Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘unsecured WiFi’
December 1st, 2015

How many people connect to unknown Wi-Fi hotspots without even knowing?

An Avast team calling themselves the Security Warriors, comprised of intra-departmental specialists, are running experiments in the streets of San Francisco. They spent a few days setting up the first of them and have already gathered some interesting statistics. In Filip‘s words, here is what they have done so far and what they want to achieve. 

Security Warriors

Filip Chytrý , president of mobile Gagan Singh, Bára Štěpánová, Jaroslav Slaby, and Vladislav Iliushin. Not pictured: Ondrej David

One of our first experiment’s objectives is to analyze people’s behavior by seeing how they have their devices preset in terms of outside communication. We didn’t have to go far to find out – it’s pretty disturbing. Currently, we have a variety of devices prepared for different traffic experiments but now we are using them for one really easy target – to analyze how many people connect to a fake hotspot. We created fake Wi-Fi networks called Xfinity, Google Starbucks, and Starbucks. From what we’ve noticed, Starbucks is one of the most widespread networks here, so it’s pretty easy to get people’s devices to connect to ours.

wifi hotspot

Wi-Fi networks screen

 

What is the problem we’re trying to point out?

Once your device connects to a known SSID name at your favorite cafe, the next time you visit, it will automatically try to connect to a network with the same name. This common occurrence becomes a problem because it can be misused by a hacker.   Read more…

October 15th, 2014

“Poodle” security hole has a nasty bite

poodles

“Poodle” bites on open WiFi networks with multiple users.

A security hole called Poodle could allow hackers to take over your banking and social media accounts.

Yesterday, Google researchers announced the discovery of a security bug in version 3 of the Secure Sockets Layer protocol (SSLv3). This web technology is used to encrypt traffic between a browser and a web site, and can give hackers access to email, banking, social accounts and other services.

Poodle bites multiple users in unsecure open WiFi networks, like the ones you use at coffee shops, cafes, hotels, and airports.

“To exploit the vulnerability, you must be running javascript, and the attacker has to be on the same network as you—for example, on the same Starbucks Wi-Fi network you’re using,” explained Kim Zetter in a WIRED article.

Avast experts strongly recommend that our users protect themselves when using free WiFi with avast! SecureLine VPN.

Poodle is not considered as serious a threat as this past spring’s Heartbleed bug which took advantage of a vulnerability in OpenSSL, and or last month’s Shellshock bug in Unix Bash software.

SSLv3 is an outdated standard (it’s a decade and a half old), but some browsers, like Internet Explorer 6, and older operating systems, like Windows XP, only use the SSLv3 encryption method. Google’s security team recommends that systems administrators turn off support for SSLv3 to avoid the problem, but warns that this change will break some sites.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

February 23rd, 2014

Protect yourself NOW from Apple Security flaw

Apple iPhone, iPad, and iPod users: Update your mobile operating system iOS now to patch a serious SSL encryption bug that opens you wide to a “man-in-the-middle-attack,” (MITM)  especially when you use unsecured WiFi, for example at a cafe, hotel, or airport, even at your home. The flaw is “as bad as you could imagine” says one cryptography expert.

What is protected and what’s not

The 7.0.6 update is for all devices that can run iOS 7;  iPhone (4 and later), iPod touch (5th generation) and iPad (2nd generation).

The iOS 6.1.6 update is for the iPhone 3GS and fourth-generation iPod touch.

ATTENTION: The bug still exists in Apple’s Mac OS X 10.9.1 desktop operating system and there is no patch for it at this time.

IMG-main-ios-smHow to update your iOS

  1. 1. Plug the device into your computer
  2. 2. Open iTunes
  3. 3. Click the device name
  4. 4. Click the button that says, “Check for update”

The best protection is VPN

This security flaw allows a cybercrook to use an insecure WiFi connection to put a man electronically “in the middle” of the transactions you make on your iPhone or iPad to intercept data.

“The flaw is in SSL, and the easiest way to exploit that is via unsecure/public WiFi,” said Ondřej Vlček, AVAST’s COO told Apple users in San Francisco before the annual RSA conference begins. “avast! SecureLine VPN for iOS can protect against the Apple security bug.”

The MITM attack gives them access to the information you thought was secure like credit card numbers. The best protection is to plug that hole with a VPN product.

How to get avast! SecureLine

avast! SecureLine VPN is available as a monthly or yearly subscription for iOS in the Apple App Store.

Watch this video for more information on avast! SecureLine VPN

 

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.