News Ticker

Menu

Browsing "Older Posts"

Browsing Category "Security"

is necessary to install antivirus for Android?

/ No Comments




We are often asked whether antivirus apps for Android are necessary, and for good reason. Apple has tried hard to discredit Android as a virus-infested swamp of malware and there have been several high-profile Android security threats. Android has a tarnished reputation for security and viruses. But is this justified? Would Android users benefit from antivirus apps? 

Not according to Android security chief Adrian Ludwig. Just prior to the Google I/O developer conference earlier this year, Ludwig told reporters: "Do I think the average user on Android needs to install [antivirus apps]? Absolutely not. I don’t think 99 percent plus of users get a benefit from [anti-virus apps]." 

Ludwig also claimed that the threat posed by Android malware has been "overstated".

So where does this leave us? If the chief security engineer for Android says it ain't a problem, suggesting antivirus companies are just trying to sell their products, then should we be concerned? Maybe. Security companies and antivirus app developers would respond by saying Google is simply trying to downplay the flaws in its own Play Store. But let's back up a step.

 

What is Android viruses?

A virus is a type of malicious software (malware) program, the likes of which have been infecting our PCs for decades. As the Android platform has developed and became more widely used, so too has the number of potential threats to the system. Viruses don't actually infect Android, because they don't self-replicate, but the term gets used nonetheless.
Security reports – usually from antivirus and security companies – regularly tell us that the threats are on the rise. Whether you believe these reports or, like Ludwig, think they're simply trying to scare you into installing an app, it's a good idea to know as much as you can about Android viruses and where they come from.


   

General guide to Mobile Security

/ No Comments

guide to Mobile Security

As smartphones and tablets become increasingly central to modern life, the amount of personal information routinely stored on them has grown dramatically.

Unlike traditional computers, however, phones and tablets are easily stolen or misplaced. If that happens, your private data— passwords, credit card numbers and addresses — will be freely available to whoever picks up your device.

In this article, we'll discuss the various security threats your smartphone or tablet faces today, as well as the measures you can take to protect your privacy.

We'll also look at how Android and iOS stack up on security, weighing the benefits and downsides of each platform.

MORE: How to Keep Your Smartphone or Tablet Secure

Before discussing the ways in which you can lock down your Android or iOS device, it would be helpful to know what sort of security risks the modern smartphone faces.
ENISA, the European Union Agency for Network and Information Security, ranks some of the top security risks for smartphones and other mobile devices — and their threat levels — as follows:

Data leakage resulting from our device loss or theft (high risk)

Unfettered access to your smartphone can be a gold mine for anyone seeking access to your private information. If you lose your device due to forgetfulness or theft, and you haven't locked it down with a PIN or password, your phone's new owner will have access to data including:
·         Your email, including any passwords or account information that you've saved
·         Your social media accounts, such as Facebook, Google+ and Twitter
·         Passwords saved in your browser
·         Credit card information and passwords saved in apps like Amazon and Google Wallet
·         Email addresses, phone numbers and physical addresses of your contacts
·         Access to secured Wi-Fi networks that you've saved
·         Photos and videos saved on the device

Unintentional disclosure of data (high risk)

Developers frequently introduce more features than the average user can keep track of. For instance, you may be unaware that your device is broadcasting your location each time you post a photo using a social media app.
Here are some ways that you might be unintentionally letting the world know where you are:
·         If you've posted a photo with the location data turned on
·         If someone tags you in a photo without your knowledge
·         If you've "checked into" a specific restaurant or café using a location app

Attacks on used/abandoned devices (high risk)

If you haven't wiped an old or discarded mobile device properly, the next user can easily access an alarming amount of your personal data. According to ENISA, studies have found that improperly decommissioned mobile devices can yield information such as:
·         Call history
·         Contacts
·         Emails

Phishing attacks (medium risk)

Phishing is an insidious form of data collection in which an attacker tries to dupe users into entering personal data, such as passwords and credit card information, by sending them fake messages that appear genuine.
Phishing can appear in a variety of guises:
·         Fake apps designed to mimic legitimate applications such as "Angry Birds"
·         Email messages that appear to come from legitimate sources such as banks and other financial institutions
·         SMS messages that appear to come from legitimate sources such as your wireless provider

