Category Archives: Mobile

Roaming Mantis gang evolves and broadens its operations

Roaming Mantis malware initially targeting Android devices, now has broadened both its geographic range and its targets.

Security experts from Kaspersky Lab discovered that the operators behind the Roaming Mantis campaign continue to improve their malware broadening their targets, their geographic range and their functional scope.

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Investigation by Kaspersky Lab indicates that the attack was targeting users in Asia with fake websites customized for English, Korean, Simplified Chinese and Japanese. Most impacted users were in Bangladesh, Japan, and South Korea.

“Our research revealed that the malware (sic) contains Android application IDs for popular mobile banking and game applications in South Korea. The malware is most prevalent in South Korea, and Korean is the first language targeted in HTML and test.dex. Based on our findings, it appears the malicious app was originally distributed to South Korean targets. Support was then added for Traditional Chinese, English, and Japanese, broadening its target base in the Asian region.”

The dreaded DNS hijacking malware was originally designed to steal users’ login credentials and the secret code for two-factor authentication from Android devices, it has evolved and recently was spotted targeting iOS devices as well as desktop users.

“In April 2018, Kaspersky Lab published a blog post titled ‘Roaming Mantis uses DNS hijacking to infect Android smartphones’. Roaming Mantis uses Android malware which is designed to spread via DNS hijacking and targets Android devices.” reads the analysis published by Kaspersky.

“In May, while monitoring Roaming Mantis, aka MoqHao and XLoader, we observed significant changes in their M.O. The group’s activity expanded geographically and they broadened their attack/evasion methods. Their landing pages and malicious apk files now support 27 languages covering Europe and the Middle East. In addition, the criminals added a phishing option for iOS devices, and crypto-mining capabilities for the PC.”

Operators behind the Roaming Mantis malware recently added the support for 27 languages to broaden their operations.

The versions of the Roaming Mantis malware continue to be spread via DNS hijacking, attackers used rogue websites to serve fake apps infected with banking malware to Android users, phishing sites to iOS users, and redirect users to websites hosting cryptocurrency mining script.

To evade detection, malicious websites used in the campaign generate new packages in real time.

“Aside from the filename, we also observed that all the downloaded malicious apk files are unique due to package generation in real time as of May 16, 2018.It seems the actor added automatic generation of apk per download to avoid blacklisting by file hashes.” continues the analysis.

“This is a new feature. According to our monitoring, the apk samples downloaded on May 8, 2018 were all the same.”

According to Kaspersky, the recent malicious apk now implements 19 backdoor commands, including the new one “ping” and sendSms, setWifi, gcont, lock, onRecordAction, call, get_apps,

Owners of iOS devices are redirected to a phishing site (http://security[.]apple[.]com/) that mimics the Apple website in the attempt of stealing user credentials and financial data (user ID, password, card number, card expiration date and CVV number).

Roaming Mantis

The Roaming Mantis operators have recently started targeting PC platforms, users are redirected to websites running the Coinhive web miner scripts.

The level of sophistication of the operations conducted by the Roaming Mantis gang and the rapid growth of the campaign lead the researchers into believing that the group has a strong financial motivation and is well-funded.

“The evasion techniques used by Roaming Mantis have also become more sophisticated. Several examples of recent additions described in this post include a new method of retrieving the C2 by using the email POP protocol, server side dynamic auto-generation of changing apk file/filenames, and the inclusion of an additional command to potentially assist in identifying research environments, have all been added.” concludes Kaspersky.
“The rapid growth of the campaign implies that those behind it have a strong financial motivation and are probably well-funded.”

Further details, including IoCs are available in the report published by Kaspersky.

Pierluigi Paganini

(Security Affairs – Roaming Mantis, cybercrime)

The post Roaming Mantis gang evolves and broadens its operations appeared first on Security Affairs.

Malware on Google Play Targets North Korean Defectors

Earlier this year, McAfee researchers predicted in the McAfee Mobile Threat Report that we expect the number of targeted attacks on mobile devices to increase due to their ubiquitous growth combined with the sophisticated tactics used by malware authors. Last year we posted the first public blog about the Lazarus group operating in the mobile landscape. Our recent discovery of the campaign we have named RedDawn on Google Play just a few weeks after the release of our report proves that targeted attacks on mobile devices are here to stay.

RedDawn is the second campaign we have seen this year from the “Sun Team” hacking group. In January, the McAfee Mobile Research Team wrote about Android malware targeting North Korean defectors and journalists. McAfee researchers recently found new malware developed by the same actors that was uploaded on Google Play as “unreleased” versions. We notified both Google, which has removed the malware from Google Play, and the Korea Internet & Security Agency.

