Not too many years ago we had phones that only made calls. Smartphones are the newest generation of phones that bring a lot of possibilities right to our fingers through the apps specifically designed for them. We all got used to the Windows (or Mac) world, but now we are witnessing a revolution from “standard” programs and some specialized tools to a world where every common thing can be done by our smartphones. Sometimes it seems, that the device is smarter than we are!
But can it protect itself from the increasing number of threats?
You’ll find a lot of articles on the Internet which state that security companies exaggerate the need for mobile security and antivirus protection. You’ll read that Google Play and the new security technologies of Android Lollipop are the only things necessary for security. I could post many examples of such (bad) tips, but I don’t want to waste your time or mine.
Do you use only Google Play as your app source?
A common (and wise) security tip is to stick with Google Play for downloading apps. This is good advice despite the fact that we see here in the Avast blog that Google Play fails to detect some apps as malware. Look for our mobile malware senior virus analyst Filip Chytry’s articles. He continuously discovers holes in Google Play security.
However, what if you want apps that have been banned from Google Play? No, I’m not talking about (just) adult apps. Google banned anti-ad apps, for instance. So where is a safe place to get them? The answer is simple: outside of Google Play. The Amazon Appstore for Android is quickly increasing the possibilities.
Do you think that clean apps can’t become bad ones?
Clean apps can become bad ones, and with the new Google Play permission scheme, you may not even notice. This makes updating your apps (another very common and wise hint) an additional complication.
As the apps we love can turn against us, the best tip of all is that you install a mobile security app that helps you know what it being added to your phone. Avast Mobile Security updates its virus database very often to detect the latest threats and allows you to install securely all the apps you love.
This makes you smarter than your smartphone!
Avast is pleased to offer the World’s First Free Business-Grade Security to small and medium-sized businesses.
In a move that will make a difference to the security of local businesses across the USA and the UK, Avast launches Avast for Business—a free, easy to use, cloud-managed security offering that protects small to medium-sized businesses (SMBs) from viruses and cyber attacks.
This is the first free information security product built specifically for businesses with cross-platform protection, meaning that it protects both PCs and Macs. It solves a problem that many businesses have: No IT staff, lean IT budgets, lack of know-how, or even any security at all.
“Since 2001 we’ve delivered great, free security products for home users,” said Vince Steckler, Chief Executive Officer of Avast. “We believe the time is right to provide great security that is not only free, but also simple for SMBs to implement and manage. A small business may not view their customer database or online orders at the same level as data of an enterprise. Avast for Business addresses the problem of those businesses using consumer products and not being adequately protected; it gives those enterprises a business-class solution they can grow with.”
Avast for Business is easy for SMB owners to install, configure and manage advanced security solutions with or without the help of a full-time IT manager. Users are able to effortlessly monitor, manage and protect devices anywhere, anytime from Avast’s cloud-management console.
“Anybody can use the interface,” said Kyle Barker of Championship Networks, an Avast partner in North Carolina, USA. “If you’ve ever seen a simple installment of Avast, you’ve seen the interface, you know the controls. Anybody that ever used the small office console already knows every feature that’s in this product. It’s a simple transition.”
From the easy-to-navigate console, users have the ability to configure robust reporting and alerting to easily stay on top of what is happening inside of their environment. Avast for Business features include:
- Free Essential Antivirus protection (File Shield, Web Shield, Mail Shield)
- HTTP and HTTPS Threat Scanning & Integrated Browser Protection
- A Web-based management console that is accessible anywhere, anytime.
- Robust reporting and alerting engine
- Cross-Platform Support including Windows and Mac OSX.
For advanced security requirements, Avast for Business also offers premium services. There are no limits on the number of protected devices, and businesses can activate and deactivate licenses as needed. This allows them to grow comfortably without the concern of overwhelming costs.
“It’s very easy to choose on a month to month basis the number of licenses you want. Any number of licenses can be mixed from free and premium and you can change this on a month to month basis,” said Barker.
Later in 2015, Avast will introduce programs for managed service providers and the reseller channel, to benefit from the power of free. In the spring, Avast will form its first ever partner advisory council in order to bring partners closer to Avast, to discuss features and functions specific to their needs.
Just because logging in with your finger is convenient doesn’t mean it’s the best method to use.
