Bit9’s new research on “The Most Vulnerable Smartphones of 2011” lists the devices that pose the most serious security and privacy risk to consumers and corporations. In the Bit9 research report, Android phones overwhelmingly topped the list, accounting for the “dirty dozen” most vulnerable devices.
Category Archives: Mobile Security
Location Tracking on Mobile Devices Introduce More Privacy Concerns
Last week it was brought to everyone’s attention that a hidden Apple IOS version 4 feature is secretly tracking and saving geolocation data on iphone and iPads. This data is also stored on any computer you are using iTunes to sync the device(s).
A video of Warden and Allan discussing their discovery is below, courtesy of O’Reilly and Where 2.0. The two have also published a FAQ that provides more details on the discovery and its implications.
Later that week there was the talks of this same type of information being collected and stored on droid mobile devices. According to new research by security analyst Samy Kamkar, an HTC Android phone collected its location every few seconds and transmitted the data to Google at least several times an hour. It also transmitted the name, location and signal strength of any nearby Wi-Fi networks, as well as a unique phone identifier.
According to research firm Gartner, Google and Apple are gathering location information as part of their race to build massive databases capable of pinpointing people’s locations via their cellphones. These databases could help them tap the market for location-based services.
And now today it has been reported that the Windows phone is also collecting and sending location data to Microsoft. Microsoft has said that when location services for Windows phones are switched on, the devices transmit a unique ID along with nearby wireless networks, their signal strength, and GPS-extracted location to the company’s servers. They are also claiming that Windows phones don’t store any of the locations on the device itself.
NON-ATM, ATM Skimmers
Careful ATM users know enough to give a hasty visual check to the machine before using it and to hide the keyboard while entering their PIN. Unfortunately, sometimes even that is not enough to prevent the fraudsters, and the worst part of it is that they continually think of new ways of stealing your credit and debit card data.
A cleaver type of attack that can’t be detected by ATM users because there’s nothing off on the machine or close enough to it to make them suspicious has been pointed out by Brian Krebs. According to Brian, criminals have devised a very clever tactic – one that is usually employed to steal the information from users who prefer to use the ATMs located in the antechamber of a bank or building lobby.
Access to these ATM’s is usually controlled by a key card lock that allows customers to enter only after they have swiped their ATM card through it. Unfortunately, crooks have devised a way to add a skimmer to these locks, so that when the customers perform the action, it records the cards’ information. And odds are that customers won’t even check to see if there’s something suspicious about the lock.
When the customers finally access the ATM, those of them who don’t take particular care to hide the keyboard from view with the palm of their hand or another object, have their PINs stolen through the use of a zoom-in camera hiding behind a mirror located on the wall above an ATM – which they assume is there to allow them to see if someone is standing behind them.
An instance of this type of attack has been recorded all the way back in 2009, when a customer of a bank in California discovered the camera behind the mirror above one of the two ATMs in the lobby of the bank. It turns out that the criminals put an “Out of Order” sing on the other ATM to force the customers to use only the one that was covered by the camera.
Trend Micro protects Android devices
Trend Micro announced Mobile Security which protects digital files and secures banking transactions on Android devices by identifying and stopping online threats.
Key Features of Mobile Security for Android include:
- Safe surfing
- Parental controls
- Download protection
- Call and text filtering.
Backed by the Trend Micro Smart Protection Network, Mobile Security users receive real-time and instant browser protection wherever they take their Android mobile device.
Custom filtering lists enable users to screen or block unwanted calls or messages, while Web reputation and parental controls make mobile surfing safer for everyone.
Trend Micro Mobile Security for Android is available in the Android Market.
Another Malicious Android Application
Yet another malicious application has been found in the Android market. It’s a game called Tap Snake, but its not just a game. It’s also a client for a commercial spying application called GPS SPY. What the description of Tap Snake doesn’t say is that every 15 minutes your GPS coordinates are uploaded to a server that could be monitored by people running GPS SPY.
Tapsnake has been downloaded from 1,000 to 5,000 times, while GPS Spy has 100 to 500 downloads. The discovery comes on the heels of a suspicious Android Wallpaper app that was downloaded millions of times and what is believed to be the platform’s first SMS trojan in the wild. – The Register
Check out this video showing the game play of the Tap Snake game.
If you have the following mobile devices you can use F-Secure’s Mobile Security tool to help protect your mobile device from the Android.Tapsnake
Mobile devices: Greatest threat to confidential Information?
The use of wireless networks, typically less secure than wired networks, leaves information at greater risk for interception, according to ISACA. From smartphones to USB sticks, many devices also store data that are unencrypted, which can result in sensitive information being compromised through interception and device theft or loss. Mobile devices can also be the targets of malware attacks as employees carry them beyond the protection of their company’s network.
Check out the article – [Help Net Security]
Is Your BlackBerry Spying On You?
Tyler Shields gave a presentation earlier today at ShmooCon 2010 on the threats of mobile spyware, particularly as it relates to data privacy. Smart phones and mobile applications have grown tremendously popular over the past couple of years, and it seemed like an appropriate time to raise awareness of what these applications are capable of.
Here’s a video that demonstrates the features of Tyler’s proof-of-concept spyware. We show how it can be used to dump contacts and messages, intercept text messages, eavesdrop on the room, report on phone usage, and monitor GPS data. To view this in HD resolution, click through to Vimeo and use full screen mode for best results.