Posts Tagged ‘smartphones’

PlayDrone Reveals Secret Keys from Thousands of Play Store Android Apps – The Hacker News

Friday, June 20th, 2014

google android hacks

Google’s Android Mobile operating system for smartphones and tablets have Google’s own Play Store that provides its Android users the most visible way to access the world of millions of apps.

App developers produce more than thousands of applications each year, but majority of newbie and unprofessional developers use unsafe, unreliable, and insecure coding practices, as many developers store secret keys in their apps that could potentially allow cybercriminals to steal users’ sensitive data.

A team of researchers from the computer science department of the Columbia University have discovered a critical security problem in the Google’s official Android app store from where millions of Android users download various apps.

Researchers have found that most of the Android application developers often store their secret keys in their app’s code, similar to usernames/passwords information, which could be then used by any bad actor to maliciously steal users’ information or resources from the service providers such as Amazon and Facebook.

These vulnerabilities in the implementation of the Android applications can affect users even if they are not actively using the Android apps. Even "Top Developers" designated by the Google Play team as the best developers on Google Play, included these vulnerabilities in their apps, according to the researchers.

Google play store contains millions of apps, including free and paid apps, and over 50 billion app downloads.

“But no one reviews what gets put into Google Play—anyone can get a $25 account and upload whatever they want. Very little is known about what’s there at an aggregate level," said Jason Nieh, professor of computer science at New York-based Columbia Engineering.

Researchers built and make use of a tool called PlayDrone, the first scalable Google Play store crawler tool that uses various hacking techniques to deceive the security measures that Google uses to prevent indexing of its Google Play store content. One can successfully download Google Play store content and recover their sources. (Slides) (Download PlayDrone)

via PlayDrone Reveals Secret Keys from Thousands of Play Store Android Apps – The Hacker News.

First Android Ransomware that Encrypts SD Card Files

Monday, June 9th, 2014

 

android ransomware virus

We have seen cybercriminals targeting PCs with Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it.

To deliver the Ransomware malwares to the mobile devices, cyber criminals have already started creating malicious software programs for android devices. Last month, we reported about a new Police Ransomware malware that locks up the devices until the victims pay a ransom to get the keys to unlock the phone. But, the malware just lock the mobile screen and a loophole in the its implementation allowed users to recover their device and data stored on SDcard.
Now, in an effort to overcome this, threat actors have adopted encryption in the development of mobile Ransomware malwares. Recently, the security firm ESET has discovered a new Android ransomware, dubbed as Android/Simplocker.A, that has ability to encrypt the files on the device SD card and then demand a ransom from the victim in order to decrypt those files.
Once installed, the malware scans the SD card for certain file types such as image, document or video with extensions – jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypts them using AES in a separate thread in the background. After encrypting the files, the malware displays the following ransom message, written in Russian, which clearly means that this threat is targeting Russian Android users.

WARNING your phone is locked!
The device is locked for viewing and distributing child pornography , zoophilia and other perversions.
To unlock you need to pay 260 UAH.
1.) Locate the nearest payment kiosk.
2.) Select MoneXy
3.) Enter {REDACTED}.
4.) Make deposit of 260 Hryvnia, and then press pay. Do not forget to take a receipt!
After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!

The Ransomware malware directs victim to pay the ransom amount i.e. 260 UAH, which is roughly equal to $21 US, through the MoneXy service, as this payment service is not easily traceable as the regular credit card.
mobile virus
To maintain anonymity the malware author is using the Command-and-Control server hosted on TOR .onion domain and the malware sends the information of the infected device such as IMEI number to its server. The researchers at ESET are still analysing the malware:

Our analysis of the Android/Simplock.A sample revealed that we are most likely dealing with a proof-of-concept or a work in progress – for example, the implementation of the encryption doesn’t come close to “the infamous Cryptolocker” on Windows.

