Android is the biggest target for mobile malware

Most of the malicious software for mobile devices targets Google’s Android operating system, a new report by Pulse Secure says.

Last year, almost one million individual malicious apps for Android were released, according to Pulse Secure’s Mobile Threat Report. That means the number of threats quadrupled in comparison to the year before.

The report is based on data pooled from more than 2.5 million mobile applications, Pulse Secure says.

“There was significant growth in Android malware, which currently consists of 97 percent of all mobile malware developed. In 2014 alone, there were 1,268 known families of Android malware, which is an increase of 464 from 2013 and 1,030 from 2012”, it said.

Apple’s iOS, on the other hand, went through last year basically unscratched. The report said that there were just four iOS targeted attacks in 2014, and the majority of those were designed to infiltrate jailbroken devices.

Pulse said these numbers should serve as a warning to all enterprises, to think long and hard before allowing the bring-your-own-device (BYOD) policy, while those who already have a BYOD scheme should regularly review their security.

“Enterprise networks, while continually hardened at the perimeter, need to apply similar mobile security controls to appropriately deal with the ever increasing BYOD push coming from employees”, said Troy Vennon, director of the Pulse Secure mobile threat centre.

“The focus on Android and jailbroken iOS devices by mobile malware developers illustrates that they are actively attempting to exploit mobile devices as the weak link in enterprise security”, Vennon added.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Source: PTI

The Latest Mobile Testing News department was not involved in the creation of this content.

How a keyboard glitch left 600 million Samsung smartphones at risk of being hacked

More than 600 million Samsung mobile devices, including the Galaxy S6, are vulnerable to a security breach that could allow hackers to take control of the devices, according to a report by mobile security firm NowSecure.

The devices’ word prediction software, produced by software firm SwiftKey, could give hackers “system privileges,” or control of the entire device, according to the report.

Researchers from NowSecure were able to seize control of GPS tracking data, microphones and cameras from Samsung devices, chief executive Andrew Hoog told The Washington Post. They also intercepted incoming and outgoing calls and messages and installed apps.

“These types of things are well within the capability of other organizations, and I think it’s very naive to think other people haven’t found this or haven’t used this,” Hoog said.

Samsung said in a statement that it “takes emerging security threats very seriously” and was aware of the issue. “We are also working with SwiftKey to address potential risks going forward,” the statement said.

Devices dating back to Galaxy and Galaxy Note S3 models have preinstalled SwiftKey word prediction technology. That software cannot be uninstalled or disabled even if users activate a different keyboard.

The SwiftKey Keyboard app, available on Google Play and the App Store, is unaffected by these risks, according to the report and a SwiftKey spokesman.

But hackers using insecure Internet networks can easily dupe the word prediction software as it searches for automatic updates and gain control of the entire device, according to the report.

Source: dailycomet.com

The Latest Mobile Testing News department was not involved in the creation of this content.

‘600 Million’ Samsung Mobiles Vulnerable To Keyboard Cracking Attack

Given everything that’s occurred over the last two years, Android phone owners would be forgiven for thinking major manufacturers had their backs when it came to security, especially encryption. But a serious issue affecting a default keyboard in as many as 600 million Samsung mobiles highlights just how wrong that assumption can be.

The problem, uncovered by Ryan Welton from mobile security specialists NowSecure, was a blatant one: the SwiftKey keyboard pre-installed on Samsung phones looked for language pack updates over unencrypted lines, in plain text. That meant it was possible for Welton to create a spoof proxy server and send malicious security updates to affected devices, along with some validating data to ensure the bad code remained on the device. This gave him a hook from which to find ways to escalate his attack and exploit the device without the users’ knowledge.

In more malicious hands, the exploit could be used to give an attacker system user level privileges and allowing them to siphon off contact data, text messages, bank logins and most information the victim would have considered private. It could also be used to monitor users from afar.

Having been alerted to the issue back in November 2014, Samsung told NowSecure it was working on a patch and eventually delivered one to carrier networks in late Match for Android 4.2 and above, according to NowSecure CEO Andrew Hoog. But the company believes current devices are still be vulnerable.

Welton, who today detailed the exploit at the Blackhat Security Summit in London, tested a Samsung Galaxy S6 running on Verizon and claimed to have replicated the attack. “We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days,” a NowSecure spokesperson confirmed. Hoog said the flaw likely affected the majority of Samsung Android devices, including the S3, S4, S5, and Galaxy Note 3 and 4.

FORBES has contacted Verizon and Swift about the issue. Verizon had not responded at the time of publication, Swift declined to comment.

Users have been left in the lurch somewhat, as the keyboard can’t be uninstalled and even when it’s not the default keyboard, it can still be exploited, said Welton. Until patches are ready, users of Samsung phones should be careful about what networks they’re using and ask their carrier if a patch for the vulnerability is available.