Our findings indicate that the Sun Team is still actively trying to implant spyware on Korean victims’ devices. (The number of North Korean defectors who came to South Korea exceeded 30,000 in 2016, according to Radio Free Asia.) Once the malware is installed, it copies sensitive information including personal photos, contacts, and SMS messages and sends them to the threat actors. We have seen no public reports of infections. We identified these malwares at an early stage; the number of infections is quite low compared with previous campaigns, about 100 infections from Google Play.

Malware on Google Play

Malware uploaded on Google Play (now deleted).

We found three apps uploaded by the actor we named Sun Team, based on email accounts and Android devices used in the previous attack. The first app in this attack, 음식궁합 (Food Ingredients Info), offers information about food; the other two apps, Fast AppLock and AppLockFree, are security related. 음식궁합 and Fast AppLock secretly steal device information and receive commands and additional executable (.dex) files from a cloud control server. We believe that these apps are multi-staged, with several components. AppLockFree is part of the reconnaissance stage we believe, setting the foundation for the next stage unlike the other two apps. The malwares were spread to friends, asking them to install the apps and offer feedback via a Facebook account with a fake profile promoted 음식궁합.

Links to Previous Operations

After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including additional plug-in dex files; this is a similar tactic to earlier Sun Team attacks. From these cloud storage sites, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs. Further, the email addresses of the new malware’s developer are identical to the earlier email addresses associated with the Sun Team. The relationship among email addresses and test devices is explained in the following diagram.

The use of identical email addresses ties the two malware campaigns to the same attacker.

About the Actors

After tracking Sun Team’s operations, we were able to uncover different versions of their malware. Following diagram shows the timeline of the versions.

Timeline of different malware versions of Sun Team.

Timeline shows us that malwares became active in 2017. Sun Team’s only purpose is to extract information from devices as all of the malwares are spywares. Malwares on Google Play stayed online for about 2 months before being deleted.

In our post of the earlier attack by this actor, we observed that some of the Korean words found on the malware’s control server are not in South Korean vocabulary and that an exposed IP address points to North Korea. Also, Dropbox accounts were names from South Korean drama or celebrities.

In the new malware on Google Play, we again see that the Korean writing in the description is awkward. As in the previous operation, the Dropbox account name follows a similar pattern of using names of celebrities, such as Jack Black, who appeared on Korean TV. These features are strong evidence that the actors behind these campaigns are not native South Koreans but are familiar with the culture and language. These elements are suggestive though not a confirmation of the nationality of the actors behind these malware campaigns.

Sun Team’s test devices originate from various countries.

Moreover, we uncovered information about the attacker’s Android test devices and exploits they tried to use. The devices are manufactured in several countries and carry installed Korean apps, another clue that the threat actors can read Korean. The exploits codes were found uploaded on one of the cloud storages used by Sun Team which are modified versions of publicly available sandbox escape, privilege escalation, code execution exploits that added functions to drop their own Trojans on victims’ devices. The modified exploits suggest that the attackers are not skillful enough to find zero days and write their own exploits. However, it is likely just a matter of time before they start to exploit vulnerabilities.

Modified exploits installing the Sun Team’s Trojan.

The most concerning thing about this Sun Team operation is that they use photos uploaded on social network services and identities of South Koreans to create fake accounts. We have found evidence that some people have had their identities stolen; more could follow. They are using texting and calling services to generate virtual phone numbers so they can sign up for South Korean online services.

Conclusion

This malware campaign used Facebook to distribute links to malicious apps that were labeled as unreleased versions. From our analysis, we conclude that the actor behind both campaigns is Sun Team. Be cautious when installing unreleased or beta versions of any app. Also, check the number of downloads to see if an app is widely installed; avoid obscure apps.

McAfee Mobile Security detects this malware as Android/RedDawn.A, B. Always keep your mobile security application updated to the latest version.

The post Malware on Google Play Targets North Korean Defectors appeared first on McAfee Blogs.

Concerned over cyber espionage, U.S. military bans sale of Chinese smartphones

Are smartphones made in China trying to spy on us? Top U.S. security officials and the Department of Defense (DoD) think it’s possible, prompting a ban on the sale of Chinese smartphones military base exchanges worldwide. All Huawei and ZTE cellphones, personal mobile Internet modems, and related products will no longer be sold by concessions at...

