January 31st, 2014
Even though 2014 is only a month old, it’s already become clear that this year will feature many large scale malware attacks on smartphones and mobile devices. Mobile security has been a focus for many this year because of the growing number of attacks being seen and the malware being produced specifically for the mobile audience. At SC Magazine, Adam Greenberg reports on the latest mobile malware threat that has already infected more than 350-thousand devices.
The malware targets Android devices and has been spotted in China, Spain, Brazil, Germany and the United States. Known as Android.Oldboot.1.origin, the malware operates as a bootkit and is difficult to remove.
The malware is designed to download and install new applications to your device, or even remove existing applications. This allows for additional malicious applications to be added and security apps to be removed.
The particularly noteworthy characteristic of this malware is how resilient it is. During the initial infection, the malware, which is categorized as a trojan, is extracted when the device is turned on. This makes it more difficult to detect than other malware that attempt extraction while the device is in operation. That also allows it to continue to infect a device even when most traces of the trojan have been removed. As long as part of the malware remains in the device’s memory, it is reinstalled and extracted every time the device is rebooted.
This particular threat seems to follow a more complicated infection method that involves reflashing a device with new firmware. Staying safe from most mobile malware, however, stems from being extremely cautious of what you download to your device and what links you follow.
If any of your devices are suffering from a malware infection, come by Geek Rescue or call us at 918-369-4335.
January 30th, 2014
Planning is a key step to effective data security for your business. If you know how you’re likely to be attacked, you’ll know how to best protect yourself. At PC World, Tony Bradley published a list of security threats he expects to be common throughout 2014.
The time when you could consider your smartphone immune from the dangers of malware has passed. With a large percentage of the population not only using mobile devices, but using them to access critical data, criminals have begun heavily targeting them with mobile-specific malware. And infection can stem from a number of places. Email, malicious links and text messaging are all popular modes of malware infection, but even connecting to an infected computer via USB has been the root of infection in some attacks.
You’ve likely seen this buzzword in the media and it refers to the growing number 0f items with internet capabilities. Your refrigerator, car, home security system, baby monitor and many other common items can now be online and controlled remotely. While this may present a convenience for you, it also poses a security risk as hackers may also be able to gain control of your things. We’ve already seen a refrigerator used as part of a botnet. Be aware that if an item in your home or business can connect to the internet, it can be hacked.
Patches and security updates for this operating system will be discontinued by Microsoft this April. While Microsoft Security Essentials will receive support until the summer of 2015, this still presents a significant security issue. A large portion of the world’s desktop computers, particularly in offices, are still running XP. Worse is that kiosks and other embedded devices also run off of XP. When Microsoft stops supporting their old operating system, developers will also likely stop releasing updates for their XP applications. This leaves users in a frozen state where known exploits won’t be fixed. Some security experts are forecasting that hackers will wait until support stops and then launch all out attacks on XP systems.
Due to the success of attacks, like those on Target and Nieman Marcus, expect large scale data breaches to continue. Cyber criminals understand how valuable data can be and are willing to launch intelligent attacks to steal it. Staying protected requires planning, putting proper security tools in place and being smart about what you download and who you allow on your network.
For help improving the security at your company or on your home PC, call Geek Rescue at 918-369-4335.
January 29th, 2014
About a third of Americans over the age of 18 own a tablet. That kind of wide spread adoption means there’s always a large portion of people in the market for a new device. The most popular options are generally regarded as the Apple tablets, but Amazon’s offering of the Kindle Fire has gained a fair share of the market. At Gizmag, Will Shanklin pitted the Kindle Fire HDX 8.9 against both the iPad Air and the Retina iPad Mini. Here are the results.
The first thing most consumers look at when buying a tablet is screen size. These three represent the full range of options. The iPad Mini at 7.9-inches is the smallest of the bunch. The Kindle Fire HDX offers an 8.9-inch screen, while the iPad Air is a full-size 9.7-inches. While each offers high resolution displays, the Kindle is actually the sharpest. It features 339 pixels per inch, compared to 326 on the iPad Mini and 264 on the iPad Air. The nod also goes to the Kindle for color accuracy.
In the actual construction of the tablets, the Apple products boast that familiar anodized aluminum, while the Kindle is matte plastic.