Spyware attacks (medium risk)

If your mobile device becomes infected with spyware— either from a rogue app or a malicious website — the malignant code can send your personal data to a remote server without your knowledge.
Information logged by spyware can include:
·         All of the keystrokes made since the spyware was installed
·         Names, phone numbers and email addresses of your contacts
·         Credit card information entered in the browser

Network spoofing attacks (medium risk)

Hackers occasionally prey on users who have connected to bogus or unsecured Wi-Fi networks. Unless you studiously enter personal information only on websites that use SSL encryption, your data could be at risk of being stolen.
Here are some examples of information you could accidentally disclose:
·         Passwords to unencrypted websites
·         Credit card information sent via an unencrypted website

security android mobile and android devices

Root and Android Pay issues explained from Google Security Engineer

/ No Comments
pay-service-google-android

Security Engineer for Google out of Mountain View, has joined xda-developers in order to discuss the issues with Android Pay on rooted devices, why it will not work and has confirmed that Google are listening to your feedback. Regarding root access and Android 


” Android users who root their devices are among our most ardent fans and when this group speaks, we listen. A few of us around Google have been listening to threads like this one and we know that you’re disappointed in us. I’m a security engineer who works on Android Pay and so this thread struck me particularly hard. I wanted to reach out to you all and tell you that we hear you.
Google is absolutely committed to keeping Android open and that means encouraging developer builds. While the platform can and should continue to thrive as a developer-friendly environment, there are a handful of applications (that are not part of the platform) where we have to ensure that the security model of Android is intact.
That “ensuring” is done by Android Pay and even third-party applications through the SafetyNet API. As you all might imagine, when payment credentials and–by proxy–real money are involved, security people like me get extra nervous. I and my counterparts in the payments industry took a long, hard look at how to make sure that Android Pay is running on a device that has a well documented set of API’s and a well understood security model.
We concluded that the only way to do this for Android Pay was to ensure that the Android device passes the compatibility test suite–which includes checks for the security model. The earlier Google Wallet tap-and-pay service was structured differently and gave Wallet the ability to independently evaluate the risk of every transaction before payment authorization. In contrast, in Android Pay, we work with payment networks and banks to tokenize your actual card information and only pass this token info to the merchant. The merchant then clears these transactions like traditional card purchases. I know that many of you are experts and power users but it is important to note that we don’t really have a good way to articulate the security nuances of a particular developer device to the entire payments ecosystem or to determine whether you personally might have taken particular countermeasures against attacks–indeed many would not have. “–  jasondclinton_google
google-wallet-pay


Replying to the possibility that this meant that support for rooted device may one day come, Jason stated “I don’t know of any way to currently or in the near future make an assertion that a particular app’s data store is secure on a non-CTS compatible device. As such, for now, the answer is “no”” and replying to one user’s statement that if he had to choose between root and Android Pay, they would choose root, Jason gave his sympathies and claimed that he wished it were possible to achieve root functionality without actually rooting. He has also taken feedback regarding placing a warning in the play store stating that the app will not work on rooted devices.
Unfortunately, it has been confirmed that any non-official build will fail to pass SafetyNet due to the system image not being expected. He continued by stating that. “One way of thinking about this is that the signature can be used as a proxy for previous CTS passing status. (If we were to scan every file and phone device enumerated by the kernel to infer what environment we are running on, we’d bog down your device for tens of minutes.) So, we start with the CTS status inferred by a production image signature and then go about looking for things that don’t look right. This community has identified quite a few of the things that we are looking at, already: presence, of ‘su’, for example.” – jasondclinton_google

So there you have it, alas Android Pay is not coming to rooted devices anytime soon, however Google is listening to your feedback and is responding.


