Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks.
Cybercriminals are constantly looking for new ways to trick people into downloading and installing malware. One of the most effective techniques is to hide malware in what appears to be a useful app; in many cases the software will behave just like the real thing, stealing sensitive personal data in the background.
So how can you protect yourself against these dodgy downloads?
1. Toughen up your system defences
Most computers and mobile devices now come with built-in protections to help reduce the risk of being tricked. They do this by locking down the computer so that you can only download and install software from approved sources – usually official app stores.
You can enable these safeguards as follows:
- Open Settings
- Click Updates and Security
- Click For Developers
- Unselect Sideload Apps
- Select Windows Store Apps
Changing these settings prevents any user of your computer from installing software from anywhere but the official Windows App Store.
- Open Settings
- Tap Application Settings
- Uncheck Unknown Sources
This new setting will limit app downloads so that only approved apps from the Google Play (or other official store) can be downloaded.
- Open System Preferences
- Select the General tab
- Click the App Store radio button
As before, this setting prevents users from installing software from anywhere other than the official Apple App Store. You can further secure your Mac by clicking the Padlock icon in the bottom left corner of the screen.
iPhone and iPad users can only install apps from the official App Store by default – unless they have “jailbroken” their handset. Jailbreaking allows third party apps to be installed on an Apple device – by circumventing many of the security safeguards supplied with the device.
If you have jailbroken your device, you should seriously reconsider your choice – your phone is in serious danger of malware attack otherwise.
2. Install anti-malware protections
No matter how hard you try, malware can still sneak through your defences – typically via an infected email attachment or compromised website. To combat these threats you need to install an anti-malware tool that will detect and block malicious code, and protect your personal data.
You can boost your defences now by downloading a free trial of Panda Security:
3. Don’t download pirated software
Another common source of malware infection is file sharing sites and services like Bittorrent. Hackers like to embed malware and ransomware inside stolen movies and applications, giving users much more than they bargained for.
The only way to avoid these infections is to avoid pirate sites completely. If you need a specific application, or want to watch a movie, always download it from a reputable site like Apple iTunes or Google Play. And if that means paying for it, pay for it – licensed software is always cheaper than trying to recover from a hacking.
Ready to learn more? Check out how to protect yourself from hackers on the Panda Security blog.
How dependant on your cellphone are you?
Earlier this year Pew Research Center released a fact sheet stating the vast majority of Americans own cellphones – about 95% of the population of the USA has at least one cellular device on hand, and in about 77% of the cases, it is a smartphone. The number of smartphone owners has risen by 32% in the last five years, and the growth is not giving any sign of slowing down – the percentage of smartphone ownership is projected to reach 82% by the end of the year.
In the past we used to say that there is a time for everything, now we say there is an app for everything. We can all admit it – we enjoy and depend on our connected devices. Smartphones are in place to ease our lives, but the more time we spend staring at the small screens, the more dependent we get.
There are a few main factors confirming smartphones are shaping our lives.
Having a smartphone is sometimes a necessity. Even if you do not own one yourself, it is very likely you’ve been given a smartphone device from work. Some health care professionals must be reachable at all the time. Salespeople would be available 24/7 too; no salesperson would be happy if a competitor picks up the lead instead. Even if you are not entirely convinced of their importance, smartphones are sometimes your primary connection to your employer, clients, or loved ones. Having one on hand is a necessity.
One of the main reasons smartphones are so popular is because they are meant to ease our lives. Not that long ago you had to call a travel agent to book a vacation, or you had to mail physical checks so you can pay your utility bills. Stopping at the bank for a quick credit balance check is now part of the past too. Now, everything you need is at your fingertips. You no longer have to wait for the newspaper boy so you can read yesterday’s news – they are readily available online right on your large screen phone. We bet you haven’t seen a physical map in years too; you use the navigation capabilities of your smartphone instead.
Undoubtedly smartphones are here to stay. The problem is that they are becoming so functionally diverse that people are starting to be addicted to them. Companies such as Facebook want to keep you engaged with their platform as long as possible. To keep your attention, they bombard you with content that they know you will enjoy seeing. Smartphones open a back door for gambling too – you no longer have to drive to Vegas or Atlantic City if you want to try your luck. While being entertained is excellent, you should always be careful to not end up in a bad place.
The fake reality
The world should not only be viewed through the prism of one small screen. Companies are fighting for your attention and sometimes exaggerate the facts to attract you. While they get richer by selling the traffic to advertising companies, it is possible you are not getting the whole picture. You should have multiple sources of information and carefully vet the information you receive. Not everything you see on your Facebook feed is true. Misinformation can have a negative impact on your life.