All three devices feature typical battery life of about nine to ten hours, which is outstanding. And all three feature powerful processors that are more than capable of handling your typical uses.
The most notable difference between these tablets is the app store. While the Apple tablets have the largest selection of apps, the Kindle suffers a bit from limited selection. Amazon’s Appstore features fewer options than Google Play, but for most users that won’t be a big issue. All the most popular apps, like Facebook, Twitter, Netflix, Candy Crush and Angry Birds are available. The advantage for Kindle adopters is the inclusion of the Mayday button, which allows you to instantly connect with a customer service representative. Don’t worry, while you can see them, they only see your screen.
Apple users will have Siri and those other familiar services all starting with ‘i’. There are also Google services apps available that aren’t for the Kindle.
The cost of each device will make the decision for many users. The Kindle Fire HDX is the cheapest retailing at $380 for the 16 GB model. The 16 GB Retina iPad Mini starts at $400 and the iPad Air at $500. You’re getting a top of the line tablet with any of these choices, but that’s understandably not always worth the money.
Regardless of what tablet you choose, Geek Rescue fixes it when you have problems. For malware, software or hardware issues, call us at 918-369-4335.
January 28th, 2014
Generally, pieces of malware only harmful to the devices they target. For example, malware designed for Windows won’t be harmful to mobile devices, or vice versa. However, researchers have seen examples of malware that infects Android devices with the ultimate goal of infecting a PC connected to them. Now, as the Symantec blog reports, there is evidence of malware that infects PCs with the ultimate goal of infecting an Android device that connects via USB.
So far, there’s been no official word about how the malware, known as Trojan.Droidpak, infects PCs. Once it’s downloaded, the trojan begins adding malicious files to your system. First, a DLL registers itself as a system service. Then, a configuration file is automatically downloaded. Then a malicious APK and ADB (Android Debug Bridge). If an Android device is connected to the infected PC, an installation of the APK and ADB files is attempted repeatedly to ensure infection of the mobile device.
To be successful, the malware requires USB debugging mode to be enabled. To check if your phone allows debugging mode, go to ‘Applications’ in the settings menu. Then, select ‘Development’ and you’ll see an option to allow debugging mode when your phone is connected to a PC via USB.
If the malware successfully infects your smartphone or tablet, it disguises itself as an application called ‘Google App Store’ that even steals the Play Store logo. This particular trojan specifically looks for banking applications. When found, a user is prompted to delete that version of the banking app and replace it. The replacement app is a malicious version used to steal financial data and log-ins. The malware is also able to intercept text messages and forward them to a third party.
The good news is that currently the trojan only targets Korean banking apps, but it’s easy to see how this malware could be adjusted to start targeting US Android users. Turning off USB debugging mode is a good start and you should also turn off the AutoRun feature on your PC when connecting another device.
If your PC, smartphone, tablet or any of your devices are infected with malware, bring them to Geek Rescue or call us at 918-369-4335.
January 27th, 2014
There are still some users who don’t enjoy interacting with Apple’s iOS on their iPhone or iPad. For many of these users, their frustrations stem from not knowing the full capabilities and functionality of the operating system. At LifeHacker, Whitson Gordon has a list of shortcuts that make interacting with iOS more efficient. While some more advanced users will know many of these, there’s something for everyone to learn.
For most users, this has become intuitive. But, some don’t realize that this gesture refreshes in nearly every situation. Pulling your email’s inbox down to check for new messages may be common knowledge, but you can also pull down a webpage to re-load it or pull down an app to refresh the content. Just make sure you pull down until you see an icon, then release to refresh.
- Swipe for timestamps or more options
One common complaint about messaging in iOS is that timestamps aren’t included. Actually, they are but they’re not visible. To see when a message was sent or received, swipe left on the message. Use the same swipe over an email in Mail inbox to see more options, like a quick way to delete.
This is another gesture that works in nearly any situation in iOS. To go back one screen, or even back to the previous webpage, swipe from left to right. If you swipe slowly, you’ll be able to preview the previous screen before you decide to go back. If you swipe the opposite direction in Mail or Safari, you can go forward a screen.
