Tag Archives: Android

Posted on Author Atlantic Computer Services Categories Blog

Ransomware Now Sends Malicious Texts Through Mobile Device

If you own an Android device, there’s a new threat to be at least moderately concerned about.  It takes the form of a new ransomware family that spreads from one victim to the next with text messages that contain poisoned links to every contact on an infected device.

The ESET research team that found the software had this to say about it:

“Due to narrow targeting and flaws in both execution of the campaign and implementation of its encryption, the impact of this new ransomware is limited.

If your system is infected, the first thing it will do is raid your contacts list and send SMS text messages to everyone on it.  Anybody who clicks on the link in the SMS message will also be infected.

After sending a flurry of messages, the malware will turn its attention to your device itself. It will then set about the task of encrypting most of the files on your device.  Fortunately, the people behind this new threat prove themselves to be new to the game.”

ESET continues:

“After the ransomware sends out this batch of malicious SMSes, it encrypts most user files on the device and requests a ransom.  Due to flawed encryption, it is possible to decrypt the affected files without any assistance from the attacker.”

All in all, this issue is only of minor concern.  It’s annoying, and certainly time consuming to restore your files. However, it’s not an especially dangerous malware strain – yet, and that’s the problem.

Whomever is behind this new threat certainly has the right idea, even if they lack the technical chops to pull it off.  Skills, however, can be learned and honed.  As a first try, this effort is disturbing because it’s clever.  The moment the people who wrote the code get the technical skills to pair with that cleverness, they’re going to be genuinely dangerous.

0
Posted on Author Atlantic Computer Services Categories Blog

Playing Videos Could Allow Hackers Into Your Phone

Do you have an Android device?  Are you running Android Nougat, Oreo, or Pie (versions 7x, 8x, or 9x)?  Do you play games on your phone?

If you answered yes to those questions, you may have a problem. It is a bigger problem given that there are more than a billion devices currently in service running one of those operating systems.

A carefully crafted, innocent-looking video file could be embedded in a game app and could compromise your system, thanks to a critical vulnerability.

The RCE (Remote Code Execution) vulnerability is being tracked at CVE-2019-2107. It wworks by finding a way to trick the user into playing a poisoned video via Android’s native video player application.

Google moved quickly to address the issue and has already patched it, but there’s a catch. Millions of Android devices are still waiting for that last security update.  The bottleneck isn’t Google in this case. It’s the device manufacturers themselves that are dropping the ball.

As bad as the bug is, there is a potential silver lining.  The vulnerability only works if the video is viewed directly on the device.  If the video is received through an instant messaging app, or uploaded to a service like YouTube, the attack becomes utterly ineffective. That’s because messaging and video hosting services both compress and re-encode media files, which has a distorting effect on the embedded malicious code.

In terms of avoiding the issue, there are three things you can do:

  • Make sure your OS is up to date
  • Don’t download games or other apps from un-trusted third-party sources. Get them from the Google Play store or don’t get them at all.
  • Don’t download videos from un-trusted sources, including links to videos or apps you might get in your email.

While taking the advice above won’t completely eliminate your risk, it will dramatically reduce it.

0
Posted on Author Atlantic Computer Services Categories Blog

Some Android Apps To Receive Your Data Without Permission

When it works, Android’s app permissions are awesome.

They’re straightforward and easy to understand.

When you install a new app on your phone, you’ll get a popup box that gives you a summary of what permissions the app says it needs. Then, you have the option to either accept or deny it that permission.

Sometimes, the app winds up working fine, even if you deny it the permission.  But sometimes (like in the case of a map or direction app where you don’t allow it access to geolocation data), it won’t work at all.  By and large though, the system works as intended and it gives you a fair amount of control over which apps have what permissions.

Unfortunately, things are not always as they seem.  Researchers from UC Berkeley’s International Computer Science Institute recently tested 88,000 apps from the Google Play Store. They found 1,325 instances where apps continued to collect information even after users denied them the permission to do so.

