Security Flaw Discovered In iOS Apps

October 31st, 2013

Smartphone unlocked

There have been relatively few true threats to the security of iPhones compared to the amount of malware being produced for Android. A serious threat has recently emerged, however. Antone Gonsalves, of Network World, reports that a team of security experts uncovered a vulnerability in a large number of iOS apps. The flaw allows for a third party to intercept data and then send their own directly onto a user’s device.

The team is calling it “HTTP Request Hacking” because it allows hackers to intercept HTTP traffic between the app and server. The hacker can then tell the app to retrieve data from a different server, which usually involves putting malicious links on your iPhone and iPad. This method is particularly effective for news apps because the hackers can put fake links in the news stories, which cause malware to be downloaded when clicked.

Once a hacker gains control of the app, they can continue to send whatever data they want until the app is updated to close the security gap, or removed completely.

There is such a large number of affected apps that the security team couldn’t contact all of them directly. Instead, they opted to spread the word through the media. The vulnerability only affects apps using an HTTP connection. Most high quality apps use the more secure HTTPS connection.

There’s code available to fix the problem, but it’s much easier to just remove the app. If it’s using an HTTP connection, you probably shouldn’t be using it anyway.

This particular security flaw was specifically found for iOS and while it hasn’t been tested on Android, security experts note that it’s likely that would affect those users as well.

If you believe you have malware infecting any of your devices, come by or contact Geek Rescue at 918-369-4335. We will fix your phone, tablet or computer and help make sure you’re prepared for the next malware attack.

Rumors And Speculation About The Samsung Galaxy S5

October 30th, 2013

Samsung user

The release of any new Apple product always dominates headlines, but it’s Samsung who’s captured the interest of the tech-savvy crowd most recently. Though it’s not due out for at least another 3 months, the Samsung Galaxy S5 is already being hailed as the next big thing in smartphones. Simon Hill, of Digital Trends, covered all of the rumors about the Galaxy S5 in his recent blog post.

  • Metal Chassis

The Galaxy line of smartphones have traditionally been made of plastic, which some users complain makes them feel cheap. Rumors suggest Samsung may have listened to those critics and could be releasing the S5 with a magnesium, aluminum or carbon fiber design. However, others have suggested that the Galaxy F will get the metal case, while the S5 will a “faux leather polycarbonate” similar to the Samsung Note 3.

  • Tops In Performance

Samsung’s mobile head has promised “64-bit processing functionality”, which means it will at least match the iPhone 5S. Many experts have suggested that the Galaxy S5 will also include “at least 3GB of RAM”. Samsumg is actually already producing 4GB LPDDR3 mobile DRAM so that’s seen as a possibility also.

  • New Biometrics

The iPhone 5S made a splash with its new fingerprint scanner included to enhance security. The Galaxy S5 could be making a similar splash by introducing an eye scanning sensor. This is probably the most unsubstantiated rumor about the S5, but given Apple’s foray into biometrics, Samsung will likely try to keep up or surpass them. Officials from Samsung have already denied that they’re working on a fingerprint scanner, but an eye scanner remains in play.

  • An Upgraded Camera

Initially, rumors suggested the Galaxy S5 would get a 13-megapixel camera, which would match the camera included in the S4. Now, it seems Samsung could upgrade the camera to a 16-megapixel sensor, which they will produce themselves. The camera would also include technology that would greatly improve low-light performance.

  • Waterproof

In June, Samsung released a variant of it’s latest flagship smartphone called the Galaxy S4 Active. The Active version promised to be both waterproof and dustproof. It stands to reason then that the Galaxy S5 will be both waterproof and dustproof right out of the box.

Most estimate the Galaxy S5 will be released in the spring with March or April matching Samsung’s usual release cycle. That leaves months of speculation left.

Whether you jump on the latest and greatest smartphone, or stick with a trusted older version, Geek Rescue in Tulsa handles repairs. Bring your devices by for fast and friendly service, or call us at 918-369-4335.

Keys To Preventing Identity Theft Online

October 25th, 2013

Identity Theft stats infographicvia Experian

Identity theft is a real and costly threat. Even though it’s well publicized, many Americans fail to take the necessary precautions to prevent it and some even take actions that make it easier for criminals to steal valuable information.

As the included infographic notes, most Americans believe they’re doing enough to protect themselves online, but most also feel that they are at a significant risk of having their identity stolen. This may stem from a prevailing belief that there is no way to be completely secure. While that is true to an extent, there are certainly some steps every individual can, and should, take to protect their information.

