“Biggest iPhone hack ever” attacks jailbroken phones
In what has been called the biggest iPhone hack ever, 250,000 Apple accounts were hijacked. That’s the bad news.
The good news is that most Apple device users are safe. Why? Because the malware dubbed KeyRaider by researchers at Palo Alto Networks, only infects “jailbroken” iOS devices. (there’s that bad news again)
When you jailbreak a device like an iPhone or iPad, it unlocks the device so you can do more with it like customize the look and ringtones, install apps the Apple normally would not allow, and even switch carriers!
The KeyRaider malware entered the jailbroken iPhones and iPads via Cydia, a compatible but unauthorized app store, which allows people to download apps that didn’t meet Apple’s content guidelines onto their devices. The malware intercepts iTunes traffic on the device to steal data like Apple passwords, usernames, and device GUID (“Globally Unique Identifier” which is your ID number similar to your car’s VIN). Users reported that hackers used their stolen Apple accounts to download applications from the official App Store and make in-app purchases without paying. At least one incident of ransomware was reported.
Chinese iPhone users with jailbroken phones where the primary attack target, but researchers also found incidents in 17 other countries including the United States, France, and Russia.
Every day, millions of people get scam phone calls. In the U.S. alone there are more than 86 million scam calls each month.
Consumer phone scammers often use cheap robocalling services; automatic dialers that make thousands of phone calls every minute for a low cost. They hope to catch someone who is not aware of the system or hasn’t heard of phone scams. A recorded message will say you qualify for a special program to lower your credit card interest rate or that something is wrong with your computer. When you press a number to learn more, the scam kicks in. The unfortunate victims are often elderly people, recent immigrants, and young college students.
‘We have detected a virus’
The most popular type of phone scam is the bogus tech support claim. The one that has been around for a few years (also read Don’t be fooled by support scams) involves a caller claiming they are a computer technician employed by Microsoft, McAfee, or even, Avast. They say they have detected a problem, commonly a virus or malware, on your computer and can fix it for a fee – sometimes as high as $450.
Once the frightened consumer agrees, the phone scammer has them download software for remote access. You can imagine what changes a crook can make to computer settings which allows them access later.
Other tactics tech support scammers take include:
- Enroll their victim in a bogus computer maintenance program
- Collect credit card information to bill for services
- Install malware that can steal personally identifiable information like passwords and account numbers
A popular dating site and a huge telecommunications company were hit with malvertising.
Popular dating site Plenty of Fish (POF) and Australian telco giant Telstra were infected with malicious advertising from late last week over the weekend. The infection came from an ad network serving the advertisements that the websites displayed to their visitors.
Malvertising happens when cybercrooks hack into ad networks and inject malicious code into online advertising. These types of attacks are very dangerous because web users are unaware that anything is wrong and do not have to interact in any way to become infected. Just last week, other trusted sites like weather.com and AOL were attacked in the same way. In the Telstra and POF attacks, researchers say that a malicious advertisement redirected site visitors via a Google URL shortener to a website hosting the Nuclear Exploit kit which infected users with the Tinba Banking Trojan.
It is frustrating when your antivirus protection stops you from visiting a website that you know and trust, but these days even the most popular websites can fall prey to attacks.
This week security researchers discovered booby-trapped advertisements on popular websites including eBay, The Drudge Report, weather.com, and AOL. The ads, some of which can be initiated by a drive-by attack without the user’s knowledge or even any action, infected computers with adware or locked them down with ransomware.
Computer users running older browsers or unpatched software are more likely to get infected with malware just by visiting a website. Avast blocks these infected ads, but to be safe, please use the most updated version. To update your Avast, right-click the Avast Antivirus icon in the systems tray at the bottom-right corner of your desktop. From the menu, select Update.
“This kind of malvertising is a fairly easy way for cybercriminals to deliver adware or another malicious payload. Many websites sell advertising space to ad networks then deliver the targeted ads to your screen,” said Avast Virus Lab researcher Honza Zika. “All Avast users with current virus databases are fully protected against this attack, but those without protection or up-to-date security patches run the risk of being infected with ransomware.”
A few weeks ago in Toronto, Chelsea Clark and her boyfriend were snuggling in their own home watching Netflix together on his laptop. This sounds very similar to what lots of people do to relax at home in the evening. What makes this story stand out is that someone was in the room with them.
Turns out that the next day when Clark looked at her Facebook page, she saw intimate images of herself and her boyfriend from the night before sent from an unknown person. The person, identified as Mahmoud Abdul in Cairo, Egypt, uploaded the pictures with a message that said “Really, cute couple [sic]”. The pictures were apparently taken from the laptop’s webcam.
This type of story is not new. This past March, a young man turned himself into the FBI and was sentenced to 18 months in federal prison for the computer hacking of Miss Teen USA, Cassidy Wolf. He watched her through her computer’s webcam for months, and took intimate photos of her in her own bedroom. He then attempted to blackmail her, asking for money for not posting the videos and photos.
