Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android Applications. Show all posts
Security Flaws
Android Android App Android App Safety Android Applications Android Apps Cyber Security Microsoft Security flaw Security Flaws

Microsoft Uncovers Major Security Flaw in Android Apps with Billions of Downloads

 

Microsoft recently made a troubling discovery regarding the security of numerous Android applications, including some of the most widely used ones, each boasting over 500 million installations. After uncovering a common security weakness, Microsoft promptly notified Google's Android security research team, prompting Google to release new guidance aimed at helping Android app developers identify and rectify the issue. 
 
Among the applications found to be vulnerable were Xiaomi Inc.'s File Manager, boasting over 1 billion installations, and WPS Office, with around 500 million downloads. Although Microsoft confirms that the vendors of these products have since addressed the issue, they caution that there may be other apps out there still susceptible to exploitation due to the same security flaw. 
 
The vulnerability in question pertains to Android applications that share files with other apps. To enable secure sharing, Android employs a feature known as "content provider," which essentially serves as an interface for managing and exposing an app's data to other installed applications on the device. 
 
However, Microsoft's research uncovered a significant oversight in many cases: when an Android app receives a file from another app, it often fails to adequately validate the content. Particularly concerning is the practice of using the filename provided by the sending application to cache the received file within the receiving application's internal data directory. This oversight creates an opportunity for attackers to exploit the system by sending a file with a malicious filename directly to a receiving app, without the user's knowledge or consent. 
 
Typical targets for such file sharing include email clients, messaging apps, networking apps, browsers, and file editors. If a malicious filename is received, the receiving app may unwittingly initialize the file, triggering processes that could lead to compromise. 
 
The potential consequences vary depending on the specific implementation of the Android application. In some scenarios, attackers could exploit the vulnerability to overwrite an app's settings, leading to unauthorized communication with attacker-controlled servers or the theft of user authentication tokens and other sensitive data. In more severe cases, attackers could inject malicious code into a receiving app's native library, enabling arbitrary code execution. 
 
Microsoft and Google have both offered guidance to developers on how to address this issue, emphasizing the importance of validating file content and ensuring the secure handling of shared files. Meanwhile, end users can mitigate the risk by keeping their Android apps up to date and exercising caution when installing apps from sources they trust.
Read more »
Unauthorized access
Android Applications API Bug Data Breach Private Information T-Mobile Technical Glitch Unauthorized access

T-Mobile App Glitch Exposes Users to Data Breach

A recent T-Mobile app bug has exposed consumers to a severe data breach, which is a disturbing revelation. This security hole gave users access to sensitive information like credit card numbers and addresses as well as personal account information for other users. Concerns regarding the company's dedication to protecting user data have been raised in light of the event.

On September 20, 2023, the problem reportedly appeared, according to reports. Unauthorized people were able to examine a variety of individual T-Mobile customer's data. Along with names and contact information, this also included extremely private information like credit card numbers, putting consumers at risk of loss of money. 

T-Mobile was quick to respond to the incident. A company spokesperson stated, "We take the security and privacy of our customers very seriously. As soon as we were made aware of the issue, our technical team worked diligently to address and rectify the glitch." They assured users that immediate steps were taken to mitigate the impact of the breach.

Security experts have highlighted the urgency of the situation. Brian Thompson, a cybersecurity analyst, emphasized, "This incident underscores the critical importance of robust security protocols, particularly for companies handling sensitive user data. It's imperative that organizations like T-Mobile maintain vigilant oversight of their systems to prevent such breaches."

The breach not only puts user information at risk but also raises questions about T-Mobile's data protection measures. Subscribers trust their service providers with a wealth of personal information, and incidents like these can erode that trust.

T-Mobile has advised its users to update their app to the latest version, which contains the necessary patches to fix the glitch. Additionally, they are encouraged to monitor their accounts for any unusual activities and report them promptly.

This incident serves as a stark reminder of the ever-present threat of data breaches in our digital age. It reinforces the need for companies to invest in robust cybersecurity measures and for users to remain vigilant about their personal information. In an era where data is more valuable than ever, safeguarding it should be of paramount importance for all.
Read more »
Malware apps
Android Applications Android Trojan Android.Spy.4498 malware Malware apps

New Malware Applications Gets 2 Million Downloads in Google Play


Android users should be cautious, since threat actors are increasingly using certain forms of trojan software, and consequently, two million malicious app installations on the Google Play store were reported. 

Once downloaded, the applications mentioned above might be able to download further apps to the victim's phone and even send the user prompt notifications to lead them to more mistakes. 

