Archive for Android

« Older Entries
Newer Entries »

Your Android Phone Might Be Infected With Malware…. Here’s How To Check

Posted in Commentary with tags on July 7, 2016 by itnerd

It’s recently come to light that 10 million Android phones might have been infected with a piece of malware called HummingBad which can take root in your phone, collect your personal data and making it act like you’ve clicked on ads that you haven’t. That’s not good. But it’s far from the only bad actor out there. So the question is, how do you find out if you’re infected by something. Then how do you protect yourself.

First, let’s talk about detection. You have to run an anti-virus app on your phone to detect HummingBad or any other nasty piece of malware. My suggestion would be to use something from a reputable AV company such as the following:

Any of these will find the sort of stuff that can make your life miserable and kill it. But in the event that whatever anti-virus app can’t kill whatever it finds, your only course of action is to backup your contacts and data and reset your phone. Not ideal, but it is effective.

Now, over to how to protect yourself. And I will say up front that some of you won’t like these suggestions. The main way that malware gets onto Android phones is when you get your apps from outside the Google Play Store. That’s not to say that it isn’t possible to get an infected app from the Google Play Store. But it’s far less likely to happen vs just getting an app from anywhere on the Internet. Thus if you are the type to grab apps from anywhere, don’t. Simply making that one change improves the odds that you will not be infected by anything. Another way to protect yourself is not to “root” the device as it not only opens you up to security risks, but likely voids the warranty of your phone too. Not good on either front. And quite frankly it’s not worth the risk. Thus to keep yourself safe, don’t do it.

Are there any other suggestions that you can think of? If there are, please leave a comment and share your thoughts.

Leave a comment »

#Fail: Google Allows Android App Installs From Search Results

Posted in Commentary with tags on January 22, 2016 by itnerd

If you’re a user of Android and you do a search, you’ll soon have the ability to install said app straight from the search result and bypass the Google Play store. Here’s how it will work:

  • If the search result brings up an app, you’ll see an ‘Install’ icon next to it.
  • Rather than redirecting you to the store, it will bring up the permissions screen directly and, once you’ve accepted them, the app will be installed.

What could possibly go wrong? Seeing as Google has had problems keeping bad apps off the Google Play store, I can easily see this leveraged to deliver malware and other rogue apps that will pwn your device. Though Google will have to speak to how they plan to mitigate that. I had a look around online and I couldn’t find anything that spoke to that. So it’s a bit of an open question.

This is being rolled out as we speak according to Android Police. But this is something that is going blow up for Google in a bad way. I’m calling it now.

Leave a comment »

Chrome V8 JavaScript Exploit Leaves All Android Devices Ripe For Attack

Posted in Commentary with tags , on November 16, 2015 by itnerd

Android users have yet another threat to worry about.

If you’re an Android user who likes to use Google Chorme, which means that I’m talking about most if not every Android user, There’s a new exploit that has the capability of taking your Android smartphone hostage:

The tricky exploit was demonstrated at MobilePwn2Own, which was held at a Tokyo-based PacSec conference. Quihoo 360 security researcher Guang Gong first uncovered the vulnerability, and thankfully, he hasn’t publicly revealed detailed specifics on its inner workings. However, we do know that it takes advantage of Chrome’s open source V8 JavaScript engine.

Here’s the really bad part. This exploit can pwn your device in one shot. Not only that, pretty much every Android device is affected. Now Google have been made aware of this and I am sure a fix is coming. The question is, how long will it take to get to users…. If it gets to users at all given how fragmented the Android OS is.

Leave a comment »

A Billion Android Devices Are Vulnerable To Stagefright 2.0 Attacks

Posted in Commentary with tags , on October 1, 2015 by itnerd

If you’re an Android user, you have a big problem. The news is out that 1 billion Android devices are vulnerable to an new version of the Stagefright attack. Dubbed Stagefright 2.0, it is way more dangerous than the original Stagefright attack. Here’s what Threatpost had to say:

The risks with these vulnerabilities, dubbed Stagefright 2.0, are nearly identical to the original Stagefright flaws; the only difference is that the attack vector for the first bugs has been patched. Successful exploits would enable remote code execution and lead to privilege escalation, putting an attacker in control over a compromised device. They would have access to personal data and photos stored on the phone, be able to take photos, record conversations, exfiltrate email and SMS/MMS messages and load additional apps.

What’s worse is that these vulnerabilities, two in total have this sort of history. The first dates back to the first version of Android, and a second dependent vulnerability that was introduced in Android 5.0. Net result, Android users have a big problem. Google is likely aware of this, but the question is this. How long will it take Google along with every Android OEM to roll out fixes for this? Until they do, Android users have a big reason to worry.