Some sophisticated viruses hide when you turn on your computer (also known as booting up your computer), and even antivirus software like Avast, with its boot-time scan feature, can be prevented from seeing it. If you believe your computer is infected with a virus, the first step you should take is to download and install Avast Free Antivirus and run an entire system scan. If for some reason you are unable to do that, and you have exhausted all other alternatives, like asking our support team for help by submitting a request online at http://www.avast.com/support, then you can create an Avast Rescue Disk that will scan, detect, and remove most malware. This bootable version of Avast attacks a virus from outside of your computer system, catching it before it hides or camouflages itself.
You can create the Avast Rescue Disk from any Avast product. All you need is an uninfected computer with Avast Antivirus 2015 installed and an empty USB flash drive (make sure it is fairly new so that it supports booting) or a blank recordable CD/DVD.
Relying on your hotel to protect you when using their free guest Wi-Fi is not a good idea.
Even the best hotel chains are vulnerable to hackers, so having a Virtual Private Network (VPN) is vital for your protection. I will tell you how easy it is to use below. But first, here’s how cybercrooks can get their victims:
One way is through buggy equipment such as the critical vulnerability discovered last March in ANTlabs’s InnGate product used by 277 hotels, convention centers, and data centers in 29 countries. The InnGate provides temporary guest access to a Wi-Fi connection. By breaking into this piece of equipment, an attacker gets full read and write access to a Linux file system and from there can launch attacks against guests on the affected hotel’s Wi-Fi.
Another tactic hackers take is to create a fake Wi-Fi network, call it something innocuous like “Hotel Guest Wi-Fi”, and lure unsuspecting victims to their rogue connection. What the hackers do is set up their own access point and hope you’ll connect to theirs instead of the public Wi-Fi network.
What do hackers want?
It depends on who you are and what information you have on your devices. For normal people with normal jobs, typically, the hacker can watch your online activity, read your email, steal your account passwords and if they go deeply enough, potentially steal your credit card information, which is the precursor to identity theft. “There is seemingly no limit to what they could do,” say the researchers who discovered the InnGate vulnerability.
Victims’ laptops or mobile devices can be also be infected with malware. Last year, the DarkHotel cyberspies gained access to the computers of high-level executives, government agencies and NGOs, and U.S. executives traveling in Asia, probably to steal nuclear secrets.
How do you protect yourself on free Wi-Fi?
Targeted advertisements based on your search history, location tracking, Wi-Fi sharing, torrent style updates – features that share too much are getting privacy watchdogs in a tizzy.
Reviewers and consumers alike are happy about the new Windows 10, but now that there has been time to read through the 45-page long consolidation of Service Agreements into one central agreement (which also covers Bing, Outlook, and Xbox Live) some data protection advocates are taking issue with certain features. The European Digital Rights (EDRi) organization summarized that “Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties.”
Sharing your business to keep yourself organized
One of the useful but controversial features in Windows 10 is a personal digital assistant called Cortana, similar to Apple’s Siri (and light years away from Clippit, Windows 95 office assistant!) Cortana can set reminders, recognize your natural voice, use information from Bing to answer questions, and of course save all that information in order to provide personalized search results, which basically means you are being profiled so targeted ads can be presented to you (Facebook and Google does that too). Cortana can be disabled and you can opt out of personalized ads.
For those of you keeping track, you can add high-tech sniper rifles to the growing list of Things That Can be Hacked. The vulnerability that allowed two security researchers to break into the computer guidance system of a sniper rifle is the same that allows hackers to access baby monitors and home routers. Simply put, the default Wi-Fi password, which was locked by the manufacturer, allowed anyone within range to connect. The typical range is up to 150 feet (46 m) indoors and 300 feet (92 m) outdoors.
In advance of the Black Hat conference this month, security researchers Runa Sandvik and Michael Auger, have demonstrated that they can hack TrackingPoint precision-guided firearms.
The TrackingPoint rifles can make a sharpshooter out of a novice. This is thanks to the computer-aided sensors including gyroscopes and accelerometers which take into account all the factors that a sniper scout would look for; wind, speed of the target, distance, snipers orientation, ammunition caliber, even curvature of the earth.
I asked Steve Ashe, a veteran of Desert Storm and Desert Shield, who collaborated closely with the sniper team what he thought about such technology. “Trained scouts and snipers must master a set of physical and mental skills that is beyond the reach of most people. This type of rifle can never replace that. Besides being crack shooters, they are in excellent physical condition, able to do complicated calculations in their heads and have mastered field craft such as land navigation, stalking and range estimation.”
One of the features of the TrackingPoint rifle is the ability to video stream your shot and share the view from the scope to another device connected via Wi-Fi. It’s this connection to Wi-Fi that turned out to be the weak point. The gun’s network has a default password that cannot be changed.
After a while, your phones and tablets accumulate obsolete files and superfluous data, system caches, gallery thumbnails, and programs. This ‘junk’ slows down your device and eats up precious storage space.
Avast Cleanup identifies and cleans unwanted files from your Android device so it will run like a champ again.
Our new free app, Avast Cleanup & Boost for Android, cleans away all the unwanted files and programs so that your device is running smoothly and quickly with storage space to spare. But don’t take our word for it.