  • Create stronger passwords using upper and lowercase letters, symbols and numbers. Then, use a different password for each online account.
  • Don’t post personal identifiable information like your birthdate, employer and education on social media. If you do, make sure you’re able to hide it from most users behind privacy settings.
  • Add security to mobile devices. Require passcodes to use smartphones and tablets and install security apps.
  • Before making any transaction online, check to see if the website is trusted and secure. Most trusted sites will use ‘https’ for secure communication.

The key to keeping your digital information safe is to protect it as much as you can. While it’s true you can’t be completely immune from cyber attacks or identity theft, by taking necessary precautions you significantly decrease the risk.

For additional help staying safe online, or to improve the security on your devices, call Geek Rescue at 918-369-4335.

Comparing The iPad Air and iPad Mini With Retina Display

October 23rd, 2013

iPads

Apple has officially announced its newest iPad models, Air and Mini with Retina Display. Choosing between the two is difficult, but Will Shanklin, of GizMag, has a comparison between the two to help.

  • Size

The most obvious difference is evident on first glance. The iPad Air is a full sized tablet measuring 9.4 inches tall, 6.6 inches wide and weighs in at about a pound. The mini, on the other hand, is about 1.5 inches shorter, and more than an inch narrower. Both tablets feature slim .29 inch cases, which is actually slightly thicker than previous Minis.

  • Display

The Mini’s viewing area is only 65-percent as large as the Air. However, with its new Retina Display, the Mini features the same number of pixels, and a higher pixel density with 326 pixels per inch.

  • Battery

Apple puts both tablets’ batteries at a capacity of ten hours of web use on WiFi. In terms of watt hours, the Air hold a slight advantage with 32.4W-h compared to the Mini’s 23.8W-h.

  • Price and Release Date

The iPad air will be available for purchase November first for a retail price of $500. The Mini hasn’t gotten a definitive release date yet, but Apple promises it will be available sometime in November for $400. That’s about $70 more expensive than last year’s version of the iPad Mini.

Those are the key difference between the iPad Air and iPad Mini with Retina Display. For similarities, both feature anodized aluminum construction, come in silver and white, or space gray and black and both house the A7 64 bit chip, which is the same one used in the latest iPhone, the 5S. Both also come with identical front and rear cameras run on iOS7 and offer the same storage options.

Along with these two new models, Apple will continue to offer last year’s Mini for about $300 and the iPad2 for $400.

Whatever tablet you decide on, Geek Rescue has you covered for repairs and security. Whether your device’s hardware breaks, or it gets infected with malware, Geek Rescue fixes it. Call us at 918-369-4335 with any of your tech problems.

Securing Your Mobile Device For A BYOD World

October 23rd, 2013

Locked Tablet

The Bring Your Own Device trend is unavoidable. Because of the growing trend, cyber criminals are targeting mobile devices more. It’s more important than ever to properly secure smartphones and tablets since they’re now being used to access company data and valuable information.

Limiting the access each employee has is an important step to keeping your business from suffering a catastrophic data breach. As Laird Harrison, of Tech Page One, writes, there are also some device specifications that can be enabled to greatly impact security.

  • Use Passwords

It’s shocking how many tablets and smartphones have no security on their lock screen. Considering how many hacking stories start with a device being lost or stolen, it’s a must to require a password to unlock. The use of Apple’s new biometric recognition is another good step.

  • Allow Time-Out

When your device is dormant for an extended period of time, the screen should turn off and require a password to continue using it. This is called inactive time-out. Not only will it help to improve battery life, but it also makes the device harder to hack since it erases the possibility that a thief could find the device and use it without knowing the password.

  • Remote Access

By adding programs and enabling some options, you’ll be able to remotely view the data stored on a lost device. You’ll even be able to disable some applications and erase data that could be harmful in the wrong hands.

  • Encryption

It’s a good idea to encrypt all data stored on mobile devices, but at the very least, encrypt company related information. There are a number of programs available that will effectively encrypt the most vital data on your device.

These are just a few options mobile users can enable on their device to make them more secure. If you’re using a personal device to store or interact with company data, these are certainly necessary precautions. Even if you’re only using your device for personal use, these are still good ideas.