Leave a comment »

Google Patch For “Stagefright” Exploit Deemed “Incomplete”

Posted in Commentary with tags , on August 14, 2015 by itnerd

You might recall that there was an exploit where millions of Android phones can be hacked via a text message. Google has released a patch that was designed to address this. But Jordan Gruskovnjak of security firm Exodus says that the patch is incomplete. This is backed up by Joshua Drake of Zimperium who found this exploit in the first place:

A report released today by Exodus Intelligence said that Gruskovnjak had doubts about the completeness of the patch on July 31, but was not able to verify the fix since one had not yet been distributed. Once Gruskovnjak had the updated firmware on a Nexus 5 phone, he developed an MP4 file—the simplest attack vector, Drake said, involved sending a vulnerable device a crafted MMS message that would exploit the vulnerability—that bypassed the patch.

Lovely. It will be interesting to see what Google does to address this because one has to think that if attacks are not already in the wild, they will be shortly.

Leave a comment »

Maliciously Crafted Media File Can Crash Android Phones

Posted in Commentary with tags on July 29, 2015 by itnerd

Hot off the heels of maliciously crafted text messages allowing a bad guy to pwn your Android phone comes this new vulnerability. According to Trend Micro, it’s a maliciously crafted media file that is the attack vector:

We have discovered a vulnerability in Android that can render a phone apparently dead – silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop). Combined, these versions account for more than half of Android devices in use today. No patch has been issued in the Android Open Source Project (AOSP) code by the Android Engineering Team to fix this vulnerability since we reported it in late May.

This vulnerability can be exploited in two ways: either via a malicious app installed on the device, or through a specially-crafted web site. The first technique can cause long-term effects to the device: an app with an embedded MKV file that registers itself to auto-start whenever the device boots would case the OS to crash every time it is turned on.

Lovely. One other thing to consider is that like the other vulnerability that I linked to, it may take a very long time to get this fixed, assuming that you get it fixed at all. You can blame the fact that the responsibility for Android OS is so fragmented for that.

Let’s see how long it takes before exploits show up in the wild.

Leave a comment »

Most Android Phones Can Be Hacked Easily Via Text Message: Report

Posted in Commentary with tags , on July 27, 2015 by itnerd

A security researcher has claimed to have found a hack that can be executed by a text message and give the attacker complete control of the phone:

Here’s how the attack would work: The bad guy creates a short video, hides the malware inside it and texts it to your number. As soon as it’s received by the phone, Drake says, “it does its initial processing, which triggers the vulnerability.” 

The messaging app Hangouts instantly processes videos, to keep them ready in the phone’s gallery. That way the user doesn’t have to waste time looking. But, Drake says, this setup invites the malware right in.

If you’re using the phone’s default messaging app, he explains, it’s “a tiny bit less dangerous.” You would have to view the text message before it processes the attachment. But, to be clear, “it does not require in either case for the targeted user to have to play back the media at all,” Drake says.

Once the attackers get in, Drake says, they’d be able do anything — copy data, delete it, take over your microphone and camera to monitor your every word and move. “It’s really up to their imagination what they do once they get in,” he says.

This could affect 80% of Android phones out there and while it isn’t out in the wild yet, you can expect that now that this exploit is public, it will be. That’s not trivial. Neither is the fact that this will not get patched quickly despite the fact the fix is equally as trivial. That’s because the Android OS is incredibly fragmented with different versions of the OS being made available by Google, handset manufacturers, carriers, and the like. As a result, some may implement the fix quickly, others may implement it slowly, or some may not implement it at all. Thus you have to hope that wherever you get your Android OS updates from implement this fix before this becomes a real problem.

Leave a comment »

Google To Screen Android Apps For Banned Content

Posted in Commentary with tags , on March 19, 2015 by itnerd

It’s no secret that Apple has tight controls on what gets into the App Store. But Google doesn’t and that can lead to all sorts of problems. Fake apps, viruses and the like have popped up on Google Play which isn’t good for the average Android user. Google aims to change that according to this blog entry:

Several months ago, we began reviewing apps before they are published on Google Play to better protect the community and improve the app catalog. This new process involves a team of experts who are responsible for identifying violations of ourdeveloper policies earlier in the app lifecycle. We value the rapid innovation and iteration that is unique to Google Play, and will continue to help developers get their products to market within a matter of hours after submission, rather than days or weeks. In fact, there has been no noticeable change for developers during the rollout.

