Android Archives - Page 13 of 17 - IT Services & IT Support Wilmington, NC

March 19, 2020 Atlantic Computer Services Blog

Recent Data Breach Affects Some Walgreens Mobile App Users

Are you a Walgreens customer? Do you make use of the company’s mobile app, available for both Android and iOS devices? If so, be advised that the company recently disclosed a serious flaw in the app that inadvertently leaked both Personally Identifiable Information (PII) and Personal Health Information (PHI).

The information was in the form of supposedly secure messages within the app, to parties not authorized to see it. Both of these instances are serious HIPAA violations.

Walgreens promptly sent a notification to its impacted customers. That notification reads, in part, as follows:

“On January 15, 2020, Walgreens discovered an error with the Walgreens mobile app personal secure messaging feature. Our investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app.

Once we learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue. Walgreens will conduct additional testing as appropriate for future changes to verify the change will not impact the privacy of customer data.”

The notification did not specify how many users were impacted, but the company stressed that it was a very small percentage. Even so, the Walgreens app has more than 10,000,000 installations on the Android side, and more than 2.5 million on the Apple side, so even a few percentage points would be a significant number of users.

Regardless, if you use the app, there’s nothing for you to do. The issue has been resolved, and unless you received a notification from the company, it’s safe to assume that your information was not inappropriately accessed. Even so, it pays to be aware of the incident.

March 11, 2020 Atlantic Computer Services Blog

New Android Malware Can Get Past Two-Factor Authentication

Since 2010, Google has been doing its part to help keep its massive user base safe. They introduced a small but critical service called Google Authenticator, which is used by a number of online accounts as a two-factor authentication layer.

Google launched the service as an alternative to SMS-based one-time pass codes.

While SMS-based codes are better than nothing, they are the lowest common denominator in the world of 2FA, and are problematic for a number of different reasons. The main advantage Authenticator has over its SMS counterpart is that Authenticator’s randomly generated codes are contained within the user’s device itself, and never travel through insecure mobile networks.

Although Authenticator generated codes are widely regarded as being superior to SMS-based codes in terms of overall security, they’re certainly not invulnerable, as hackers have recently proved. Researchers from ThreatFabric recently announced that they’ve spotted a new strain of the Cerberus Trojan in the wild that is capable of stealing 2FA codes generated via the Authenticator application.

If there’s a silver lining in the research team’s findings, it is the fact that the strains they’ve uncovered seem to be test versions of the Trojan That means the new capabilities aren’t yet widely available. Unfortunately, it’s just a matter of time before the new strain is out of testing and starts seeing widespread use.

All that to say, that this is a serious threat. Be sure your employees are aware of the risks and dangers. Too often, people get comfortable after enabling 2FA and develop a false sense of security thinking that they’re essentially invulnerable.

They aren’t. No one is. While this is the first piece of malware we’ve seen that can counter 2FA, it certainly won’t be the last. Stay vigilant. It’s going to be a tough year on the security front.

March 3, 2020 Atlantic Computer Services Blog

The New Microsoft Office App Looks Like A Winner

In November of 2019, Microsoft made an announcement and gave users an early look at a new unified Office app designed specifically for Android and iOS devices. The purpose, of course, was to provide the essential functionality of Office in a faster, leaner, and lighter package that was better suited for use on mobile devices.

As of February 19th, 2020, the wait is over. Microsoft moved from merely previewing the new app to making it available for all users on both Android and iOS.

In the months since the preview was offered, additional functionality has been added and the app has been further streamlined. The final version includes support for third-party storage services, allowing users to connect their Box, Dropbox, iCloud and Google Drive folders to the app In addition, they’ll have access to popular templates, which makes the creation of complex documents and spreadsheets a snap.

Not content to stop there though. When Microsoft made the app available to all, they also announced that in the months ahead, they’d be releasing a trio of content-creation oriented features. These include Word Dictation, which will allow users to speak text into their devices and write or edit Word documents.

