Posts Tagged ‘Android’

Untitled

1.Smart Appliances

Smart TVs, smart fridges and other internet-connected home appliances, ranging from medical equipment to security cameras, are widely expected to become a “magnet for hackers” says Kevin Haley, director of Symantec Security Response in a blog post.

Companies building internet-connected appliances such as smart TVs often don’t recognize potential security risks, says internet security firm Symantec. (Thomas Peter/Reuters)

“The companies building gadgets that connect to the internet don’t even realize they have an oncoming security problem,” Haley wrote.

“These systems are not only vulnerable to an attack — they also lack notification methods for consumers and businesses when vulnerabilities are discovered. Even worse, they don’t have a friendly end-user method to patch these new vulnerabilities.”

One of the concerns is that hackers logging into such appliances may be able to get information about who is home at a given time of day, noted Fortiguard, adding, “This is bound to give cybercriminals new and nefarious ideas around how and when to rob someone’s home.”

Fortiguard predicts we’ll see the first mass malware for home devices such as smart TVs and appliances later in 2014.

2. Social networks

Attacks by cybercriminals are becoming more targeted, and social networks are becoming a useful source of data for crafting these types of attacks.

Websense predicts that in 2014 hackers will increasingly make use of services such as LinkedIn to lure executives and other potentially lucrative targets.

“This highly targeted method will be used to gather intelligence and compromise networks.”

Haley of Symantec adds that cybercriminals won’t just be turning to big social networks.

“Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure,” he wrote. “Users who feel it’s just them and their friends on these new sites are in for a big (and unpleasant) surprise.”

3. The cloud

Businesses are increasingly storing their data in the cloud and on servers outside their own network, and Websense predicts that criminals will increasingly turn their attention to that data this year.

“Hackers will find that penetrating the data-rich cloud can be easier and more profitable than getting through the ‘castle walls’ of an on-premise enterprise network,” WebSense says.

Sophos predicts that cybercriminals will target mobile devices and the credentials of individual employees to gain access to the cloud, perhaps employing blackmail via “ransomware” that threatens to go public with confidential data if the criminals aren’t given what they ask for.

4. Android

According to Sophos, malware aimed at Google’s Android grew exponentially in 2013, and is expected to keep growing in 2014 because of the operating system’s dominant share of the smartphone market.

Trend Micro predicts the number of malicious and high-risk apps for the Android operating system will hit three million in the coming year.

“While we expect that new security features in the Android platform will make a positive change in infection rates over time, their adoption will be slow, leaving most users exposed to simple social engineering attacks,” the company wrote.

It added that the mobile devices that run Android are “an attractive launching pad for attacks aimed at social networks and cloud platforms.”

Trend Micro predicts the number of malicious and high-risk Android apps will hit three million in the coming year.

Fortiguard expects Android malware to expand beyond mobile devices in 2014 to industrial control systems in devices such as smart home appliances.

5. Java

Plug-ins that allow browsers to run apps in the Java programming language – already responsible for some high-profile cyberattacks – will continue to be exploited in 2014, security experts say.

“In 2014, cybercriminals will devote more time to finding new uses for tried-and-true attacks and crafting other aspects of advanced, multi-stage attacks,” the company predicted.

Security patches for older versions of Java and Windows are no longer being issued, even when new exploits are found, despite the fact that there are many systems still using this software.

Trend Micro predicts that in the coming year, that “lack of support” will expose millions of PCs to attack.

Source : cbc.ca

Researchers say they have found a cryptographic flaw that could allow almost any Android phone to be hijacked.

The undisclosed vulnerabilities allow attackers to silently turn legitimate applications malicious by modifying the apk code without breaking the app’s cryptographic signature.

Attackers could exploit the flaw to gain full access to an Android device allowing data theft, access to enterprise networks, or the ability to form a botnet from mobile devices.

Baseband modified

Baseband modified

 

“The [trojan] application then not only has the ability to read arbitrary application data on the device, retrieve all stored account and service passwords, [but] can essentially take over the normal functioning of the phone and control any function thereof,” BlueBox chief technology office Jeff Forristal said.

“Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving [and] therefore hard-to-detect nature of these zombie mobile devices to create a botnet.”

Most at risk were devices that ran applications such as Cisco’s AnyConnect VPN which were granted special privileges like access to System UID by device manufacturers.

The bug could affect any Android phone released in the last four years or operating firmware above version 1.6 (Donut), Forristal said, declaring 99 percent of devices vulnerable. Google has activated 900 million phones to date.

Forristal said discrepancies in how Android applications were cryptographically verified and installed meant APK code could be modified without breaking the cryptographic signature that checked the legitimacy of Android apps.

“This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been,” Forristal said.

BlueBox reported the bug to Google in February but it would be left to device manufacturers to push out firmware updates, a feat they were notoriously lax in.

He said enterprises should force users to update their phones connected to the corporate network and should move to focus on deep device integrity checking. Individual users should be “extra cautious” in identifying app publishers.

Source : scmagazine.com.au

Security researchers at Kaspersky Lab have discovered five new samples of the ZeuS-in-the-Mobile (ZitMo) malware package, targeting Android and BlackBerry devices.

Zeus+malware+targeting+BlackBerry+devices
Zitmo (Zeus in the mobile) is the name given to the mobile versions of Zeus, and it’s been around for a couple of years already, mostly infecting Android phones. The Zitmo variant has reportedly been operating for at least two years targeting Android phones by masquerading as banking security application or security add-on.
ZitMo gets hold of banking information by intercepting all text messages and passing them on to attackers’ own devices. It gets onto devices inside malicious applications, which users are duped into downloading. In this case, the malicious app was posing as security software called ‘Zertifikat’.
Once installed, the packages forward all incoming SMS messages to one of two command and control numbers located in Sweden, with the aim of snaring secure codes and other data. Kaspersky found mobile users in Spain, Italy and Germany were targeted by these fresh variants, with two command and control (C&C) numbers found on Sweden’s Tele2 operator.
The analysis of new Blackberry ZitMo files showed that there are no major changes. Virus writers finally fixed grammar mistake in the ‘App Instaled OK’ phrase, which is sent via SMS to C&C cell phone number when smartphone has been infected. Instead of ‘BLOCK ON’ or ‘BLOCK OFF’ commands (blocking or unblocking all incoming and outgoing calls) now there are ‘BLOCK’ and ‘UNBLOCK’ commands. Other commands which are received via SMS remain the same.” Denis Maslennikov, a researcher at Kaspersky Lab.

The tactic is designed to help the criminals circumvent the out-of-band authentication systems used by many European banks, by hijacking the one-time password authentication password sent via SMS.
Earlier this year, Kaspersky warned of a set of malicious Android applications posing as security software. Zeus was sitting behind those apps, ready to siphon off text messages.

Andrubis is designed to analyze unknown apps for the Android platform (APKs). It has been brought to us by the guys at Iseclabs, who already have an awesome Windows executable scanner Anubis. Infact, it can be considered as an extension for Anubis.
Andrubis gives us an insight into various behavioral aspects and properties of a submitted app by employing both static and dynamic analysis approaches. During the dynamic analysis part an app is installed and run in an emulator – the Dalvik VM. In addition to the normal tracking of open, read and write events, network traffic operations and detection of dynamically registered broadcast receivers , taint analysis is also carried out to report on leakage of important data such as the IMEI. Not only that, cellphone specific events, such as phone calls and short messages sent are also captured by the Andrubis service.
Information is also obtained statically, without actually executing the Android application. Information related to the intent-filters declared by these components is also included.
In short, like the core-Anubis does for Windows PE executable’s, Andrubis executes Android apps in a sandbox and provides a detailed report on their behavior, including file access, network access, cryptographic operations, dynamic code loading and information leaks. An Andrubis static analysis yields information on e.g. the app’s activities, services, required external libraries and actually required permissions.
In order not to reinvent the wheel, Andrubis leverages several existing open source projects in addition to the Android SDK, such as:
  1. DroidBox
  2. TaintDroid
  3. apktool
  4. Androguard
To see how effective it is, an example report of the DroidKongFu.A Android malware, scanned via the Andrubis can be found here.