all the discussions in the XGA Furums 

Every month Nexus devices receive security updates

/ No Comments


google-nexus-secure




All Nexus devices will  receive now   every month all important security updates officially from Google, in addition to their usual platform updates.  it Starting now with the release of the Stagefright exploit fix, Google company will be pushing out security updates, and notifying its partners on a monthly basis. Samsung  has also already committed to fast tracking security updates with monthly fixes.
With Google's existing security measures, less than 0.15 % of devices that installed apps from Google Play store installed any type of harmful app. Security is extremely important, and the monthly updates is yet another way that Google will help keep its users more safe.
 devices of Nexus have always been among the first Android devices to receive platform and security updates. From this week on, all Nexus devices will receive regular OTA updates all month focused on security, and also to the usual platform updates.
it still (google)committed to supporting Nexus devices with  updates for two 2 years, and security patches for three years, or 18 months from the last date of sale in the Google Store.

Dubsmash2 Another malicious clicker for Android

/
Dubsmash 2
experts Avast antivirus company found Trojan, which is a porn clicker for Android. She was placed in the store Google Play Store and called Dubsmash 2. A malicious program disguised as a legitimate application, and has been downloaded more than 100 thousand. Times.!! It does not cause direct damage to the user, such as the theft of online banking data or data accounts. Instead, the clicker generates traffic or clicks on porn resources. In the case of a victim of the mobile Internet, such an operation could cost greatly embezzlement..

Less than a month later, researchers also found many variations of this malware on Google Play. The following screenshot shows it is a malicious application in Google Play.

malicious application


One of the last known fake applications Dubsmash 2 were uploaded to Google Play its removed therefrom by google. Such a short period of time was sufficient for it to be loaded with more than 5 thousand. Time. The application contained a mechanism clicker, as in the case of previous versions of it.

The authors of the false application did not wait a long time before downloading a new version of its Play store and 23 th of the new version has been posted. Within three days after the placement, this version downloaded more than 10 thousand. Times. Further, the 25 th and 26 th of May the new modifications Dubsmash 2 were loaded into Play in the fourth and fifth time. They contain the same malicious functions as the previous version. In fact, this is a very rare case for the app store Google Play, when a malicious application with the same features were uploaded to several times for a small period of time.  


Malware was added to the antivirus databases ESET like Android / Clicker. The files themselves have been removed from the Google app store

After you install this application, the user can not see the icon of the application Dubsmash 2 at the device. Instead, he receives a different icon and the application that has nothing to do with Dubsmash. On the device, a false application for a simple arcade game system, or application. After its launch, the application hides the start icon, but continues to run in the background. This continues the generation of traffic to porn sites. 

fake app
  

A malicious application activity is triggered when the device changes the connection to the network. In fact, it is easy to get the list URL, clicks on which are performed as they are stored unencrypted. URL list is loaded from a remote malicious server, and the server address is stored in clear text in the body of the application. However, the latest version of a malicious application, there is an interesting feature: the malicious code will not perform his actions in the presence of the device of any antivirus product. It checks the installed applications on the basis of the names of packages, and the list includes the names of 16 antivirus vendors (see. Table below). Package names requested from C & C-servers. After installing the application, it can not be detected by anti-virus products, however, there is a chance that his malicious activity will be blocked by URL-address, which the dyal click. For the user, it is very suspicious of the fact that the device can request data from the server, which has been blocked for malicious activity.


If none of the above applications is not installed malicious application begins its work, and requests from a remote server links to click. These links will be downloaded every 60 seconds. widget type web view inside the invisible window, with a special random pattern sipolzuetsya links.

For example, this malicious application, we saw that the store distribution applications Google Play still has weaknesses stationed there applications have been downloaded more than 10 thousand. Users. The authors specifically used the name of a legitimate application to mask their fake program. We encourage users to read reviews of applications even if the application does not request any suspicious from the point of view of security permissions. 


For example, this malicious application, we saw that the store distribution applications Google Play still has weaknesses stationed there applications have been downloaded more than 10 thousand. Users. The authors specifically used the name of a legitimate application to mask their fake program. We encourage users to read reviews of applications even if the application does not request any suspicious from the point of view of security permissions.