It feels a little cumbersome typing on an iPad’s digital keyboard. There’s a second option that not everyone knows about, however. Hold down the keyboard key, or just simply pull the keyboard apart to get a more comfortable split keyboard. Now, you can type with your thumbs like you do with a smartphone and you can move the keyboard to anywhere on the screen.
- Quick event changes in Calendar
If an event you’ve stored in Calendar needs to be changed, you could edit it and type in the new details. An easier way, however, is to hold down on the event in Day mode, then move the event to a new day or time, or even change the duration.
- Quickly view drafts in Mail
Any saved drafts of messages are available in Mail’s main menu with the rest of the folders, but to reach them quicker, just hold down on ‘Compose’. A list of your drafts will pop up as a menu you can choose from.
These tips allow you to access functions of your Apple device faster and use it more efficiently. If you have other problems with your device, like slow performance, malware infections or broken hardware, come by Geek Rescue or give us a call at 918-369-4335.
January 24th, 2014
Recently, we’ve concentrated on the various threats associated with Android devices and their users. But there are security threats for Apple device users to concern themselves with also. With more than 300-million active iPhones in use today, Apple products make an attractive target for cyber criminals. At the Bullguard blog, Steve Bell revealed three of the most troubling security vulnerabilities associated with iPhones. These vulnerabilities come from studies focusing on banking apps specifically, but also suggest other potential security flaws in other downloaded apps.
In order to secure connections between a web server and a browser, SSL certificates are used. These are small data files that contain a cryptographic key protecting the information being transmitted. This presents man in the middle attacks because if the data is intercepted without the proper key, it will remain encrypted. About 40-percent of the banking apps examined failed to validate the authenticity of SSL certificates used during transactions. That means any criminal who is able to intercept the data being transferred would be able to steal it and read it. Considering what type of valuable information you would commonly transmit using a banking app, that’s extremely troubling.
Half of the apps studied were found to be vulnerable to JavaScript injections, which are able to inject JavaScript code into websites. This particular vulnerability exists in a Safari component that allows for web content to be embedded into apps. Through this vulnerability, attackers would be able to send text messages and make phone calls from your iPhone.
Many apps contain links that take users out of the app and onto the open web. These links can cause problems of their own if not properly implemented. In this study, nine out of ten of the banking apps contained non-SSL links to otherwise legitimate and trusted websites. Without the protection of encryption, however, these links are incredibly vulnerable to attacks. Data transmitted after following those links could be intercepted and criminals could even reroute users to a spoofed site in order to steal log-in credentials.
Apple’s iOS is considered a well-crafted, essentially secure environment, but vulnerabilities still exist with the introduction of apps. Though these apps may be found in the official App Store, they can still contain flaws that compromise your entire iPhone’s security.
If your having issues with your iPhone, or any of your devices, bring them to Geek Rescue or call us at 918-369-4335.
January 23rd, 2014
Apple’s latest operating system, iOS 7, was initially made available to users in September. Since then, there have been a number of complaints, but overall it’s been accepted positively. That is, except for one incessant bug that has plagued a number of users and has no fix. As Adario Strange reports at Mashable, the so called “white screen of death” may be cured in the next couple months.
The bug, which has been reported by users since iOS 7 first hit their iPhones, causes devices to suddenly freeze and then reboot. It’s unclear exactly what causes the soft reboot. Some users claim it only happens when their battery dips below 30-percent, while others report they’ve experienced a sudden reboot at various levels of battery.
Up until now, complaints of users have been largely ignored by Apple, but an official statement about when users can expect a fix has finally come out. Apple says they have a fix for the bug, but there is no exact date for when that fix will be released. Most likely, users will have to wait for the release of iOS 7.1, which is currently in its fourth beta. In addition to the bug fix, the update will likely make some other minor changes to design and the user interface. However, it won’t be available until sometime in March.
This particular fix will have to come from Apple, but for other problems with your iPhone or any other device, call Geek Rescue at 918-369-4335.
January 23rd, 2014
The amount of malware being produced to infect Android devices is growing rapidly. Usually, it’s easy to avoid being infected by only downloading apps from Google’s Play Store and only visiting trusted sites. It’s also generally easy to spot signs of an infection. At State of Security, Anthony M. Freed reports on the latest malware threat for Android that defies these conventions.
