Friday, 20 June 2014

New generation phones to have 'Kill switches'.

So-called kill switches are software to disable the phone if it is lost or stolen.

NEW YORK (CNNMoney) - Google and Microsoft will include a so-called kill switch in the next version of their smartphone operating systems, authorities announced Thursday.
The technology allows for a stolen Google (GOOG) Android and Microsoft (MSFT,Tech30) Windows Phone-powered Nokia (NOK) device to be disabled, making it useless to the thief.
With Google and Microsoft on board, kill switches will be available for 97% of the smartphone market, said New York Attorney General Eric Schneiderman, who made the announcement.
Newer versions of Apple's iOS currently include a kill switch called Activation Lock and tracking software that requires a password before the iPhone or iPad is reset. In May, Samsung launched a similar system it calls Reactivation Lock.
Schneiderman issued a report citing data that showed the number of smartphone thefts were on the rise, but that thefts of devices with kill switches were decreasing.

Although the technology is spreading, some older phones can't or likely won't be updated.
"With the majority of phones still without a kill switch, smartphone-related thefts and violence remain a tragic reality," Schneiderman's office said. "Criminals now target devices not likely to be equipped with a kill switch, increasing the importance of immediately implementing the life-saving technology across all manufacturers."

Schneiderman's initiative pushing for kill switches, Save Our Smartphones, also included officials from California and London. 
The article, "Kill Switch' coming to Google, Microsoft phones" with a different title here, was originally published on the CNN website by   @gregorywallace for CNNMoney.

Monday, 3 March 2014

Google's Android security about to get even smarter.

Computerworld - Android security is always a hot-button issue. "Dangerous malware" and "new threats" make for great headlines, after all -- and companies that make money selling anti-malware software are always happy to feed fear-inducing fodder to stats-loving reporters (go figure!).
The truth, though, is that Android security is one of the most sensationalized and misunderstood subjects you'll read about in the tech media today. Plain and simple, a theoretical breach and a meaningful threat that's actually putting users at risk are two very different things.
Google's made a lot of progress in separating one from the other over the years -- and the company's about to take another step in making nearly every Android device even more secure.
Android security: The next phase
Over the next couple of weeks, Google will be rolling out a universal update that'll enable constant on-device monitoring for potentially problematic apps. It's an upgrade to the platform's Verify Apps function that first launched with Android 4.2 in 2012, as I reported exclusively at the time, and then spread to all devices with Android 2.3 and up last July.
Android Verify AppsAs it stands now, Verify Apps watches your device for any new applications -- particularly those that you download and install directly ("sideload") instead of installing from the Google Play Store. Anytime a new app appears, the system instantly checks it for potentially harmful code and warns you of any dangers it discovers.
What's changing is that Verify Apps will soon continue to monitor your applications even after they're installed, thereby extending its level of protection.
"We're constantly updating what [threats] we're aware of, so being able to detect those things where we've improved our coverage is valuable," Android Lead Security Engineer Adrian Ludwig tells me.
Ludwig says the newly expanded system will also help identify issues with apps installed before Verify Apps became available -- or those installed without a person's knowledge while, say, someone else was borrowing a device.
"We want to make sure that if that were to happen, a user would be made aware of it after the fact," Ludwig explains.
Just like it does now, the updated Verify Apps system will run silently in the background; Google suspects the majority of users will never even know it's there. And if you'd rather not have the protection in place, you can always disable Verify Apps altogether in your device's system settings.
Beyond a single system
Google Play SecurityRemember, too, that Verify Apps works in conjunction with a server-side system that scans all apps uploaded to the Google Play Store. And both systems take advantage of something Google calls the Android Safety Net, which detects everything down to SMS abuse and blacklists sources that have exhibited shifty behavior in the past.
"At this point, there really is a collection of services that we're starting to think about as the Google security services for Android," Ludwig says. "We want to make sure there is no single point of failure within our platform so users can be protected."
That "no single point of failure" concept is important: With last year's "Master Key" vulnerability, for instance -- publicized, coincidentally enough, by a company that sells anti-malware software for Android -- Google implemented protection for its Play Store scanning system within a day of learning about the exploit and for its on-device Verify Apps system a few weeks later.
Even though OS-level patches didn't start hitting devices for another few months, those initial layers of protection were available to everyone almost instantly -- and according to Google's internal data, not a single real-world exploit attempt occurred before they were in place. In other words, the real-world risk related to the vulnerability was already next to none, as I pointed out at the time -- and once the Play Store and Verify Apps protection kicked in, it dropped even lower.
And there's the dull truth of this domain: When it comes to security, real-world assessments make for far less sexy headlines than sensational shouting based on theoretical threats.
The next steps
The expanded Verify Apps system will be rolling out as part of an upcoming update to Google Play Services, which means it'll automatically hit all devices with Android 2.3 or higher. That covers almost every phone and tablet out there -- nearly 99 percent of actively running products, according to Google's latest platform measurements -- and thanks to Google's ongoing deconstruction of Android, the update will happen behind-the-scenes and without the need for any manufacturer or carrier interference.
So what's the broad takeaway from this? It's the same thing I've been saying for years: Now more than ever, malware on Android is far less significant of a real-world issue than some reports would lead you to believe. In the real world, the killer viruses that are so good for headlines actually affect next to no one. And now, even if you don't exercise basic common sense -- even if you carelessly download shady-looking stuff from unofficial sources out in the wild -- your phone will automatically protect you even more than it already did.
Android Power TwitterAnti-malware software vendors will undoubtedly keep preying on ignorant reporters and consumers, but all it takes is a little bit of knowledge to keep the big bad virus monsters in perspective -- and out of your nightmares.