Some days ago we told you about increasing your security on sites and in services by using two-factor authentication. More and more services are using this two-factor log in method. They require that you use “something you know” like a PIN or a password, “something you have” like a token app in your smartphone, and even “something you are” like your fingerprints, for instance.
Many top smartphones – starting with iPhone 5s and newer Androids – are moving to fingerprint authentication technology. That means you can unlock your phone using your finger. It’s more convenient than typing a PIN or password because you always have your finger with you (we hope!). And you would think that it is more secure than using a gesture or pattern to unlock it.
Unfortunately, it’s not. Here’s why:
The authentication process requires that a site or a service (or your smartphone) could recognize you for a thing you know: A PIN or a password. This information must be stored in the service server (or hardware) and it must be matched, i.e., the combination of two pieces (generally username and password) must match to allow access to the right person.
Both you and the service must know this secret combination. But that’s the problem; nowadays, a lot of sites and services have been compromised and pairs of username/passwords have been hacked and sold on the black market.
But what about using your fingerprint? It’s the same scenario. The information about your finger and the technology to match your fingerprint is stored in servers. If they are hacked, your exact, and only, information would be in their hands.
It gets worse.
You can change your credentials to log into a site or service, but you can’t just change your finger! Well, most of us have 9 more chances after the first one is compromised, but still - there are more than just 10 services you want to use. You can change your passwords indefinitely, you can use a stronger password, you can use a password generation service - you’ve got the idea… But you don’t have that many choices with your fingerprint.
It gets even worse.
Everything you touch reveals you. You’re publishing your own secret.
Can you imagine banks or stores letting you use your fingerprint to gain access to your account without even a card? Coincidentally, just hours ago a news report was published saying the Royal Bank of Scotland and MasterCard recently made announcements regarding fingerprint authentication services. They announced that customers can log into the banks’ mobile banking app using their fingerprint. It’s interesting that this article says 16- to 24- years olds are driving this decision because
they want to avoid security slowing down the process of making a payment, with 64% of those surveyed saying they found existing security irritating.
This decision by major banks does not give us confidence in the security of the younger generation and their bank accounts. We venture to wonder about the police with their databases full of prints. What could be done with millions of fingerprints stored by the government?
By the end of last year, young researchers from the Chaos Computer Club showed that your fingerprints could be obtained by photos of your hands and from anything you touched. See the full presentation in this YouTube video. If you have the curiosity to see all the video, you’ll see that using your iris could also be simulated with high quality printed photos. At 30:40 starts the iPhone fingerprint hacking. They took 2 days to develop the method and presented it in a few minutes. Amazing and scary.
Here’s another video with a quick summary of the research.
How to make yourself and your phone more secure
This blog is a source of great information. Earlier this month, we shared 14 easy things you can do right now to make your devices more secure. Please read 14 easy tips to protect your smartphones and tablets – Part I and Part II.
As always, make sure your Android device is protected with Avast Mobile Security. Install Avast Mobile Security and Antivirus from the Google Play store, https://play.google.com/store/apps/details?id=com.Avast.android.mobilesecurity
More easy things you can do to secure your smartphone and tablet.
On our blog last week, we shared the first 7 easy security measures to protect your Android devices and the data stored there. But we haven’t finished them. Let’s go a little further.
8. Keep an eye in your phone or, if you can, set Geofencing protection
Don’t put your phone down and go somewhere else. And if you’re having fun in a bar and drinking a beer with friends, have a lucid thought before starting: Turn the Avast Geofencing module on. It’s easy. Open Avast Premium Mobile Security > Anti-Theft > Advanced Settings > Geofencing.
9. Be aware of what permissions apps require
Why should a flashlight app need access to your contacts? Why would a calculator need access to your photos and videos? Shady apps will try to upload your address book and your location to advertising servers or could send premium SMS that will cost you money. You need to pay attention before installing or, at least, uninstall problematic apps. It’s not easy to find a way (if any) to manage permissions in a non-rooted Android phone.
We have written about this before as apps could abuse the permissions requests not only while installing but also on updating. Read more to learn and be cautious: Google Play Store changes opens door to cybercrooks.