Here are the most recent malware app types to watch out for: 

What Is Android.Spy.4498? 

The largest malware groups in the last month (by far) were Android.Spy.4498 and Android.Spy.5106, Dr. Web antivirus discovers.

These applications are variations of a similar trojan and their purpose is to steal the contents of other app notifications on the device where the trojan has been download. These specific ones can also download new applications and ask users to install them as well, or they can display additional dialogue boxes. 

“This malicious [Android.Spy.4498 trojan] is capable of hijacking the contents of other apps’ notifications, which can cause leaks of confidential and sensitive data,” Dr. Web antivirus told. 

These trojans have reportedly been more successful than those that only offer "obnoxious advertising," according to Dr. Web. 

But, before you install a new utility app, consider it again because you do not want either type of infection.

The new malware applications are disguising themselves under different names, one of them went by the name "Fast Cleaner & Cooling Master" and claimed to be an OS optimization programme. Others include legitimate utility titles like “Volume,” “Music Equalizer,” “Bluetooth device auto-connect,” and the strangely lengthy title of “Bluetooth & Wi-Fi & USB driver.” These names appear to be intended to prey on less tech-savvy customers, who may just be looking for a way to plug into a USB port. 

How can You Avoid Downloading Android Malware? 

One of the most reliable ways to secure yourself from these scams is to refrain from downloading any apps that are not from a well-established brand, which only raises the winner-takes-all stakes that most apps today face. 

Other online safety measures a user can utilize include employing VPN or any antivirus software, but even these tools would turn unproductive to prevent the virus that you yourself have downloaded. It is thus better for any online user to just evade downloading any suspicious application.

Read more »
User Security
Android Applications Android Apps data security Google Technology User Data User Security

Google's Safety Section Will Show What Android Apps Do With the User Data

Earlier this week, Google rolled out a new Data Safety section for Android apps on Play Store to mention the type of data that is collected and given to third parties. It is the users' right to know why their data is collected and if the developer shares user data with a third party. 

Besides this, users should know how application developers are protecting user data when an app is downloaded. The transparency measure, built in accordance with Apple's Privacy Nutrition Labels, was first announced by Google last year in May 2021. 

The Data safety section will show up against all app listings on the digital storefront, presenting a unified view of what kind of data is getting collected, why it's being collected, and how it'll be used, also mentioning what data is shared with the third parties. Moreover, the labels may also show an app's security practices, for instance, data encryption in transit and if the user can ask for the data to be deleted. 

Additionally, it will validate these practices against security standards like Mobile Application Security Verification Standard (MASVS). The feature will probably be rolled out for all users, app developers can expect a deadline of 20 July 2022 to finalize the work and update the users if there is any change in the apps' functionality or data handling practices. 

Data safety may face similar concerns that Apple did, as the system is built entirely on an honor system, which needs app developers, to be honest, and clear about what they'll do with the data, avoiding listing it as inaccurate labels. 

Since then, Apple said that the company will audit labels for authenticity, and make sure that these labels are dependable and don't give the users fake assurance about security. 

"Google, last year, had said that it intends to institute a mechanism in place that requires developers to furnish accurate information and that it will mandate them to fix misrepresentations should it identify instances of policy violations," reports The Hacker News.

Read more »
Vulnerability and Exploits
Android Applications App vulnerability Data Breach student information system Vulnerability and Exploits

How a Simple Vulnerabilty Turned Out to be University Campus 'Master Key'

When Erik Johnson couldn't make his university's mobile student ID app work properly, he found a different way to get the job done. The app seems to be important, as it lets students in the university paying meals, get into events, and lock/unlock dormitory rooms, labs, and other facilities across campus. The app is known as getting Mobile, made by CBORD, it is a tech company that assists hospitals and universities by bringing access control and payment systems. 

However, Johnson, and other students who gave the app "1 star" due to poor performance, said that it was very slow in terms of loading time. It can be improvised. After studying the app's network data while unlocking his dorm room door, Johnson realized a way to mirror the network request and unlock doors via a one-tap shortcut button on the iPhone. To make it work, the shortcut needs to send an accurate location with the door unlock request, or the doors won't open. For security purposes, students have to be in certain proximity for unlocking doors via the app. 

It is done to avoid accidental door openings on the campus. To make it even better, Johnson decided to take his talents elsewhere too. CBORD has a list of API commands that can be used via student credentials. (API allows two things to interact, in our case, it's a mobile app and university servers that store data). Johnson identified a problem, here the API wasn't checking in case of valid student credentials. It meant that anyone could interact with the API and take control of other students' accounts, without having the need for passwords. 

