Browsing category
For years, cyber criminals have organized their operations and traded resources through discussion forums and auction sites. One popular item to trade is access to virus infected PCs for cash. These trading schemes are often called pay-per install (PPI) programs. We have recently started an investigation on a new type of pay-per install program, this
What do printed QR codes and NFC (Near Field Communication) chips have in common, besides storing instructions that computers can read? They are both hackable and their ability to store and communicate computer instructions is bound to be abused, if not already, then sometime soon. This happens to every new means of communication; QR and
While our recent post on BYOD focuses on the prevalence and/or risk of inadequately trained staff potentially creating problems for the core IT infrastructure using their own personal devices for work, it seems others here at RSA are concerned with preventing the exact same thing, but from a different angle. I attended one “lighting round”
In response to recent reports that malicious apps may have made their way into the official Android Market, Google has responded by announcing a new program to more proactively scan the Market and developer accounts for seemingly malicious apps and highlights and/or remove them before users experience trouble. Traditionally, the barriers of entry for developers
As legislators grapple with increasingly vocal smartphone owners concerned with privacy, a new Bill before the U.S. House of Representatives aims to require mandatory consumer consent prior to allowing the collection or transfer of data on such devices. You may recall that a company called CarrierIQ recently became the center of attention after a user
National Security Agency’s (NSA) SE Linux team, citing critical gaps in the security of Android , is building a Security Enhanced (SE) version of the publicly available source code for the Android project. This is a variant of the SE Linux project co-developed by NSA and RedHat, which gives (among other things) a more granular
I want share with you what ESET Latin America’s Research team thinks will be the main trends in malware and cybercrime in 2012. In our office it is usual to produce an analysis of emerging trends in a year-end report and so, in keeping with recent postings by my ESET colleagues, I present a summary
Android-specific software that checks for Carrier IQ could create an unanticipated problem.
Recently we see allegations that CarrierIQ is quietly collecting more information than Android users bargained for. In one case, Trevor Eckhart thinks he proved that they register users’ keystrokes without the users’ knowledge for reasons subject to ongoing speculation. We certainly had no trouble finding the CarrierIQ software on an HTC phone, where it possessed
I have an Android in my pocket as I type, with all kinds of cool apps ranging from GPS navigation to acoustic guitar tuner (really cool) – and apparently I’m not alone. Users are scooping up the latest batch of Android smartphones in record numbers, and what better target can malware authors ask for? Well,
With the proliferation of the data we hold on our mobile devices, it’s no wonder Neil Daswani, CTO of Dasient, says around 8% of the apps they tested have been leaking data. In a similar vein, he states, “The number of malware samples on mobile devices has doubled in the past two years.” Google tends
The mobile devices of late have more compute power than the full desktop PC of yesteryear, and they fit it your pocket, great news for folks “on the go.” And since you’re so multi-tasked anyway, why not load it up with things to make your life easier, after all, it’s really a phone with a
There are reports coming out today about Google Android and how approximately 99.7% of its users are potentially open to compromise. This news cycle started by the Ulm University publishing some information on the 13th of May showing some results. I’m sure this story will develop and CTAC may follow-up to my blog with more details;
…35% of iPhone/Android users in the US interact with their smartphones before they get out of bed…
As I have blogged about the Android platform a recurring comment has been “When will ESET have protection for my Android?” Well, I still don’t know when it will be available for sale, but for those who understand the risks involved with running beta software, have backed up all of their data on their Adnroid
…all the relevant malware they’ve seen uses exploits that are restricted to Android OS 2.2 and below…
At a time when Gartner estimates that we’ll have downloaded 17.7 billion + mobile apps worldwide by the end of this year, I couldn’t help thinking that Android users are likelier to pay for lax screening in the Android Market than users who are protected by reasonably strict application whitelisting.
Well, it looks like that concern had some justification. There are a spate of stories today about >50 applications pulled from the Android Market
A recent article at http://www.thinq.co.uk/2011/1/20/android-trojan-captures-credit-card-details/#ixzz1Bb8RGsWS describes how an attack against Android based phones might be able to capture your credit card information even when you speak it into the phone. The interesting thing about this proof of concept is not that the application can capture voice details, but rather that it uses a second application
The Lookout Mobile Security company is reporting a new trojan horse program that runs on Android based phones. The novel thing about this trojan is that it has enough functionality to allow the criminals to assemble an Android based botnet. This really should come as no surprise. The Android is not a phone with web
Sure, iPhones are a lot more stable than Androids, but there is one place that Android has it all over the iPhone… you get to know what resources an app can access before you install it. This capability, coupled with comments on apps can really help you make better decisions about what you install on
Back in the early 1990’s I had a 386 with 4 megabytes of RAM and a very large 80 megabyte hard drive. That little 386 could do something an Android phone cannot natively do. I could do a screen capture and save it to a file. I thought that for some of my blogs on