10. Keep your device up-to-date
Google can release security updates using their services running in your devices. Developers can do the same via an app update. Allow updates to prevent vulnerabilities, the same as you do in your computer. But pay attention to any changes. See tip #9.
You can encrypt your account, settings, apps and their data, media and other files. Android allows this in its Security settings. Without your lockscreen PIN, password or gesture, nobody will be able to decrypt your data. So, don’t forget your PIN! Nevertheless, this won’t encrypt the data sent or received by your phone. Read the next tip for that.
12. In open/public Wi-Fi, use a VPN to protect your communication
Cybercrooks can have access to all your data in a public, open or free Wi-Fi hotspot at the airport or in a cafe. Avast gives you the ability to protect all inbound and outbound data of your devices with a secure, encrypted and easy-to-use VPN called Avast SecureLine. Learn more about it here.
13. Set the extra features of Lollipop (Android 5)
If you’re with Android Lollipop (v5), you can set a user profile to allow multiple users of the same device. You can create a restricted user profile that will keep your apps from being messed with by your kids or your spouse.
You can also pin the screen and allow other users to only see that particular screen and nothing more. It will prevent your friends and coworkers from accidentally (or on purpose) looking into your device.
14. Backup. Backup. Backup.
Well, our last tip is common digital sense. If everything fails, have a Plan B, and C and D… With Avast Mobile Backup you can protect all your data: contacts, call logs, messages, all your media files (photos, musics and videos) and your apps (with their data if you’re rooted) in safe servers. If your device gets broken, lost or stolen, everything will be there, encrypted and safe, for you to restore to your new device.
Have you followed all our tips? Are you feeling safe? Do you have an extra protection or privacy tip? Please, leave a comment below.
A few precautions can make a huge difference in the safety of your phone and the important things you saved on it.
We talk a lot about protection and privacy here in our blog. It’s a bit obvious as our “life” is in our devices nowadays: Photos of our last trip or our loved ones, videos of our children playing and growing up, contacts both professional and personal. All our precious and irreplaceable data is stored in these little machines. Take a minute of your time and follow us in this easy tour to protect them and save a lot of time and headaches.
1. Set your lockscreen
You wouldn’t leave your home door unlocked, would you? Same goes for your phone with all your private data. Set a password or PIN to prevent direct and easy access to your phone. Gestures and face recognition are less secure, but are better than nothing.
2. Hide your passwords from nosy people
You will argue that people around you can look over your shoulder and see what PIN or password you’re typing or gesture you make. Generally, we’re not worried about trustworthy people around us, but what about strangers in a public place like a bus or train? Open your phone settings and hide your passwords by unchecking the option: Settings > Security > Make passwords visible.
3. Protect your apps with a PIN
Not all apps are equal when it comes to security and privacy. Probably the weather app or calculator won’t keep your personal info. However, your messages and banking apps will thank you if you help them to keep their data private. You can imagine what might happen if your kids to open a specific app while they’re playing in your devices. Use Avast Mobile Security to set a PIN to block access to your apps. As an extra security measure, it will be good that your lockscreen and Avast PINs are different ones.
4. Disable installation of apps from unknown sources
If you do not use other app stores besides Google Play, then uncheck the option “Unknown sources” in your phone’s Security Settings page. Even the Google Play Store sometimes allows malware to get by. It’s well known that most Android malware are fake apps disguised as legitimate apps, so double check the publisher. Be cautious of downloading from fake sites disguised as official ones – check the URL. Avoid completely pirated and cracked sources.
5. Set Avast Mobile Security to scan any app before installing
If you really need to use legal third party stores, like Amazon or F-Droid, please be careful: Keep Avast Mobile Security always on. You know that Avast scans any installed and running app. But do you know that you can set it to scan any app that is about to be installed? After you’ve installed Avast, when you’re about to install a new app, the phone will ask you if you want Avast or the default installer to handle the installation by default. Use Avast, it will scan and then release the app to the default installation process.
6. Disable USB Debugging
This tip is for advanced users. If you have enabled Developer options into your device (and you will know exactly if you did as you’re an advanced user!), please, turn USB debugging off. You will protect your device from outside abuse (via adb connections) if you do so. You don’t need it to be on all the time.