As per Johnson, the API only looked for student ID (unique). Tech Crunch reports "Johnson described the password bug as a “master key” to his university — at least to the doors that are controlled by CBORD. As for needing to be in close proximity to a door to unlock it, Johnson said the bug allowed him to trick the API into thinking he was physically present — simply by sending back the approximate coordinates of the lock itself." As the bug was discovered in the API, it could affect other universities too. Johnson found a way to report the bug to CBORD, and it was resolved after a short time.
Read more »
spyware and malware
Android Android Applications Android Spyware cyber espionage Cyberespionage Operation DarkMarket findlocation geolocation malware Mobile Security Mobile Spyware spyware and malware

Every Tenth Stalking and Espionage Attack in the World is Directed at Android Users from Russia

 

According to analysts at ESET (an international developer of antivirus software headquartered in Slovakia), commercial developers who openly offer spyware to control spouses or children are gaining popularity. 

"ESET global telemetry data for the period from September to December 2021 shows an increase in spyware activity by more than 20%. At the same time, every tenth stalking and espionage attack in the world is directed at Android users from Russia," the company's press service reported. 

ESET threat researcher Lukas Stefanko reported that unwanted stalking software, according to him, in most cases is distributed by attackers through clones of legal applications downloaded from unofficial stores. 

Alexander Dvoryansky, Director of Special Projects at Angara Security, confirms that Android spyware is very common and continues to gain popularity. According to him, it is advantageous for attackers to develop malicious software for this operating system because of its widespread use. Android smartphones accounted for 84.5% of total device sales in 2021. 

According to Lucas Stefanko, it is not uncommon for stalker software to be installed on smartphones to track them in case they are stolen or lost. Despite Google's ban on advertising stalker apps, there are apps available on Google Play that are positioned as private detective or parental control tools. In 2018, the Supreme Court allowed the acquisition and use of spy equipment to ensure their own security, so the demand for software promoted as "monitoring one's mobile devices" has increased. But many install it covertly on the phones of relatives or employees for espionage. 

If the program is installed on the phone openly and with the consent of a person, then there will be nothing illegal in tracking geolocation, as well as obtaining other information, says lawyer KA Pen & Paper by Alexander Kharin. However, secretly installing a spyware program on a phone can result in a penalty of up to two years in prison, and for a developer, the term can be up to four years. But so far, criminal cases on the fact of stalking are rarely initiated. 

Earlier, CySecurity News reported that the exact location of any Russian on the black market can be found for about 130 dollars.
Read more »
Spyware
Android Applications Android Users Critical Data Data Theft Google Play Store Mobile Security Spyware

Alert Android Users: These 23 Apps Found Spying via Mobile Camera

 

A new malware, PhoneSpy, that eavesdrops on Android users, was detected in 23 applications recently,  As of present, none of these applications are available on Google Play Store. 

The malware that has primarily been active in the United Kingdom and Korea, is capable of stealing critical data such as images, call logs, contacts, and messages, as well as obtaining the full list of installed apps, recording audio and video in real-time using the phone's cameras and microphone. It can also extract device information such as the IMEI number, device name, and brand, and even grant remote access to the device. 

Zimperium stated in a statement, “The application is capable of uninstalling any user-installed applications, including mobile security apps. The device’s precise location is available in real-time to the malicious actors, all without the victim knowing. The spyware also enables the threat actor to use phishing pages for harvesting credentials of Facebook, Instagram, Google, and Kakao Talk." 

“PhoneSpy hides in plain sight, disguising itself as a regular application with purposes ranging from learning Yoga to watching TV and videos, or browsing photos," the mobile security agency Zimperium added. 

Since the spyware or any of its shadow applications were listed on the Play Store, experts believe the attackers may have used online traffic redirection or social engineering to spread the malware. The latter is used by cyber thieves to trick device owners into performing voluntary actions. 

If users carefully examine their online traffic habits, they may be able to discover the malware invasion. The PhoneSpy software begins by sending requests for on-device authorization. Once the user has provided these details, attackers can manage and hide the app from the main menu. 

According to Zimperium, Android users should avoid installing apps from third-party app stores. It’s recommended that users only download applications from the Google Play Store. Also, users are suggested to avoid clicking on questionable links or downloading any applications sent by text message or email.
Read more »
User Security
Android Applications Android games Chinese Apps Data Breach EskyFun User Data User Data Leak User Privacy User Security

Chinese Android Game Developer Exposes Data of Over 1 Million Gamers

 

The Chinese developers of famous Android gaming applications exposed user information via an unprotected server. As per the report shared by vpnMentor's cybersecurity team, headed by Noam Rotem and Ran Locar, identified EskyFun as the owner of a 134GB server exposed and made public online.

Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms, and Metamorph M are among the Android games developed by EskyFun. 

According to the team on Thursday, the users of the following games were included in the data leak and altogether they have over 1.6 million downloads combined: 
-Rainbow Story: Fantasy MMORPG
-Metamorph M
-Dynasty Heroes: Legends of Samkok u 

According to the researchers, the supposed 365,630,387 records included data from June 2021 onwards, exposing user data gathered on a seven-day rolling basis. 

As per the team, when their software is downloaded and installed, the developers impose aggressive and highly troubling monitoring, analytics, and permissions settings, and as a consequence, the variety of data gathered was considerably more than one would imagine mobile games to need. 

The records constituted IP and IMEI data, device information, phone numbers, the operating system in use, mobile device event logs, whether or not a smartphone was rooted; game purchase and transaction reports, email addresses, EskyFun account passwords, and support requests. 

vpnMentor estimates that up to or more than, one million users' information may have been compromised. 

On July 5, the unprotected server was detected, and EskyFun was approached two days later. However, after receiving no answer, vpnMentor tried again on July 27. 

Due to the continued inaction, the team was forced to contact Hong Kong CERT, and the server was safeguarded on July 28. 

The researchers commented, "Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users. Furthermore, by not securing the data, EskyFun potentially exposed over one million people to fraud, hacking, and much worse."
Read more »
VirusTotal
Android Applications Cyber Security Malware Scanner VirusTotal

Protect your phone from malicious apps by malware scanner VirusTotal Mobile


Google last year removed 85 apps from play store after security researchers found that these apps were adwares in disguise.
These were all sorts of applications from Gaming, TV to remote control simulator apps on the Android Play Store. It goes on to show that even the apps from Google play store are not safe and could be running codes and scripts on your phone.


Some of these apps even had API key certificates and apart from these 85 apps, there are other apps that could be malicious and roaming undetected. It is very imperative to protect our phones and machines from such harmful apps and other files that could have been downloaded from "unknown sources". It is always good to carefully grant permissions to applications but still some apps could be running in the background, duplicating virus or downloading malware files into your phone.

 One way to protect your phone from such attacks is by using a malware scanner. A virus/malware scan is the process where software scans and identifies viruses in a computing devise. Through a scan, you can review and identify threatening viruses and programs. Anti-virus software will also do the work but scanning through a scanner adds an extra cushion of security as they usually have more virus and malware codes and scanned by multiple anti-viruses than lone anti-virus software.

Virustotal Mobile, an android application available on play store is a virus scanner app that scans the application installed on your phone for any malicious file like malware, virus, trojans or worms and notifies you if any such malware exists. Scanning your phone for viruses and running this application to remove any malware on your device is a critical process of maintaining your mobile device. If a virus does get onto your phone and is not removed, then it could result in numerous problems like losing important data, your personal data may be leaked or your device could be compromised.

 The app, Virustotal Mobile scans your application by more than 50 anti-virus flagging suspicious content and even files and Url's can be checked, not only apps. It is developed by VirusTotal.com, a trusted virus, malware, and Url scanner. Its good to remember that the app only tells you the malicious content and not removes the malware.

 Simple, effective and fast (without those annoying adds or pings) Virustotal Mobile is a must-have a tool to protect your phone from dubious apps that could be running pre-installed codes.
Read more »
Mobile Security
Android Applications Android Security Fleeceware Google Play Store Mobile Security

Over 600 Million Users Download 25 'Fleeceware' Apps from the Play Store


Researchers at security firm Sophos has discovered a new set of Android apps present on the Google Play Store that contain fleeceware. Notably, these apps have been downloaded and installed by over 600 million unsuspecting Android users.

The term 'Fleeceware' was first coined in September 2019 by cybersecurity firm Sophos in aftermath of an investigation that led to a new kind of financial fraud on the authentic Google Play Store.

Fleeceware is a new addition to the cybersecurity ecosystem, referring to the exploitation of the trial period mechanism in Android apps which generally is provided before one is charged for the full version from his signed up account.

Normally, users who register for an Android app's trial period are required to cancel the same manually in order to avoid being charged. However, it's common among users to simply stop using the app by uninstalling it in case they don't like it. The action of uninstalling is read by the developers as trial period being canceled and hence it doesn't result in the due amount being charged from the user account.