Read the whole entry... »

Related Stories

Mobile Menace Monday: re-emergence of a fake Android AV

Back in early 2013, a new mobile antivirus (AV) company called Armor for Android emerged into the mobile security software industry that had everyone perplexed. It seemed eerily like malware known as a Fake AV, and some even gave it that label. As a younger mobile researcher, I was one of those who gave it such a label, adding it to a list of malware detections. Shortly after, Armor for Android contacted the security company I worked for at the time and demanded their detection be removed.

As a rebuttal, I wrote a blog to fire back with evidence that there was no way this AV company could be legitimate—despite it being on Google Play. I never published that blog because I was thrown off by something that had me questioning everything: the AV company was tested by a reputable antivirus testing company. Even more off-putting, it landed a high score to receive an official certification! How could a Fake AV be certified by a respectable AV test company?

I left the blog alone and let the subject die. But recently, Armor for Android appears to have made a comeback. Let’s take a look at how they were gaming the system five years ago, and what new tricks they’re up to now.

Cheating the system

Suddenly, Armor for Android was competing with everyone else in the industry after only a couple months. But how? Simple. They were cheating. I remember vividly that the naming conventions they used to detect malware were the same as other well-received anti-malware mobile scanners. To be fair, many in the industry use similar naming conventions. However, the ones used by Android for Armor were EXACTLY the same as other companies. It was obvious they were stealing other company’s detections. But how?

Share, but don’t steal

VirusTotal is a company that everyone in the software security industry uses to share detections with the world. You can simply upload a file, even an Android APK, to virustotal.com and several antivirus/anti-malware scanners will return results. This can aid the typical user in finding out if a file is malicious. In addition, it helps point security researchers in the right direction in determining for themselves if something is malicious. What isn’t allowed is stealing directly from VirusTotal to produce your results. Not only is this against the terms of service, it is a deadly sin among everyone in the security industry.

But that is exactly what Android for Armor does. By using a network analyzer tool and running Android for Armor, you can see traffic to and from VirusTotal. The detailed data reveals that they indeed steal the detections of others. Pretty easy to do well on a test when you’re peeking over the shoulder of the smartest kids in class!

Showing their real intentions

Android for Armor could have stopped there. They had already duped Google Play. In addition, they clearly had the money to pay for an expensive test to receive certification. Instead, they decided to proceed with tactics used by other Fake AV malware. The following evidence is what I found years ago, but regrettably never published.

Back in 2013, I was playing a free game downloaded from Google Play. In exchange for the app being free, I agreed to receive non-aggressive ads, as many of us do. What I saw was a series of different links using scare tactics:

Click to view slideshow.

As a young mobile researcher, I did what all of us would have done and clicked on these links to see down which rabbit holes it would me. The first hop was this one:

Onward down the rabbit hole, I clicked Download & Scan FREE Now, and it started to download a file named Scan-For-Viruses-Now.apk (more on this app in a bit).

After the download, I landed on a known Armor for Android web page that instructs you to allow unknown sources and again to download and install an app.

Very odd for a legitimate AV company to instruct mobile users to download directly from their website rather than pointing them to Google Play.

Double chance of infection

Further analyzing the downloaded app, Scan-For-Viruses-Now.apk, it’s a version of Armor for Android that insists on a payment of $1.99 to scan the device. Check the fine print, because that ends up being $1.99 per week, or $103.48 a year. But hey, they have a certification by an AV testing form, right?

Click to view slideshow.

It appears Scan-For-Viruses-Now.apk downloads just in case you weren’t falling for the last web page asking to allow unknown sources and stating IMPORTANT! You must now INSTALL, OPEN and ACTIVATE. Also, if allowing unknown sources was disabled on your device, it would have been a last chance effort, since Scan-For-Viruses-Now.apk wouldn’t have been able to download and install. In my opinion, none of this looks like the practices of a legitimate AV company.

Re-emergence of a classic

Just a couple of days ago, an APK came into our mobile intelligence system with a different name, but very familiar set of behaviors. It was clearly a repackaged variant of Armor for Android, but this time called Android’s Antivirus.

Click to view slideshow.

Swiftly, we added a detection called PUP.Riskware.Armor.

Warning about Fake AVs

Fake AVs like the one described above have been around for a long time and come in many different forms. Some can be extremely dangerous. For legitimate antivirus/anti-malware programs to do their jobs, special permissions must be given. For instance, Malwarebytes for Android uses device administration as required to remediate nasty ransomware. As a respectable anti-malware company, you have our word that we will never use device administration rights for erasing mobile devices or other nefarious actions.  However, give those same rights to a malicious Fake AV app, and you could be in trouble.