The article, "How Google's Android security is about to get even smarter" with a different title here, was originally published on the Computerworld website by JR Rapheal.

Friday, 24 January 2014

Windows malware tries to infect Android devices connected to PCs

Researchers from Symantec found a Windows Trojan program that uses ADB to install online banking malware on Android devices..

IDG News Service - A new computer Trojan program attempts to install mobile banking malware on Android devices when they're connected to infected PCs, according to researchers from Symantec.
This method of targeting Android devices is unusual, since mobile attackers prefer social engineering and fake apps hosted on third-party app stores to distribute Android malware.
"We've seen Android malware that attempts to infect Windows systems before," Symantec researcher Flora Liu, said Thursday in a blog post. "Android.Claco, for instance, downloads a malicious PE [portable executable] file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file."
"Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices," Liu said.

The new malware, dubbed Trojan.Droidpak by Symantec, drops a DLL file on the Windows computer and registers a new system service to ensure its persistence across reboots. It then downloads a configuration file from a remote server that contains the location of a malicious APK (Android application package) file called AV-cdk.apk.
The Trojan program downloads the malicious APK, as well as the Android Debug Bridge (ADB) command line tool that allows users to execute commands on Android devices connected to a PC. ADB is part of the official Android software development kit (SDK).
The malware executes the "adb.exe install AV-cdk.apk" command repeatedly to ensure that if an Android device is connected to the host computer at any time, the malicious APK is silently installed on it. However, this approach has a limitation -- it will work only if an option called "USB debugging" is enabled on the Android device.
USB debugging is a setting normally used by Android developers, but it's also required for some operations that are not directly related to development, like rooting the OS, taking screen captures on devices running old Android versions or installing custom Android firmware. Even if this feature is rarely used, users who turn it on once to perform a particular task may forget to disable it when they don't need it anymore.
The malicious APK distributed by this Windows malware is detected by Symantec as Android.Fakebank.B and masquerades as the official Google Play application. Once installed on a device, it uses the name "Google App Store" and the same icon as the legitimate Google Play app.
The malware appears to target online banking users from South Korea.

"The malicious APK actually looks for certain Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions," Liu said. It also intercepts SMS messages received by the user and sends them a remote server.
The targeting of online banking apps and the theft of SMS messages that can contain transaction authorization sent by banks suggest the motivation of this malware's authors is bank fraud.
Even if this particular threat targets users from a single country, malware coders commonly borrow ideas from each other and replicate successful attack methods.
Liu advised users to turn off the USB debugging feature on their Android devices when it's not needed and to be wary of connecting their mobile devices to computers they don't trust.

The article above was originally published on the Computerworld website by Lucian Constantin