We rely on our apps. Everyday we use our favorite ones to check news, the weather for our next trip, and communicate with our loved ones. Some apps, especially the system ones, are continuously in use, even if they are not the foremost app on your screen. The keyboard is one of them.
Recently, a dangerous vulnerability was discovered in the most popular keyboard, SwiftKey. If you have a Samsung S6, S5, and even a S4 running the stock operating system, you’re at risk. The app always checks for language updates, but this process is not performed in a secure way. If you’re connected with an open or public Wi-Fi, your phone is at risk of a very common and dangerous Man-in-the-middle attack. Your connection will be compromised and all the Internet traffic could be eavesdropped upon. That includes the passwords you’re typing in the very same keyboard, your financial information, everything.
To insure your security, you need to use a VPN when on Wi-Fi, since that’s when most updates are scheduled to occur. You probably already know what a VPN is and how it works. If not, you can find a lot of information in our blog. Our product, Avast SecureLine VPN, creates an encrypted tunnel for the inbound and outbound data of your Internet connection, blocking any possibility of a Man-in-the-middle attack.
But the story does not end here. If you use SwiftKey on an unsecured Wi-Fi, the attacker could also download malware into your phone or tablet. That’s a job for Avast Mobile Security & Antivirus (AMS). Some users think that we don’t need a security product for our phones. They also think that security companies exaggerate the need for a security app just to sell their products. AMS not only scans the installation process of apps but also checks the Internet sites you’re visiting and malicious behavior of any file in your device. You can install Avast Mobile Security & Antivirus on your Android device for free from the Google Play store.
NOTE: At the writing of this post, a patch for the vulnerability was provided to mobile network operators by Samsung. SwiftKey wrote on their blog, “This vulnerability is unrelated to and does not affect our SwiftKey consumer apps on Google Play and the Apple App Store.”
Many of the Wi-Fi hotspots you use in your hometown and when you travel have major security flaws making it easy for hackers to see your browsing activity, searches, passwords, videos, emails, and other personal information. It’s a public Wi-Fi connection, meaning that you are sharing the network with lots of strangers. Those strangers can easily watch what you’re doing or steal a username and password to one of your accounts while you sip your latte.
An easy and affordable way to maintain your security whenever you use free Wi-Fi is to use a virtual private network (VPN). It sounds techie, but Avast has made it simple.
A VPN service, like our SecureLine VPN, routes all the data you’re sending and receiving through a private, secure network, even though you’re on a public one. That way, SecureLine makes you 100% anonymous while protecting your activity.
The Avast Mobile Security team showcased secure solutions for payment, identification and mobility at the CARTES conference.
The Avast Mobile team had a couple of busy days in November – we participated at CARTES Secure Connexions 2014 and showcased some of our best mobile apps in the “Mobile payments” pavilion. In our traditional and authentic guerrilla style, we drove a truck to Paris, we built the stand ourselves (and almost got killed dismantling it the last day), and we greeted our friends and product users in person, with no external hostesses; only Avast Mobile crew members equipped with mint candies, product fliers, and an unlimited dose of enthusiasm.
You may ask yourself, what was my mobile antivirus provider doing at CARTES, a global event for the digital security industry?
Because of the experience the Inmite acquisition brought to Avast Mobile, the Avast team knows a thing or two about mobile payments security, and we believe we can bring additional value to this topic with our products.
Mobile payment security starts and ends with the customer
While there are many techniques app makers or payment institutions such as a banks use to secure their mobile applications, recent attacks show that the weakest part of the chain are end clients – in other words – you and me. Face it, most people tend to underestimate potential threats, they fall for phishing attacks or attacks by social engineering, they connect to insecure public Wi-Fi hotspots, and they know in most cases, that banks will handle possible issues they have gracefully. In many cases, banks will even refund complete financial loss in order to keep their reputation high. The value Avast can bring to the table is the fact that most of our solutions are oriented towards the end users and their devices – we help where the additional help is needed.
At CARTES, we presented three products for mobile:
This selection of products was not random. Each of the products protect people and their payments at different “stages”.
AIR BOND is our patent pending HW authentication token based on Bluetooth Low Energy. It wirelessly communicates with your smartphone or tablet and co-signs your transactions before they are sent to the server. It requires no special effort, like rewriting a numeric code or putting an NFC tag close to your iPhone (that does not support NFC this way anyway ;-). )You can use your mobile banking or payment app as long as your AIR BOND is nearby. If you lose your phone or somebody steals it, your banking is instantly safe – proximity to the AIR BOND device is required in order to execute transactions (all of them or only some of them depend on AIR BOND deployment type at each individual bank).
As more gadgets get WiFi-connected, there could be serious implications for personal and home security.
Baby monitor hijacked
A new case of a baby monitor being hijacked was reported last week in a Cincinnati, Ohio home. Fox19 news reported that the Schreck family was fast asleep when an unfamiliar voice woke up Mrs. Schreck. She grabbed her cell phone to check on the wireless IP camera used to monitor her 10-month-old daughter Emma’s room. The camera was moving, seemingly by itself. A man’s voice started screaming, ‘Wake up baby. Wake up baby.’
This incident is similar to one that occurred in August 2013 when a disturbed stranger screamed obscenities at a sleeping toddler through the baby monitor. The bugs in the Foscam camera that was used have since been discovered and updates are on the company website. Make sure you update your camera’s firmware as soon as possible.
The Internet of Things
“Smart” gadgets like IP camera video feeds are used to monitor children, property, and pets. If the camera isn’t secure, a hacker or creepy Peeping Tom can use them to spy on you and your family, watch recorded images, and even find out when the coast is clear so they can break in. Other smart gadgets like home appliances, TVs, pacemakers, cars, etc. – are vulnerable to cyber attacks. This may be a low-risk threat now, but as more gadgets get WiFi-connected, there could be serious implications for personal and home security.
Tips to secure your home cameras against digital snooping
- Secure your home wireless router. Look for a camera that supports current wireless security protocols, like WPA2.
- Use a unique password. Don’t be tempted to turn off the password requirement on your camera. If you’re not sure what a strong password looks like, read our blog about creating strong passwords.
- Use a secure WiFi connection. Your camera’s mobile app may not be encrypted, so using it on an unsecured WiFi network could give troublemakers an open door to your video feed or your password. Change the settings on your mobile device so that it doesn’t automatically connect to a public WiFi hotspot. Protect your privacy by using avast! SecureLine VPN on your Android phone or iPhone. If you don’t know what a VPN is, read our blog post explaining what a VPN can do for you.
The FTC has more tips for securing your IP camera on their site.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
More than one billion people nowadays use smartphones devices and this number is growing rapidly. With the growing numbers of mobile users accessing the internet on Android smartphones and tablets, and iOS iPhones and iPads, the number of mobile threats and attacks is rising progressively.
Mobile users store sensitive data, and engage in online banking operations, exposing devices to the modern mobile threads. You need constant protection. Not even these big names were immune from attack: German Chancellor Angela Merkel’s smartphone was hacked; Rovio, creator of popular game Angry Birds, reported that the personal data of its customers might have been accessed by U.S. and British spy agencies; and recent news of other leaky phone apps have caused people to look for ways to protect their private mobile communications.
Unprotected WiFi presents a real and present danger
Edward Snowden’s recently leaked documents revealed that the Canadian government’s intelligence agency, CSEC, collected data from travelers who connected to unprotected WiFi at Canadian airports. Read more…