How Mobile Apps Lead To Data Theft

September 19th, 2014

Mobile apps concept

Most computer users have embraced their need for effective security tools, like firewalls and antivirus programs. Mobile device users have yet to fully understand the risks associated with their devices, however. This becomes a serious problem when those unescured devices are connected to businesses’ networks and gaining access to valuable data. As Teri Robinson reports for SC Magazine, the insecurity often stems from apps.

IT Research firm Gartner reports that three-quarters of mobile apps will fail to meet basic security standards. This isn’t a problem that’s likely to go away soon, either, as Gartner estimates that apps won’t begin to improve until 2016 at the earliest.

Businesses are continuing to embrace the use of third-party commercial apps and mobile computing. There are a number of benefits of doing so, but there are also inherent risks. Currently, most security tools available focus on on-premises access, rather than individuals accessing data remotely. As one CEO put it, “they are built to solve yesterday’s problems”.

In the case of apps, security is rarely the primary focus. Testing is likely done before the app hits the market, but it’s usually for usability and functionality.

In attacks exploiting insecure apps, companies’ servers are vulnerable, which allows for the loss of data that’s either critical to operations, or critical to customers.

Better testing and more intelligent security tools are needed to adequately protect servers from the uses employees have already put into action. In this case, the cart has come before the horse with mobile devices being used to access more data than they’re currently secured for.

At Geek Rescue, we have the capabilities necessary to handle any of your organization’s IT needs, including improving security. Give us a call at 918-392-0745.

For your other business solutions needs, visit our parent company JD Young.

Five Setting To Change In iOS 8 For Privacy

September 18th, 2014

Smartphone with mobile security

Now that iOS 8 is available to be downloaded on older devices, and with the iPhone 6 set to be released tomorrow, it’s time to identify the risks involved with the new operating system. Any new OS comes with some default settings that need to be changed to maximize the security and privacy of your device. At ZDNet, Zack Whittaker helps locate the settings that users should change immediately after adding iOS 8 to their phones and tablets.

  • Location tracking in apps

You may have noticed that a number of apps request access to track your location even when it doesn’t seem to make any sense for them to do so. Even worse is that these apps often try to continue tracking your location when they’re not in use. In iOS 8, you’ll be prompted with a pop-up notification informing you that an app wants to track your location “even when you are not using the app”. In most cases, you’ll want to tap “Don’t Allow” when confronted with this pop-up. If you find out later that the app really does need your location, you can always change this selection in the app settings.

  • Apps uploading data

Another problematic characteristic of apps is their insistence that you give them access to your personal data like your contacts, email, photos and calendar. Social networking apps might use these to help you find friends who are also using the app. But others don’t have any real functionality tied to this data. Instead, the app simply uploads this information to their servers, which means this data is in another location where it can be stolen and used against you. To stop this, go to the ‘Settings’ menu and select ‘Privacy’. Then, you can go and select which apps have access to certain data on your device.

  • Find My iPhone

If you lose your phone, this feature is your best hope for finding it. This feature also allows you to lock or remotely erase your phone in the event of theft and your phone will send its location to Apple’s servers just before it powers down. To enable it, again head to the ‘Settings’ menu, then ‘iCloud’ and select ‘Find my iPhone’.

  • Expiration of iMessages

iOS 8 introduces the option to send voice and video messages through iMessage. Unfortunately, messages of any kind sent with iMessage are available to anyone with access to your device. That means if you keep messages saved forever, anyone could go back and read, listen or watch them. To prevent that, enable the option to have messages expire after a specified amount of time. Head to ‘Settings’, ‘Messages’ then ‘Keep Messages’ to see your options.

  • Ad tracking

Most users don’t want advertisers to be able to track their location and data, but they can do just that through the Safari web browser if the right settings aren’t changed. While you aren’t likely to stop the practice altogether, you can limit the data collected by going to the ‘Settings’ menu, then ‘Privacy’ and ‘Advertising’. Enable ‘Limit Ad Tracking’ and use the ‘Reset Advertising Identifier’ option.