7. Install and set Avast Anti-Theft
This is an old tip, but it’s so important that it should be on all smartphone safety tips lists. Just note that installing is not enough. You need to properly configure Avast Anti-Theft (don’t worry, there is an easy wizard for it) step-by-step. It’s good to check if your location services are properly set also, otherwise, it will be difficult to track it. In other words, go to Settings > Location Access and set High accuracy mode.
We’ll talk about the other 7 tips in next days, so come back to the Avast blog.
Privacy plays a growing part in customer buying decisions. With every data breach, trust is eroded further.
Privacy and security are intertwined when it comes to our individual information. Consumers are becoming increasingly aware of the value of their personal data, so that means that businesses have to step up and do a better job of securing that data. Identity theft is the #1 fear of consumers, but for your business the risk is loss of trust and brand damage.
Since trust is the core of any transaction it’s important to know how privacy factors into your customer’s buying decisions. Research shows that almost 40% of consumers made buying decisions based upon privacy. When looking at who these people are, it was found that these individuals are aged 46-65 and have the highest incomes. But don’t rely on the business of the younger generation to supplant that once trust is lost; 27% of millenials abandoned an online purchase in the past month due to privacy or security concerns.
To mark Data Privacy Day on January 28, the following Privacy is Good for Business tips were created by privacy experts in civil-society, non-profit, government and industry and aspire to help business address the public’s growing privacy concerns:
- If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.
- Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used.
- Build trust by doing what you say you will do. Communicate clearly and concisely to the public about what privacy means to your organization and the steps you take to achieve and maintain privacy.
- Create a culture of privacy in your organization. Explain to and educate employees about the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe.
- Don’t count on your privacy notice as your only tool to educate consumers about your data practices.
- Conduct due diligence and maintain oversight of partners and vendors. You are also responsible for how they collect and use personal information.
Losing contacts from your mobile phone is highly inconvenient. There’s seems to be a solution - You can find them online! The catch? Your contacts are in a publicly accessible place.
If you care for your privacy you should always be suspicious about “Cloud Backup” solutions you find in the Google Play Store. The solution that is being analyzed here backs up your personal contacts online. In public.
Upon starting the application, you will find a screen where you can put your mobile number and a password of your choice. Then you can upload your contacts in the cloud.
A brief analysis inside this application shows us how exactly it backs up your contacts in the cloud. The contacts are associated with the phone number that you have given in the previous step and they are sent through HTTP POST requests in a PHP page.
Further analysis through IP traffic capturing with Fiddler helped usdiscover the results in the pictures above; a page located online, for anyone to see, that contains thousands of un-encrypted entries of phone numbers and passwords. Using the info in the app you can retrieve personal private data (contacts) from another user.
We found log in data inside those entries from countries like Greece, Brazil, and others
The Play Store page says that this app has been installed 50.000-100.000 times. This is a big number of installations for an application that doesn’t deliver the basic secure Android coding practices. The developer must use technologies like HTTPS, SSL and encryption on the data that are transferred through the web and stored in the server. Nogotofail is a useful network security testing tool designed by Google to “to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.“
Avast detects it as Android:DataExposed-B [PUP].
Cybercrooks believe that their attacks are more likely to succeed during the holiday shopping season.
Retailers have been “leaking” special Black Friday deals since before Buffalo got covered in a snow wall, and that flurry of sales results in the annual spike that carries them through the rest of the year. But analysts who study these things warn that cybercrooks are riding the sales wave with a surge in attacks due to relaxed security measures.
The Wall Street Journal quotes Gartner Inc’s vice president Avivah Litan,
Retail transaction volume increases by 50% during the holidays and retailers don’t want to stop to slow the pace of business, so they relax fraud controls to some degree. Criminals know they’re likely to get away with more.
Yikes! That’s not good news for consumers, especially since we are swiping our credit and debit cards at places like Target, The Home Depot, and Neiman Marcus – all victims of point-of-sale terminal hacks this year. Experts have advised retailers to take action, like upgrading terminals with new technology and enabling chip embedded cards, but all that takes time to implement.
It’s not much better online. Attacks during last holiday shopping season, November 14, 2013 through January 9, 2014 increased by 264% over the weeks prior to that time, says security company Imperva.The reason?
Cybercrooks believe that retail applications are more vulnerable during this time of the year, and that attacks are more likely to succeed. Isn’t that what the Gartner analyst said about brick-and-mortar retailers?
