Android Vulnerability Gives Unwanted Permissions To Malicious Apps

March 24th, 2014

Android smartphone

Regardless of what mobile operating system you use, there’s bound to be some security flaws. The latest issue is a way for malicious apps on Android devices to receive elevated privileges without a user’s knowledge. Adrian Kingsley-Hughes of ZDNet reports on these so-called “Pileup flaws”.

Pileup is short for privilege escalation through updating, which adequately describes this type of attack.

Each time an update for a device’s current operating system is installed, which can be as often as every few months, a user is at risk. Updates require thousands of files to either be replaced or added to a device. This includes carefully adding new apps without damaging or changing any existing apps. This method creates a vulnerability.

If an existing app is malicious in nature, it’s developer can request additional permissions that are only available in an updated operating system. Those permissions won’t affect users before they update and an app may seem legitimate. Once the user updates, however, those permissions are automatically granted with no warning or verification required from the user.

This way, an app can lay dormant until the user updates, then take control of a device. With expanded privileges, malicious apps can control text messages, download malware and monitor activity.

In a similar attack, malicious apps with the same name as a trusted system app can be upgraded to a system app during an update. This gives malicious third party apps the power to access nearly everything on a device and control functions.

Researchers claim to have found six examples of Pileup vulnerabilities in Android devices, which puts about a billion total devices at risk. Google has been alerted about these vulnerabilities and has already begun patching them.

Discoveries like this reinforce how important it is to exercise caution when downloading apps. Only download from the official app store and, even then, be cautious about what you decide to add to your device.

If your device has been infected with malware or you’re having other issues, bring it to Geek Rescue or call us at 918-369-4335.

Report Finds That Almost All Applications Contain Security Issues

February 20th, 2014

Laptop, tablet and smartphones

Nearly every day, news stories are written about security vulnerabilities being patched or exploited. Most users believe that if they keep their applications updated, they’ll be safe from attacks. While it’s true that regular updates do eliminate some vulnerabilities in applications, they don’t take the possibility of a successful attack away completely. As Mark Wilson reports for Beta News, security firm Cenzic recently published its Application Vulnerability Trends Report and found that 96-percent of all applications contain security issues.

Not only does nearly every application being used have security flaws, but also the media number of flaws per application is 14. So, it’s likely that even up to date, well-patched applications still have vulnerabilities that would allow for successful attacks.

The good news is that this grim news is actually an improvement over last year’s report. In 2012, 99-percent of tested apps displayed security flaws. However, the media number of flaws per application was 13.

Mobile users specifically also have the concerns of what downloaded apps are allowed to access. Cenzic found that 80-percent of mobile apps had excessive privileges, which means they’re able to access data they shouldn’t need or are capable of controlling features they shouldn’t be able to.

The takeaway for users is that even a well-secured network, computer or mobile device can be undone by an insecure application. For example, many of the attacks on Apple devices stem from apps with vulnerabilities that have been added to an otherwise secure environment. These vulnerabilities open the door for attackers to access data and remotely control devices.

For businesses, this means that a renewed investment in security is likely needed. If applications your company regularly relies on are likely to contain security vulnerabilities, data needs to be protected in other ways, like encryption.

This also introduces concerns about employees bringing their own devices into the workplace. Apps on those devices that aren’t even used for business could contain flaws that allow attackers onto your network.

To find out how to better protect your data, call Geek Rescue at 918-369-4335.

Five Helpful Chrome Extensions For Tab Browsing

February 18th, 2014

Couple on laptops in awe

Google Chrome is the most used web browser around, but many users don’t know half of its capabilities. Howard Wen of CIO looked specifically at the tools available for Chrome’s tabs that most don’t know about. Here’s a list of some helpful tab tricks and extensions.

  • Auto Refresh

It may not happen everyday, but there are times when you find yourself constantly refreshing a page. For those times, Chrome can help with the addition of an extension. There are multiple options, but all allow you to set a timer then sit back and let Chrome refresh regularly on its own.

  • Split Screen

Many Windows users already have the option of splitting the screen between two windows, but with the Split Screen extension for Chrome, you can display two websites in the same tab. There are multiple reasons why you’d want to or need to use split screen, but there’s one drawback. You have to enter the URLs of the sites you want to display manually, so there’s no option to quickly load favorites.

  • Tab Resize

In the same vein as split screen is this extension that allows for even more customization. Tab Resize allows you to rearrange and resize up to four different Chrome windows so they all display on your screen at the same time. You can use the options that come with the extension, or make your own template for where tabs should go and how they should be sized.