The UK based, a cybersecurity company, Sophos told that it identified over two-dozen android apps containing fleeceware, these apps were charging somewhere around $100 and $240 per year for apps as basic and mainstream as barcode readers, calculators, and QR scanners.

Suspecting the unusually high number of downloads on these apps, analyst Jagadeesh Chandraiah says, it's likely that these apps have resorted to third-party pay-per-install services to raise up the download counts. He also suspects the five-star reviews being fake and bought in order to better the apps ranking on the Play store and hence lure a large number of users.

Warning the users in their report, Sophos told, "If you have an Android device and use the Google Play Store for apps, you should rigorously avoid installing these types of “free trial” apps that offer subscription-based charges after a short trial."

"If you do happen to have a free trial, make sure you understand that merely uninstalling the app does not cancel the trial period. Some publishers require you to send a specific email or follow other complicated instructions to end the free trial before you are charged, though you might just need to log into your Google Pay to cancel. Keep copies of all correspondence with the publisher, and be prepared to share that with Google if you end up disputing the charges." the report further read.
Read more »
WhatsApp
Android Applications Cyber Security iOS WhatsApp

New Bug that hacks WhatsApp and makes DoS Attacks through crafted MP4 Files


A latest risky threat has been identified in both Android/iOS devices' WhatsApp version. The bug allows hackers to transmit tampered MP4 folders to WhatsApp users, which enables the Dos and Remote Code Execution Attack. Whatsapp is one of the most popular social media apps in the world, with billions of Android and ios users. The threat is categorized as a “Risky” vulnerability that struck a remote code block of MP4 files in the Whatsapp database. The bug exploits the user's device and manipulates a piece of information to hit the memory of WhatsApp Messenger.



The vulnerability allows hackers to use the bug on the user’s smartphone to take important data and also allows surveillance of user activity. “The bug can activate a stack-based buffer in the user's Whatsapp account by transmitting tampered MP4 folders. The problem was already breaking down the primary metadata of the MP4 files. This could lead to an RCE or DoS attack," says the Facebook advisory board on behalf of WhatsApp.

 About RCE Vulnerability- 

 In an RCE hack, attackers purposely misuse a primitive code performance vulnerability to run the virus. RCE can have harmful results on a network—by urging the affected system to execute code performance, the attacker can conduct his performing. The threat also enables hackers to execute the attack without any kind of verification. Known as CVE-2019-11931, the vulnerability can be tracked using the same. It is not the first time that such an attack has occurred on Whatsapp, another similar RCE attack was discovered last month that allowed hackers to steal files from users' WhatsApp account using wicked Gifs.

As of now, no factual details about the vulnerability are available. The experts are still inquiring about the issue. "No proof was found for the vulnerability that caused the exploit," said Whatsapp spokesperson to GBHackers. He further says, “WhatsApp is steadily striving to upgrade the safety of our assistance. We give open statements on possible problems that we have solved steadily with management friendly manners. In this case, there is no evidence to assume users were affected.”
Read more »
Mobile Security
Adware Android Applications Android Security Mobile Security

Researchers Found Android Apps on Google Play that Steal Personal Data of Victims and Pose Other Threats



Security researchers identified seven new malicious apps present on Google Play Store that infect devices with adware and malware while laying open the system's backdoor access which ensures a smooth installation of any new functionality that comes along with the application. Other threats include battery drainage and excessive consumption of mobile data.

In recent times, with the mobile malware penetrating its roots in the cyber world, there have been a number of new discoveries from security researchers where they warn of malicious android apps that request sketchy permissions and contain malware. Android platform's openness, flexibility, and excess control are the key factors which make it all the more attractive to the users and likewise, cybercriminals. As a downside, it also provides a more vulnerable space for criminals to exploit by posting adware infected apps to serve marketing interests and steal sensitive user data. These apps can take different forms and mostly, share a similar code structure which indicates a direct link between the developers.

These malicious apps are configured to download and consequently install APKs from a GitHub repository, hence attackers are handling the GitHub communication very sophisticatedly, as a part of which they effectively wait to bypass detection by security officers and malware detection agencies.

Attackers have embedded a GitHub URL within the malicious app code which sets the basis for evading Google Play protect scan. However, while security researchers somehow managed to unearth the configuration data of the malicious apps and related URLs, they were directed to Adware APK which is triggered right after the installation of the infected app. The APK halts for a timeframe of 10 minutes after being triggered to execute the malicious motives.