Sadly, smartphones are not only an easy way to get information and entertainment – they are sometimes a backdoor for hackers who want to sneak peek into your personal life. Having in mind the average American spends tens, and possibly hundreds, of hours on their smartphone device every month, the chances of having sensitive information stored on your phone is high. Unfortunately, hackers sometimes find their way into your mobile device. They could be after banking login information, delicate imagery, or your credit card details – whatever their goal is, they know their way in if you are not protected.
Agree or not, smartphone devices are here to stay and are already playing a significant part of our lives.
They allow us to connect with each other, they save us time, and they provide entertainment. While there are pros to having one, there are cons too – smartphones sometimes make people vulnerable to misinformation and hacker attacks. The good news is that people who are self-aware and have decent antivirus software installed have nothing to worry. Being protected will significantly decrease the chances of having your phone negatively shaping your life.
Do I need to set up parental control on my kid’s Android?
When their teenage daughter Jill transformed from enthusiastic and social, to insecure and angry, Frank and Susan (not their real names) went looking for answers. They found them on their daughter’s computer—she’d become a victim of cyberbullying.
Frank and Susan found the evidence after they installed parental controls on Jill’s devices. These controls allowed them to see insulting and harassing social media posts that targeted her, and were contributing to her depression.
Why parental controls
Stories like Jill’s are becoming all too common and can end in tragedy. All parents understand how important it is to monitor their child’s online consumption. But at the end of an eight-hour work day, it’s tough to find the time. It’s even harder to determine whether mood changes are indicative of serious problems or just typical teenage behavior. That’s where parental controls can be a parent’s best friend.
For Android users, parental controls can be an effective solution for managing the media their children watch. But online safety means more than just protecting kids from situations they aren’t ready for—it’s also about keeping them from inviting a nasty virus onto your device.
What are parental controls?
Parental controls are designed to give parents more control by denying access to specific content, limiting screen time, and monitoring activities on apps. However, they aren’t a failsafe solution. Parental controls should go hand-in-hand with careful planning, education, and maintenance. Here are a few guidelines for helping your kids make good choices when they’re online:
Being a good digital parent means educating your kids early and often. Be honest about what types of content you want them to avoid and why. The more they know, the more they will trust your motives for protecting them. Open communication and setting expectations will help when they inevitably balk at their content restrictions.
If you’re not sure about a site your child visits, find out for yourself what type of content it offers. Search online with your kids and become a role model for safe surfing.
Recent studies show that on average parents spend almost eight hours each day devoted to “screen time” activities. Evaluating your own media consumption is a great way to get your kids to do the same. They’ll appreciate your sacrifice, even though they’ll never admit it.
Strategies like these help build a strong foundation for your kid’s online habits. But until they’ve grown up to become perfect little darlings, continue to monitor their online activities. Activate parental controls on your devices and help protect them from inappropriate content. Trust, but verify.
Android parental controls
Most devices and operating systems offer some level of parental control. For Android device users, the process includes setting up a separate device user account for your child. After following the steps for setting up Android parental controls, you can control whether your child can access the Google Play Store and what rating level of content can be downloaded.
To give access to the Play Store, you will need to create a Gmail account for your child or sign into your user account to download something for them.
For parents looking for more control, Google’s Family Link lets you manage app usage, monitor screen time, and remotely lock a device for bedtime hours.
Family Link is viable option, but the app does have a few limitations:
- It’s restricted to compatible Android devices, for you and your kid
- You must create a Google account for your child
- You must have your own Google account
- It doesn’t protect your devices against viruses
Monitoring the amount and appropriateness of content is only one factor in keeping your kid’s online activities safe. You also need to know what your children download, email, and click.
Virus protection with parental controls
Viruses and malware are more pervasive than ever. Damage to your devices, theft of your identity, and the destruction of your data can happen with one careless click. Some apps give parents content control along with virus protection for their devices.
Panda Protection Complete lets you also protect your child’s access to specific apps and track the location of their device under Windows, Android and iOS. Panda includes a lot of characteristics to allow fathers to monitor and also control youngs, like:
Geolocation of the kids.
Prevent kids from accessing websites that contain unwanted content.
Parental controls give parents the power to help
Once Frank and Susan saw the hateful messages aimed at their daughter, they used the parental controls to detect the problem—They also deleted the messages—but not before making copies and taking them to the authorities. The complaint they filed helped end the harassment. Jill needed help, and parental controls allowed Frank and Susan to detect the problem and provide help to Jill.
