Even the most careful planning sometimes cannot mitigate human error. A week ago, a photograph of the World Cup Security Center showing the WiFi password on a whiteboard in the background was published on the internet and immediately retweeted numerous times.
— Augusto Barros (@apbarros) June 23, 2014
Last February, during the Super Bowl XLVIII pre-game show, the Super Bowl security headquarters was shown on a television broadcast along with the stadium’s internal WiFi login credentials.
These so-called “epic fails” are highly publicized examples of regrettable mistakes that every human on the planet is familiar with – because we all make them. Maybe not at that scale; but I dare say, that no one at FIFA or the NFL intentionally set out to expose themselves or their organization to danger.
It could happen to you
So let’s stop giggling at these public slip ups and talk about our collective failure at securing our own passwords and other data. Read more…
avast! Mobile Security protects from an Android flaw which leaves nearly all new smartphones and tablets vulnerable to attack.
Last week, a wave of articles about a newly discovered Android security flaw flooded the Internet. They sounded a warning, similar to this:
“A flaw in the Android operating system may leave many Android phones and tablets vulnerable to attack, including the Samsung Galaxy S5 and Google’s own Nexus 5,” reported Jill Scharr in a Tom’s Guide article.
Our Virus Lab did not waste time and started preparing for the inevitable attacks. AVAST researchers dug into the subject looking for malware to make sure that avast! Mobile Security is ready to protect our users. If you are an avast! user and your tablet or smartphone is protected by avast! Mobile Security, you are protected.
“Even though TowelRoot is not malicious itself, it may be misused as an exploit kit. Generally, TowelRoot can be used as a delivery package for malicious applications,” explained Filip Chytry, an AVAST Virus Lab expert on mobile malware. “It’s capable of misusing a mistake in Android code which allows attackers to get full control over your Android device. TowelRoot itself is more a proof-of-concept, but in the hands of bad guys, it can be misused really quickly. For this reason we added it to our virus signatures, so Avast detects it as Android:TowelExploit.”
Android has not made an official statement on the security flaw, however our researchers confirm that even the latest versions of the operating system are exposed (version 4 and all higher). It is very likely that versions 3.0 can be attacked, too. For those who just purchased an Android device or don’t have protection yet, we strongly recommend that you install avast! Mobile Security, before taking any further actions. Despite the fact that some of the mobile providers claim that their devices are immune to this particular Android exploit, it is highly risky to leave your device unprotected.
What is the TowelRoot Android vulnerability?
Earlier this month a security flaw in Linux, the operating system which Android is based upon, was discovered by a young hacker known as “Pinkie Pie.” Soon afterwards, a gifted teenager, notable because he was the first to unlock the unlockable – an iPhone at the age of 17, prepared a tool kit for potential hackers. Its instructions are available publicly to “purchase,” allowing even less advanced programmers to write a script that will use the exploit.
The potential exists for hackers to take full control; to simply root your device. So far the AVAST Virus Lab has not observed any massive attack, however knowing about the potential risk, our Virus Lab is ready for the attack. avast! Mobile Security is capable of discovering different variations of malware code required to exploit the bug.
Who is exposed and how to protect yourself?
Basically everyone who owns an Android device without proper antivirus protection, tablet or mobile phone, with any version of Android OS, including the newest one is at risk for malware.
In order to prevent this exploit, or any other malware attack, once you purchase your device, we advise to install antivirus first, before installing any apps, importing contacts, or starting to browse online. Our avast! Free Mobile security, as well as its Premium version are available to download and install from Google Play.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Traveling to Brazil for the 2014 FIFA World Cup, or just headed out to your local beach for a daytrip? You remember to pack your sunglasses, a hat, and plenty of sunblock, but don’t forget that your mobile gadgets need protection too.
- avast! SecureLine VPN to protect against dodgy public WiFi
- avast! Mobile Security and Anti-Theft to protect against thieves
That free WiFi HotSpot could get you in hot water!