Here, the aforementioned malicious apps have been posted by three different developers as listed below:

iSoft LLC (Developer) – Alarm Clock, Calculator, Free Magnifying Glass
PumpApp (Developer) – Magnifying Glass, Super Bright LED Flashlight
LizotMitis (Developer) – Magnifier, Magnifying Glass with Flashlight, Super-bright Flashlight

As a security measure for the continuously expanding mobile malware, Google tied up with various mobile security companies that would assist them in detecting bad apps before they hit a download mark over million. Users who have already installed these dropper apps are recommended to uninstall them manually.
Read more »
Google Play Store
Android Android Applications Apps Fake Apps Google Google Play Store

Over 2,000 malicious apps exists on Play Store

If you thought that the quality control issues plaguing the Google Play Store for Android were finally being ironed out, it couldn't be further from the truth. A two-year-study by the University of Sydney and CSIRO’s Data61 has come to the conclusion that there are at least 2,040 counterfeit apps on Google Play Store. Over 2,000 of those apps impersonated popular games and had malware. The paper, a Multi-modal Neural Embedding Approach for Detecting Mobile Counterfeit Apps, was presented at the World Wide Web Conference in California in May documenting the results.

The study shows that there is a massive number of impersonated popular gaming apps available on Play store. They include fake versions of popular games such as Temple Run, Free Flow and Hill Climb Racing. The study investigated around 1.2 million apps on Google Play Store, available in Android, and identified a set of potential counterfeits for the top 10,000 apps.

Counterfeit apps impersonate popular apps and try to misguide users`. “Many counterfeit apps can be identified once installed. However, even a tech-savvy user may struggle to detect them before installation,” the study says.

It also points out that fake apps are often used by hackers to steal user data or infect a device with malware. “Installing counterfeit apps can lead to a hacker accessing personal data and can have serious consequences like financial losses or identity theft,” reads a blog post by the university.

The study also found that 1,565 asked for at least five dangerous permissions and 1407 had at least five embedded third-party ad libraries.

To investigate these applications on Google Play store the researchers used neural networks.

Google has acknowledged the problem of “malicious apps and developers” in a blog post by Google Play product manager Andrew Ahn on February 13, 2019.

According to Google, the company now removes malicious developers from Play store much faster when compared to previous years. The company says that in 2018 it stopped more malicious apps from entering the store than ever before.

A Google spokesperson, in response to a TOI email, said, “When we find that an app has violated our policies, we remove it from Google Play.”
Read more »
App vulnerability
Android Applications Android Security App vulnerability

Qualcomm Chip Security Flaw Poses Risk to App Account Security



Qualcomm technology which was manufactured to safely store private cryptographic keys has been found to be plagued with a security bug. The bug has been found in Qualcomm chipsets and is said to be paving way for Android malware which can potentially steal access to victims' online accounts.

The implemention of the technology should be such that even if the Android's OS has been exploited, the Qualcomm Secure Execution Environment, also known as QSEE should be beyond the reach of exploit and hence, unassailable. However, due to some imperfections in the implementation, such is not the case.

One can go about manipulating the system and leaking the private stored keys into the QSEE, as per a researcher with cybersecurity firm NCC Group, Keegan Ryan.

Ryan documented the vulnerability and came out with a conclusion that the flaw could bave been used by a hacker to exploit the way mobile apps let users sign in on smartphones. After entering the password, a cryptographic key pair would be generated by the app, which can be employed to make sure that all login attempts in the future are from the same device.

Referenced from the statements given by Ryan to PCMag,
"However, if an attacker uses this vulnerability to steal the key pair, the attacker can impersonate the user's device from anywhere in the world, and the user cannot stop it by powering down or destroying their device,"

"The attacker can run the malware one time, and extract the key. They now have permanent and unrestricted ability to create (authentication) signatures," he further added.

The patch is expected to roll out in April itself along with Android's security update.






Read more »
Pre-installed apps
Android Applications Google Google Play Store Pre-installed apps

Pre-installed Android Apps Invade Privacy; Situation Still Out Of Control



Recent studies have provided evidence as to the role the pre-installed android application play in the breach of privacy of users.


Google doesn't seem to be paying enough attention on the issue which concerns security.

Heavy security checks are required of them as similar to the checks done for play store versions of the applications.

According to an independent study led by a group in Spain, personal information could be harvested by these pre-installed applications.

A well-known institute of Madrid IMDEA Institute and Stony Brook University checked out the pre-installed apps on the android devices from over 2700 users, over 1700 devices from around 200 vendors all across 130 countries.

The study didn't go deeper about the EU's General Data Protection Regulation laws and the difference they would make.




Android is a highly customized operating system despite its being owned by Google. This includes the packaging of other applications with the operating system before they are delivered to other users.

