of actually making sure that the buyer can’t access your personal data. Sure, you will argue that wiping the phone’s storages would put an end to this debate.
As it happens, data can be extracted from a device even if the owner deleted everything by hand. So, are there any workarounds? There are, but it takes more than a simple memory wipe to ensure that the data’s totally safe.
Still willing to go through with this? Awesome! Here’s are a couple of data protections you should consider taking if you plan on selling your phone anytime soon.
1. Backup, backup, and even more backup
I can’t emphasize enough the importance of backup. Doesn’t matter if want to sell your phone or use the computer for other purposes than entertainment; you still need a copy of your data in case something goes wrong.
So, the first step you will need to take would be to back up everything on your phone. If you’re the proud owner of an iPhone, you can take advantage of the iCloud feature and back up everything to the cloud.
You can also plug it in your Mac and save a local copy just to be extra safe. Don’t know your way around the iCloud back up feature? Chill, fam! I got you covered. Just tap on Settings, choose the Storage & Backup option from the menu, and then head to iCloud Backup.
Bear in mind that you will need an iCloud account to store data on the cloud. When you’re ready, tap on the Back Up Now button and that’s it. Your phone will then copy your data on the cloud. Sit back and relax because this is going to take a while.
Paging Android smartphone owners! Yeah, I know that not having the luxury of an in-built Cloud backup solution can be frustrating, but where a USB cable, there’s always away. As I was saying, the best and fastest way to back up the stuff on your Android smartphone would be to connect it via USB and copy every byte of data on your computer.
It may not be pretty, but it works. Sure, you can also try your luck with third-party Cloud backup software for Android like G Cloud Backup, MyBackUp Pro, Titanium Backup, Migrate, or Resilio Sync. You should do this preferably before wiping the internal and external storages. Just saying. No pressure.
2. Get rid of the SIM and any attached SD cards.
Doesn’t matter if you have an iPhone or Android smartphone; that SIM card must go away before reaching its new owner. As you probably know by now, SIM cards are used to store contact info, like phone numbers, email addresses, and names. You really wouldn’t want that kind of info to fall into the wrong hands, do you now?
So, before trading in your phone, make sure you yank the SIM card out of its slot. Newer smartphones have special trays, which facilitate access to both components.
If your phone doesn’t have a device tray, you’ll need to remove the back cover and probably the battery as well to gain access to the SIM\SD slots. You should refer to the phone’s manual for detailed instructions on how to safely remove the SIM and SDs.
3. Encrypt your data
Scrambling the data on your smartphone using an encryption key may be the best way to ensure that the data is totally unreadable. What happens is that the residue left behind after a total reset (I will get to that in a moment) will be locked by the phone’s unique encryption key.
Yes, it means that no one will be able to read or use a byte of information even if, by some miracle, someone does manage to get ahold of your deleted data.
For iPhone owners, you don’t need to do anything out of the ordinary to encrypt your data, since the phone does this by default. Unfortunately, things are not the same when it comes to Android devices. Not to worry.
Here’s what you need to do in order to encrypt the data on your Android smartphone. Tap on Settings and head to More. Scroll down until you see Security. Tap on Encrypt Device and use the slider to start the process.
Depending on the amount of data on your smartphone, the encryption could take anywhere from a couple of minutes to one hour. When it’s done, you can proceed with the next step which is performing the factory reset.
4. Performing a factory reset
As you would imagine, the final step before the phone will be shipped to the next owner would be to wipe it clean. Sure, you can go ahead and delete everything manually, but do bear in mind that this procedure usually leaves behind “breadcrumbs” (loose pieces of data that can be used to reconstruct a big deal of what used to be there).
As a result, the best way to go about scrubbing your phone’s memory would be to perform a factory reset.
On Android, head to Settings, tap on Privacy and select the Factory Data Reset. Tap again on the Factory Data Reset button to confirm. Your smartphone will restart a couple of times during the process.
If you have an iPhone, head to Settings, tap on General, and select Reset. Go to the bottom of the screen and tap on Reset Phone. It’s going to take a while, so take a chance to chill.
So, these are the basic steps that you will need to take before you sell your phone. Of course, there are always more ways to ensure that your phone’s clean as a whistle before giving it away.
Additional steps to take before you sell your phone
Step 1. Unpair all devices
If you have headphones, smartwatches, or Wi-Fi\Bluetooth speakers paired with your smartphone you should consider, well, unpairing them before proceeding with the above-mentioned steps. For Android, tap on Settings and head to the Bluetooth menu.