Spectators at the 2014 FIFA World Cup Brazil will have lots of choices of free WiFi. At least 6 of the 12 World Cup stadiums have access to free WiFi built in, and planners have created WiFi hotspots across 2,300 access points, including parks, squares, and public transit stations. Fans not watching in person will check scores on their phone or watch live streaming matches by connecting to free WiFi at hotels and bars.
“A WiFi attack on an open network can take less than 2 seconds,” tweeted @ExtremeNetworks recently. Cybercrooks can access and steal your personal data when you connect to these unprotected networks. Having your identity stolen and bank account emptied out while on vacation could ruin any trip – even one to paradise!
“Hackers target public hotspots, where it’s easy to follow every move that users of the WiFi connection make, allowing them to access emails, passwords, documents, and browsing behavior,” said Vincent Steckler, Chief Executive Officer of AVAST Software.
Use a VPN service to make sure that doesn’t happen. avast! SecureLine VPN protects your privacy by making your logins, emails, instant messages, and credit card details invisible to spying.
Have you ever been on a long road trip with your children? Then you will agree: It’s great to have something to entertain your children, to distract them from the boring drive. Today smartphones and tablets are a great source to keeping kids occupied for long periods of time, not only on the road. AVAST has found out that four out of five parents share their mobile devices with their kids. This is the result of a survey AVAST conducted amongst 1,500 parents in celebration of today’s International Children’s Day. Children are very tech-savvy and technology can be a great teaching tool, if kids use it appropriately. However, our survey results show that kids don’t always choose the most kid friendly apps and activities while using their parents’ devices.
11 to 15 year olds seem to be the most curious – and most at risk
Many kids do mischievous things once they get their hands on their parents’ devices, however our survey has shown that 11 to 15 year olds are most likely to use smartphones and tablets for risky activities. It’s not surprising that anything inappropriate is interesting to kids; 32% of parents admitted that their child has accessed adult content using their mobile device. More than half of these kids were between the ages of 11 and 15 years old. The risk here is not only the child getting in contact with adult content, but the whole device and other family members are at risk as well: Mobile sites and ads including adult content often lead to phishing sites or sites including malware that is downloaded with the tap of a finger.
Sending messages in their parents’ name, behind their parents’ backs also seems to be a fun thing for kids to do, with 19% of parents claiming their child has hit the send button. Again, the sneakiest age group is 11 to 15 years old, 45% of messages were sent by them. If children send text or social media messages in their parents’ name, this can lead to embarrassing situations – or cause real damage, e.g. if a child sends an email from their parents’ business email address.
In addition to this, 7% of kids accessed apps that contained banking or credit card information and 6% used their parents’ device to make purchases without their parents’ knowledge. Once again the age group 11 to 15 years was the one caught red-handed the most – 44% of the 7% of kids that accessed apps containing banking and credit card information and 52% of the 6% of kids that made purchases were 11 to 15 years old.
Many children and teenagers have their own devices
AVAST asked the 20% of parents who don’t share their devices with their kids, why they choose not to do so. Of these, 38% said their kids have their own devices, 40% think their kids are too young (between the ages of 0 to 10 years old), and 22% don’t trust their kids. Out of the 22% that said they don’t trust their kids with their devices, 11 to 15 years old was the most mistrusted age group. Despite this, of the 38% parents that said their kids have their own devices, 48% are between the ages of 11 and 15. Based on what parents caught their 11 to 15 years doing with their mobile devices, can you imagine what these kids may be doing if they have their own device?
Safety tips for kids using mobile devices
Be aware of the sites your children are visiting. The Internet contains everything from cute cats to adult films – do you know which your kids are accessing? Talk to your kids, let them know that not everything online is necessarily safe and keep an eye on what they’re doing online. Also, often apps and ads with adult content can link to malicious sites– so make sure your device is safe. Install an antivirus app like avast! Mobile Security on your phone to protect you and your family.
Lock apps that can make purchases. Any apps containing banking information or that have credit card information saved to make purchases should be password protected, whether your child has their own mobile device or borrows yours. App stores such as Google Play and iTunes make it easy to purchase apps, all you have to do is type in your account password. Even if you don’t think your child knows the password, make sure you add a second layer of protection by password-locking certain apps.
