Archive for the ‘Mobile Security’ Category

Google Makes it Tough for Rogue App Developers Get Back on Android Play Store

April 16th, 2019
Even after Google's security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers' existing accounts, is enough for 'bad-faith' developers to trick the Play Store into distributing unsafe

Posted in Android, android apps, Android Malware, Android Security, apps security, google, Google Android, hacking news, Mobile Security, smartphone security | Comments (0)

‘Exodus’ Surveillance Malware Found Targeting Apple iOS Users

April 9th, 2019
Cybersecurity researchers have discovered an iOS version of the powerful mobile phone surveillance app that was initially targeting Android devices through apps on the official Google Play Store. Dubbed Exodus, as the malware is called, the iOS version of the spyware was discovered by security researchers at LookOut during their analysis of its Android samples they had found last year.

Posted in Android, Android Malware, app development, Apple iOS, Exodus, hacking news, iOS malware, malware, Malware apps, Mobile Security, smartphone protection | Comments (0)

Unpatched Flaw in Xiaomi’s Built-in Browser App Lets Hackers Spoof URLs

April 5th, 2019
EXCLUSIVE — Beware, if you are using a Xiaomi's Mi or Redmi smartphone, you should immediately update its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices. That's because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a

Posted in Android, android browser, browser security, browser url spoofing, browser vulnerability, hacking news, MI browser, Mobile Security, URL Spoofing Vulnerability, xiaomi, Xiaomi mobiles | Comments (0)

Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware

April 4th, 2019
What could be worse than this, if the software that's meant to protect your devices leave backdoors open for hackers or turn into malware? Researchers today revealed that a security app that comes pre-installed on more than 150 million devices manufactured by Xiaomi, China's biggest and world's 4th largest smartphone company, was suffering from multiple issues that could have allowed remote

Posted in Android, android antivirus, android apps, Android Security, Antivirus for Android, hacking news, Mobile Security, smartphone security, Vulnerability, xiaomi, Xiaomi mobiles | Comments (0)

Insecure UC Browser ‘Feature’ Lets Hackers Hijack Android Phones Remotely

March 26th, 2019
Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately. Why? Because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically

Posted in hack android mobile, hacking news, how to hack android, malware, man-in-the-middle attack, mobile browser, mobile hacking, Mobile Security, UC Browser, UC Web Browser | Comments (0)

Android Q — Google Adds New Mobile Security and Privacy Features

March 19th, 2019
Google has recently released the first beta version of Android Q, the next upcoming version of Google's popular mobile operating system, with a lot of new privacy improvements and other security enhancements. Android Q, where Q has not yet been named, offers more control over installed apps, their access, and permissions, and location settings; more support for passive authentication like face

Posted in Android, android app development, Android Operating system, Android privacy, Android Q, Android Security, Google Android, Mobile Privacy, Mobile Security, privacy settings, privacy software | Comments (0)

Indecent disclosure: Gay dating app left “private” images, data exposed to web

February 7th, 2019
The Jack'd dating app allowed men to upload "private" photos--but stored them open to public viewing, the same as the rest.

Enlarge / The Jack'd dating app allowed men to upload "private" photos--but stored them open to public viewing, the same as the rest.

Amazon Web Services' Simple Storage Service powers countless numbers of web and mobile applications. Unfortunately, many of the developers who build those applications do not adequately secure their S3 data stores, leaving user data exposed—sometimes directly to web browsers.  And while that may not be a privacy concern for some sorts of applications, it's potentially dangerous when the data in question is "private" photos shared via a dating application.

Jack'd, a "gay dating and chat" application with over 1 million downloads from the Google Play store, has been leaving images posted by users and marked as "private" in chat sessions open to browsing on the Internet, potentially exposing the privacy of thousands of users. Photos were uploaded to an AWS S3 bucket accessible over an unsecured web connection, identified by a sequential number. By simply traversing the range of sequential values, it was possible to view all images uploaded by Jack'd users—public or private. Additionally, location data and other metadata about users was accessible via the application's unsecured interfaces to backend data.