For help increasing the security on any of your devices, or to recover lost data or fix a device that isn’t working right, call Geek Rescue. If it boots up or turns on, we fix it. Call us at 918-369-4335.

How Your Smartphone’s Sensors Enable Tracking

October 15th, 2013

Smartphone with eye

Keeping your data private while surfing the web is a challenge, regardless of what device you’re using. A recent study conducted by at Stanford reveals that mobile devices in particular present a unique challenge because of their sensors.

Security researchers at Stanford were able to uniquely identify smartphones based on their accelerometer. James Temple writes on the SFGate blog that other sensors included on most smartphones would be similarly vulnerable to tracking.

The accelerometer aids smartphones in a variety of functions. Most notably, it is how your smartphone recognizes when you have it turned vertically, for portrait mode, or horizontally, for landscape display. When your phone is sitting still, the accelerometer is still active. It has a reading of numbers representing its current location in space. For example, if your phone is resting on a table, it should have a reading of 1 when it’s face up and -1 when it’s face down. However, that’s not actually the case.

Each smartphone has tiny defects that are unavoidable. They make the accelerometer’s readings off by minuscule amounts so instead of 1 and -1, you’ll actually get something like 1.103234 and -.823432.

Since every smartphone is slightly different in its accelerometer readings, those readings can be used to uniquely identify each device. Without you even knowing it, a website you visit on your mobile browser could capture your accelerometer readings and use them to track your actions online.

The Stanford research team compared accelerometers’ readings to cookies. Many websites save files called cookies to your device so they can identify you and target you with specific ads or other actions.

Your smartphone has other uniquely identifiable quirks as well. Each device’s microphone is also different, so fingerprinting is similarly possible. Radio signal inaccuracies have also been used to identify users and their devices.

The use of these tracking methods could be to market relevant products to you or something more sinister. The challenge for security experts is to determine how best to combat these tactics since they don’t require downloading malicious programs or any actions from the user.

To improve the security on your mobile device or desktop PC, call or come by Geek Rescue. We not only offer a variety of security solutions, but we also fix your devices that aren’t working correctly. Call us at 918-369-4335.

Safe Surfing Tips For Internet Users

October 7th, 2013

Computer with life preserver

As previously mentioned, antivirus programs can’t be expected to fully protect your computer. Hackers produce hundreds of thousands of new malware every day and even the most up to date security software can’t possibly keep up.

That’s why it’s important to do your part and keep your machine out of harms way as much as possible. Shay Colson, of Information Space, has some tips on how to avoid malware and other potential threats online.

  • Safe surfing

Just as in the forest it’s important to watch where you step, online it’s important to watch where you click. Most malware is downloaded to a computer when the user clicks on something they shouldn’t have. Particularly when you’re on a less reputable website, it’s important to avoid clicking on ads or links as much as possible. Also, make sure any security software you have installed is up to date. That way, if you do encounter malware, you’ll have the best chance of having it detected before it does any real damage. 

  • Passwords

The simple solution for making all of your accounts online more secure is to improve your password. Make sure it is 8-characters or longer and includes both upper and lowercase letters, numbers and symbols. Some advocate using your least secure passwords for throwaway accounts, medium passwords for social media, but if you want to avoid a potential hacking, use unique, strong passwords for each account. Using all of those different passwords can get confusing, so it’s also a good idea to use a password manager. 

  • Online Payments

Almost everyone makes purchases online. It’s a good idea to use a credit card, rather than a debit card, however, since it’s easier to dispute fraudulent charges on a credit card. Most eCommerce sites give you the option to save payment information for your next purchase. This is a time saver, but it puts your account information at risk. It’s much better to enter your card number each time than have it available to anyone who gains access to your account.

  • Mobile

Your mobile device also has access to sensitive data. Keep it safe by utilizing the lock screen. As seen with an iOS bug that allowed users to bypass the fingerprint scanner, or Android’s notoriously easily hacked lock, this doesn’t fully protect your device. However, it offers some protection and is easy to use. Also, be sure to enable services to remotely disable and wipe your phone in case it’s stolen. Both Apple and Android offer this service. It’s extremely useful in keeping your data out of a criminal’s hands. 

These tips keep your information safe without installing additional security software. However, you should always have antivirus programs and other security in place. To improve the security on any of your devices, contact Geek Rescue at 918-369-4335. We also remove viruses and other malware from infected machines.