Fake AV or legitimate

Because of the elevated permissions needed, consumers need to take extra caution when choosing a mobile antivirus/anti-malware scanner. Unfortunately, it’s often hard to tell what is a Fake AV versus a legitimate antivirus/anti-malware mobile app—especially when Fake AVs creep into Google Play and take time to create a convincing website. As a consumer, do your research to pick respectable software companies. Does the company have a deep, respectable blog (like this one)?  How long have they been around? When in doubt, you can always rely on Malwarebytes products to keep you safe from the latest threats!

Denial of entry

Although I never published that blog way back when, I did stand my ground to classify Armor for Android as a fake AV. Now, as a researcher at Malwarebytes, I continue to fight against shady fake AV companies in the mobile space. I helped detect Armor for Android as a fake Android AV years ago. I’ll do the same for any other company looking to take advantage of mobile customers. Stay safe out there!

The post Mobile Menace Monday: re-emergence of a fake Android AV appeared first on Malwarebytes Labs.

Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff

Remember prank calls? We all used to make them as kids as a way to fake out friends and classmates. The age-old tradition isn’t just exclusive to teens, however, as cybercriminals still use the tactic modern day. Only their intentions are a bit more malicious than your average middle schooler. In fact, just this week, phone scammers pretending to be from a Chinese Consulate office are tricking people in the U.S. into giving them large amounts of money.

First reported to The Verge, the Federal Trade Commission announced that it believes scammers are targeting people who have recently immigrated from China to the U.S. and have been asking these people to pick up packages or provide personal data to the “consulate staff.” Conveniently enough, this data is largely financial information. Unfortunately, the scam has seen some success, as the New York Police Department has reported that 21 Chinese immigrants have been scammed out of $2.5 million since December 21st, 2017. The majority of these victims are seniors.

This isn’t the first we’ve heard of phone scammers taking advantage of innocent people – as many out there have fallen victim to easily believable social engineering schemes such as this. Therefore, in order to avoid tricky scams like this one, be sure to follow these tips: 

  • Don’t give up your financial data to anyone other than your bank. If you receive a phone call from either a person or a recording requesting this data, remain skeptical and hang up. Then, call your official bank directly and check with them if there’s an issue you need to discuss.
  • Keep up-to-date on the latest social engineering scams. It’s important you stay in the loop so you know what scams to look out for. This means reading up the latest security news and knowing what’s real and what’s fake when it comes to random emails, phone calls, and text messages.
  • Reduce your exposure. Register your mobile phone number, as well as your home phone, on the “do not call” registry to keep your number uninvolved in the latest social engineering scheme.
  • Use an identity theft protection solution. If for some reason a scammer does compromise your personal information, it’s important to get prepared about protecting yourself against identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff appeared first on McAfee Blogs.

McAfee Safe Connect, Two Gold Award Winners of 2018 Info Security PG’s Global Excellence Awards®

On February 28th, Info Security Products Guide Global Excellence Awards presented their 2018 award winners. We are humbled to have received two golds in the Product or Service Excellence of the Year — Security Information and Website & Web Application Security for McAfee Safe Connect.

Product Overview:

McAfee Safe Connect is a VPN (Virtual Private Network) that helps users create secure online connections while using the internet.  Doing so helps our customers minimize their individual security risks and helps keep their data private – especially when connecting to a public or open Wi-Fi network. Unlike home Wi-Fi, many public Wi-Fi networks (commonly offered at cafés, airports and hotels) aren’t password-protected and don’t encrypt the user data being transmitted through. Therefore, when you connect to a hotspot, your online activities from your social media activity to your online purchase history and even your bank account credentials may be wide open to hackers. With McAfee Safe Connect, you can rest assured that your information and online activities are encrypted.

McAfee has a proven record of providing security for consumers in the digital age. To address growing concerns over Wi-Fi security, we created an award-winning VPN that would keep users’ personal information secure from online threats and unsecure networks.

McAfee Safe Connect has over 1 million downloads across Google Play and the App Store with an impressive 4.3-star rating. It is available in over 20 languages to users worldwide.

Tech behemoth Samsung also chose McAfee Safe Connect VPN for their Galaxy Note 8 – Secure Wi-Fi feature and expanded collaboration with its newly announced Galaxy S9 Smartphones.

About Info Security PG’s Global Excellence Awards

Info Security Products Guide sponsors the Global Excellence Awards and plays a vital role in keeping individuals informed of the choices they can make when it comes to protecting their digital resources and assets. The guide is written expressly for those who wish to stay informed about recent security threats and the preventive measure they can take. You will discover a wealth of information in this guide including tomorrow’s technology today, best deployment scenarios, people and technologies shaping cyber security and industry predictions & directions that facilitate in making the most pertinent security decisions. Visit www.infosecurityproductsguide.com for the complete list of winners.