Samsung had not responded to a request for comment at the time of publication. One saving grace for the South Korean manufacturer is that an attacker has to find a way onto the same network as a user before exploiting the bug, though identifying Samsung Galaxy S6 phones should be trivial for seasoned hackers sitting on the same Wi-Fi as their targets. Fully remote attacks are also feasible by hijacking the Domain Name System (DNS), the network layer that directs user traffic to the right website after they ask to visit a particular URL, or by compromising a router or internet service provider from afar, Welton said.

Hoog told FORBES that it was the users who carried the majority of the risk when it came to flaws such as this. He believes the mobile security industry has been focused on the “wrong problem”, namely malware. “What we’re finding is that the real problem is leaky apps.”

Welton noted the same issue could be used to exploit the hugely popular Talking Tom app to install other apps and for further exploitation.

Source: forbes.com

The Latest Mobile Testing News department was not involved in the creation of this content.

APUS Launcher Now Blocks SMS Phishing & Spam

APUS (Swift) is one of the fastest birds in the world, they never rest, and spend their entire life in flight – thus is the trademark of the APUS Group, developers of the APUS Launcher…among other products.  Established in July 2014, the Beijing-based company already has 150 million Android users and is looking to never ‘rest’ by continuing their growth to 300 million users this year and has a lofty goal of obtaining 1 billion users in three years.  Their APUS Launcher, which we did an in-depth review on earlier this month, is now adding an anti-phishing SMS Spam Blocker and reinforcing mobile security as smartphones are quickly becoming the targets of attackers looking to steal your private information.

I am not going into the details of the application itself, as you can read those in our in-depth review, but we need to mention the upgrade that includes the new anti-spam SMS filter.  It is designed to prevent spam and more importantly, phishing attacks by including in the updated APUS Launcher, a new SMS notifications feature using APUS’s proprietary context-based algorithms.  They can actually recognize spam and unsafe text messages that are phishing attempts and notify you.

According to APUS, security firm, Cloudmark, reported that SMS phishing is on the rise and that private bank account information is one of the most sought after types of information stolen via SMS (Secure Message Services).  With more and more bank transactions being done via mobile banking, it is a natural place to look for and attack bank account information and passwords.  An unsuspecting SMS message could have an embedded URL that may deliver malware, spyware or Trojans that will unsuspectingly attack and disseminate your private information.  Li Tao, Founder and CEO of APUS Group said, “With 120 million users globally on APUS Launcher, ensuring the privacy and safety of our users APUS Group’s priority.  Something as simple as receiving a text message shouldn’t have to be a cause for mobile security concerns.  To combat the growing epidemic we’ve designed APUS Launcher’s new SMiShing filter to stop phishing attempts dead in its tracks before it ever reaches the intended recipient.”

While Android releases its own Operating System, most manufacturers add their own User Interface (UI) on top of Android.  Some of the top designers, such as Samsung, HTC and LG have some sophisticated launchers, but many of the cheaper phones in emerging nations download a launcher like APUS to help reduce battery consumption and to jump quickly between their favorite apps.  APUS is rapidly becoming one of the most-downloaded app launchers because it allows users many ways to customize their mobile device the way they want it to look and operate.  It can run on any Android smartphone and takes up about one megabyte of memory.  According to market researcher, App Annie, in just eleven short months, APUS Launcher has become the number 7 most popular app in Google Play.

Source: PTI

The Latest Mobile Testing News department was not involved in the creation of this content

Mobile security at risk with the arrival of millennials

According to Absolute Software Corp.’s recent survey, millennials represent the greatest personnel risk to corporate data as a result of their attitude towards IT security and usage behavior on corporately-managed mobile devices.  That’s a serious concern, as millennials are projected to represent 50 percent of the workforce by 2020.

And while a generational behavior gap may be a bit part of the problem, the overflow of mobile devices into the workplace hasn’t helped. Fifty-four percent of respondents said they used two or more devices on a daily basis–including laptops, tablets and mobile phones. And despite the fact that 79 percent preferred having a separate device for work and personal use, 52 percent indicated that they use their employer-managed devices for personal use.

Source: PTI

The Latest Mobile Testing News department was not involved in the creation of this content.

ASUS tablets to come with Avast mobile security

Avast has announced that ASUS has selected Avast Mobile Security to be pre-loaded on its tablets.

Avast Mobile Security will provide ASUS tablet users with protection from potential vulnerabilities and device theft.

Users of ASUS Zenpad tablets Z170C, Z300C, Z380/CX, Z370C and Z370CG will receive 12 months of Avast Mobile Security.

This collaboration will also allow ASUS users to free access to premium versions of Avast Backup and Avast Anti-Theft, which includes features like lock stolen devices and thefties.

Avast solutions are available on Google Play and Apple Store.

“With Avast Mobile Security preloaded on ASUS devices, today’s mobile consumer can have peace of mind browsing the Internet, knowing their devices and personal data are protected across a wide range of threats from malware to Wi-Fi hacks.” said Vince Steckler, CEO at Avast.

Source: PTI

The Latest Mobile Testing News department was not involved in the creation of this content.

1 2 3 4 8