In a digital world, information is power. Parental controls gave Frank the information he needed to intervene before things got worse.
Google’s Project Zero released a proof-of-concept attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11.
Bluetooth is an important smartphone technology, allowing us to transfer files, or to listen to music, wirelessly. It’s so useful that many people leave it switched on all the time.
But researchers have discovered a vulnerability in the technology that allows hackers to take control of a victim’s phone remotely. Known as “BlueBorne”, the technique can be used by hackers to connect to a nearby phone, install malware, steal data, or delete important personal information. And it takes less than 10 seconds for them to break in.
Most worrying is that the BlueBorne hack works on almost every smartphone – Apple, Android and Windows Mobile devices are all vulnerable to attack.
The good news is that manufacturers were alerted to the risks of BlueBorne weeks before the news went public. They have spent this time developing fixes for the vulnerabilities, blocking the weaknesses used by the hackers.
Both Windows Mobile and Apple iOS have already been patched – users need to update their phones as soon as possible. Unfortunately, any iPhone stuck on iOS 9 or earlier cannot be fixed, so users will need to seriously consider buying a new phone to protect themselves.
Patching Android has been much slower unfortunately. Google have a fix ready for their Pixel XL handsets, but older phones are still without full protection against BlueBorne. Patches will be released, but it may take days or weeks for these updates to make it onto users’ phones.
You can check whether your Android phone is affected using the free BlueBorne Vulnerability Scanner.
One important warning however: always ensure that you only download patches and updates from your handset manufacturer. Never, ever install security updates from a third party, or you may end up infecting your phone yourself.
Turn off Bluetooth when not in use
Although leaving Bluetooth enabled all the time makes using your phone easier, it also increases the risk of falling victim to BlueBorne hackers. If you can, disable Bluetooth completely; it is much safer to leave Bluetooth switched off completely until a patch is released.
If you must use Bluetooth, enable it only when required to reduce opportunities for hackers to crack your phone.
Install anti-malware software now
Waiting for an update for your Android phone is not really an option. Until the patch is released, your phone (and data) are at risk of being hacked. Remember – it only takes 10 seconds to take control of your phone.
In order to prevent any other kind of threats, the best option is to install an antivirus app on your mobile devices.
While you wait for a BlueBorne patch for your Android handset, download a trial of Panda Mobile Security to keep yourself protected now.
The post BlueBorne Bluetooth hack could affect millions of smartphones appeared first on Panda Security Mediacenter.
Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector.
The Onliner spambot, Google’s forthcoming Not Secure warnings for Chrome, the WireX botnet, Sarahah privacy and more are discussed.
Oreo Android, the sweetest version?
What does an Oreo cookie, a donut, a marshmallow or a lollipop have to do with your smartphone? Well, believe it or not, the names of all those sweets indicate the Android operating system installed on your cell phone.
After months of speculation about the new features to be included in the new Android operating system, August 21, the day of the solar eclipse, was the date chosen by Google’s engineers to unveil Android 8.0, codenamed Oreo. This new version allows you to minimize videos to a small window in any corner of your screen so that you can video chat while you’re checking your calendar or writing an email, for example.
However, the trend of codenaming Android releases after sweets and desserts is nothing new. Despite Android’s first two versions were unnamed: Android 1.0 (launched in September 2008) and Android 1.1 (released a year and a half after the first one), all subsequent Android versions have received tastier names than their predecessors.
Version 1.1 was followed three months later by version 1.5 (April 2009). Despite incorporating some really cool features (such as the ability to associate the contacts on your phone to pictures, or record videos in MPEG-4 and 3GP formats), this release is mainly remembered for being the first one codenamed after something as sweet as a cupcake.
From then on, all new Android versions have received a name that is irresistible for those with a sweet tooth.
If it was not tasty enough, Android Cupcake was followed by Android Donut in September 2009. This version, which featured a quick search box and major improvements to Android Market, was followed a month later by Eclair (Android 2.0 and 2.1), with amazing live wallpapers which responded to your touch. Additionally, Eclair included live traffic information that allowed users to choose the fastest way to get to their destination.
Almost a year after Eclair’s release, Android decided it was time to offer users another delicacy with the launch of Froyo, short for “frozen yogurt.” This new version enabled users to control their phones using their voice.
