Category Archives: smartphones

Kaspersky Lab official blog: Mobile beasts and where to find them — part one

In recent years, cybercriminals have been increasingly fixated on our phones. After all, we never part company with our smartphones; they are our primary means for storing personal docs and photos, communicating, and taking pictures. We even use them as tickets and wallets, and much more besides.

They also store oodles of valuable data that can fetch a handsome reward in certain quarters. And mobile devices are excellent for other malicious purposes as well. So there’s no shortage of smartphone malware out there.

Last year we caught 42.7 million pieces of malware on smartphones and tablets. For this series on mobile malware, we divided them into several types according to purpose and behavior. In part one, we look at three fairly common types.

 

Adware: Ad clickers and intrusive banners

 

One of the most common types of mobile infection comes in the shape of adware. Its task is to increase the number of clicks on online banners either automatically or manually (by exploiting users). Some just show you unwanted advertising.

In the first case, you don’t even see the ad, but the clicker uses up your smartphone’s resources, including battery charge and data. The infected smartphone dies in just a few hours, and the next bill may hold an unpleasant surprise.

The second type of adware replaces online banners with the ones of its own, and drowns the user in so many ads that, like it or not, they end up following some links. In many cases, the flow of spam is so overwhelming that the device becomes impossible to use — everything is smothered with ad banners.

Some malware also collects information about your online habits without asking. This data then ends up in the hands of advertisers, who use it to fine-tune their advertising campaigns. What’s more, banners can link to malicious sites where your device might pick up something even worse.

 

SMS and Web subscribers

 

The second type of malware we discuss today is subscribers, also known as Trojan clickers. Their job is to steal data from your mobile account, where thievery is much simpler because it bypasses card numbers, which tend to be under tighter guard. The funds flow out through WAP or SMS billing, and in some cases through calls to premium numbers at the victim’s expense.

See here for details of what WAP is and how cybercriminals exploit it. To take out a paid subscription in your name, all the WAP clicker needs do is click on the relevant button on the site. SMS malware requires permission to send messages, but many users give it to any app without a second thought. Programs that waste your money on IP telephony have a slightly harder task: They have to register an account with the service.

A striking example of a subscriber is the Trojan Ubsod. This pest is a WAP specialist. To conceal its activity for as long as possible, it deletes all SMS messages containing the text string “ubscri” (a fragment of the word “subscribe” or “subscription”). Moreover, it can switch from Wi-Fi to mobile Internet, which is required for WAP operations.

Fortunately, getting rid of unwanted subscriptions isn’t complicated; all subscriptions are displayed in the user’s personal account on the operator’s website. There, you can delete them and even forbid new ones from being linked to the phone number (though in some cases such a block can be imposed only temporarily). The main thing is to notice money leaking from your account as early as possible to prevent a deluge.

 

SMS flooders and DDoSers

 

These two categories combine malware that instead of downloading, sends data — lots of data! And they do it on the sly without requesting permission. Scammers are able to make a pretty penny from ruining other people’s lives at your expense.

As such, SMS flooding is often used by hooligans to tease their victims or disable their devices. A user can willingly install a flooding app on his or her device to swamp their enemies with thousands of SMS messages. But many go further and try to send messages at others’ expense, surreptitiously planting the malicious app on the devices of unsuspecting owners.

DDoSers are able to overwhelm not only smartphones, but also far more powerful devices and even major online resources. Cybercriminals do so by combining infected gadgets into a network, known as a botnet, and bombarding a victim with requests from it. Incidentally, clickers can also act as DDoSers when trying to open the same Web page countless times.

Both flooders and DDoSers try to use your smartphone to harm third parties. But you too will suffer from the load on your device’s battery and processor, not to mention your wallet. Typically, such programs are not widely distributed, but in July 2013, the SMS flooder Didat made it into the Top 20 malicious programs sent by e-mail.

 

The further you get, the harder the going

 

To be honest, the types of mobile miscreants we’ve covered today are small fries. At worst, they’ll siphon off a bit of cash from your phone account and frazzle your nerves. In any event, many of them are easy to detect and remove with the help of antivirus software.

In the chapters to come, we’ll discuss some villains higher up in the pecking order. Keep track of updates and remember the rules of mobile security:

  • Don’t install apps from third-party sources, or better still, block them in the operating system settings!
  • Keep your mobile OS and all installed apps updated to the latest versions.
  • Protect all of your Android devices with a mobile antivirus solution
  • Regularly check the list of paid services in your personal account with your mobile operator and disable anything that you didn’t subscribe to yourself. If you see a subscription you don’t recognize, immediately scan the entire device for viruses.
  • Always read the list of permissions requested by an app, and grant only what’s absolutely essential.