The company will also be releasing Excel Cards View, which is a card format for viewing and editing Excel table row data that doesn’t extend beyond screen limits. There will be a new outline to PowerPoint, which will allow users to create power point presentations in outline form and use PowerPoint Designer to turn it into a slide deck.

In its current form, the app is outstanding, delivering on the promise to provide Office functionality in a sleeker, lighter package. With the planned enhancements though, Microsoft’s new app will go from outstanding to unbelievably good. We can hardly wait to see what else the company may have in store. If you’re an Office user, get this app today. You’ll be very glad you did!

December 14, 2019 Atlantic Computer Services Blog

New Malware Can Spy On You In Scary Ways

There’s a new strain of malware in the wild. It is targeting Android devices and disguised as an innocuous chat app.

Researchers at Trend Micro have discovered it in two different apps so far: Chatrious and the Apex App. Chatrious has since vanished from Google’s Play Store, but at the time this piece was written, the Apex App is still available for download.

If you have either of these, you should delete them immediately.

In both strains unearthed so far, when a user downloads the app and launches it, the program will quietly connect to a command and control server. It will then begin rooting around in the device the app is installed on, collecting contact lists, text messages, call logs and any files stored locally on the device.

In addition to that, the malware can activate the device’s microphone to create audio recordings to be sent to the command and control server, and it is capable of taking screenshots of anything displayed on the device.

The app has only been found on the Play Store at this point. However, an analysis of the code reveals that the person or group behind it has already built in hooks that would make it capable of attacking iOS and Windows-based machines. The researchers fear that this malware is in an early stage of development. What they found in the code points to this being the leading edge of a much larger and more widespread attack.

In addition to its being a potentially devastating piece of malware, the researchers indicated that this code would be perfect for conducting highly advanced cyberespionage campaigns. That is, given that high ranking corporate and government employees have such a wealth of information on their phones and almost always keep them close at hand. The ability to make recordings of things going on in the immediate vicinity of the infected device could lead to no end of trouble.

In any case, if you have either of the apps mentioned above installed on your phone, delete them immediately. Trend Micro has promised further updates about this latest malware threat as they get them.

November 25, 2019 Atlantic Computer Services Blog

Android Devices Using Qualcomm Chips Can Be Hacked

Do you have an Android device? Is it built around a Qualcomm chipset?

If so, be advised that you may be at risk.

According to a report recently published by security firm CheckPoint, a recently discovered flaw could allow hackers to steal a variety of sensitive information on your phone or tablet.

The vulnerability resides in the QSEE, or “Qualcomm Secure Execution Environment,” which is an implementation of TEE (Trusted Execution Environment) based on ARM TrustZone technology.

This is the technology that guards the most protected parts of a mobile device. In addition to your personal information, the QSEE is used to house passwords, credit and debit card details, encryption keys, and the like. Basically, QSEE guards everything else that’s supposed to make your digital life secure, and it has been compromised. That puts millions of Android devices at risk.

CheckPoint’s security researchers had this to say about the issue:

“In a 4-month research project, we succeeded in reverse (engineering) Qualcomm’s Secure World operating system and leveraged the fuzzing technique to expose the hole.

We implemented a custom-made fuzzing tool, which tested trusted code on Samsung, LG, and Motorola devices, which allowed researchers to find four vulnerabilities in trusted code implemented by Samsung, one in Motorola, and one in LG.

An interesting fact is that we can load trustlets from another device as well. All we need to do is replace the hash table, signature, and certificate chain in the .mdt file of the trustlet with those extracted from a device manufacturer’s trustlet.”

In other words, it’s about as bad as a security issue can get. If there’s a silver lining, it is that Samsung, Qualcomm, and LG have already released a patch which fixes the issue. So, if you have a device manufactured by any of those companies, head to their website to be sure you get the patch.

Previous page 1 … 11 12 13 14 15 … 17 Next page

Tag Archives: Android