As per the aforementioned study, a potential threat to users' privacy prevails by the hands of  the infamous pre-installed apps which never undergo the security checks that the other downloaded apps do.

As usually is the case, pre-installed applications could never be uninstalled and aren't even subject to the severe security checks which are a must to keep the users safe.

It was implied by the co-author of the study that apparently no one keeps track of what the pre-installed applications do. There is a major lack of transparency and regulation.

In reply to all of this, Google said that it provides tools to equipment manufacturers which ensures that Google's  privacy and security standards aren't hampered. 

One of Google's spokespersons also mentioned that clear policies regarding the pre-installed applications are given to their partners also that information related with potential hazards is regularly disseminated to them.

The issue of the pre-installed apps has caught fire quite heavily now. A US department of Justice dug into Facebook. Partnerships are also being looked into.

Read more »
Google Play
Android Applications Antivirus Cyber Security News Google Play

Most of the Antivirus Android Apps Ineffective and Unreliable



In a report published by AV-Comparatives, an Austrian antivirus testing company, it has been found out that the majority of anti-malware and antivirus applications for Android are untrustworthy and ineffective.

While surveying 250 antivirus applications for Android, the company discovered that only 80 of them detected more than 30% of the 2,000 harmful apps they were tested with. Moreover, a lof of them showed considerably high false alarm rates.

The detailed version of the report showcased that the officials at AV-Comparatives selected 138 companies which are providing anti-malware applications on Google Play. The list included some of the most well-known names like Google Play Protect, Falcon Security Lab, McAfee, Avast, AVG, Symantec, BitDefender, VSAR, DU Master, ESET and various others.

ZDNet noted that the security researchers at AV-Comparatives resorted to manual testing of all the 250 apps chosen for the study instead of employing an emulator. The process of downloading and installing these infectious apps on an Android device was repeated 2,000 times which assisted the researchers in concluding the end result i.e., the majority of those applications are not reliable and effective to detect malware or virus.

However, the study conducted by AV-Comparatives also highlighted that some of the offered antivirus applications can potentially block malicious apps.

As some of the vendors did not bother to add their own package names into the white list, the associated antivirus apps detected themselves as infectious. Meanwhile, some of the antivirus applications were found with wildcards in order to allow packages starting with an extension like "com.adobe" which can easily be exploited by the hackers to breach security.

On a safer side, Google guards by its Play Protect which provides security from viruses on Android by default. Despite that, some users opt for anti-malware apps from third-party app stores or other unknown sources which affect safety on their devices.

The presence of malicious apps on Google Play was also noticed in the past and with the aforementioned study, Android is becoming an unsafe mobile platform.



Read more »
Google Play Protect
Android Applications Google Google Play Protect

Google updates Google Play Protect


Google has made some significant changes to Google Play Protect for protecting Android users from unwanted and malicious apps.

The company has launched the Google Play Protect feature in 2017, it performs the following functions:


  •  It does a safety check for apps before users download it from the Google Play Store.
  •  It  also checks for potential harmful apps available from the other sources 
  •  It warns and detect potentially harmful apps, and removes malicious apps from your device.
  •  It warns about apps that violate our Unwanted Software Policy by hiding or misrepresenting important information.


In a blog post, Google said that Google Play Protect has protected over 2 billion devices every day.

"Google Play Protect is the technology we use to ensure that any device shipping with the Google Play Store is secured against potentially harmful applications (PHA)," stated Google's blog post. "It is made up of a giant backend scanning engine to aid our analysts in sourcing and vetting applications made available on the Play Store, and built-in protection that scans apps on users' devices, immobilizing PHA and warning users."

Google has enabled Google Play Protect by default for all Google Play users, but a user can also confirm that Google Play Protect is enabled by going into the Play Store, tapping, and tapping Play Protect.
Read more »
iOS
Android Applications Android Security Hacking iOS

Threatening Frailty in the Indian Mobile Security



 Compromising your phones has become quite an easy task for the hackers these days as it is convenient for them to do so without much hard work .There are numerous ways already available like the hackers can change passwords and get access to confidential corporate and private data on your phone or better yet they can either install malicious code on your phone that allows them to read your messages, access your photos or could even turn on your microphone.

In other words, once hackers access your device, they can easily use your microphone or camera to record you, and thanks to GPS, they’ll even get to know your location.

In case of companies that make operating systems (OS) for mobile phones, they are used to plugging known vulnerabilities and loopholes by periodically updating their operating systems and release newer versions of it by even issuing security patches.