  • The Great Suspender

The problem many of us encounter when using tabs to browse is that you end up with so many tabs open that it begins to hurt your systems performance. More tabs require more memory, which can eventually make your computer sluggish. To solve this problem, The Great Suspender, and other similar extensions, allows you to automatically suspend a tab that you haven’t used in awhile. This way, the tab won’t be using memory, but can be easily re-opened when you need it.

  • Project Tab Manager

If you’re forced to abandon a project before you’re finished, but need to save all of your open tabs so you can pick back up later, you need the Project Tab Manager extension. This allows you to save all the open tabs in one click as bookmarks under a single folder that you name. There are similar extensions that save groups of tabs together so you can return and open all of them at once, or one at a time.

Chrome extensions add exceptional capabilities to the browser, but many users aren’t aware of them and don’t use them. It’s worth your time to head the the Google Web Store and look around for potentially helpful apps and extensions.

If you’re having issues with your computer or internet that an extension doesn’t solve, call Geek Rescue at 918-369-4335.

Google Play Hosting Malicious Apps That Cost You Money

February 17th, 2014

Android smartphone

It’s become well-known that more threats exist for Android users than exist for users of Apple devices. One of the reasons that malware often targets the Android operating system is because of the relative insecurity of the app store, Google Play. Malicious apps have repeatedly infiltrated Google Play and infected users. According to a post at GMA News, a number of malicious apps are currently available through the app store and they’ve already infected more than 300-thousand users.

Though the names of specific apps aren’t named, there are believed to be a number of apps responsible for malware infections. These apps typically pose as legitimate versions of other apps, or as different versions of popular, or trendy, apps. Most recently, the game Flappy Bird, which was taken out of app stores, has spawned a number of malicious copycats.

When a user mistakenly downloads one of these malicious apps, it steals the users phone number and uses it to sign up for a premium SMS service. This ends with additional fees being included on a user’s monthly bill. The attacker likely receives some sort of commission for bringing additional users to the service.

Part of this process involves the malware intercepting messages sent to a user’s smartphone and sending messages without the user’s knowledge. Because the premium service needs confirmation before it can begin to charge you, the malware must intercept the confirmation message containing a PIN, then send a message back with that PIN.

To gain access to a user’s phone number, the malware uses a vulnerability in the popular messaging app, WhatsApp. Even though users without WhatsApp could become download a malicious app and be infected, it’s not clear if the malware would have the same capabilities.

To avoid downloading an app that will infect your smartphone, be sure to carefully read the permissions the app requires. These malicious apps clearly state in their permissions that they read text messages and need a connection to the internet. While some apps needs those permissions legitimately, most do not. If an app asks for permissions they shouldn’t need, it’s best to avoid downloading.

If your smartphone is infected by malware, bring it to Geek Rescue or call us at 918-369-4335.

Four Ways Your iPhone Is Vulnerable To Attack

February 13th, 2014


In Cisco’s Annual Security Report, they claim that 99-percent of mobile malware targeted Android in 2013. Whether or not that’s completely accurate, it’s safe to say that more threats exist for Android users than their iOS counterparts. That doesn’t mean, however, that security shouldn’t be a concern for iPhone users. As Tom Brewster of The Guardian reports, there were 387 documented security flaws in iOS in 2012 compared to only 13 for Android. When iOS debuted, another 70 flaws needed to be patched. The existence of flaws doesn’t mean attacks on them are inevitable, but it does illustrate how vulnerable iOS users are. Here are a few ways attackers could attack Apple devices.

  • Apps

Even if the base of iOS itself isn’t vulnerable to attacks, the apps that users add often are. One prominent flaw is the allowance of developers to switch the internet address that apps use to acquire data. Hackers are able to exploit this flaw and associate an otherwise legitimate app with their own malicious site. This allows the attackers to execute a variety of malicious actions on a user’s device.

  • App Store

Legitimate apps often contains security vulnerabilities, but there’s only been one documented case of a malicious app being allowed into the official App Store. That likely won’t be the case for long, however. Researchers have already demonstrated ways for a harmful app to be approved by Apple and earn a spot in the app store. One demonstrated app works legitimately when tested by Apple, but is able to rearrange its code when it’s downloaded by users to steal data and remotely control certain functions of the the device.

  • Public Networks

Insecure WiFi opens up a number of possible attacks, regardless of what device you’re using to access it. Not only does data being sent to and from your device become vulnerable, but data stored insecurely on your device could also be vulnerable to an attack. While these dangers aren’t limited to iOS users, the perceived security of Apple devices often leads to iPhone users being more cavalier in the use of their device, which can lead to valuable data being stolen with little effort.