The reasoning is similar – in order not to annoy shoppers who can go elsewhere, online retailers relax strict security measures such as step-up authentication and Captcha. Add that easy check-out to all those new Black Friday and CyberMonday quick campaign webpages, (“bad design, unsafe coding, and usage of insecure third-party libraries”) and cybercrooks get an early Christmas present in the form of your credit card number and possible stolen identity.
How to protect yourself during Black Friday
- Stay home on Thursday Celebrate Thanksgiving with your family. That way you can safely eat too much and watch football and movies while avoiding the crazed crowds trying to jump the gun on Black FRIDAY sales.
- In God We Trust, All Others Use Cash Use cash or a credit card when paying for your purchases. With a credit card, you can dispute charges, if your financial data falls into the hands of cybercrooks.
- Change your passwords. Please don’t use the same password for online shopping sites that you use for your bank. When you do it’s like wrapping it in fancy paper and a bow – it’s that easy for a cybercrook to get to.
- Regularly monitor your bank and credit card statements to make sure all the transactions are legitimate. Monitor your credit report for any changes.
The average US family owns four mobile devices, plus Internet-connected computers and other devices. Your Avast Account helps you manage their security.
Keeping your security software up-to-date on all of these devices can quickly get confusing, and with today’s risks you want to make sure everything has adequate protection. Your Avast Account can simplify that task greatly.
Here’s what you get with an Avast account
Management made easy
- Register any Avast free product which you have installed and which requires registration.
- Manage multiple Avast-protected devices (PC, smartphone, tablet) from one place.
- Remotely control Android mobile devices with Avast Mobile Security and Avast Anti-Theft installed. This is especially useful in case of loss or theft of the device .
Information at your fingertips
You can find information about your connected devices.
- License status
- Expiration date
- Basic statistics
- Version of virus signature database
- Logs of activities, and more
Earn Avast Reward points for free stuff
You can generate your own special Avast Free Antivirus link to give to your family members and friends. When they download their own protection using your link, you collect “Karma” points to earn a free copy of Avast Internet Security. In your Avast Account, you can see how many points you have, earn badges and even see how you’re doing compared to other users.
Give Avast feedback
We provide links to the Avast Community Forum where you can ask questions of our experienced “evangelists,” and the Feedback page, where you can give suggestions, report a problem, or just say thanks.
Secure your Facebook profile
You can secure your Facebook profile using Avast Social Media Security. We help you navigate thorough the frequently changing security and privacy settings in Facebook. In the future we plan to add security profiles on other social networks.
How do I get an Avast Account?
New registrations of Avast Free Antivirus will automatically create an Avast Account and connect your device automatically. Visit https://my.avast.com or click Account in the Avast user interface. Use of the Avast Account for accessing other Avast services is completely optional.
NOTE: It’s especially useful to connect any mobile devices that have Avast Mobile Security installed because it gives you remote control over your device if the device is stolen. These remote control features have not yet been implemented for PC or Mac devices, therefore if you are not interested in the activity log or other information, you don’t have to connect your device to your Avast Account at all.
When you do connect your device, please be patient because of the large amount of data we have to process; the device status isn’t updated in real-time. It could take up to a half hour before the actual security status and other device information appears on the devices page, so check again later.
Security and privacy violations in Adobe’s Digital Editions eBook and PDF reader were discovered last week.
“This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects,” researcher Nate Hoffelder wrote in The Digital Reader blog post.
If you check out eBooks from your local library and read from a digital reader like a Nook, Kobo, or other non-Amazon eBook reader, then you have probably used Adobe’s free Digital Editions software.
Hoffelder said that Adobe is gathering user data on the eBooks that have been opened, which pages were read, and in what order, as well as metadata such as title and publisher –and all of it is being sent to Adobe’s servers in plain text. That means anyone who is interested and has the means, say, the National Security Agency or your ISP, could be reading over your shoulder. That’s not good. In fact, it’s very bad, as well as illegal.
It is hoped that Adobe’s Tuesday update will include a plug for the Digital Editions leak, but more likely it will be next week. In a statement to the American Library Association, Adobe reports they “expect an update to be available no later than the week of October 20” in terms of transmission of reader data.”
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.