These are the settings most users will want to change immediately once they’ve either downloaded iOS 8 or purchased their new iPhone 6. These changes don’t make your device completely secure, but they do help.

If any of your devices are in need of a fix, bring them to Geek Rescue or call us at 918-369-4335.

For business solutions needs, visit our parent company JD Young.

Four Reasons To Wait To Upgrade To iOS 8

September 17th, 2014

Apple iPhone

Apple’s latest mobile operating system, iOS 8, is set to be made available today, just ahead of the release of the iPhone 6. The new OS is compatible all the way back to the iPhone 4S, although installing it on older devices is bound to come with some issues. Before you upgrade your device to iOS 8, however, Zack Whittaker of ZDNet suggested a few reasons why waiting is a better option.

  • App Compatibility

Apple makes new operating systems available to developers well ahead of their official release. This way, apps can be tested and made compatible for users when they decide to upgrade their device. However, not every app on your phone or tablet is likely to work with iOS 8 immediately. You can bet that Facebook, Twitter and other well-known, widely distributed apps will be compatible and may even have some additional features. However, other apps may either not be getting an update, or may be stuck in the Apple queue, waiting for the updated version to be approved so it can make it’s way to the App Store.

  • No Jailbreaks

Many users take the opportunity to “jailbreak” their devices, which voids the warranty but allows them additional functionality and compatibility. It usually takes a few weeks for a new version of iOS to get hacked and a new jailbreak to be made available, however. And so far, there hasn’t been much news at all about jailbreaks for iOS 8. So, if you rely on your device to be jailbroken, updating to iOS 8 is not a wise choice.

  • Initial Bugs

As with any large scale update, there will be bugs for early adopters. These will likely be fairly minor, but could lead to some major annoyances. If you don’t have a good reason to upgrade your device, and it’s working well currently, then waiting a few weeks to adopt iOS 8 could save you from these issues as Apple will patch and update to fix the bugs as they’re reported.

  • No Downgrading

Before upgrading any device, it’s wise to create a back-up of all of your files, just in case the upgrade wipes out anything you wanted to keep. Even with back-ups, once you’ve upgraded to iOS 8, downgrading back to iOS 7 is not easy. In fact, Apple doesn’t support the most common ways of downgrading a device and it takes unofficial apps and software. So, the choice to upgrade isn’t one to be taken lightly.

Despite these potential problems, iOS 8 has its advantages over previous versions of Apple’s operating systems. However, it isn’t worth rushing into.

If you need help with your iPhone, iPad or any other device, come by Geek Rescue or call us at 918-369-4335.

For your business solutions needs, visit our parent company JD Young.

Four Tips For Keeping Your Mobile Device Safe

September 2nd, 2014

Smartphone with padlock

It’s no secret that mobile devices, like smartphones and tablets, are becoming an increasingly attractive target for cyber attacks. Threats associated with mobile devices have increased exponentially over the past two years and will likely continue to increase as more users store more information on their phones and tablets and use them to access more. That’s why it’s more important than ever to know how to keep your devices safe and protected. A post at Spyware News details a few helpful tips for preventing malware infection and keeping your mobile devices safe from attacks.

  • Texts from unknown numbers

Most smartphone users have received a text from a number they don’t have saved in their contacts. When these messages are from a friend whose number has recently changed, they’re perfectly harmless. However, when these messages contain links to websites, or inform you about services you don’t remember ordering, it’s a sign of a problem. The last thing you should do is click on the links provided or reply to these messages. If the message claims to be from a legitimate business, like your cell phone provider, you should contact them directly to find out about the message.

  • Update your operating system

Updates for mobile operating systems come out fairly often. The reason for that is because of security flaws that are found and exploited by attackers. When you don’t update in a timely manner, you’re leaving a gaping hole in your phone or tablet’s security, which attackers already know how to exploit. It’s always a good idea to back-up your device before updating the OS, but be sure it doesn’t take you too long to implement the updates.