Talk to them about messaging apps. In one of our recent blog posts we discussed the importance of talking to your kids about cybersecurity, especially when it comes to messaging apps and social media. Whether they are borrowing your phone or using their own device, talk to your kids about what information they should share, who they should talk to online and how they should be talking to others.
Talk to them about the value of money. Kids may not realize that the things they order or download online cost actual money. The fact that they can’t visualize online transactions makes it seem like the things they are ordering online must be free! Come up with an agreement, either allow your kids to make purchases online if they consult with you first, or if in the instances of apps, they are free. You could even give your kids app store gift cards as their allowance.
For the last few years, I have used an app on my Android smartphone to log my training runs. It tracks the distance I ran, the route I took, my running pace, and calories burned. If I want to, I can link it with Facebook or other social networks and share my workouts, or I can pay to have my stats broadcast live, so for example, during a race, my family can follow my progress.
Using an app like this is motivating and helps me to organize my training better, but until recently I had never considered the privacy and security issues surrounding fitness tracking devices and apps.
“Privacy advocates warn that consumers aren’t always aware of how sensitive the data the apps collect can be or what privacy protections exist,” reported The Washington Post yesterday.
My smartphone is protected by avast! Mobile Security, so I decided to take a closer look at my apps with the Privacy Advisor feature. Privacy Advisor scans the apps in my device and tells me what kinds of information they collect. Application Management tells me what permissions individual apps require. My fitness app requires me to give these permissions:
- Track GPS location
- Read contact data
- Access accounts
Not too bad; at least when I compare it to the fitness app that came with the phone.
My fitness app respects my privacy, but many health and fitness apps sell personal information like usernames, names and email addresses, and information like medical symptom searches, zip codes, geo-location, gender identifiers, and dietary and workout habits. A Federal Trade Commission (FTC) study revealed that ad companies and data miners are among the third parties that buy this data.
Already some employers are rewarding their workers with cheaper insurance plans for joining fitness programs. But there is worry that the data collected could be pieced together to create profiles that would backfire. It’s fine when you’re healthy for your fitness, health and medical data to determine things like insurance rates or drug pricing, but what if your health declines?
The FTC “is concerned consumers could be penalized based on health data; for instance, a financial institution might adjust credit ratings based on the fact someone has a disease.”
“Information about consumers most intimate health conditions is going to be sold to the highest bidder,” Jeffrey Chester, the executive director of the Center for Digital Democracy, told the Washington Post. “Employers might get access to it, insurers might get access to it, or mortgage lenders — which could lead to a vast array of negative discriminatory practices.”
Know what your apps want
Check what the apps that you have allowed on your smartphone require with avast! Mobile Security. Install it free on Android devices from the Google Play store.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news and product information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our avast! Business Solutions.
Today almost everyone and their mother has a smartphone, even your mom’s mom probably has a smartphone! Smartphones help us connect with people near or far, whether it be through traditional phone calls, text messages, photo and video sharing via apps or messaging services, smartphones have made keeping in touch routine, easy and instant. We share personal moments, large or small, with the people we love the most: our moms. All these personal moments are then stored on our smartphones, so it is imperative to protect them, which is why we think avast! Mobile Security is the perfect Mother’s Day gift.
Here are 6 reasons reasons to back that up:
1. Antivirus: Mom has always protected you, whether it be checking for monsters under your bed or making sure you put on a jacket before you leave the house. Now its your turn to protect your mom from mobile malware monsters from getting to her data. Our anti-virus scans apps, files and SMS for malicious malware and includes spyware.
2. Anti-theft: We all know moms are superheroes that don’t wear capes, always on the go, making sure everyone is taken care of and where they are supposed to be. We also know that mom-purses are like Mary Poppin’s never-ending bag, so it wouldn’t be surprising if mom lost her phone running between work and soccer practice drop-off or if she were to “lose” her phone in her ginormous wonder bag. avast! Anti-Theft helps locate, control and lock lost or stolen phones remotely, GPS track and sound a siren alarm, making it simple to retrieve missing devices.