Turn on your Bluetooth to see a complete list of all paired devices. To unpair them, tap on the gearwheel next to each item and hit the unpair button.
In case you have an Android-compatible associated with your phone, you may want to wipe its memory as well. For most Android watches, go to Settings > Privacy > Factory Data Reset. Confirm the process and that’s basically it.
As for iPhones, to unpair, an Apple Watch head to the My Watch menu, select the active watch and click on the “information” button next to it. Hit the Unpair button and you’re all set. Just remember to keep that smartwatch close to the phone while performing the unpairing process.
Of course, you shouldn’t forget about wiping your Apple Watch’s internal and external storage after unpairing it. To do that, fire up your smartwatch, go to Settings and then tap on General. Select Reset and tap on Erase All Content and Setting. Choose the Erase All option to confirm.
Step 2. Sign out from all tertiary services
Another thing you might want to try before you sell your phone would be to sign out from all accounts. This includes Facebook Messenger, Gmail, Yahoo Mail, Google or Apple Pay, and everything in between. Do bear in mind that some apps like Facebook’s IMS and Gmail stores passwords.Be sure to wipe them as well before signing out of your accounts.
So, if you have an Android phone, you would want to tap on Setting and then on Cloud and Accounts. Tap on Accounts. Select one of them and then tap on the Remove Account button. You will have to repeat the procedure for each item in the list.
iPhone users should remember to switch off iMessage, the Wallet & Apple Pay, Find my phone, and Apple ID. You will find all of these items under Settings.
Step 3. Delete credentials from browsers
Most browsers store credentials by default. So, before saying buh-bye to your old phone, you may want to delete your credentials. Since Chrome’s most used mobile and desktop browser on the market, I’m going to show you how to purge the credential cache. First, open up your Chrome browser.
Tap on the More menu (icon look like three parallel lines) and select Options. From the left tab, select Privacy and Security. Scroll until you see Forms and Passwords. In the next dialog box, please select Saved Logins. Tap on the Remove All button. Congrats! You’ve just cleared the browser’s password cache. You can now sell your phone or at least try to find some interested party.
Step 4. Unregister your device from the Apple account (Apple phones only)
To unregister the device from the account, hop on your Apple ID account. When prompted, type in your username and password. Go to the bottom of the list and click on Devices. Select your current device from the drop-down list and click on the Remove button.
Step 5. Remove factory reset protection (Android only)
FRP (factory reset protection) is an Android-exclusive failsafe that prevents factory reset and manual wipe in case your phone gets stolen. In other words, if someone were to run out with your phone, this in-built countermeasure will not allow the thief to wipe the phone’s memory in an attempt to get rid of the evidence.
So, it’s only natural to deactivate FRP before attempting to sell your phone. To do that, tap on Settings and go to About device/phone. From there, head on over to Software info. Write down your phone’s version.
After that, go back to the Settings menu and select the Security or Lock Screen Security menu. Under Screen Lock, move the slider to the off position. All you need to do now is perform a factory reset and find a customer (good luck with that).
Step 6. Fill the phone with dummy data
Not what you might call a regular pre-sale tactic, but considering the staggering number of cyberattacks, one cannot be too careful about data security. And yes, your personal info can still end up on the dark web even if you took all the precautions.
Filling up your dummy data prior to encryption and factory reset is one of the best ways to make this type of info totally unusable and virtually irretrievable. What this means is uploading stuff other than sensitive info on the phone.
This includes pics, videos, and empty documents. During the encryption process, the dummy data become interwoven with personal info. So, even if the phone ends up in the hands of a hacker, he/she will be unable to make heads or tails of the data that was on your phone.
Step 7. Clean your phone, add accessories, and scan
Now it’s time to add the finishing touches: cleaning, packing, and scanning the device. Yes, I’m aware that the cleaning and packaging parts don’t have any kind of bearing on data protection, but this doesn’t mean that they are unimportant.
Would you really consider buying a dirty and dusty smartphone? So, give a good clean before placing it in the original box. Don’t forget about blowing the battery compartment with a can of compressed air. Finally, place the phone in its box. Don’t forget about including the original accessories: charger, USB cable, user’s manual, headphones, and back cover spares.
Before taking it to the new owner, give it one last malware scan. I’m painfully aware that the memory was wiped clean, but some types of malware, especially those that get themselves attached to the boot sector, can persist even if the device’s entire storage has been wiped-clean. Now your device is ready to be shipped to its new owner.
That’s about it on how to prepare your phone before shipping it to its forever home. To wrap everything up nice and neat: backup, remote SIM and SD card, encrypt and perform a factory reset. I hope you’ve enjoyed my article and, as always, for any rants, comments, beer donations, shoot me a comment. Ciao!