The result was that intimate, private images—including pictures of genitalia and photos that revealed information about users' identity and location—were exposed to public view. Because the images were retrieved by the application over an insecure web connection, they could be intercepted by anyone monitoring network traffic, including officials in areas where homosexuality is illegal, homosexuals are persecuted, or by other malicious actors. And since location data and phone identifying data were also available, users of the application could be targeted

Read 15 remaining paragraphs | Comments

Posted in amazon s3, AWS, bad software, Biz & IT, Mobile Security | Comments (0)

Several Popular Beauty Camera Apps Caught Stealing Users’ Photos

February 4th, 2019
Just because an app is available on Google Play Store doesn't mean that it is a legitimate app. Despite so many efforts by Google, some fake and malicious apps do sneak in and land millions of unaware users on the hunting ground of scammers and hackers. Cybersecurity firm Trend Micro uncovered at least 29 devious photo apps that managed to make its way onto Google Play Store and have been

Posted in Android, android apps, Android Malware, Beauty Camera Apps, malware, Mobile Security, Photo Editing Apps | Comments (0)

New Android API Lets Developers Push Updates Within their Apps

November 8th, 2018
You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true. Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it's optional. Along with the launch of a number of new tools and features at its Android Dev Summit 2018, Google has

Posted in Android, Android API, android app developer, android app development, Android app update, Android Update, cybersecurity, In-app updates API, Mobile Security | Comments (0)

How to Navigate this Connected World

August 18th, 2017

This blog was written in collaboration with Kishore Jotwani, Sr. Director of Marketing & Business Development for Intel’s Wireless Consumer Infrastructure Platforms and Bill Zhou, VP of product management, ARRIS. 

Doors locked, windows shut, and alarm set. I should be safe… right?

The Internet of Things (IoT) is an ever-growing force that makes my everyday life easier. With real-world applications aplenty, I can’t imagine my life without IoT devices. Fitness wearables allow me to stay on track with my health goals, smart home security cameras keep my family and home safe, and even my smart oven helps me step up my cooking skills.

Unfortunately, as with anything else, there are two sides to this coin. Highlighted events over the past year have shown us that IoT devices, if not properly secured, can be vulnerable to attacks. In October of 2016,  the Dyn DDoS attack leveraged, and infected, countless connected devices to shut down several popular sites, like Spotify and Twitter. Similarly, the Mirai malware used vulnerable IoT devices, forming them into a botnet army, to stake its claim.

Now more than ever, it’s clear we live in an interconnected world, in which our homes present new opportunities for entry—and I don’t mean breaking a window. Instead of only having to worry about a physical break-in, we’re faced with the threat of a cyber break-in—one that aims to compromise connected home gadgets, and personal data to boot.

I use connected devices to help make my life easier and streamline everyday processes, but without proper security, I’m left as a sitting duck. Also, with the growing number of IoT devices in my home, they’re all competing for network bandwidth and slow down my network speed.

So, what can you do to keep your home, and your family’s data and devices secure without sacrificing network speed?

The most important thing to note is that cybercriminals rely on the assumption that we, as consumers, won’t be proactive when it comes to properly locking down our smart home devices, and the accounts connected to them.

By following these tips, you can stay proactive and beat cybercriminals at their own game:

  • Stay updated: Do your research on smart home devices, and choose the most secure one you can get your hands on. Also, always keep your devices’ software up to date to practice optimal security.
  • Change it up: If you purchase a new, connected device for your home, change the default password right away. Need some help creating a secure login for it? We’ve got you covered.
  • Safety first: Implement a solution that keeps all your smart home devices secure. For an extra layer of security, you can onboard two different routers for your home, dedicating one specifically to your IoT devices. Having one network for your connected devices and another for your other personal devices (laptop and mobile) is considered a best practice. That way, if a hacker gains access of one network, your devices on the other network are safe.
  • Have a one-stop shop: Look for a solution that offers protection at the home network level, like ARRIS Secure Home Internet by McAfee®, now available in the ARRIS SURFboard SBG7580-AC gateway. Because this solution is directly embedded in the gateway, it automatically protects your connected gadgets, without slowing down your network speed.

Remember, cybercriminals are expecting us to slip up with security, so it’s important to stay on top of it. Stay informed on smart home protection best practices, and show those hackers who’s boss!

Interested in learning more about mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

The post How to Navigate this Connected World appeared first on McAfee Blogs.

Posted in consumer, IoT, Mobile Security | Comments (0)