We are proud of recognition given to McAfee Safe Connect, which aims to safeguard every Internet user’s online privacy. Please check out our award-winning Wi-Fi Privacy VPN product: McAfee Safe Connect.

Interested in learning more about McAfee Safe Connect and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post McAfee Safe Connect, Two Gold Award Winners of 2018 Info Security PG’s Global Excellence Awards® appeared first on McAfee Blogs.

MWC 2018: Digital and Mobile Security in the 5G IoT Era

Mobile World Congress 2018 is upon us and the big news includes the launch of a bunch of new devices, including the Sony Xperia XZ2 Compact, Samsung Galaxy S9, Sony Xperia XZ Premium 2 and Samsung Galaxy Tab S4.

In addition to these and dozens of other devices launching at this year’s event in Barcelona, we are seeing the acceleration of the trend for domestic and industrial smart devices, voice-controlled digital assistants and other internet of things (IoT) enabled smart devices.

Google, for example, is using MWC 2018 as a platform to publicise Google Assistant and the Google Home smart speaker, though one thing we still haven’t heard enough about are the many new security threats and issues surrounding new smart devices, digital assistants and IoT technologies.

Biometric Authentication, 5G Realities and IoT security

Another notable trend at MWC 2018 has been the focus from Samsung and some of the other major mobile players on improved forms of biometric authentication, with Samsung releasing a much-improved Iris Scanner as part of the new Galaxy S9 range.

It’s certainly a really positive move to see this focus on identity authentication at this year’s show, with a notable shift at this year’s event from the hype surrounding virtual and augmented reality and voice-controlled smart homes to far more realistic and practical concerns around security, biometrics and the real-world use cases of superfast 5G networking tech.

Much of the conversation around 5G, of course, is still dominated around how edge computing and low latency in 5G networks will actually translate into valuable and useable services for consumers and businesses alike.

These new 5G use cases dominated the IoT news at MWC 2018, with numerous exhibitors talking up their latest 5G IoT applications and concepts. And almost by default digital security has also become one of the hottest topics in Barcelona this year, as small developers and the major multinational mobile brands alike wake up to the fact that security is of paramount importance across the entire IoT supply chain

Evolving Digital Security for the 5G IoT Era

Firms are realising that their digital security strategy has to evolve at the same pace as the many new developments in the current buzzword bingo card such as 5G IoT, artificial intelligence (AI) and machine learning.

Failure to undertake the appropriate due diligence in these new emerging technologies open them up for significant penalties when the inevitable data breaches occur.

In addition to the focus on improving mobile handset security and raising awareness of digital security issues in the smart home, the onus for 5G network level security really needs to shift back to the telecommunications companies themselves.

The 5G Security Challenge for Telecoms

The bottom line is this: the security of 5G networks presents a fundamental challenge to the telecommunications industry at large. Something that the hype machine surrounding 5G at MWC 2018 generally fails to highlight, for obvious reasons!

The promise of 5G-enabled services in smart cities, connected cars and across the burgeoning e-health sector, for example, is clear. Yet the fact that network-wide security and security across the IoT value chain is fundamental to these types of applications and services operating safely is still too often overlooked.

Driverless cars, smart surgery and IoT applications across the manufacturing sector are good examples to cite, where digital security is crucial.

All of which is why we as an industry have to work better together – from digital security specialists through to 5G IoT app and hardware developers through to the multinational telecommunications companies themselves – to ensure that we are doing all we can to meet the security challenges and the many increasingly sophisticated attacks that are sure to come in the 5G era.

The post MWC 2018: Digital and Mobile Security in the 5G IoT Era appeared first on McAfee Blogs.

Why is the Technology Industry Shirking its Security Responsibilities?

No sooner have we had time to recover from the post-CES jet-lag in January than Mobile World Congress 2018 rolls around. These two events have cemented themselves into the mobile and consumer technology industries’ calendars as key opportunities to showcase the latest hardware and software products and services, amidst a flurry of media hype and eager expectation from early adopters worldwide. So what’s in store for the technology industry and its eager consumers in 2018?

If anything, CES this year was a little flat, with little to see in the way of real innovation. This year’s show was a year of ‘iteration’ not ‘innovation’, particularly in the IT security industry, where the conversation at the show was dominated by promises of ‘security by design’ but no real demonstration of this. I was personally very interested to find out more about the latest smart safe that was unveiled at the show, billed as “a smarter way to keep valuables safe”.

Here was a new IoT device that, if anything, surely had to have the best digital security baked into it by design, no?