The post 4+ Essential Data Protection Steps to Take Before You Sell Your Phone appeared first on Heimdal Security Blog.
A security researcher found a server on the internet containing more than 419 million records related to Facebook users.
No password protection was in place – meaning the treasure trove of phone numbers was available to literally anybody with an internet connection.
Read more in my article on the Tripwire State of Security blog.
Should Google really be helping the FBI with a bank robbery? What’s the story behind the Twitter CEO claiming there’s a bomb in their offices? And how much does your car really know about you?
And we mourn the loss of Doctor Who legend Terrance Dicks…
In the wake of the CEO of Twitter having his account hijacked the site has disabled the option to tweet via SMS.
It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.
Watch out for SMSishing Hooks
If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.
While this threat was once a rarity, it’s rise in popularity is two-fold. The first aspect being that users have been educated to distrust email messages and the second being the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:
- Always double-check the message’s source. If you receive a text from your bank or credit card company, call the organization directly to ensure the message is legit.
- Delete potential SMSishing Do not reply to or click on any links within a suspected malicious text, as that could lead to more SMSishing attempts bombarding your phone.
- Invest in comprehensive mobile security. Adding an extra level of security can not only help protect your device but can also notify you when a threat arises.
Public Wi-Fi Woes
Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:
- Look for password-protected networks. As strange as it sounds, if you purposely enter the incorrect password but are still allowed access, the network is most likely a fraud.
- Pay attention to page load times. If the network you are using is very slow, it is more likely a cybercriminal is using an unreliable mobile hotspot to connect your mobile device to the web.
- Use a virtual private network or VPN. While you’re on-the-go and using public Wi-Fi, add an extra layer of security in the event you accidentally connect to a malicious network. VPNs can encrypt your online activity and keep it away from prying eyes.
Malicious Apps: Fake It till They Make It
Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.
In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:
- Check for typos and poor grammar. Always check the app developer name, product title, and description for typos and grammatical errors. Often, malicious developers will spoof real developer IDs, even just by a single letter or number, to seem legitimate.
- Examine the download statistics. If you’re attempting to download a popular app, but it has a surprisingly low number of downloads, that is a good indicator that an app is most likely fake.
- Read the reviews. With malicious apps, user reviews are your friend. By reading a few, you can receive vital information that can help you determine whether the app is fake or not.
The Sly Operation of Grayware
With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:
- Be sure to update your device. Grayware looks for vulnerabilities that can be exploited, so be sure to always keep your device’s software up-to-date.
- Beware of rogue apps. As mentioned in the previous section, fake apps are now a part of owning a smartphone. Use the tips in the above section to ensure you keep malicious apps off of your device that may contain grayware.
- Consider a comprehensive mobile security system. By adding an extra level of security, you can help protect your devices from threats, both old and new.
The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blogs.
Twitter co-founder Jack Dorsey had his account hijacked, after his mobile phone provider allowed someone else to seize his number.
Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered a weakness in the Bluetooth wireless standard that could allow attackers to intercept device keystrokes, contact lists, and other sensitive data sent from billions of devices.
The Key Negotiation of Bluetooth attack, or “KNOB” for short, exploits this weakness by forcing two or more devices to choose an encryption key just a single byte in length before establishing a Bluetooth connection, allowing attackers within radio range to quickly crack the key and access users’ data. From there, hackers can use the cracked key to decrypt data passed between devices, including keystrokes from messages, address books uploaded from a smartphone to a car dashboard, and photos.
What makes KNOB so stealthy? For starters, the attack doesn’t require a hacker to have any previously shared secret material or to observe the pairing process of the targeted devices. Additionally, the exploit keeps itself hidden from Bluetooth apps and the operating systems they run on, making it very difficult to spot the attack.
While the Bluetooth Special Interest Group (the body that oversees the wireless standard) has not yet provided a fix, there are still several ways users can protect themselves from this threat. Follow these tips to help keep your Bluetooth-compatible devices secure:
- Adjust your Bluetooth settings. To avoid this attack altogether, turn off Bluetooth in your device settings.
- Beware of what you share. Make it a habit to not share sensitive, personal information over Bluetooth.
- Turn on automatic updates. A handful of companies, including Microsoft, Apple, and Google, have released patches to mitigate this vulnerability. To ensure that you have the latest security patches for vulnerabilities such as this, turn on automatic updates in your device settings.
The post Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks appeared first on McAfee Blogs.
