© Copyright 2019 | All Rights Reserved to COMMUNITAKE TECHNOLOGIES Ltd.

THREATS

The desire to a mobile-first organization is changing the dynamic of new mobile-enabled services. It forces enterprises to operate in new realities:

  • BYOD programs serve a broad range of people, all of whom actually control their own devices and apps.

  • New demands placed on mobile devices not built to withstand modern threats.

At the same time, new global cybercrime arises, derived by greed, hacktivism, and the quest for more economic power and political control. The increasing use of mobile organizational practices enlarges the attack surface for hackers, who only need a narrow space to succeed. For example:

  • Impersonate to a legitimate Cell Tower or a Wi-Fi hotspot and intercept or modify communications.

  • Solicit a careless user to install a Mobile Remote Access Trojan (mRAT) and assume complete control over the smartphone from afar and suck all the on-device data or take screenshots.

  • Inject a trusted Bluetooth credential via Near Filed Communications, dial the phone and listen to the surroundings.

  • Deliver iOS Malware using fake certificates or malicious profiles.

  • Transform a private call into a conference call.

  • Exploit the known SS7 inter-carrier network security flaw to locate a device and tap calls and messages.

The new wave of threats is turning enterprises to be both a target of cybercrime and a conduit of attacks directed at their employees.

Mobile devices remain soft targets of cybercrime, forcing secretive organizations to apply a more holistic strategy. They need to create a zero mistake environment. It means diminishing the attack surface, leaving nothing for the user judgment, eliminating in real-time security gaps left by COTS components, and being proactive.   

May 14, 2019

WhatsApp Vulnerability? WhatsApp Vulnerability!

CVE-2019-3568 is the code referring to a buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.

 

What? Let’s leave the details to technology savvies.

What you need to know is that vulnerability in the WhatsApp application has allowed cyber-attackers to inject surveillance software on to both iPhones and Android phones by merely ringing up targets using the app’s phone call function. The spyware could be transmitted even if users did not answer their phones, and the calls disappeared from call logs after that.

 

WhatsApp team has fixed this vulnerability a few days back, and it encourages WhatsApp users to install its recent patched version. Though now a security-focused app, WhatsApp and many popular commercial apps were not built from ground-up with security in mind, thus unknowingly allowing exploits in their backend.

 

This extremely severe security hole is just another manifestation of the 0-day game, in which attackers usually prevail.

 

Bottom line: you cannot trust commercial mobile apps that were not built as safe apps from the beginning. It means that commercial mobile environment, as you know it, cannot be regarded as private and protected. You should not conduct secretive lives, both personal and professional, via common mobile devices.

May 14, 2019

Google Security Patches – Not Necessary for You

Google recently released its May security update for Android. These are great news for Google’s Pixel device holders that immediately benefit from the update. However, for the bulk of Android users who own smartphones made by other vendors, that security update could be deployed anytime between this month and several months later. Furthermore, Android devices running OSs older than version 7.x will not get any of these updates.

 

Google plans to improve things in the next version of Android, currently known as ‘Android Q’.

According to details released at the Google I/O 2019 developer conference and in an interview with The Verge, the company will adopt a different approach, updating a list of 14 OS modules over-the-air straight from the Play Store at Google’s direction, getting rid of the middleman.

 

Bottom line: even when Android Q is available, the majority of Android users will continue using a device that runs an unpatched operating system for many months, exposing exploits to cybercriminals.

May 14, 2019

The “Bloatware” Phenomenon

One of Android device downsides is “bloatware”.  “Bloatware” are apps and services pre-loaded on smartphones and tablets by phone vendors, mobile carriers, and their partners along with the basic suite of Google apps and Android.

Researchers at the Universidad Carlos III de Madrid in Spain and Stony Brook University in the US analyzed crowdsourced data from 1,742 devices made by 214 vendors. Software shipping on Android devices totaled 424,584 firmware files, where only 9% of which corresponded to app APKs found on Google Play. That amounted to around 140,000 apps, built using 11,665 different third-party software libraries (TPLs), and 1,200 developers. This software does mostly social networking, advertising, and analytics, with activities ranging from gathering location data to the collection of phone call metadata, contacts and, valuable behavioral data.

 

Bottom-line: the searchers have found that pre-installed software exhibit potentially harmful behaviors and backdoored access to sensitive data that might be exploited maliciously by third parties.

December 15, 2018

Remove These 22 Apps

You should remove these 22 applications:

Sparkle FlashLight; Snake Attack; Math Solver; ShapeSorter; Tak A Trip; Magnifeye; Join Up; Zombie Killer; Space Rocket; Neon Pong; Just Flashlight; Table Soccer; Cliff Diver; Box Stack; Jelly Slice; AK Blackjack; Color Tiles; Animal Match; Roulette Mania; HexaFall; HexaBlocks; PairZap.

The reasoning for removing them is that you simply do not want to use apps that drain your device’s battery, generate data traffic you might be charged for, and exhaust device by constantly clicking on ads. These behaviors occur because the apps perform an advertising click fraud by maliciously bombarding websites with bogus traffic to earn advertising revenue.

Uncovered by SophosLabs and named Andr/Clickr-ad by researchers, the malicious apps were downloaded a total of two million times with Sparkle Flashlight accounting for half of this. Clickr-ad is a uniquely sophisticated attempt to pass off much of the traffic the apps generate as coming from a range of Apple models as advertisers tend to pay more for traffic that comes from Apple devices than from Android ones.

 

To battle these apps you should fully uninstall them as they can restart themselves after three minutes if you just force-closing them.

 

This is evidence that the Google Play store does not guarantee safe apps.

Safe apps can only reside in an internal malware- free app store that limits the presence of non-crucial apps and tightly manages app upgrades.  