But in the case of Android, there exists a unique problem. Android being a foundational OS releases an update or a security patch and it’s unclear who is responsible for updating the OS that’s actually running on the device.

There are hundreds of companies that are currently making Android based devices and selling more than 60,000 models worldwide. It’s a complex ecosystem, with no one quite tracking the updates and vulnerabilities.

A third of the Android phones in India are running a version of the OS released in March 2015 or before. This leaves now some 300 million smart phone users in India potentially vulnerable.
Nobody presently knows how they are utilizing the internet and what applications are being installed on these devices. They are additionally liable to be less attentive about imparting information to application developers. Most terms and conditions that users consent to have a tendency to be in English. And that in itself is reasonable enough for assuming that numerous Indian mobile users are consenting to things without quite understanding what they are consenting to.

Saket Modi, the CEO of Lucideus Tech as well as a well-known ethical hacker says,
“It is relatively harder to install malware on Apple’s iPhones as to install a hacking app on an iPhone, you need the unique device identifier — a sequence of 40 letters and numbers, which can only be accessed by connecting the phone to a computer via Apple’s iTunes software. It is far easier however to install an app from an unknown source on an Android phone than on an iPhone,”

According to data aggregated by Lucideus, Android (all versions combined) has 1,855 known vulnerabilities, compared with 1,495 for iOS.

The Outdated privacy laws in India add to the troubles of mobile phone users. Shiv Putcha, founder of telecom consultancy Mandala Insights says..

 “In India, the regulations are weak at best, you don’t have a privacy law, no regulations around data storage or access to private data. If they (mobile phone makers and service providers) aren’t storing data here, how can we be sure how secure our data is?”

Nevertheless the government though did respond to this issue by highlighting the need for a strong data protection law, along the lines of the General Data Protection Regulation (GDPR) in the EU, and has even set up a committee to look into it.


Although according to Google, in 2017, India still ranks third in the highest percentage of phones with potentially harmful applications (PHAs) among the major Android markets, with 1% of the total Android phones in the country affected, though the figure had dropped by a third from 2016 but Google still says that devices that install apps from outside the Google Play app store are nine times more likely to have PHAs.





Read more »
Fake Apps
Android Applications Fake Apps

Spotify warns users using hacked apps to access premium for free

Spotify, the online music streaming service that had only just filed for an initial public offering (IPO) for later this month, is now cracking down on users who are using unauthorised or modified versions of the Spotify app to access Premium features for free.

These hacked apps allow freeloaders to skip songs indefinitely and enjoy ad-free streaming — features that are only available for premium users.

The free version of Spotify has certain restrictions such as advertisements, shuffle-only play, skipping restrictions, and such that encourage users to buy premium. These modified versions of Spotify make premium redundant by letting users enjoy unrestricted streaming with the help of installation files that can be downloaded alongside the app.

Spotify is sending an email to users in whose accounts they identify any “abnormal activity” and warn that future breaches could result in suspension or even termination of their Spotify account.



According to the email, to regain access to their account, a user has to simply uninstall the hacked or modified Spotify app and redownload the official app from Google Play Store.

It has not been revealed how many users reportedly use these versions to enjoy restriction-free streaming for free. According to figures released by the company in December, the service itself is used by more than 159 users around the world — 88 million of which are users of the free tier of Spotify.

Considering the company’s current losses, it is not surprising that they are finally addressing the issue.
Read more »
App vulnerability
Android Applications App vulnerability

The AirDroid Lesson: Don't let apps take over your life

The popular android app AirDroid which lets users organize their lives by  providing the remote ability to send text messages, edit files, manage other apps and perform GPS tracking suffers from a serious authentication flaw which allows attackers to take control over user's activities.

Th flaw can be exploited  to take photos of the victim via the phone’s camera, track the victim via GPS or harass the victim’s friends and family via contacts.Anything that the app has permission to access to can be accessed by the remote attacker.

The mode of attack is very simple, the attacker would send a innocent-looking link to the user which if clicked leads to the webpage of the attacker. The attacker thus assumes control over the user's phone and can activate the phone's camera to take photos of the user and taunt the user.

This bug has been fixed as of now but the security risk it posed raises questions on how much should an app be permitted to know.

Often for the sake of convenience we offer personal information to the apps thus compromising our security. The long list of permissions that an app asks for is also cumbersome for many users to scan through and they just hit agree.  One never knows how many vulnerabilities are lurking in the apps we freely download and use and how those vulnerabilities can be exploited to take over our daily activities.One must be careful of the things they are agreeing to while installation.

Constant vigilance is the key.
Read more »
Subscribe to: Posts (Atom)