Easter egg hunts are a favorite activity for kids and adults alike, and on Easter Sunday, backyards, church grounds and even the White House will host their own competitions. Cyberspace has its own Easter eggs (a hidden message in software applications), and the hunt for them is just as fun as for real eggs. I asked Filip Chytrý, a researcher in the avast! Virus Lab specializing in mobile malware, about his favorite Easter eggs.
“I hate boiled eggs,” Chytrý joked, “but revealing Easter eggs in applications is pretty fun especially if you just have a clue, but don’t have any idea where to start.”
Can Easter eggs be malicious?
We’re not too keen on hidden code that no one knows about here at AVAST, so I thought it was a good question. Filip explained that to successfully make an Easter egg, the programmer has to hide the surprise from his fellow team mates and his employer, as well as the end user. It occurred to me that if programmers can hide fun things, it’s not a huge leap to hiding malicious things. Backdoors, for instance?
“We have not seen an Easter egg that might be considered as malware. There are plenty of original apps for Android which are modified to distribute malware by adding some kind of a downloader, but it’s without the user’s interaction. Easter eggs have remained harmless; Android apps – not so much,” said Chytrý.
Are there Easter eggs in mobile software?
“There are Easter eggs in the latest versions of Android,” said Chytrý. “To access the Easter egg in your device, open the settings screen and tap About phone at the bottom of the screen. Locate Android’s version number on the about screen and quickly tap it several times.”
It worked with Android KitKat on my Nexus 4, but may not work in the modified OS of some device distributors. Find out how to access older Android OS Easter eggs.
Smartphone owners are careless about security, says survey.
Guys are more likely to get a virus on their smartphone than girls (36% vs 32%), and more than one third (34%) of survey respondents don’t have any anti-theft or antivirus security on their smartphones. Add to that nearly half of the people AVAST polled in the US said they did not back up their data or know if they did on their mobile devices. This is despite nearly one in ten saying they had lost their phone or it was stolen in the last 12 months. These results are from a recent smartphone survey conducted for antivirus software company, AVAST.
AVAST surveyed 9,060 people earlier this year in the US about smartphone ownership and use and have released the results today. Read more…
Do you know the notion “machine war”? If you’re a fan of the Matrix movie trilogy then probably, yes. It denotes the fictional rise of artificially intelligent machines against the human race and their violent conquest of human beings. We want to apply a similar dominance of computationally powerful machines, not to create a population of slaves, but against numerous malicious Android packages that wildly proliferate on unofficial markets.
The idea of malware detection with no human interaction appeared earlier on our blog. In a fundamental article about AVAST research activities by AVAST’s COO, Ondřej Vlček, he effectively described the technologies we employ to deal with Windows threats. Two techniques have been mentioned explicitly, Malware Similarity Search and Evo-Gen, both working with Windows PE file format. Sometimes the latter form of detection technique is denoted as weak automated anti-malware heuristic.
The main effort is to reach two slightly conflicting qualities at the same time: The robustness, which means that suggested methods cover as many threats as possible; and simplicity, so that the methods are easily implemented in AVAST’s mobile security solution. The search for balance between those qualities is assisted by lessons learned from automated heuristic for Windows PE executables.
Respected testing lab AV-Comparatives ranks AVAST as the most popular provider of both mobile security and antivirus protection in North America, South America, and Europe, and gaining in Asia.
“This survey highlights that AVAST is the most popular name in security in the world,” said Vincent Steckler, CEO of AVAST Software. “We proudly protect more than 210 million devices from hackers, thieves, spies and even governments.”
The rankings came from the fourth annual global survey released at the end of February. In the survey, AV-Comparatives states that internet usage among home and business users is growing, but how people access the internet is changing. Smartphone and tablet sales have increased, while laptop and desktop sales are on the decline. This means that the focus of cybercrooks is changing too.
Android owners are vulnerable without security protection
Mobile device owners are steadily realizing that the threat to their security is increasing. The survey confirms that the amount of mobile devices protected by security software is significantly lower than that of desktop devices, especially in North America.
“User awareness of mobile malware is dangerously low; yet in 2013, our virus lab found more than 1,850 new pieces of mobile malware a day,” commented Mr. Steckler. Read more…