Here’s your wrap up of security and privacy related news from the June 17 – 27 posts on the Avast blog:
It’s summertime in the Northern Hemisphere and many people are going on or planning their vacation. Beware of fake vacation packages and beautiful rental properties that are not as they seem. These Vacation scams can ruin your holiday, so read up before you become a victim.
More than 600 million Samsung phones were reported to be at risk because of a vulnerability found in the keyboard app SwiftKey. The best way to protect yourself is to use a virtual private network (VPN) when using an unsecured Wi-Fi hotspot. If you have a Samsung S6, S5, or S4, you need to read Samsung phones vulnerable to hacker attack via keyboard update.
Last night the pilot episode of MR. ROBOT, a new thriller-drama series aired on USA Network.
The show revolves around Elliot who works as a cyber security engineer by day and is a vigilante hacker by night.
I watched the episode and then sat down with Avast security expert Pedram Amini, host of Avast’s new video podcast debuting next week, to find out if someone like you or me could be affected by the hacks that happened in the show.
In the second minute of the episode we see Elliot explaining to Rajid, owner of Ron’s Coffee, that he intercepted the café’s Wi-Fi network, which lead him to discover that Rajid ran a child pornography website.
Stefanie: How likely is it that someone can hack you while you’re using an open Wi-Fi hotspot?
Pedram: Anyone with a just a little technical knowledge can download free software online and observe people’s activities on open Wi-Fi. We went to San Francisco, New York, and Chicago for a Wi-Fi monitoring experiment and found that one-third of Wi-Fi networks are open, without password-protection. If you surf sites that are unprotected, meaning they use the HTTP protocol, while on open Wi-Fi, then anyone can see, for example, which Wikipedia articles you are reading, what you’re searching for on Bing, and even see what products you are browsing for on Amazon and eBay, if you do not log in to the site.
Stefanie: Wow! That’s a bit frightening… How can I protect myself then?
VPN service Hola, which has millions of users, recently came under fire for not being as up front with their users as they should have been. In the past weeks it has been revealed that Hola does the following:
- allows Hola users to use each others’ bandwidth
- sells their users’ bandwidth to their sister company Luminati (which recently helped facilitate a botnet attack)
- and, according to Vectra research, Hola can install and run code and additional software on their users’ devices without their users’ knowledge.
If you are an Hola user or if you know someone who uses Hola, please make sure you/they are aware of this.
We rely on our apps. Everyday we use our favorite ones to check news, the weather for our next trip, and communicate with our loved ones. Some apps, especially the system ones, are continuously in use, even if they are not the foremost app on your screen. The keyboard is one of them.
Recently, a dangerous vulnerability was discovered in the most popular keyboard, SwiftKey. If you have a Samsung S6, S5, and even a S4 running the stock operating system, you’re at risk. The app always checks for language updates, but this process is not performed in a secure way. If you’re connected with an open or public Wi-Fi, your phone is at risk of a very common and dangerous Man-in-the-middle attack. Your connection will be compromised and all the Internet traffic could be eavesdropped upon. That includes the passwords you’re typing in the very same keyboard, your financial information, everything.
To insure your security, you need to use a VPN when on Wi-Fi, since that’s when most updates are scheduled to occur. You probably already know what a VPN is and how it works. If not, you can find a lot of information in our blog. Our product, Avast SecureLine VPN, creates an encrypted tunnel for the inbound and outbound data of your Internet connection, blocking any possibility of a Man-in-the-middle attack.
But the story does not end here. If you use SwiftKey on an unsecured Wi-Fi, the attacker could also download malware into your phone or tablet. That’s a job for Avast Mobile Security & Antivirus (AMS). Some users think that we don’t need a security product for our phones. They also think that security companies exaggerate the need for a security app just to sell their products. AMS not only scans the installation process of apps but also checks the Internet sites you’re visiting and malicious behavior of any file in your device. You can install Avast Mobile Security & Antivirus on your Android device for free from the Google Play store.