The researchers had this to say about their findings:

“Modern smartphone platforms implement permission-based models to protect access to sensitive data and system resources.  However, apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels.

Side channels present in the implementation of the permission system allow apps to access protected data and system resources without permission, whereas covert channels enable communication between two colluding apps, so that one app can share its permission-protected data with another app lacking those permissions.”

To cite one example, the researchers discovered that the photo sharing website Shutterfly (which is commonly used for sharing and editing photos) collects GPS data from mobile phones and sends it to its own servers. That is even if users have declined the app permission to access location data.

The report estimates that based on the number of apps found to be circumventing permissions, the number of users being impacted are likely in the hundreds of millions. Even worse, there are no easy fixes for this problem.  Be aware then, that the apps you’re using are likely collecting more data about you than you realize, even if you’ve told them not to.

0
Posted on Author Atlantic Computer Services Categories Blog

New Spyware Is Targeting WhatsApp Messages

Recently, Kaspersky Labs has identified a new strain of malware to be concerned about, and it is spreading across the internet.

Called FinSpy, it specifically targets WhatsApp on both Android and iOS devices.  An analysis of the code reveals that the spyware was created by a German company called Gamma Group, and that it is primarily used by state actors.

In other words, it’s a serious piece of code, as is anything that’s predominately used by governmental agencies. If this malware winds up on your device, it can collect a wide range of information and send it back to the owners of the code.

This information includes:

  • SMS/MMS
  • Emails (including encrypted emails)
  • GPS location data
  • Photos
  • Files in memory
  • Phone call records
  • Messaging application data from Whatsapp, Telegram, Signa, Messenger, Viber, Threema and BBM

If there’s a silver lining to be found about FinSpy, it is the fact that in most cases, a hacker would need to gain physical access to your phone in order to install the malicious code.  The exception here is if you’re using a rooted smartphone or a jailbroken iPhone.  In those cases, all the hacker needs to do to install FinSpy on your device is send you an email or simple push notification.

At present, there’s no good way to prevent it, and no easy way to detect the malware if it finds its way onto your system.  Kaspersky Lab recommends avoiding opening suspicious links received via email or SMS and to protect your phone with a strong password.  Additionally, the company stresses the importance of regularly installing security updates. This is because FinSpy benefits from security flaws found in older versions of both Android and iOS operating systems.

So far, the company reports that there have only been about a dozen confirmed FinSpy installations worldwide. That’s good news indeed, but this is still a serious threat.

0
Posted on Author Atlantic Computer Services Categories Blog

Android Devices May Soon Get New Fast Sharing Feature

Google’s first attempt at making it possible for Android users to share files with each other was called Android Beam.

While it was functional, it left a lot to be desired, and never really caught on. That fact prompted the company to announce that it would be calling a halt to further Beam development in preference for a new tool.

It is called ‘Fast Share’, which the company sees as a direct competitor to iOS’s “AirDrop.”

Fast Share will allow users to share text, images, URLs and other files with nearby devices, even without an internet connection.  Rather than relying on NFC to connect and transfer files between devices, the new technology uses Bluetooth connectivity.

This, of course requires that both the sending and target devices have Bluetooth and Location Services activated.  Once those two conditions are true, users will be required to enter a Device Name and turn Fast Share on.  At that point, you’ll get a full screen interface that will give you control over exactly what you’re sharing. That along with a progress bar and a list of devices close enough to share with.

Recipients will get a notification that includes the name of the sending device, a connection ID number, and a prompt allowing the recipient to accept or decline the file transfer.  Fast Share also includes a feature called “Preferred Visibility” which allows you to trust frequent connection pairings.

Google hasn’t yet made a firm announcement about when the service will be available for Android devices. Given the buzz, you probably won’t have to wait long.

All of this sounds fantastic, but of course, it also opens the door for a great number of new hacks and abuses. So be mindful of that in the weeks and months ahead.

0
1 13 14 15 16 17