5G has been nearly a decade in the making but has really dominated the mobile conversation in the last year or so. This isn’t surprising considering the potential benefits this new type of network will provide to organizations and users alike. However, just like with any new technological advancement, there are a lot of questions being asked and uncertainties being raised around accessibility, as well as cybersecurity. The introduction of this next-generation network could bring more avenues for potential cyberthreats, potentially increasing the likelihood of denial-of-service, or DDoS, attacks due to the sheer number of connected devices. However, as valid as these concerns may be, we may be getting a bit ahead of ourselves here. While 5G has gone from an idea to a reality in a short amount of time for a handful of cities, these advancements haven’t happened without a series of setbacks and speedbumps.
In April 2019, Verizon was the first to launch a next-generation network, with other cellular carriers following closely behind. While a technological milestone in and of itself, some 5G networks are only available in select cities, even limited to just specific parts of the city. Beyond the not-so widespread availability of 5G, internet speeds of the network have performed at a multitude of levels depending on the cellular carrier. Even if users are located in a 5G-enabled area, if they are without a 5G-enabled phone they will not be able to access all the benefits the network provides. These three factors – user location, network limitation of certain wireless carriers, and availability of 5G-enabled smartphones – must align for users to take full advantage of this exciting innovation.
While there is still a lot of uncertainty surrounding the future of 5G, as well as what cyberthreats may emerge as a result of its rollout, there are a few things users can do to prepare for the transition. To get your cybersecurity priorities in order, take a look at our 5G preparedness toolkit to ensure you’re prepared when the nationwide roll-out happens:
- Follow the news. Since the announcement of a 5G enabled network, stories surrounding the network’s development and updates have been at the forefront of the technology conversation. Be sure to read up on all the latest to ensure you are well-informed to make decisions about whether 5G is something you want to be a part of now or in the future.
- Do your research. With new 5G-enabled smartphones about to hit the market, ensure you pick the right one for you, as well as one that aligns with your cybersecurity priorities. The right decision for you might be to keep your 4G-enabled phone while the kinks and vulnerabilities of 5G get worked out. Just be sure that you are fully informed before making the switch and that all of your devices are protected.
- Be sure to update your IoT devices factory settings. 5G will enable more and more IoT products to come online, and most of these connected products aren’t necessarily designed to be “security first.” A device may be vulnerable as soon as the box is opened, and many cybercriminals know how to get into vulnerable IoT devices via default settings. By changing the factory settings, you can instantly upgrade your device’s security and ensure your home network is secure.
- Add an extra layer of security.As mentioned, with 5G creating more avenues for potential cyberthreats, it is a good idea to invest in comprehensive mobile security to apply to all of your devices to stay secure while on-the-go or at home.
Global messaging giant WhatsApp turned 10 years old this year. It’s not unusual for companies to provide loyal customers or members with gifts to show their appreciation during these milestones. Unfortunately, cybercriminals are using this as a ploy to carry out their malicious schemes. According to Forbes, security researchers have discovered a fraudulent message promising users 1000GB of free internet data, which is a scam bringing in ad click revenue for cybercriminals.
Let’s dive into the details of this suspicious message. The text reads “WhatsApp Offers 1000GB Free Internet!” and includes a link to click on for more details. However, the link provided doesn’t use an official WhatsApp domain. Many users might find this confusing since some businesses do run their promotions through third-party organizations. Forbes states that once a user clicks on the link, they are taken to a landing page that reads “We offer you 1000 GB free internet without Wi-Fi! On the occasion of our 10th anniversary of WhatsApp.” To make the user feel like they need to act fast, the landing page also displays a bright yellow countdown sticker warning that there are a limited number of awards left.
As of now, it doesn’t appear that the link spreads malware or scrapes users’ personal information. However, the scam could eventually evolve into a phishing tactic. Additionally, the more users click on the fraudulent link, the more the cybercriminals behind this scheme rack up bogus ad clicks. This ultimately brings in revenue for the cybercrooks, encouraging them to continue creating these types of scams. For example, the domain being used by the scammers behind the WhatsApp message also hosts other fake brand-led promotional offers for Adidas, Nestle, Rolex, and more.
So, what can users do to prevent falling for these phony ads? Check out the following tips to help you stay secure:
- Avoid interacting with suspicious messages. Err on the side of caution and don’t respond to direct messages from a company that seems out of the ordinary. If you want to know if a company is participating in a promotional offer, it is best to go directly to their official site to get more information.
- Be careful what you click on.If you receive a message in an unfamiliar language, one that contains typos, or one that makes claims that seem too good to be true, avoid clicking on any attached links.