The researchers have found that the malware is capable to encrypt the victim’s files, which could be lost if the decryption key is not retrieved from the malware author by paying the ransom amount, but on the other hand the researchers strongly advise users against paying fine, as their is no guarantee that the hacker will provide you decryption keys even after paying the amount.
Unfortunately, mobile antivirus products are only capable to detect such known/detected threats only and can’t detect similar the new threats. So, it is important for you to always keep the back-up of all your files either manually on the computer system or use cloud backup services like dropbox, google drive etc, in order to protect it from the emerging threats.

via First Android Ransomware that Encrypts SD Card Files – The Hacker News.

China Bans Microsoft Windows 8 for Government Computers

Wednesday, May 21st, 2014

 

 

China Windows 8
While US government is always prohibiting the purchase of Huawei products due to suspected backdoors from the Chinese government, China also keep itself totally apart from the US productions.
China is a bit famous for using its own operating systems, smartphone application services and lots more, rather than using the US developed Operating Systems, and now China has reportedly banned the installation of Microsoft Corporation’s latest operating system, Windows 8 on any of its government computers.
The Central Government Procurement Center issued a notice that was posted on its website last week prohibiting the use of Microsoft’s latest operating system and the reason behind it is to support the use of energy-saving products, the report said.
But the state news agency ‘Xinhua’ pointed out a different reason for the ban saying the country wants to avoid any further losing of the support for an operating system like it did recently by pulling out its support from the oldest operating system Windows XP, which was widely used in China and is still estimated to be used on as much as half of the Chinese desktop market, the Chinese news agency claimed.
In the beginning of last month, Microsoft stopped providing the support for its longest running and most successful 13 year old Operating system, Windows XP, despite the fact that it has been used widely across the world than any other OS.
China

According to China’s Central Government Procurement Center, all the desktops, laptops, and tablets used by central state agencies must run on an OS other than Windows 8. “All computer products are not allowed to install [the] Windows 8 operating system,” reads the post on the center’s website.

The ban applies only to the government offices, however the market of personal computers remains unaffected. Till now, Microsoft didn’t respond to comment on the issue.

via China Bans Microsoft Windows 8 for Government Computers.

GM Rolls Out Pricing 4G LTE Service – ($5.00/day!)

Monday, May 12th, 2014

GENERAL MOTORS

The 2015 Chevrolet Malibu will be the first 4G LTE-equipped GM vehicle starting June. AP

General Motors Co. GM is rolling out an a-la-carte pricing menu, betting consumers are willing to pay a little extra to turn their cars into a Wi-Fi hot spot.

For $5 a day, GM vehicle owners can access 4G LTE high-speed connectivity allowing their occupants to do everything from access the Internet to download movies. GM will offer the feature through its OnStar service, although it is AT&T Inc. T +0.14% that will handle the connection. Both companies would share in the revenue.

It is a big gamble for the auto maker, especially since most Americans already use smartphones or iPads to connect to the Internet while riding in vehicles. Skeptics have also questioned why people would pay for yet another wireless service.

“It’s a bit of a trial and error to see what sticks with consumers,” said Thilo Koslowski, an analyst at Gartner Group IT -0.23% who follows connected-car developments. “Companies will initially face a consumer reaction of ‘I already have a data plan with my phone.’ That means that the in-vehicle experience has to be better, faster and more robust. If that is not strong enough, prices will have to drop.”

via GM Rolls Out Pricing 4G LTE Service – WSJ.com.

Billions of Smartphone Users affected by Heartbleed Vulnerability – The Hacker News

Monday, April 14th, 2014

Billions of Smartphone Users affected by Heartbleed Vulnerability

Heartbleed has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk.

Android blackberry apple iphone heartbleed

Heartbleed is a critical bug (CVE-2014-0160) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL’s implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server’s memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal.

via Billions of Smartphone Users affected by Heartbleed Vulnerability – The Hacker News.

Millions of Android Devices Vulnerable to Heartbleed Bug – Bloomberg

Friday, April 11th, 2014

Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co., HTC Corp. and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software and the company has said more than 900 million Android devices have been activated worldwide.

via Millions of Android Devices Vulnerable to Heartbleed Bug – Bloomberg.