Kaspersky Lab official blog

Samsung doesn’t have to offer updates for phones older than two years

Dutch consumer protection organization Consumentenbond took Samsung Netherlands to court, arguing that the company should provide updates and upgrades for their telephones “within one month after these become available, for a period of four years after the introduction to the market and/or two years after the time of the sale.” Consumentenbond also asked the court to order Samsung to inform consumers “clearly and unambiguously” of its policy on updates and upgrades with regard to each … More

The post Samsung doesn’t have to offer updates for phones older than two years appeared first on Help Net Security.

8 Easy Ways to Hack-Proof Your Family’s Smartphones

Smartphones have changed the face of parenting in profound ways. But for all the efficiency they’ve introduced into family life, those same devices simultaneously bring risk.

With smartphone and tablet use growing at ten times the rate of PCs, hackers know precisely where to shift their focus these days. Cyber thieves love smartphones because once inside, they can access private information, location, email, photos, social media, and bank accounts.

If you’re a parent, a smartphone breach is an even bigger deal. Shoring up the security gaps in your phone isn’t a big deal but what about the other four or more smartphones under your roof? If you were to multiply the risk, you’d soon realize the potential havoc that’s looming.

While you can’t shut out every digital risk, you can tackle the most prominent ones. Let’s get started!

8 Ways to Hack-Proof Your Family’s Smartphones

  1. Think Like a Criminal. Work a potential hack backward. Look at every possible entryway into your phone and ask yourself, “How could I get into this phone if I were determined?” Then, methodically lock up each digital door. Challenge yourself to find every security gap. Examine your password strength, social profiles, web browsing security, general and app settings.
  2. Juice Up Your Password. How do you create a password that a criminal can’t hack? With great intention and a few extra layers. 1) Avoid the common error of using easy passwords such as “12345” or “password.” Get complex and create a combination that isn’t logical. 2) Use multi-factor authentication (MFA). Having multiple factors to authenticate your phone use such as your fingerprint, face, or a trusted device, increases security. Most smartphones offer MFA so, even if it seems tedious, use it. The more factors — or digital layers — you can combine, the more protected your smartphone will be. Too many passwords crowding your brain? Consider a password manager.
  3. Trust No App. Not all apps you download to your phone are created equal. Many third-party apps do not go through rigorous security vetting of Google or Apple. Hackers can infect apps with malware or viruses that demolish your phone’s security and allow hackers access to your data. Beware. Examine all apps, read reviews, and steer clear of apps that ask for too much access. Even legitimate apps can be used for malicious purposes such as listening in via a phone’s microphones and even spying using a phone’s camera. To pull back an app’s access, just go to your settings. On Android: Go to Apps and Notifications, choose App Permissions and make changes. On iOS: Go to your settings, select Privacy, and make changes to app permissions accordingly.
  4. Passcode, Track Your Phone. Be proactive in case your phone gets stolen or lost. Make sure your device is passcode and fingerprint protected. Take a few minutes to enable phone tracking. For Android, you’ll download the app Find My Device and for Apple use Find My iPhone. Make sure those apps are always enabled on your phone. If your phone is lost or stolen it can be tracked online.
  5. Log out, Lock Online Services. If you bank, shop, or access sensitive accounts via your smartphone do it with extreme care. This means logging out and locking those accounts when not in use and avoiding using auto-login features. Instead, use a password manager app the forces you to re-enter a master password each time you want to access an account. It’s worth the extra step. An essential part of this equation is disabling keychain and auto-fill in your browser. You can do this by finding your web browser in Settings and toggling each option to OFF. Also, avoid using public Wi-Fi for accessing sensitive accounts or conducting any transactions.
  6. Turn Off Bluetooth. Bluetooth carries inherent vulnerabilities and is another open door for hackers to enter. When Bluetooth is turned on it is constantly looking for other open connections. Hackers work quickly through open Bluetooth connections, and often victims don’t even know there’s been a breach (there’s no evidence a phone has connected with a criminal source). Make sure to switch Bluetooth off if you are not using it.
  7. Take Updates Seriously. Because people design phones, phones will be flawed. And, it’s just a matter of time before a hacker discovers and exploits those flaws. Developers use updates to combat all kinds of breaches, which make them critical to your phone’s security. Along with staying on top of updates, consider the added safeguard of antivirus, identity, and privacy protection that covers all family devices.
  8. Stop! Don’t Click that Link. Unless you are 100% sure of the legitimacy of a link sent to you through text, email, or direct message, do not click it. Random links sent by hackers to access your data are getting more and more sophisticated as well as destructive.

 

toni page birdsong

 

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures). 

The post 8 Easy Ways to Hack-Proof Your Family’s Smartphones appeared first on McAfee Blogs.