Unfortunately, that particular internet-connected safe turned out to be something of a damp squib, mainly because it proved to be incredibly easy to crack open. One BBC Tech reporter reported a worrying error that failed to trigger a theft alert. We simply banged on the top of the safe and it opened. What is more remarkable is that this vulnerability is well known,  I had an issue with a smart safe of my own when the battery ran out and of course I lost my key.  One quick search on YouTube revealed banging on the top of the safe would work, and guess what… it actually did! So much for ‘digital peace of mind’…

That’s merely one example of a slightly broken product that clearly needs a little more development before it hits the market. But that single widely-publicized security snafu was, unfortunately, tellingly symptomatic of an industry-wide trend of shirking responsibility for consumers’ digital (and physical) security.

All too often, digital and mobile security is still considered to be an afterthought, by hardware manufacturers and software developers alike, which is simply no longer viable. Particularly given the context of the increasing number and sophistication of cyber-attacks on mobile devices. See, for a very good example of this, the results of McAfee’s latest Mobile Threat Report 2018 – to be released at MWC 2018 – which reveals an explosion in mobile malware and dramatic changes in the mobile landscape over the last year.

If smartphone manufacturers genuinely wish to charge consumers in excess of £1000 for handsets, and provide finance plans to fund them then simply put, we need to know they are trustworthy. Shifting the blame onto the user, rather than building adequate methods of prevention into our business models is not acceptable.

So onto Mobile World Congress 2018 in Barcelona this year, we will be making some major announcements regarding a number of strategic partnerships with some of the world’s telecoms giants, designed to keep mobile users and the data on their increasingly number of smart devices safe, both in the home and on the go.

After all, it’s not that flash £1000 phone in your pocket that the real cybercrimals are after. It’s the data that’s stored within it, that can potentially give them complete access to your bank account, your confidential business data and more. And as the number of devices we have in our homes, our bags, our cars and our offices continues to proliferate, so does the number of attack vectors that cybercriminals can use to fraudulently obtain money.

The post Why is the Technology Industry Shirking its Security Responsibilities? appeared first on McAfee Blogs.

The Future of IoT: What to Expect From Our Devices This Year

The beginning of the new year is always an exciting time for consumer technology enthusiasts. Business leaders, pioneers and forward-thinking companies gather in Las Vegas to showcase their latest devices at The International Consumer Electronics Show (CES), where next-generation innovations take center-stage and the world gets a glimpse into the future of IoT. I had the pleasure of attending CES with my colleagues this year and was blown away by the breadth of technology showcased. While the innovations stretched across many industries, I’d like to focus on the reoccurring themes in home and personal technology and how we can secure ourselves through the gadget-filled year ahead:

Smart Homes Will Become “Smarter” 

My favorite devices are the ones designed to enhance the smart home. Companies are striving to advance technology and make our lives easier in the comfort of our homes. From smart thermostats to smart assistants, there is certainly no shortage of household innovation; and companies like Google and Samsung are making strides to contribute to the smart home ecosystem. During CES, Samsung pledged to make all of its devices “smarter” by 2020, linking together all devices via its SmartThings cloud. Meanwhile, Google announced that Google Assistant will now be built in (or compatible) with a range of household products including your smart doorbell and ceiling fan.

As our homes become increasingly connected, the need to secure our internet-connected devices is critical. More IoT devices mean more points of data to attack and leverage for cybercrime. Hackers have the ability to access your personal information through connected home devices, which poses a threat to your identity. Consider using a service with built-in security to ensure every device in your home is well protected― especially the ones that often fly under the radar. Secure routers and gateways can protect all of your connected devices, even the ones without screens.

Smart Technology Will Track Your Sleep 

Technology is even changing the way we sleep, with smart sleep solutions for consumers. At CES 2018, Terraillon announced HOMNI, a device designed to help improve a user’s sleep environment. This device tracks the sleeper’s movement, sending your sleep data to a free app so that users can see how well they’ve slept. There’s nothing technology can’t solve for, including a good night’s sleep. However, when it comes to our personal data, it’s wise to be aware of how your data is being tracked or used.

As the use of connected devices in our homes and personal lives grow, so does the need for security beyond your PC or mobile phone. Many of the devices that we welcome into our daily routine aren’t equipped with proper security controls. It’s important to remember that these connected devices often run on our personal information, information such as your name, age, location –and in this case, your sleeping habits. While a sleep tracker may collect your information with the intentions of helping perfect your sleeping patterns, it has the potential to put your information in places that you might not intend. This is another example of why it’s exceedingly important to secure the connection at its source: your home.