  • Beware of apps

The apps you choose to install on your device are often the gateway for malware. Some apps are actually malicious programs, but others simply don’t have adequate security in the case of an attempted attack. If you’ve installed apps from outside the official app store for your device, there’s a better than average chance that you’ve opened yourself up to infection. Even official apps have been known to contain issues, however. So, you’ll want to update them regularly too and be sure you’re aware of the permissions each app is granted.

  • Wi-Fi

It’s common for users to leave their Wi-Fi capabilities turned on at all times. This way, their device connects automatically to available networks. It’s convenient, but it isn’t always safe. If your device is set to connect to any network within range, it could be automatically connecting to unsafe networks without you even knowing it. That could potentially allow others on the network to monitor your activity and gain access to your personal information. When you’re away from trusted Wi-Fi networks, it’s a good idea to turn off that capability.

Keeping information stored and accessed by your mobile device safe isn’t as easy as it once was, but with a few intelligent practices, you’ll be able to stay protected.

If any of your devices have been attacked or infected by malware, or you’d like to implement better security, call Geek Rescue at 918-369-4335.

For your business solutions needs, visit our parent company JD Young.

Color Changer App For Facebook Infects Thousands Of Users

August 12th, 2014

Facebook

Have you ever thought that Facebook would look better in a different color than the traditional blue? Many users have had that thought and have attempted to add a Facebook app to their profile that would allow them to change the color of their personal Facebook experience. As Dave Smith reports for Business Insider, the Facebook Color Changer app is malware that sends everyone who clicks on it to a phishing website.

More than 10-thousand users have reportedly been affected by the color changer app. Users who click through to the malicious phishing site have their Facebook logins stolen so the scammers can spam their friends with more fake offers.

Additionally, some users have reported that the website they’re directed to also asks them to download other files. Differing reports say users are directed to download a video or another app. These files are also malicious but so far it’s unclear what kind of damage they’re capable of.

If you’ve mistakenly added the color changer app to your Facebook profile, or any other app that you need to remove, you can do so by visiting the Settings menu. That’s the one with the small lock icon in the top right corner. From there, click on ‘Apps’ in the menu on the left and find the apps you want to remove in the list. Click the ‘X’ by the app name and it will be removed.

In the case of the color changer app, you’ll also want to run a full virus scan of your computer and change your Facebook password.

If you’re still interested in changing the color of Facebook, there are more legitimate ways of doing it. If you’re using Chrome there are add-ons available that can change Facebook’s color scheme. Always do some research before adding extensions or apps of this nature, however, as they’re ripe targets for scams.

If your computer, or other device, has been infected with malware, call Geek Rescue at 918-369-4335.

For your business solutions needs, visit our parent company JD Young.

How Apps Complicate Security For Your Business

June 2nd, 2014

Mobile apps on smartphone concept

For businesses, creating a secure IT infrastructure is difficult even if you’re only working with a handful of desktop computers that all run the same operating system and applications. Complications come from adding new devices, especially when employees begin using their own personal devices on your network. In most cases, it’s not the devices themselves that cause problems, but rather the apps they’re running. At Beta News, Ian Barker explains how mobile apps threaten the security of your business.

Even for individual users, relatively secure smartphones are exploited through security vulnerabilities in mobile apps. These aren’t malicious apps, but rather legitimate apps that contain flaws and hold high risk permissions.

According to studies, the average smartphone contains about 200 apps. This includes apps that come pre-installed from the manufacturer or service provider and those that the user downloads themselves. Each app averages about 9 permissions, or abilities to access and use your phone’s data, which includes access to your social media profiles, location and more. Of these nine permissions, about five would be considered high risk on average for each app. This means if the app were exploited, a criminal could cause significant harm to your device, or to your finances and identity, through these high risk permissions.

For businesses, this introduces hundreds of potential vulnerabilities for each employee and multiple data leaks associated with each vulnerability. Mobile security specialist, Mojave, categorizes about half of the mobile apps they examine to be at least moderate risk, which means they have access to a large amount of valuable data and don’t have a large amount of security associated with them.