It’s called Android.He.He and it’s able to intercept both phone calls and text messages of infected devices. While similar malware that either intercepts calls or messages or sends them will leave evidence in your call log or text message history. Android.He.He not only deletes any evidence that a call or message was ever sent to your phone, it even keeps any notification from popping up at the time of the call or message.
The malware infects users by posing as a security update to the operating system running on their device. Once downloaded, an app called Android Security is added, but the malware is even capable of hiding this apps existence from the user.
It seems these attacks are highly targeted because the malware uses a predetermined list of phone numbers. When one of these numbers attempts to contact an infected the device, the malware intercepts it. This would seem to work best for targeted attacks against specific users, but could also work for general attacks by using numbers of popular credit card companies, banks and other organizations that may give attackers an opportunity to steal valuable information.
This supposed security update is not found in the Google Play Store and, while it could be sent to users directly, it is usually first encountered in an ad advising you to update your operating system, or in a third party app store.
It’s important to put security apps in place to protect you from some threats, but unfortunately security for mobile devices is lagging behind attackers. For that reason, it’s also vital to avoid putting yourself in a potentially harmful situation, like downloading apps from an ad or untrusted source.
If any of your devices are infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
January 22nd, 2014
Worldwide there are more Android devices than Apple devices and the gap is steadily increasing. That’s likely the main reason that more malware is being produced for Androids. As Rohan Swamy reports for NDTV, a recent report from Cisco illustrates just how at risk Android users are.
Nearly three-quarters of web delivered malware targets Android devices. That’s a troubling statistic, but even worse is that over the past few months, 99 out of every 100 mobile devices that are infected with malware are Androids. This suggests that Android users aren’t taking proper precautions despite there being more risks targeting them.
Before you abandon Android for the relative safe harbor of Apple’s products, consider this. Only about 1-percent of malware attacks have a specific target. Most devices become infected because they take unnecessary risks. Downloading content from untrusted sources and visiting untrusted websites are both common ways to encounter malware.
In fact, the most common piece of malware on Android devices comes from a legal app that can’t be found in the Google Play store. Instead, it must be downloaded from third-party app stores that don’t thoroughly check the legitimacy of their apps. If users stick to officially recognized apps and only download trusted items, they greatly reduce their risk of a malware infection, regardless of what device they use.
The open source nature of Android may have a large affect on the activity of Android users. Whereas Apple users seem to only download official apps, Android users are more likely to download from unofficial sources because there are more developers making innovative products for Android.
The way to keeping your smartphone free of malware is the same way you keep your computer clean. Put security tools in place and use safe surfing techniques. Stay off untrustworthy sites and only download from official sources.
If any of your devices are infected with malware, bring them to Geek Rescue or call us at 918-369-4335.
January 20th, 2014
There are so many threats to your smartphone. Malware is being created specifically for mobile devices at record numbers and, of course, you have to worry about your information, like text messages and phone calls, being intercepted and recorded. To prevent these security vulnerabilities, you could download security apps. As Rob Lever reports at Business Insider, your best option for a secure, mobile experience is to get a new phone. Specifically, the Blackphone, which is said to be the most secure smartphone ever made.
Silent Circle, described as a “secure communications firm”, began developing the Blackphone because they saw a need for truly secure mobile communication and no other companies stepping up to serve that need. The company has already released apps for both smartphone and PC users that encrypt messages and videos. The Blackphone will feature encryption for video and text, as well as securie VoIP calls.
The secure smartphone won’t be released for another month and specifications will likely be kept under wraps until then. In the meantime, we know it will be less expensive than big flagship smartphones like the iPhone 5S and Samsung Galaxy S4.
According to a Silent Circle executive, the Blackphone isn’t just useful for those who need top of the line security, such as government employees. It’s built for a typical user with features similar to other smartphones only it has the added benefit of being much more secure. All of that, however, comes with the warning that no mobile device is completely secure. Even the Blackphone with all of its attention to a more private and secure experience for users isn’t impenetrable. But, right out of the box, this smartphone has inherent advantages.
Chances are, your smartphone isn’t as secure as the Blackphone. If it’s been infected with malware or needs any other type of repair, bring it to Geek Rescue or call us at 918-369-4335.