NOTE: At the writing of this post, a patch for the vulnerability was provided to mobile network operators by Samsung. SwiftKey wrote on their blog, “This vulnerability is unrelated to and does not affect our SwiftKey consumer apps on Google Play and the Apple App Store.”
By the end of the decade, everyone on Earth will be connected.
–Eric Schmidt, Google chairman
As a rule of thumb, it’s good to keep in mind that anything and everything that can be connected to the Internet can be hacked. Poorly designed or implemented systems could expose serious vulnerabilities that attackers can exploit. Now, most of us are fairly familiar with certain gadgets that can be connected to the Internet, such as mobiles devices and/or laptops, smart watches, and cars, but what about the things that are still emerging within the Internet-connected world? Some of these new items include routers, sensors, and everyday gadgets such as alarm clocks, wearables, microwaves, and grills.
The Avast biweekly wrap-up is a quick summary of what was on the Avast blog for the last 2 weeks .
March Madness wraps up on April 6th. Even if you are traveling abroad, all you basketball fans can watch the game using a VPN service. Stay safe during March Madness using Avast SecureLine explains why you should always use VPN when connecting to a public Wi-Fi hotspot, plus the added benefit of being able to watch geo-restricted content online.
Speaking of Wi-Fi – Just like in real estate, one of the most important things for your router is location, location, location. 5 things you can do to boost your Wi-Fi network shares helpful things that you can do yourself to make your Wi-Fi signal stronger within your home or business.
I run because I really REALLY like Beer!
Team Avast rocked it at the Sportisimo Prague Half Marathon.
World Backup Day was a good reminder that we need to take time to prevent data loss on our PCs and mobile phones. We discovered that one of the main reasons that people do not back up their data is because they are lazy.
The family IT expert knows how frustrating it can be to help someone solve a computer problem over the phone. Avast makes it easier with our Remote Assistance service. Now you can Help others with their computer issues using Avast Remote Assistance.
For those of you who like to DIY, you can learn How to use the Avast Virus Chest and what actions you can perform on files inside the chest.
With all the security improvements in browsers and operating systems, some people have questioned whether they still need antivirus protection. The business of malware has changed, but it can still be devastating if you are targeted. COO Ondrek Vlcek explains why Avast is not your father’s antivirus protection.
Stay safe on public Wi-Fi while watching the game from anywhere in the world with Avast SecureLine VPN.
March Madness is in full swing — this year’s NCAA Tournament is now in its second week and we’re already down to the Sweet 16. When you think about March Madness, you probably think about your bracket, your favorite college basketball teams, and the bets you’ll place on those who you think will win the tournament. Although it’s easy to get caught up in the spirit of March Madness, it’s the betting process that you should really be paying attention to: this popular activity serves as the perfect opportunity for hackers to access your personal information.
Since most people watch the NCAA games in bars or cafes with friends, they make the majority of their bets using their mobile devices while connected to public and often unsecured Wi-Fi networks. Public Wi-Fi networks are convenient, but they‘re not safe. Cybercrooks can easily access and steal personal data when you‘re connected to these unprotected networks. Even if you’re transmitting data from one HTTPS site to another, it’s the connection in-between the two sites that really puts your data at risk. Additionally, developments such as real-time betting make the odds for getting hacked even greater.
During March Madness, a time of year when so many financial transactions are being made, cybercrooks are especially likely to steal your banking info (e.g. your credit card and/or account numbers) and personal info (e.g. your social security number, social media accounts, etc.). Avast SecureLine VPN for Android and updated for iOS devices keeps these cybercrooks at bay and securely allows you to use your PCs, smartphones, and tablets on unsecure Wi-Fi networks while participating in March Madness at your favorite bar or cafe.
“Unfortunately hacking isn’t a complicated process – there are tools available online that anyone can easily use to steal personal data,” says Ondrej Vlček, COO at AVAST. “We created Avast SecureLine VPN to allow users to browse the web anonymously and safely, especially while using open Wi-Fi.”