Keeping your business secure requires close attention to not only every device that connects to your network, but also every application that device is running. Without that, you risk an employee opening the door for an attack that compromises your company’s data, or your customer’s.

For help securing your business, or recovering from an attack, call Geek Rescue at 918-369-4335.

Four Ways To Make Social Media Accounts More Secure

May 28th, 2014

Smartphone with social media apps

Identity theft and malware infections are two of the biggest security related worries for internet users. Unfortunately, both often stem from a lack of security for social media sites. Facebook, Twitter and other popular social media platforms are continuously working to make users safer, but you can take some additional steps on your own too. At Gizmodo, David Nield offers a few tips for how to make your social media accounts nearly unhackable.

  • Two-Factor Authentication

Most of your social media accounts require nothing more than a password to log-in. When you stop and think about how much valuable information is available to anyone with access to your account, however, you’ll likely decide that more protection is needed. With two-factor authentication, you’ll log-in with a unique PIN sent directly to you via text message or through a mobile app. No device will be able to access your account without first going through this process. For Twitter, head to the ‘Security and Privacy’ menu in ‘Settings’ to enable two-factor authentication. Similarly on Facebook, the option is found under the ‘Login Approvals’ section of the Security Settings page.

  • Disconnect Apps

Instagram, Facebook, Twitter and many other social media sites allow users to add apps to their profiles for extra features. These may be related to games, photo sharing and editing or a number of other uses. These apps often create a security flaw that allows criminals to hack your account, however. While having no apps is the safest, that may not be realistic. If you’d rather not sacrifice apps entirely, regularly audit your apps and remove those that you no longer use or that the developer is no longer updating.

  • Update Your Browser

Phishing scams have infiltrated social media through instant messages, or in the case of Twitter, malicious tweets and profiles. Clicking on a bad link often leads users into trouble, but the most popular web browsers have some protections in place for these scenarios. Users must keep their browsers up to date, however, in order to be protected. Even with these security features, it’s a good idea to avoid any link you’re not absolutely sure about.

  • Lock Devices

On the devices you use the most, your social media accounts are likely available without the need to sign in. No one wants to enter their password every time they check Facebook or Twitter on their smartphone, but what happens if your phone is lost or stolen. Now, whoever finds your device can look through your profiles, send out messages and steal whatever personal information is available. To limit this possibility, make sure to put a secure lock on your device. Require a PIN, password or pattern to be put in whenever the screen turns off.

In addition to these suggestions, it’s also a good idea to use a strong, unique password for each account and change it regularly, especially when there’s news of a large site being hacked.

If you’ve been the victim of an attack through social media, email or another source, bring your infected device to Geek Rescue or call us at 918-369-4335.

 

Mobile Malware Posing As Fake Apps With Trusted Names

May 19th, 2014

Play store icon on smartphone

It’s a well-known concern that Android users are much more at risk for malware infections than iOS users. Just a month ago, a fake antivirus app made the rounds in the official Google Play store and victimized a number of users. Google has since offered refunds to those who mistakenly downloaded the malicious app, but it seems they haven’t sufficiently protected against a similar threat reappearing. Lucian Constantin reports at Network World that the Google Play store and the app store for Windows Phones have both recently had malware hidden behind recognizable brand names identified in their stores.

It’s a fairly recent development, but it seems criminal developers are launching malicious apps with well-known company names to further confuse users. This is a well-known tactic of email scams and phishing websites.

One developer account launched malicous apps under the names Avira Antivirus, Mozilla Firefox, Google Chrome, Opera Mobile, Internet Explorer and Safari. The same developer also has a Kaspersky Mobile antivirus app complete with the company’s logo. When downloaded, the app will even simulate a scan of the device’s files.

Making these fake apps more believable, and more costly to users, is that they aren’t free. The Kaspersky Mobile app costs about $4. Most users instinctively trust paid apps more than free ones. A number of free apps have been reported to be malicious, but there’s an implied value tied to something that costs money. It’s also much more believable to pay money for a high quality, big name security app than to get it for nothing.

