Researchers have determined that an attack which can wipe data from Samsung Android devices when visiting a malicious website can also be used to lock the SIM cards or completely wipe all of the data from many other Android phones. In addition to web pages, the attack can be triggered through SMS, or by a rouge NFC tag or QR code.
Mobile geek Dylan Reeve explains how the attack works. Computerworld summarizes it like this, “The attack can be launched from a Web page by loading a “tel:” URI (uniform resource identifier) with a special factory reset code inside an iframe. If the page is visited from a vulnerable device, the dialer application automatically executes the code and performs a factory reset.”
Check if your smartphone is vulnerable
Here is a way for you to check if your phone is vulnerable to this remote wipe threat: Visit http://dylanreeve.com/phone.php on your Android device, and if your phone is vulnerable, you’ll immediately see your phone’s IMEI number pop up. I checked my HTC Google Nexus One this way, and it came back as being vulnerable. Other phones reported to be affected include the HTC One X, Motorola Defy, Sony Experia Active, Sony Xperia Arc S, and the HTC Desire. Reeve says that Samsung fixed the USSD/MMI code execution issue for Galaxy S III devices, but it appears that all 4.1-based builds are safe, and some 4.0.4 builds as well.
Currently avast! Mobile Security is actively blocking URLs containing malicious code that triggers the exploit. Our Android users can expect an update containing protection against this kind of attack soon. We’ll let you know when that is released.
Edit: We are pleased to confirm that the newest update of avast! Free Mobile Security protects against USSD attacks, without installing additional tools. All you need to do is to accept the program update offered by avast! on your smartphone. Please share this message with your friends who are Android smartphone owners. They might need avast! Mobile Security too. Thank you.
Good question. Every time you plug an unknown flash drive into your computer, you’re taking a risk because a USB drive can spread malware along with the data, as well as attract it. Have you ever heard “My flashdrive ate my homework” as an excuse? It could happen. Here’s how avast! can help.
Avast! Antivirus comes with a number of pre-defined scans installed including the ability to scan any removable storage device that is connected to your computer, such as USB flash drives, external hard drives, etc. It will scan the drive to detect potential “auto-run” programs that may try to launch when the device is connected.
To carry out a manual scan of “Removable media,” select the “Scan computer” tab in the avast! user display. This will open the “Scan Now” screen as shown in the screenshot.
A “Quick scan” will perform a scan of the C:\drive on your computer, which is normally sufficient to detect the majority of malware. Only files with “dangerous” extensions are scanned, for example, “exe”, “com”, “bat,” etc. Only those areas at the beginning and end of a file, where infections are normally found, are tested.
A “Full System Scan” performs a detailed scan of all your computer’s hard disks. Avast! looks inside every file to determine what type of file it is and whether it should be scanned. The whole file is tested, which is useful if you suspect you have an infection which was not detected by the quick scan.
If you want to scan a specific folder or multiple folders, “Select folder to scan.”
To run one of the pre-defined scans, just click “Start.”
This week we welcomed our Estonian translator Lauri Säde to our office in Prague, after a long 24-hour drive from his hometown of Tartu in south-east Estonia.
Estonia, bordering the Baltic sea in north-east Europe, is a country of around 1.3 million inhabitants, of which over 125,000 (nearly 10%) use avast! Antivirus. Thanks to Lauri, over 35,000 of them are now able to use avast! in their native Estonian.
Currently studying production engineering at the Estonian University of Life Sciences, Lauri has a keen interest in computers and has been involved in translating a number of security applications. He also has his own website dedicated to online security (www.ekaitse.ee), currently only in Estonian.
Lauri was first involved in translating avast! 5.0 into Estonian, but he had been using avast! for some years prior to that. He was keen to create an Estonian version, although with a wry smile he admits that in the beginning he did not fully realize the scale of the task he was about to start! As all our translators soon discover, to fully localize the program from scratch is a major project and involves far more than simply translating the screen that you see when you first open the program. There are many layers to the program and much of what needs to be translated is not even visible until certain events are triggered. In total there were nearly twenty thousand words to translate, but he stuck to the task and finally the Estonian version was completed. Since then, he has continued to refine and improve the translation, as well as translating the regular program updates.
Lauri has been a registered avast! Forum user (Lord Ami) since August 29, 2009. Thanks to the effort and commitment of Lauri and all our other translators who translate avast! on a voluntary basis in their own time, avast! now speaks over 40 languages and can be downloaded by users in even more countries around the world in their own native language. Together with the avast! CommunityIQ, which enables us to respond to new threats as soon as they appear, this is another example of the close cooperation between avast! and its ever-expanding user community, to provide a better experience for everyone. Thanks to you all.
A full list of all the available languages and the avast! translators can be found on our website, http://www.avast.com/translators
To register your interest in joining the avast! translation community, you can visit our forum and leave a message here: http://forum.avast.com/index.php?topic=59095.0
Mobile malware is becoming both more prevalent and more pernicious. Among the 160m+ avast! users today, many of you also turn to avast! Mobile Security to protect your Android device (over 10M+ downloads on Google Play Store…thank you Avast Community!).
But we also see that the awareness and level of concern over mobile malware among the general population is quite low, especially compared to awareness and concern levels of PC malware. This makes sense. We don’t see large-scale virus outbreaks on mobile devices like we’ve seen on PCs, and we don’t see our app mobile OS vendors release endless streams of security patches alongside dire warnings for users who fail to update their programs. Instead, mobile malware is more likely to use your phone for sending premium SMS messages or steal some personal data than “infect” your device.