Watch content from all over the world
You don’t have to miss a single game or your favorite program while you are traveling. SecureLine VPN makes it look like you’re connected from a different location, allowing you to view ‘local’ content anywhere because your shown geo-IP address will be different from your real one.
Keep your data and identity safe using Avast SecureLine
VPN stands for Virtual Private Network. Avast SecureLine VPN creates a private ‘tunnel’ through the internet for your data to travel through, and everything – your web browsing history, your email, your IMs, your VOIP, everything – inbound and outbound through the tunnel is encrypted. Even if your data is intercepted, your identity is protected, since Avast SecureLine masks your IP address.
For those of you interested in technical specs, here are the highlights:
- Avast Secureline VPN uses OpenVPN protocol.
- The encryption used is 256bit AES.
- Communication on all ports is encrypted.
How to get Avast SecureLine
Avast mobile security experts launched a new app today at the Mobile World Congress in Barcelona.
Avast SecureMe is the world’s first application that gives iPhone and iPad users a tool to protect their devices and personal data when they connect to Wi-Fi networks. The free app automatically locates Wi-Fi networks and tells users which of them are safe. Since many users connect without knowing the status of the Wi-Fi network – whether it’s protected or not – Avast SecureMe will create a secure connection in order to keep them safe.
“Public Wi-Fi and unsecured routers have become prime targets for hackers, which presents new risks for smartphones and tablets – even iOS devices aren’t immune,” said Jude McColgan, President of Mobile at Avast.
Avast SecureMe will be available in a invitation-only public beta test within the next few weeks. Please sign up here, and the SecureMe team will contact you.
The app notifies you if it finds security issues
Avast SecureMe includes a feature called Wi-Fi Security. (This feature is also available for Android users within the Avast Mobile Security app available on Google Play.) People who use open Wi-Fi in public areas such as airports, hotels, or cafes will find this helpful. This feature’s job is to scan Wi-Fi connections and notify you if it finds any security issues including routers with weak passwords, unsecured wireless networks, and routers with vulnerabilities that could be exploited by hackers.
“Avast SecureMe and Avast Mobile Security offer users a simple, one-touch solution to find and choose safe networks to protect themselves from the threat of stolen personal data,” said McColgan.
What’s the risk that my personal data will be stolen?
If you use unsecured Wi-Fi when you log in to a banking site, for example, thieves can capture your log in credentials which can lead to identify theft. On unprotected Wi-Fi networks, thieves can also easily see emails, browsing history, and personal data if you do not use a secure or encrypted connection like a virtual private network (VPN). See our global Wi-Fi hacking experiment to see how widespread the threat really is.
The SecureMe app includes a VPN to protect your privacy
Avast SecureMe features a VPN to secure your connections while you conduct online tasks you want to remain private, especially checking emails, doing your online banking, and even visiting your favorite social network sites. Avast SecureMe automatically connects to the secure VPN when it detects that you have connected to a public Wi-Fi making all transferred data invisible to prying eyes. For convenience, you can disable the protection for Wi-Fi connections you trust, like your home network.
Avast SecureMe for iOS will be available soon in the iTunes Store. Before it’s widespread release, we will conduct an invitation-only public beta test. Please sign up here, and the SecureMe team will contact you.
The Wi-Fi Security feature is now also included in the Avast Mobile Security app for Android, available on Google Play.
Is the convenience of open Wi-Fi worth the risk of identity theft? Most Americans think so.
In a recent survey, we found that only 6% of Americans protect their data by using a virtual private network (VPN) when using public Wi-Fi with their smartphone or tablet. That leaves a whopping 94% unprotected. Why is this?
Do people not know the risks of using unsecured public Wi-Fi?
Is avoiding data overages or the convenience of no password more important than the data on their devices?
Are they not aware that there is protection available?
Are they scared they won’t understand how to use VPN because of the technical sounding name?
The truth about open, public Wi-Fi
The truth is that using unprotected Wi-Fi networks could end up costing you your privacy and identity when you use them without protection like Virtual Private Network (VPN) software. This is because unsecured networks, those are the ones that do not require registration or a password, give cybercrooks easy access to sensitive personal information.