December 15, 2018

It’s Coming From The Google Play Store and It’s Malicious

According to app analytics firm Kochava, Android apps developed by Cheetah Mobile and Kika Tech have been allegedly accused of falsely claiming the credits for driving the installation of new apps in order to claim a fee or bounty. 8 apps with a total 2 billion downloads on Google Play Store have allegedly been caught up in an Android ad fraud scheme.

 

Mobile application developers generate revenue by driving the installation of other apps inside their apps for a fee. The credit is determined via a "lookback" mechanism immediately after the newly installed app is opened for the first time to see from where the last click was originated.

Kochava claims that Cheetah Mobile and Kika Tech apps have misused user permissions to track downloads and hijack app-install bounties for apps installed from other referrals.

Given the magnitude of their apps presence, it is assumed that this Android ad fraud scheme has stolen millions of dollars from advertisers. 

 

What to do?

You are recommended to uninstall the listed apps. This will stop an allegedly fraudulent activity and help innocent app developers get their justified fee.

December 15, 2018

You’re Being Tracked... and So Are Your Children

Researchers at the University of Oxford have analyzed nearly one million Android apps downloaded from the US and UK Google Play Stores and found an alarming number of third-party trackers.

Most third-party trackers were embedded in apps under the ‘Family’ and the ‘News’ categories. Trackers medians by category range between 7 trackers to just more than 10.

Apps used by children also embed high numbers of trackers of any app category, despite recent regulations.

This means that users, and especially children, are being closely watched by penetrating eyes derived by business interests.

 

What to do?

Not much to do. However, be aware that chances are that what you’re doing is being watched. This will probably be translated into advertising related parameters and will surface sometime in the future. Remember, nothing is free.

October 03, 2018

iPhone Passcode Bypass Vulnerability Exposes Photos and Contacts

Jose Rodriguez, an iPhone enthusiast, has discovered a passcode bypass vulnerability in Apple’s new iOS version 12 that potentially allows an attacker to access photos and contacts.

The complicated 37-step iPhone passcode bypass process is described in Rodriguez YouTube channel. By the video demonstration, the attacker must have physical access to the targeted iPhone that has Siri enabled and Face ID either disabled or physically covered.

 

An iPhone holder can prevent attackers from abusing the feature by disabling Siri from the lock screen:
Settings >>> Face ID & Passcode (Touch ID & Passcode on iPhones with Touch ID) >>> Disable Siri toggle under "Allow access when locked."

 

Yet, it is evident that commercial mobile phones fail to provide complete protection against cyber-attacks. Their exposure as a known widespread device and operating system eases hackers’ attempts to breach them and execute on known vulnerabilities.

 

Security-minded organizations should pursue robust security and privacy on mobile devices for the protection of confidential information. This requires multiple, best-of-breed solutions combining specialized hardware and software.

September 11, 2018

Apple's Mac App Store is not fully protected

“Adware Doctor," the No. 1 adware removal paid utility on Mac App Store caught spying on Mac users. Ex-NSA staffer Patrick Wardle has examined the app and published a blog post, saying that the app collects users' browser histories and then transfers it to a server in China.

According to Wardle, Adware Doctor bypasses Apple Mac App Store sandbox restrictions and collects sensitive users' data—primarily any website visited or searched for—from all the popular web browsers including Chrome, Firefox, and Safari, and then sends that data to Chinese server at http://yelabapp.com/ run by the app's makers.
Apple removed Adware Doctor from the Mac App Store only after about 4 weeks from Wardle initial warning. Users who have downloaded Adware Doctor are strongly advised to remove the app from their systems.

 

Yet, this is clear evidence that commercial app stores are not totally protected against cyber threats. Truly protected apps are required to reside in a walled garden app store after profound security inspection followed by app risk score and verification that they are not transferring any data to suspicious external sources.

August 25, 2018

Triout - New Android Spyware Framework

Bitdefender labs security researchers found a new Android malware framework called Triout. Triout enables cybercriminals to repackage legitimate versions of Android apps and gain powerful surveillance capabilities while keeping their original appearance, feel and functionality. Spying abilities on infected devices include recording phone calls, monitoring text messages, secretly stealing photos and videos, collecting location data and sending it back to an attacker-controlled command and control (C&C) server —all without users' knowledge.

The researchers believe the malicious app was delivered to victims either by third-party app stores or by other attacker-controlled domains likely used to host the malware.

Malicious apps continue to be a salient attack vector for stealing data. Controlling apps installation is a necessity to ensure risk-free mobile devices. It requires a two-tier defense: secure apps and safe installation source. IntactPhone allows installing apps only from an internally monitored app store with no access to Android Play store or any third-party app store. In addition, all apps are inspected by security experts and given a security level score. System administrators can define the preferred security level for their organization. IntactPhone eliminates apps as an attack vector and the damages that follow it.  

August 18, 2018

Google Tracks Your Location and You Cannot Stop It

An “exclusive” from the Associated Press (AP) describes how researchers at Princeton University have confirmed Google’s ability to record an Android or iPhone’s user location history even when they’ve turned it off. Once deactivated, Google no longer stores a timeline and a precise record of a user’s movements when they take their device with them. But according to AP’s research, turning off Location History doesn’t stop certain Google apps from storing a timestamped location when you open them. In Google’s view, this is fine because it does inform users that apps can track their location. Evidently, when you are using Google services, you renounce your privacy as Google tracks your experience in general, and when it comes to your location in particular. Following this logic, if you wish to maintain your privacy, you should renounce Google.

 

IntactPhone makes it possible for you. All Google services are replaced in IntactPhone: Google app store is replaced with an internal secure app store and Google push notifications are replaced with proprietary push notifications. IntactPhone provides you with complete privacy and hardly limits its usefulness as a smartphone.

1 / 3

Please reload