In December 2010, seven months after Froyo was released, Android announced the launch of Ginberbread. This codename was used to refer to versions 2.3 and 2.3.7, which provided a smooth experience for both users and app developers. This release introduced support for NFC communication, which allows users to, among other things, make payments with their phone as if it were a credit card.
An Android version as sweet as honey
Just three months after the release of Gingerbread, Android launched Honeycomb in March 2011. Honeycomb was the first Android operating system specifically adapted for work with tablets, and featured a simple interface that allowed the use of wide-format images.
Ice cream sandwiches
Several months had to pass before Android 4.0, codenamed Ice Cream Sandwich, was released in October 2011. This version managed to satisfy users’ sweet tooth once again, with its new control technology and customization options.
Almost an entire year had to pass before Android 4.1, Jelly Bean, came out in July 2012. Jelly Bean was the first operating system to include a personal assistant with Artificial Intelligence. Plus, it provided the ability to use different user accounts on the same cell phone.
After a long break… Kit Kat
The technological advances included in Android 4.1 were so widely acclaimed that users had to wait more than a year for the next Android version. However, after the long wait, October 2013 saw the release of Android Kit Kat and its revolutionary ‘OK Google’. ‘OK Google’ allowed people to start a voice search, get driving directions or play a song without even touching their phones – just verbally saying the phrase.
Android Lollipop, released in November 2014, allowed the operating system to make the jump from smartphones and tablets to other types of devices. This update, which spanned versions between 5.0 and 5.1.1, marked the birth of the Android-based smartwatches, smart cars and smart TVs.
It looks as if, after Jelly Bean, Android made the decision to launch a single new version per year. So, 13 months after Lollipop was launched, Google released Android Marshmallow in October 2015. User devices (now spanning not only tablets and smartphones, but all sorts of devices), became even tastier with the new Google Now on Tap, a feature that provided quicker shortcuts and smarter replies, as well as improved security features.
June 2016 saw the release of Android Nougat. This version included a new Multi-Window mode and support for a new virtual reality platform called Daydream.
Some years ago, getting your phone wet was lethal. Today, however, Samsung’s latest spot for the launch of the Galaxy S8 smartphone features people taking pictures with their cell phones from the bottom of a swimming pool. Who knows if Android version 35, if Google continues with its habit of releasing a new version each year, will allow us to command our smartphone or smartwatch to make us some chocolate cookies…
What happens when cable and phone companies are left to their own devices?
Federal Communications Commission (FCC) will soon stop accepting comments on Net Neutrality. There has been a lot of confusion amongst people who are either not technology savvy or not familiar enough with the ongoing debate. We spent years following the conversation and researching the topic, so we wanted to give you the cold facts hoping you will make an educated decision.
What is Net Neutrality?
As you may remember before 2015 ISPs were not heavily regulated and were using tactics that are against the current policies of Net Neutrality. The years between 2005 to 2014, in particular, were like the wild west of broadband providers. There were cases of ISPs banning P2P usage, VOIP blockages, and at some point, ATT pressured Apple to ban Skype. People started voicing their opinion against the corporate practices, so Net Neutrality was born. New rules started being enforced on June 12, 2015, and ISPs were no longer able to execute similar methods without the risk of having to pay a hefty fine.
Earlier this year, Ajit Pai was appointed to govern FCC. He is an avid opponent of Net Neutrality and his “Restoring Internet Freedom” proceeding is getting close to repealing it.
What happens when Net Neutrality gets repealed?
If the new proceeding gets accepted, corporations such as Comcast, Verizon, ATT, Frontier, and Cox will have their control back, and they will again have the ability to act as content gatekeepers. They will even be able to impose new fees so paying $10 a month for accessing Facebook from your phone might happen sooner than later. You may have to upgrade to a ‘business account’ if you want to use Outlook from your home Wi-Fi. It will be similar to Vladimir Putin’s recent war on VPNs. North Korea and China have similar laws too. In your case, you won’t be blocked from accessing content as this decision would violate the 1st Amendment. However, millions of Americans who have access to only one ISP may have to choose to either pay an extra fee or give up on their favorite app or a TV show. Repealing Net Neutrality means that ISPs will stop being treated like utility providers. Some of the major internet providers in the US have already begun violating the current rules.
There are only a few more days left until FCC stops accepting comments about the planned repeal of Net Neutrality. The end date is scheduled for August 30th, 2017. Feel free to make your voice heard by leaving a comment in the “Restoring Internet Freedom” proceeding here.
The post What is Net Neutrality and How to Voice Your Opinion? appeared first on Panda Security Mediacenter.