  • Fake Certificates

This is another threat that isn’t limited to iOS, but certainly is a threat worth understanding. The use of fake, or stolen, security certificates is a growing trend in cyber attacks and allows for malicious programs to be accepted and executed. For example, an email that appears to be from a legitimate source asks users to download an application, update or even just a document. Without a trusted certificate, users would be warned about the download. With a false certificate, or one stolen from a legitimate source, an application is accepted as trusted by the operating system and malware is allowed to infect your device.

Protecting against these vulnerabilities often requires users to be more careful about how they use their devices. Understanding that your iPhone isn’t completely immune from common threats is important.

If you find that one of your devices has been infected by malware, call Geek Rescue at 918-369-4335.



Leaked Windows 8.1 Update Reveals New Features

February 3rd, 2014

Windows 8 on device

A planned update to the Windows 8.1 operating system is planned to be released in March, but an early, unfinished version has already leaked online. As Wayne Williams of BetaNews reports, this leaked version reveals many features the official update will offer to users.

  • Pin apps to taskbar

Many experts surmised this would be part of the official update and it appears they were correct. Any app downloaded from the official Windows Store can now be pinned to the taskbar. To do so, users only need to right click on the app, or holding down on it if you are using a touchscreen, then select “pin to taskbar”. You can also set Windows to display all currently running apps on the taskbar.

  • New Buttons

On the Start screen, next to your username, this update includes two new buttons. First, a search button allows for easy access to the search function. The second is a Power button. From here, you can shut down or restart. You can also put your computer to sleep.

  • App options

Those using a mouse can right click apps and have access to a menu full of options. Pin or unpin from the Start screen or taskbar, resize its tile or uninstall completely. There’s also now an alphabetical view on the Apps screen that allows you to filter apps by letter. Any app that comes from the official Windows Store now has a title bar to make it easier to minimize, close or rearrange those windows. Also, for the first time you can access the taskbar even while running an app.

One popular rumor was that part of the official update would make booting to the desktop the default behavior, but that isn’t reflected in the leaked version. There’s still a chance that the official update will include that change, however.

Regardless of what operating system you use, when your computer has issues, bring it to Geek Rescue or call us at 918-369-4335.

Tablet Showdown: Kindle Fire HDX Versus Apple iPads

January 29th, 2014


About a third of Americans over the age of 18 own a tablet. That kind of wide spread adoption means there’s always a large portion of people in the market for a new device. The most popular options are generally regarded as the Apple tablets, but Amazon’s offering of the Kindle Fire has gained a fair share of the market. At Gizmag, Will Shanklin pitted the Kindle Fire HDX 8.9 against both the iPad Air and the Retina iPad Mini. Here are the results.

  • Hardware

The first thing most consumers look at when buying a tablet is screen size. These three represent the full range of options. The iPad Mini at 7.9-inches is the smallest of the bunch. The Kindle Fire HDX offers an 8.9-inch screen, while the iPad Air is a full-size 9.7-inches. While each offers high resolution displays, the Kindle is actually the sharpest. It features 339 pixels per inch, compared to 326 on the iPad Mini and 264 on the iPad Air. The nod also goes to the Kindle for color accuracy.

In the actual construction of the tablets, the Apple products boast that familiar anodized aluminum, while the Kindle is matte plastic.

All three devices feature typical battery life of about nine to ten hours, which is outstanding. And all three feature powerful processors that are more than capable of handling your typical uses.

  • Software

The most notable difference between these tablets is the app store. While the Apple tablets have the largest selection of apps, the Kindle suffers a bit from limited selection. Amazon’s Appstore features fewer options than Google Play, but for most users that won’t be a big issue. All the most popular apps, like Facebook, Twitter, Netflix, Candy Crush and Angry Birds are available. The advantage for Kindle adopters is the inclusion of the Mayday button, which allows you to instantly connect with a customer service representative. Don’t worry, while you can see them, they only see your screen.

Apple users will have Siri and those other familiar services all starting with ‘i’. There are also Google services apps available that aren’t for the Kindle.

  • Price

The cost of each device will make the decision for many users. The Kindle Fire HDX is the cheapest retailing at $380 for the 16 GB model. The 16 GB Retina iPad Mini starts at $400 and the iPad Air at $500. You’re getting a top of the line tablet with any of these choices, but that’s understandably not always worth the money.

Regardless of what tablet you choose, Geek Rescue fixes it when you have problems. For malware, software or hardware issues, call us at 918-369-4335.

Three Ways To Reduce IT Costs

January 16th, 2014

Scissors cutting 'Costs'

Regardless of the size of your business, there’s never enough money in the budget for IT needs. It’s important to save where you can in order to invest in vital elements like security. At The Accidental Successful CIO, Dr. Jim Anderson published some ways you can reduce software costs.