“As mobile cloud storage becomes more popular and the quest for free Wi-Fi continues to grow, open networks that require no passwords place unprotected consumers at great risk of compromising sensitive personal data,” said Jude McColgan, president of mobile at Avast.
“The majority of Americans don’t realize that all the personal information on their mobile devices becomes defenseless over public Wi-Fi if used without protection. These networks create an easy entry point for hackers to attack millions of American consumers on a daily basis.”
Avast can protect you and it’s not hard or expensive
“Unfortunately hacking isn’t a complicated process – there are tools available online that anyone can easily use to steal personal data,” says Ondrej Vlček, Chief Operating Officer at Avast. “Avast SecureLine VPN allows users to browse the web anonymously and safely, especially while using open Wi-Fi.”
Avast SecureLine VPN protects your Internet connections with military-grade encryption and hides your IP address. If that sounds like mumbo-jumbo to you, what it means is that essentially our VPN protection makes your device invisible to cybercriminals. In addition to that, using the VPN hides your browsing history, so no one can monitor your behavior online. We assure you, it’s as easy as can be to use.
More easy things you can do to secure your smartphone and tablet.
On our blog last week, we shared the first 7 easy security measures to protect your Android devices and the data stored there. But we haven’t finished them. Let’s go a little further.
8. Keep an eye in your phone or, if you can, set Geofencing protection
Don’t put your phone down and go somewhere else. And if you’re having fun in a bar and drinking a beer with friends, have a lucid thought before starting: Turn the Avast Geofencing module on. It’s easy. Open Avast Premium Mobile Security > Anti-Theft > Advanced Settings > Geofencing.
9. Be aware of what permissions apps require
Why should a flashlight app need access to your contacts? Why would a calculator need access to your photos and videos? Shady apps will try to upload your address book and your location to advertising servers or could send premium SMS that will cost you money. You need to pay attention before installing or, at least, uninstall problematic apps. It’s not easy to find a way (if any) to manage permissions in a non-rooted Android phone.
We have written about this before as apps could abuse the permissions requests not only while installing but also on updating. Read more to learn and be cautious: Google Play Store changes opens door to cybercrooks.
10. Keep your device up-to-date
Google can release security updates using their services running in your devices. Developers can do the same via an app update. Allow updates to prevent vulnerabilities, the same as you do in your computer. But pay attention to any changes. See tip #9.
You can encrypt your account, settings, apps and their data, media and other files. Android allows this in its Security settings. Without your lockscreen PIN, password or gesture, nobody will be able to decrypt your data. So, don’t forget your PIN! Nevertheless, this won’t encrypt the data sent or received by your phone. Read the next tip for that.
12. In open/public Wi-Fi, use a VPN to protect your communication
Cybercrooks can have access to all your data in a public, open or free Wi-Fi hotspot at the airport or in a cafe. Avast gives you the ability to protect all inbound and outbound data of your devices with a secure, encrypted and easy-to-use VPN called Avast SecureLine. Learn more about it here.
13. Set the extra features of Lollipop (Android 5)
If you’re with Android Lollipop (v5), you can set a user profile to allow multiple users of the same device. You can create a restricted user profile that will keep your apps from being messed with by your kids or your spouse.
You can also pin the screen and allow other users to only see that particular screen and nothing more. It will prevent your friends and coworkers from accidentally (or on purpose) looking into your device.
14. Backup. Backup. Backup.
Well, our last tip is common digital sense. If everything fails, have a Plan B, and C and D… With Avast Mobile Backup you can protect all your data: contacts, call logs, messages, all your media files (photos, musics and videos) and your apps (with their data if you’re rooted) in safe servers. If your device gets broken, lost or stolen, everything will be there, encrypted and safe, for you to restore to your new device.
Have you followed all our tips? Are you feeling safe? Do you have an extra protection or privacy tip? Please, leave a comment below.