To assist in this effort and provide more transparency to developers, we’ve also rolled out improvements to the way we handle publishing status. Developers now have more insight into why apps are rejected or suspended, and they can easily fix and resubmit their apps for minor policy violations.

One thing to note is the timeframe that it takes for the review process. Google claims that apps that pass their filter will be available in a matter of “hours” which is way faster than the week or so that Apple takes to review an app. This of course assumes that the people at Google who are responsible for reviewing apps are actually doing a real review rather than doing a quick look over of the app. If they are, that’s good. Google also revealed that it would be working with the Entertainment Software Rating Board (ESRB), the Pan-European Game Information (PEGI), and other organisations to assign age-based ratings to apps hosted in the Play Store. Developers are now being asked to log into the Android developer console to respond to a questionnaire about their products so that a rating can be assigned to the app. Both of these are signs that Google Play may finally be evolving so that they can be taken way more seriously. Something that some would argue is long overdue.

1 Comment »

Google Announces Android For Work

Posted in Commentary with tags , , , on February 25, 2015 by itnerd

Google today has taken a major step in bringing Android to the Enterprise. They’ve announced Android For Work on the Google Blog and here’s what it will do for enterprises:

  • Work profiles – We’ve built on the default encryption, enhanced SELinux security enforcement and multi-user support in Android 5.0, Lollipop to create a dedicated work profile that isolates and protects work data. IT can deploy approved work apps right alongside their users’ personal apps knowing their sensitive data remains secured. People can use their personal apps knowing their employer only manages work data and won’t erase or view their personal content.
  • Android for Work app – For devices running Ice Cream Sandwich through Kitkat, or that don’t run work profiles natively, we’ve created the Android for Work app. The app, which delivers secure mail, calendar, contacts, documents, browsing and access to approved work apps, can be completely managed by IT.
  • Google Play for Work – Google Play for Work allows businesses to securely deploy and manage apps across all users running Android for Work, simplifying the process of distributing apps to employees and ensuring that IT approves every deployed app.
  • Built-in productivity tools – For everyday business tasks, we’ve created a suite of business apps for email, contacts and calendar, which supports both Exchange and Notes and provides document editing capabilities for documents, spreadsheets and presentations.

To bring this to the marketplace, Google is partnering with a select number a Enterprise Mobility Management vendors. Two of them are from Canada and they are:

  • BlackBerry is working with Google to bring support for Android for work to BES 12. Customers can get a preview in March and it should be rolling out in Q2 2015.
  • SOTI who is the leading player in Enterprise Mobility Management for Android devices has announced support in MobiControl. One thing to note is that they have same day support for Android For Work. Meaning that customers will be able to get a version of MobiControl in their hands that supports Android For Work very quickly.

Android For Work is a game changer for Google. This I believe will kick support for Android in the enterprise up several notches. I’d recommend you keep an eye on this technology, and Enterprise Mobility Management vendors who work with Google to bring this technology to market.

Leave a comment »

Unpatched Android Flaw Leaves Android Users Vulnerable

Posted in Commentary with tags , on July 29, 2014 by itnerd

The BBC is reporting that there’s a flaw in Android that could leave you open to having your device taken over or your credit card info swiped. It was discovered by a company called BlueBox Labs and here’s a description of the flaw:

BlueBox has dubbed the vulnerability Fake ID, because it exploits a problem with the way Android handles the digital IDs – known as certification signatures – used to verify that certain apps are what they appear to be.

The issue is that while Android checks an app has the right ID before granting it special privileges, it fails to double-check that the certification signature involved was properly issued and not forged.

Jeff Forristal, chief technology officer of BlueBox, likened the issue to a tradesman arriving at a building, presenting his ID to a security guard and being given special access to its infrastructure without a phone call being made to the tradesman’s employer to check he is really on its books.

“That missing link of confirmation is really where this problem stems,” he told the BBC.

“The fundamental problem is simply that Android doesn’t verify any claims regarding if one identity is related to another identity.”

Apps that make use of Adobe’s Flash plug-in can have malware added to their code

To make matters worse, he added, a single app can carry several fake identities at once, allowing it to carry out multiple attacks.

That’s not good. But what is worse is that while Google has fixed this, Android users will have to wait for the Samsungs and HTCs of the world to push updates down to them via their mobile phone operators. That could take months which means if you’re running Android 2.1 to Android 4.3, you are potentially open to attack. Thus the only way at present to protect yourself is to use an app from BlueBox to see if you’ve been affected by this.

Leave a comment »

« Older Entries
Newer Entries »