Thursday 27 June 2013

Mobile Phones and Virus Issues

Antivirus programs are quite familiar to us on our desktops. As mobile operating systems have grown in
popularity, desktop type security concerns have followed. So trained are users that when Android antivirus apps began appearing, users saw them as a must-have. Given that there have been various bit of news about Android malware; users can’t really be blamed for making assumptions.
The trouble with apps is that they all run in the same sandboxed Java environment, which  includes the AV apps as well.  Most AV apps lack the ability to gain low-level system access on mobile that desktop antivirus would. This currently means that the best way to avoid malware is to understand how Android apps work.

When an app is installed, the system will always display permissions requested. See here  for an example. You can also find these permissions in the android settings for installed apps. These permissions are shown on a tab in Google Play) Some antivirus apps such as Zoner can display a list of apps and the number of permissions granted.
If a simple app asks for permission to send and receive SMS messages; that should be checked out by the user. Recent malware has been designed in such a way that by gaining rights to the phone, it can send text messages to premium rate numbers and also allow other attackers to carry out fraudulent activities. PC World reports that when first executed, Obad.a prompts users for device administrator privilege. Applications that gain this privilege can no longer be uninstalled through the regular apps menu until they are removed from the administrators list on the infected device. Indeed security researchers at Kaspersky’s lab have come across a Trojan virus, which is so strong that it might be almost impossible to remove.

The same problem exists for apps that allow phone calling permissions, potentially allowing them to call premium rate numbers without the user’s knowledge.

Another permission to check for is access to the contact list, and Google accounts. If you believe that the App should not be accessing this data, there is a chance that it is malware designed to collect user data for spamming or phishing. You might expect to see this permission is in apps that autocomplete contact names, or handle messaging actions.

The location permission could be used it for location-aware ads (might be useful), but a more questionable app could pick up a user’s location, and store it over time to sell that to advertisers.

The best way to stay safe on Android is to just stick to established apps from the likes of the official Android Market or the Amazon Appstore. While bad apps do occasionally show up in the Market, Google removes them swiftly and can also remotely kill the apps on phones.

There has been good evidence that a lot of free Android antivirus apps just don’t work, and could even cause people to believe they are protected when they are not. This might mean people taking take more risks with downloading dodgy software. There is a useful review here

Perhaps even worse is the latest scam imported from the PC platform, a form of which was recently identified by Symantec. Android Fakedefender locks people out of using other applications and can also change the settings of the OS, making it tricky for people to uninstall the malware.

Juniper networks says that the Mobile Threats Report, conducted by the Juniper Networks Mobile Threat Center, is one of the largest first-hand quantitative research studies of its kind. The report is based on analysis of more than 1.85 million mobile applications and vulnerabilities, up more than 133 percent from the last report released in February 2012.
Juniper says it's clear that cybercriminals are now rather than trying to crack into every system, are going after the most popular: Android which dominates nearly 60 percent of the smartphone market share. (Apple has slightly more than 19 percent and Microsoft has 18 percent.)

An interesting feature of Zoner mentioned above is the theft protection, which if enabled allows you to remotely control and locate your device via SMS messages. If you have lost it somewhere you can get a location or sound an alarm for people to notice it. (useful if you have left it on silent) If it has been stolen you will be notified when SIM is changed. It might also be used by your partner or others to track your location... 

Monday 24 June 2013

Yet more hackers?

In the Daily Mail Littlejohn says:
 "Law firms, telecoms giants and insurance companies all hired criminals to harvest sensitive, confidential information. One of the country’s most prolific hackers, a private investigator, admitted that 80 per cent of his work was carried out on behalf of lawyers, wealthy individuals and insurers.
Other clients of hackers included a household name who broadcasts to millions of people every week; another celebrity who paid a firm to hack into an employee’s computer; and a businessman who wanted to obtain intelligence on rivals involved in a £500 million takeover bid.
Investigators routinely obtained everything from bank and credit card statements to itemised mobile phone bills"

This was following on from a report in the Independent that alleges that a suppressed official report accuses respected industries of hiring criminals to steal rivals’ secrets. Yet an official report into their practices has been suppressed.

An interesting part of the hacking process in the operation "Blaggers" who obtain key information that may be used in itself or facilitate the hacking of another system. This is referred to on the Information Commissioners Office website - Reports to Parliament. the May  report bring up an interesting list.