Security Flaws On Your Android Device

October 4th, 2013

Android user

More than half of all smartphone users are using an Android device. Unfortunately, that has made Androids a target for hackers, who are starting to produce more malware for the mobile operating system.

Besides adding security software to your phone, one way to stay safe is to identify potential risks. Sam Narisi, of IT Manager Daily, has a list of some of the most common.

  •  Lock setup

Many Android users don’t enable a lock on their phone at all, which means there’s no security if their phone is lost or stolen. Even those that do use either a pass code or pattern lock don’t get much benefit. The Android lock setup is notoriously leaky and easy to break. 

  • No backup 

Unlike iPhones, Androids have no built-in option to automatically regularly backup their data. If your phone is infected with malware, you run the risk of losing pictures, videos and more in order to remove it. There are apps available to perform backups, however. 

  • Unsafe browsers

You’ll also need to install a third part browser in order to stay safe when using the internet. The native Android browser has no option to only allow secure sites. This puts you at significant risk of a malware infection. 

  • Fake security apps

Adding security apps to close up potential risks is a great idea, but you need to cautious about which apps you download. Many claiming to be anti-malware apps are actually viruses or malware themselves. 

Protecting your smartphone is just as important as protecting your computer. In many cases, your smartphone will be in much more dangerous situations because it connects to unprotected WiFi and security is naturally lower.

If your smartphone is infected with malware, or if you’d like to improve the security on any of your devices, contact Geek Rescue at 918-369-4335.

Malware With Legitimate Certificates Fools Security

October 4th, 2013

Malware in binary

A troubling trend is growing for the creators of malware. More and more malicious programs with legitimately signed digital certificates are being discovered. As Ellen Messmer, of Tech World, reports, this makes malware more likely to slip past security provisions and infect a computer or network.

Security company McAfee starting seeing a significant amount of malware with legitimate certificates in 2010 when they accounted for about 1.3-percent of all malware. That has risen steadily to more than 6-percent now. That actually signifies a huge increase in the sheer number of malware with legitimate certificates since the amount of pieces of malware is estimated to double each year.

This is a problem for mobile users as well. About 24-percent of all malware for Android devices has a legitimate certificate.

These certificates are used to verify that the programs they’re attached to come from a reputable source. There are only a few companies able to sign these certificates and, in the past, many malware programs were using fake or stolen certificates. Now, it seems that hackers have been increasingly successful at obtaining legitimate certificates and using them for multiple pieces of malware.

Many of these certificates were seen attached to malware used in a specifically targeted attack. Hackers knew the type of security being used and used a certificate that would allow the malware to be undetected.

An option available to deal with this growing threat would be to a service in place that would check the “reputation” of a certificate. Those that are being used to by a large number of programs would alert the system to the possibility of malware. As one security expert notes, however, that would only force hackers to obtain a new certificate for each piece of malware, not stop the threat entirely.

Using safe browsing techniques and being extremely cautious about what you download to your computer are the best tactics to take to keep you safe from malware infection. To improve your security, or to check and clean any malware currently on your machine, contact Geek Rescue at 918-369-4335.

Apple iMessage Bug Has A Quick Fix

October 2nd, 2013

Apple with worm

It’s not a big surprise that some users are encountering problems after upgrading their iPhones to iOS7. Initially, there were concerns over ways to bypass the fingerprint scanner. Now, more and more users are complaining that they can’t send or receive messages with iMessage.

Matthew Panzarino, of TechCrunch, reports that Apple is working on an update that will fix the issue, but there’s a quick fix that might work for some users.

First, let’s get to the quick fix. According to an Apple support document, turning off iMessage, then using the Reset Network Settings function, then turning iMessage back on allows users to again send messages. This causes your iPhone to re-authenticate iMessage, but some users are already reporting that while this does allow you to send messages, it only works temporarily.

Apple released a statement about the errors some users are encountering and estimated that only a “fraction of a percent” of their users were affected. Whether or not that’s accurate, those that are affected are frustrated. They’re stuck without a fully functioning iPhone until Apple releases an update to fix the problem.

Once that update is released, it’s a good idea to back-up your phone’s data before installing it. When Apple patched their previous security related bug for iOS7, some users reported it crashed their smartphones. So, it’s better to be safe than sorry.

Luckily, if you do lose data from any of your devices, Geek Rescue helps restore it. We also fix broken devices and get rid of malware infections. If it boots up or turns on, we fix it. Call us at 918-369-4335.