Without seeing mobile malware outbreaks on a regular basis firsthand, or hearing about them on the news, it’s only natural that other security issues seems more real to people. When we do come across news reports about mobile device concerns, it is more likely to be about data privacy and location tracking than about malicious apps. And everyone has either lost a phone or know someone close to them who has, and so understands the disruption that this causes. Many of you also have young children with cellphones and you may worry about the texts they’re receiving and what information they be divulging on social networks via their phones.
What this means is that mobile security in the broader sense is a lot more than antimalware. There are a range of issues and concerns to address, and range of protection mechanisms we could apply. We provide many of them today through our avast! Mobile Security solutions. But we also know that there is plenty of room for us to grow here as well, and that we must expand in order to both keep and build upon those 10M+ people who trust us to protect their mobile devices.
What do you see as the single most important safeguard you could have on your mobile devices? Take our Facebook poll and see what other avast! followers have to say.
While we were researching the websites currently serving the new Microsoft Internet Explorer (IE) zero-day threat, we found that the new attack is being piggybacked on a slightly older attack aimed on industrial companies’ websites.
The hacked legitimate websites contain on their main pages a hidden iframe.
We face quite a dilemma every time we have something worthwhile to celebrate here at AVAST. For example, when we reached 100M and then 150M PCs users, when we launched a new product, or when this new free product achieves better detection scores than paid-for competition. Since we now have a solution for mobile security we of course also celebrated the launch last December and then we celebrated reaching 10M protected phones less than a year later. We celebrated seeing our Facebook fan club growing by 300 000 in a single day and sure enough we will celebrate when our fan club reaches 2 million as it is getting closer to every day.
The problem is… celebrated with WHAT? Read more…
Our remote assistance tool enables you to give another person remote access to your computer. This can be useful if you are having difficulties and want another person to take control of your computer to help resolve the problem.
If you need to request assistance from another person, click “Allow Remote Control.” Avast! will generate a code that you need to provide to the assisting person. To transfer the code to the other party please do it by telephone, email or chat. By sending the code you are granting remote access to your computer to the other person. After they take control, this dialog disappears automatically.
In your mom’s case, it’s you who will be providing the remote assistance, so click on “Control Remote Computer.” Enter the code which you receive from her, then click the “Connect” button. When the connection is established, this dialog disappears and the remote desktop window appears.
To close the connection press the Alt+Shift+End shortcut. Good luck!
It was brought to our attention by this thorough Eric Romang article that a new zero-day exploit (an exploit actively used by cybercriminals in the wild) targets a bug in Microsoft’s Internet Explorer (IE) 7 & 8, and with some help from Java, it could be also exploited on IE 9, as confirmed by the Metasploit firm. At this time, as there is yet no patch from Microsoft, what can you do?
avast! Free Antivirus just earned another VB100 award, this time in the August 2012 Virus Bulletin comparative review for Windows 7 – with a perfect score of 100%.
According to the review, avast! “routinely elicits warm, affectionate smiles from the test team, with this month’s submission promising more of the same.” As well, we were told that “Avast earns another VB100 award fairly easily” in this case.
We offer much thanks to our beta testers, our developers, and our QA team for all their hard work in making software that is easy to stand behind.
A list of other awards and certifications earned by avast! in recent years can be found here: http://www.avast.com/awards-certifications (incomplete list)
Last week, Amazon announced its new Kindle line up. There’s a lot being said about the red-hot competition between the Kindle Fire, the iPad, Google’s Nexus tablet, and Microsoft’s Surface tablet. But what drew my attention most of all was Amazon’s announcement about greater parental controls. The new Kindle Fire tablets will include an app called Kindle FreeTime for enhanced parental controls.
Parental controls on the Kindle took a big step forward this past May with the 6.3.1 release, adding the ability to password protect purchases and disable access to specific content. Amazon’s Kindle FreeTime app goes further, allowing parents to set time limits based on the type of content their children are viewing, such as games or videos. It will also support setting different policies for different children.
The first of these devices is not available until Sept 14. Judging from the commentary on the Web, there’s a lot of interest in these features, but at this stage there are also a lot more questions than answers.
- Will the Kindle FreeTime app be available for v1 Kindle Fire tablets? That’s unclear.
- Will it support time-of-day restrictions, such as “no games after 8pm”, as well as total activity time? The answer seems to be No.
- What about filtering by age-appropriateness of content, not just by content type? There’s no indication Amazon will have this.
- Will the time controls also cover books, for those parents whose kids read too much or too late into the night? No. Apparently Jeff Bezos thinks that there’s never too much of a good thing when it comes to reading, even if it’s at the expense of homework or a good night’s sleep.
- What about parental controls for the “classic” Kindle readers? Sorry, you’re out of luck. Go buy a new Kindle Fire…or put it on your Amazon Wish List
As a parent of a 12-year old girl, one who buys too many Kindle books in general and who, lamentably, has begun to gravitate towards literary content more appropriate to a 16 year old, I find Amazon is not providing me with the controls and oversight I would like. But for my 10 year old boy who is content spending his entire day hunting zombies, Kindle FreeTime is completely sufficient.
What are your feelings about parental controls for Kindles and other tablets? What works for you? Have you found any good ways to limit or monitor your child’s activities? What are your wishes or frustrations with the devices as a parent?