  • Asset Management

The worst way to waste money is to spend it on something you don’t use. Unfortunately, many companies are doing this everyday. There are likely a number of applications vital to your business and the more software you need, the easier it is to lose track of them. A recent study revealed that almost a third of all companies have software that is either unused or underdeployed. This is money down the drain. By creating a more effective asset management plan, you can save money by getting the most out of software you’ve already paid for and avoiding applications you don’t need.

  • Software Vendors

It’s important to choose your vendors carefully. You aren’t just buying their software, you’re buying their service. If you can’t rely on them to pick up the phone when there’s a problem or to deliver on their initial promises, it’s not worth the money. Good vendors will be able to offer you a solution that fits your needs exactly with no excess costs. Ill fitting solutions end with you paying more each month than you need to. Make sure you hold your vendors accountable and get what you’re paying for.

  • Look For Alternatives

At the end of the day, you’re running a business, which demands you save money where you can. Being overly loyal to one application or vendor could be costing you money. There are very few products that have no direct competition and while it isn’t always the right choice to use the cheapest option, you should at least explore which is right for you. You can even talk about your needs with your current vendors. If they know you’re looking for cheaper alternatives, they may be willing to give you a better deal to keep you as a customer, or they may be able to offer you an alternative to software you’re getting elsewhere.

These three tips can save your company big money in the long run. If you’d prefer to take all of the issues and concerns of IT management out of your hands, call Geek Rescue at 918-369-4335. We have all the knowledge and service required to be your on-call IT department.

Chrome App Diagnoses Internet Issues For You

January 13th, 2014

Woman looking at 'connection failed' warning

There are few experiences more frustrating than when you can’t connect to the internet or your connection is unbearably slow. Almost everything we do, whether for work or in our free time, requires an internet connection, which makes not having one painful. There are a few tools available to help you diagnose internet connectivity problems, but, as Alan Henry of LifeHacker reports, few are as simple and easy to use as the Connectivity Diagnostics app for Google’s Chrome web browser.

As frustrating as a lack of internet can be, perhaps even worse is not knowing what’s causing your outage. That’s why diagnostic apps like this one are so handy. Whether the issue is with your computer, router, network, or service provider, the Connectivity Diagnostics app finds it so you can fix it.

Unlike other similar applications, the Connectivity Diagnostics app doesn’t require any additional software installed to run. It works through Chrome and is completely free. To find the cause of your internet problems, it can check for an active connection, attempts to contact your DNS server, checks for firewalls blocking your connection or pay-portals, tests for DNS resolution delays and tests for network delays. Each test returns additional information on whether it was successful or not to help you pinpoint the problem.

This isn’t an enterprise level application, but it’s perfect for individual users. Because it’s simple to use, you don’t even need to be tech-savvy to diagnose your connectivity issues.

If your computer is having problems you can’t solve, call Geek Rescue at 918-369-4335.

The Biggest Security Risks For Android Users

December 9th, 2013

Risk on smartphone

Worldwide, Android is actually the more popular choice for smartphones than Apple devices. But, security issues are a common complaint of users and a common reason many opt for Apple instead. Bob Violino of InfoWorld reports that these concerns over security are mostly overblown, but points out the two risks that exist for all Android devices.

  • Google Play

The Android version of the App Store is Google Play. It’s a marketplace where users can download all kinds of apps. But, it’s regarded as much less protected than Apple’s App Store. The nature of Android is that it’s open for development. This encourages new, innovative apps and features to be developed, but also allows for malicious apps to find their way into the marketplace. Many apps ask for more permissions than they need, even if they aren’t actively malicious. Performance issues and data loss are often attributed to a bad app. Because Google Play does not set up enough precautions to keep malicious apps out, it’s a legitimate concern for Android users.

  • Fragmentation 

In the context of the Android platform, fragmentation refers to the many different manufacturer’s and versions of the Android operating system that are currently running on users’ devices. Unlike Apple’s iOS that is consistent for all users, manufacturer’s are able to tweak and alter Android specifically for their devices and aren’t forced to roll out updates once they become available. The result of this is that outdated versions with security flaws are allowed to run, which is a danger to users and to any network they connect to. The majority of Android users are running out of date versions of the operating system. This poses a significant threat to businesses who allows employees to use their own devices on the company network.

The Google Play store and fragmentation are both legitimate concerns for security with Android. For individual users, being more cautious about what apps you download and being proactive about updating your device’s operating system both help to overcome these problems. For businesses, a robust compliance policy, an end to support for older versions of Android and other security provisions allow your company to use Android devices without as many security issues.

For help securing a device or a network, or to fix an existing problem with a device, come by or call Geek Rescue at 918-369-4335.