- Stay secure while you browse online. Security solutions like McAfee WebAdvisor can help safeguard you from malware and warn you of phishing attempts so you can connect with confidence.
The post Be Wary of WhatsApp Messages Offering 1000GB of Free Data appeared first on McAfee Blogs.
From 22 July to 20 August 2019, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the draft PCI Contactless Payments on COTS (CPoC) Standard. RFC periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards.
For as long as you’ve had a phone, you’ve probably experienced in one form or another a robocall. These days it seems like they are only becoming more prevalent too. In fact, it was recently reported that robocall scams surged to 85 million globally, up 325% from 2017. While these scams vary by country, the most common type features the impersonation of legitimate organizations — like global tech companies, big banks, or the IRS — with the goal of acquiring user data and money. When a robocall hits, users need to be careful to ensure their personal information is protected.
It’s almost impossible not to feel anxious when receiving a robocall. Whether the calls are just annoying, or a cybercriminal uses the call to scam consumers out of cash or information, this scheme is a big headache for all. To combat robocalls, there has been an uptick in apps and government intervention dedicated to fighting this ever-present annoyance. Unfortunately, things don’t seem to be getting better — while some savvy users are successful at avoiding these schemes, there are still plenty of other vulnerable targets.
Falling into a cybercriminal’s robocall trap can happen for a few reasons. First off, many users don’t know that if they answer a robocall, they may trigger more as a result. That’s because, once a user answers, hackers know there is someone on the other end of the phone line and they have an incentive to keep calling. Cybercriminals also have the ability to spoof numbers, mimic voices, and provide “concrete” background information that makes them sound legitimate. Lastly, it might surprise you to learn that robocalls are actually perfectly legal. It starts to become a grey area, however, when calls come through from predatory callers who are operating on a not-so-legal basis.
While government agencies, like the Federal Communications Commission and Federal Trade Commission, do their part to curb robocalls, the fight to stop robocalls is far from over, and more can always be done. Here are some proactive ways you can say so long to pesky scammers calling your phone.
- There’s an app for that. Consider downloading the app Robokiller that will stop robocalls before you even pick up. The app’s block list is constantly updating, so you’re protected.
- Let unknown calls go to voicemail. Unless you recognize the number, don’t answer your phone.
- Never share personal details over the phone. Unfortunately, there’s a chance that cybercriminals may have previously obtained some of your personal information from other sources to bolster their scheme. However, do not provide any further personal or financial information over the phone, like SSNs or credit card information.
- Register for the FCC’s “Do Not Call” list. This can help keep you protected from cybercriminals and telemarketers alike by keeping your number off of their lists.
- Consider a comprehensive mobile security platform. Utilize the call blocker capability feature from McAfee Mobile Security. This tool can help reduce the number of calls that come through.
Messaging apps are a common form of digital communication these days, with Facebook’s WhatsApp being one of the most popular options out there. The communication platform boasts over 1.5 billion users – who now need to immediately update the app due to a new security threat. In fact, WhatsApp just announced a recently discovered security vulnerability that exposes both iOS and Android devices to malicious spyware.
So, how does this cyberthreat work, exactly? Leveraging the new WhatsApp bug, hackers first begin the scheme by calling an innocent user via the app. Regardless of whether the user picks up or not, the attacker can use that phone call to infect the device with malicious spyware. From there, crooks can potentially snoop around the user’s device, likely without the victim’s knowledge.
Fortunately, WhatsApp has already issued a patch that solves for the problem – which means users will fix the bug if they update their app immediately. But that doesn’t mean users shouldn’t still keep security top of mind now and in the future when it comes to messaging apps and the crucial data they contain. With that said, here are a few security steps to follow:
- Flip on automatic updates. No matter the type of application or platform, it’s always crucial to keep your software up-to-date, as fixes for vulnerabilities are usually included in each new version. Turning on automatic updates will ensure that you are always equipped with the latest security patches.
- Be selective about what information you share. When chatting with fellow users on WhatsApp and other messaging platforms, it’s important you’re always careful of sharing personal data. Never exchange financial information or crucial personal details over the app, as they can possibly be stolen in the chance your device does become compromised with spyware or other malware.
- Protect your mobile phones from spyware. To help prevent your device from becoming compromised by malicious software, such as this WhatsApp spyware, be sure to add an extra layer of security to it by leveraging a mobile security solution. With McAfee Mobile Security being available for both iOS and Android, devices of all types will remain protected from cyberthreats.
The post 3 Tips for Protecting Against the New WhatsApp Bug appeared first on McAfee Blogs.