“Ask Alexa” Will Live in Your Eyewear

Amazon Alexa has the ability to communicate with just about every connected device, so it’s no wonder that the Alexa Voice Service will have the ability to connect with your glasses soon, too. During CES, Vuzix announced that its latest pair of AR glasses, the Vuzix Blade, can communicate with Amazon Alexa. Blending augmented reality with AI assistant’s functionality, this headset acts as a fully functional computer with the ability to send email and text notifications via Bluetooth through the processing power of Android and unparalleled display.

Amazon Alexa has become a pseudo-family member in many households, offering assistance in the kitchen and even reading bedtime stories to children. To keep Cybercriminals from gaining access to your personal data , be sure you enable an extra measure of security, like setting up a PIN code for your voice command purchases.

Adding an extra layer of security to your smart devices is key to becoming an empowered consumer in today’s day and age. By taking these extra steps you’ll be able to enjoy the benefits of a secured smart home.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

 

The post The Future of IoT: What to Expect From Our Devices This Year appeared first on McAfee Blogs.

ICE in your mobile. Sounds great, but is it really a good idea?

Another Internet and Facebook chain letter you no doubt have seen. Paramedics recommend adding a contact record named ICE in your mobile phone. It stands for In Case of Emergency and helps contacting your closest relatives if you have an accident. Sounds great, but let’s take a closer look first.

This is actually not a typical hoax chain letter because it’s based on facts. The idea emerged in UK in 2005, and was indeed introduced by paramedics. It’s a novel idea with good intentions and might have worked in the era before the smartphone. But it’s badly outdated now. I sincerely hope that people start circulating updated instructions rather than the original 10 years old idea.

Here’s why.

  • First, ICE is a nice idea. But it’s NOT the primary interest of paramedics. Their job is to save your life. They are going to concentrate on that rather than playing with your gadget. But ICE-info may still come in handy later at the hospital when the dust settles a bit.
  • Knowledge of some medical conditions is important to paramedics helping a trauma patient. Persons with conditions of this kind wear special medical IDs, necklaces or bracelets, and paramedics are trained to look for them. This has nothing to do with ICE.
  • Our smartphone is a key to all our on-line accounts, e-mail, Facebook, Twitter, cloud storage, you name it. It MUST be locked with a good password, otherwise you take a huge digital risk. And that unfortunately kills the idea with an ICE phonebook record. It’s not worth leaving the phone unprotected because of the ICE-record. Don’t even consider that!
  • Sometimes good old low-tech solutions are far better than digital technology. This is one of those cases. Write the ICE info on a sticker and put it on your phone or anything you carry with you. ID papers, like your driving license, are probably the best items as they are likely to be brought with you to the hospital.
  • If you are a bit nerdy, like me, you may still want a digital solution. Check your mobile for a function or app that puts free form text on the lock screen and use it for ICE. Some phones may even have a separate ICE function for this purpose. But use it as a complement to the good old sticker, not as a replacement.

So to summarize. ICE is in theory a good idea, but not really crucial for your survival. It’s not worth sacrificing your digital safety for it. Especially when you simply need a pen and paper to create an ICE record that is more reliable, safer and easier to use!

 

Safe surfing,
Micke

 

PS. Full medical ID can also be put on the mobile’s lock screen, at least on Android and iPhone. I’m not sure if this is a good idea. A solid necklace of stainless steel somehow feels better for stuff that can mean the difference between life and death. A complement to the necklace is of course never wrong but I really hope that nobody who really needs it trust this as their only medical ID!

 

Image by Ragesoss through Wikimedia

 

The Evolution of Mobile Security

Today, I posted a blog entry to the Oracle Identity Management blog titled Analyzing How MDM and MAM Stack Up Against Your Mobile Security Requirements. In the post, I walk through a quick history of mobile security starting with MDM, evolving into MAM, and providing a glimpse into the next generation of mobile security where access is managed and governed along with everything else in the enterprise. It should be no surprise that's where we're heading but as always I welcome your feedback if you disagree.

Here's a brief excerpt:
Mobile is the new black. Every major analyst group seems to have a different phrase for it but we all know that workforces are increasingly mobile and BYOD (Bring Your Own Device) is quickly spreading as the new standard. As the mobile access landscape changes and organizations continue to lose more and more control over how and where information is used, there is also a seismic shift taking place in the underlying mobile security models.
Mobile Device Management (MDM) was a great first response by an Information Security industry caught on its heels by the overwhelming speed of mobile device adoption. Emerging at a time when organizations were purchasing and distributing devices to employees, MDM provided a mechanism to manage those devices, ensure that rogue devices weren’t being introduced onto the network, and enforce security policies on those devices. But MDM was as intrusive to end-users as it was effective for enterprises.
Continue Reading

IAM for the Third Platform

As more people are using the phrase "third platform", I'll assume it needs no introduction or explanation. The mobile workforce has been mobile for a few years now. And most organizations have moved critical services to cloud-based offerings. It's not a prediction, it's here.