"Following the report the Information Commissioner received a request under the Freedom of Information Act 2000 for further information about the publications that the 305 journalists were employed by and a breakdown of their activity. After considering the relevant exemptions information which did not identify the journalists or the publications was provided to the requester. Having considered the matter further the Information Commissioner has decided that a further disclosure is in the public interest and in the context of a special report to Parliament is consistent with the discharge of his functions under the Data Protection Act 1998. The following table shows the publications identified from documentation seized during the Operation Motorman investigation, how many transactions each publication was positively identified as being involved in and how many of their journalists (or clients acting on their behalf) were using these services".

Interestingly on the top of the list was the Daily Mail, with a reported 952 transactions and 58 journalists/clients.

It seems that illegal practices identified by Soca investigators went beyond the simple crime of voicemail hacking (see previous blog - Phone "Hacking" or Opportunistic Access? ) and included live phone interceptions, police corruption, computer hacking and perverting the course of justice.

GCHQ may gather 39 billion separate pieces of information, but how do you find the bit you might want? One should probably concerned about who could access that data.  

The trouble with access points is that once they are there, unless there is some kind of physical switch to isolate them, they may be vulnerable to unwanted access. Who also might be able to access the probes that GCHQ has placed on more than 200 transatlantic cables?

The other problem with people owning .com names is that the USA could claim that any traffic must be routed by way of the USA. See Extradition .com ‘wire fraud’ - Who next for extradition? 

The problem has been around for some time though - See Hackers’ ancient and modern blog post. There is a bit more about this sort of stuff in my book "Cold Suspenders". There are different types of suspender, and none of them hold stockings up.
 

Monday 3 June 2013

New Priestwood Community Association AGM.

It is some time since I last blogged about anything.
There often just does not seen to be enough time.

I am on holiday at the time of writing this, and have snuck away from Diane with to use a borrowed laptop.

Anyway - What this is about is the New Priestwood community Association AGM.

This is the most important meeting of the year in Priestwood at which the annual financial report is presented, Officers and a Committee elected for the year ahead. This year, there is also the subject of approving a new lease.

There are two  speakers on local topics...
Terry Pearce
Chairman of the Over 50s' Forum & Defend Our Community Services on...  "Our NHS - Fighting for its life!"

Cllr. Mary Temperton
Bracknell Forest Council Town Centre Regeneration Committee Member on... "Our New Town Centre"

You'll also have an opportunity to speak out on any local issue you want to raise with either the speakers or with local Councillors who will also be at the meeting.

 7.30 p.m. on  Friday, 14th. June.

http://www.bracknell-forest.gov.uk/thenewpriestwoodcommunitycentre

I will try to blog about me becoming Mayor and stuff soon, and with something about the areas I wish to support during my year. http://www.getbracknell.co.uk/news/s/2134342_cllr_alvin_finch_named_new_mayor_of_bracknell_town

Thursday 3 January 2013

Phone "Hacking" or Opportunistic Access?


A lot of mobile phone owners may have been worried by all the talk of “'phone hacking”. Customers often ask me what they can do to protect their phones, and what it’s all about anyway. In effect there is no actual phone hacking involved, it’s more of people taking advantage of lax security.

What we are talking about is opportunistic illegitimate access to voicemail messages. These could be mobile phone messages, or messages on a home answering machine.  Since the police inquiry into the News of the World scandal, mobile network have operators greatly improved their security mechanisms to increase protection of users.

A big problem with voicemails arose from the use of well-known default PINs for voicemail access. Most customers will probably have never have used their PIN code to access voicemail. On most mobile phones, the network recognises that it is your phone calling and makes life easy for you by recognising that it is you and replaying the messages.

Operators often provide an external number through which you can call to access your voicemail remotely, but the easiest way to pick up your voicemail remotely is to call your own number. Usually when in starts the voicemail message you can enter a PIN number to access the voicemail. On O2 the default used to be 8701. (You key a star first). I remember a friend of mine being horrified when I demonstrated to him how easy it was for anyone to listen to his voicemail.

As with computer passwords people who do set up PIN numbers often use their birthday or some other well known number that someone else could easily guess at. That makes it a bit too easy for someone to access your stuff.

Sadly there are now newer methods that do verge on hacking - These methods involve faking a phone’s Caller Line Identity so it can spoof access into voicemail. To block this type attack, you need to set-up a PIN to access your voicemail. By doing this you prevent automatic access to your voicemail. A bit of a pain to have to use it every time, but at least it make thing more secure.

I touched on home answering machines earlier – If you look at the operating instructions here. (See page 36 – remote access) They are much like the mobile phone set-up. Many people would leave the pin as the default 000 – a bit too easy for someone else to guess!

Soon I intend to blog about what the real hackers can do.