The two big components of the third platform are mobile and cloud. I'll talk about both.

Mobile

A few months back, I posed the question "Is MAM Identity and Access Management's next big thing?" and since I did, it's become clear to me that the answer is a resounding YES!

Today, I came across a blog entry explaining why Android devices are a security nightmare for companies. The pain is easy to see. OS Updates and Security Patches are slow to arrive and user behavior is, well... questionable. So organizations should be concerned about how their data and applications are being accessed across this sea of devices and applications. As we know, locking down the data is not an option. In the extended enterprise, people need access to data from wherever they are on whatever device they're using. So, the challenge is to control the flow of information and restrict it to proper use.

So, here's a question: is MDM the right approach to controlling access for mobile users? Do you really want to stand up a new technology silo that manages end-user devices? Is that even practical? I think certain technologies live a short life because they quickly get passed over by something new and better (think electric typewriters). MDM is one of those. Although it's still fairly new and good at what it does, I would make the claim that MDM is antiquated technology. In a BYOD world, people don't want to turn control of their devices over to their employers. The age of enterprises controlling devices went out the window with Blackberry's market share.

Containerization is where it's at. With App Containerization, organizations create a secure virtual workspace on mobile devices that enables corporate-approved apps to access, use, edit, and share corporate data while protecting that data from escape to unapproved apps, personal email, OS malware, and other on-device leakage points. For enterprise use-case scenarios, this just makes more sense than MDM. And many of the top MDM vendors have validated the approach by announcing MAM offerings. Still, these solutions maintain a technology silo specific to remote access which doesn't make much sense to me.

As an alternate approach, let's build MAM capabilities directly into the existing Access Management platform. Access Management for the third platform must accommodate for mobile device use-cases. There's no reason to have to manage mobile device access differently than desktop access. It's the same applications, the same data, and the same business policies. User provisioning workflows should accommodate for provisioning mobile apps and data rights just like they've been extended to provision Privileged Account rights. You don't want or need separate silos.

Cloud

The same can be said, for cloud-hosted apps. Cloud apps are simply part of the extended enterprise and should also be managed via the enterprise Access Management platform.

There's been a lot of buzz in the IAM industry about managing access (and providing SSO) to cloud services. There have even been a number of niche vendors pop-up that provide that as their primary value proposition. But, the core technologies for these stand-alone solutions is nothing new. In most cases, it's basic federation. In some cases, it's ESSO-style form-fill. But there's no magic to delivering SSO to SaaS apps. In fact, it's typically easier than SSO to enterprise apps because SaaS infrastructures are newer and support newer standards and protocols (SAML, REST, etc.)

My Point

I guess if I had to boil this down, I'm really just trying to dispel the myths about mobile and cloud solutions. When you get past the marketing jargon, we're still talking about Access Management and Identity Governance. Some of the new technologies are pretty cool (containerization solves some interesting, complex problems related to BYOD). But in the end, I'd want to manage enterprise access in one place with one platform. One Identity, One Platform. I wouldn't stand up a IDaaS solution just to have SSO to cloud apps. And I wouldn't want to introduce an MDM vendor to control access from mobile devices.

The third platform simply extends the enterprise beyond the firewall. The concept isn't new and the technologies are mostly the same. As more and newer services adopt common protocols, it gets even easier to support increasingly complex use-cases. An API Gateway, for example, allows a mobile app to access legacy mainframe data over REST protocols. And modern Web Access Management (WAM) solutions perform device fingerprinting to increase assurance and reduce risk while delivering an SSO experience. Mobile Security SDKs enable organizations to build their own apps with native security that's integrated with the enterprise WAM solution (this is especially valuable for consumer-facing apps).

And all of this should be delivered on a single platform for Enterprise Access Management. That's third-platform IAM.

Is MAM Identity and Access Management’s next big thing?

Mobile Application Management is making waves. Recent news from Oracle, IBM, and Salesforce highlight the market interest. It's a natural extension of what you've been hearing at Identity trade shows over the past few years (and this year's Gartner IAM Summit was no exception). The third platform of computing is not a future state. It's here. And Identity and Access solutions are adapting to accommodate the new use case scenarios. ...onward and upward.

[Update - interesting discussion of the IAM technology stack for mobile by SIMIEO]