Some of these apps have been downloaded more than 10-thousand times and even made it onto the “Top Paid” apps list that helps them be further distributed.

Because there has been no sufficient changes made to the Android and Windows Phone app stores, it’s likely that these fake apps will continue to pop-up. However, since many of them steal the exact name of legitimate apps from recognized industry leaders, there’s also likely to be more pressure put on both Google and Microsoft to enhance security.

If you’ve mistakenly downloaded a malicious app, or are having any other kind of trouble with one of your devices, call Geek Rescue at 918-369-4335.

Five Ways Malware Infects Users

May 6th, 2014

malware concept

Once your computer is infected with malware, it can be a long, complicated process to remove it. An infected system is at risk for data loss and risks spreading the malware to other computers. The best security is to keep the infection from ever happening. To do that, you need to know where malware infections typically stem from. At Business New Daily, Sara Angeles lists the most common tactics taken by malware to infect users.

  • Ads

A decade ago, pop-up ads were common online and were a common way of spreading spyware and other malware. The use of pop-ups has significantly decreased over the years and online advertising has become much more legitimate. However, there are still plenty of malicious online advertisements that have the singular goal of infecting users. Sometimes referred to as malvertisements, online ads exist that are capable of infecting users without even a click. The display of these ads can be enough to install malware on your machine. Usually, these ads are found on less than reputable websites, but through an intelligent attack, they’ve been known to plant themselves on trusted sites from time to time.

  • Social Media

The traits that make social media so popular are also the primary reasons why it’s often the route of attackers. Messages received on social media are trusted because they appear to be from a friend or recognized contact. There’s also the sheer number of users. An attacker has a better chance of seeing his malware spread to thousands or millions of users on social media than through other avenues. Facebook messages and Twitter DMs are common ways to spread malware, but there are also malicious Twitter accounts that tweet out spam and malicious website links.

  • Mobile

Smartphones enjoyed a short period of safety from malware, but as the mobile audience has grown, so has the amount of malware targeting it. Android users are at a much higher risk of malware due to the operating systems open source nature, but iPhone users have seen their share of security scares also. Malicious apps that are either downloaded from a third party or infiltrate the official app store are usually to blame for a mobile malware infection. Malware can also be spread to mobile devices through text messages, emails or through infected websites.

  • User Error

Regardless of the number and effectiveness of security tools you have in place, an unsuspecting and uneducated user is likely to encounter plenty of malware. Even those that know not to click suspicious looking links or download apps from outside the official app store can be duped. Malware developers use social engineering to manipulate users and make links irresistible. They play off of current news stories and promise deals that are too good to be true. If it didn’t work, they’d stop doing it, but there’s no end to these tactics in sight.

  • Email

Much like social media, nearly every internet user also has an email account. Malware is commonly spread as an attachment to spam messages that claim to be from a trusted business, website or government agency. Users who download these attachments have their computer infected with malware, and often end up spamming their entire address book with malware and malicious links. This is another problem as other users receive messages that appear to be from a friend and instinctively trust the contents.

Malware is becoming more intelligent. Recent attacks have been able to hide themselves from security tools or encrypt a user’s files.

If your device is infected with malware, bring it to Geek Rescue or call us at 918-369-4335.

 

Oldboot Malware ‘Biggest Threat’ To Android Devices

April 16th, 2014

Virus illustration on smartphone

Users of Android smartphones are already at a significantly higher risk of malware infection than their iPhone counterparts. Experts, however, are warning of even more threats coming throughout 2014. One of those threats has already been identified and has infected millions of devices. Chris Smith of BGR reports on the Android malware threat called ‘Oldboot’ that is also being referred to as “the biggest threat to the operating system to date”.

Oldboot is capable of installing malicious apps on a device and can even remain hidden from detection or “fight” antivirus apps by modifying or uninstalling them. But, what makes it so dangerous is Oldboot’s ability to re-infect devices even after seemingly being removed. This malware is stored in the memory of devices and alters booting files. Infected devices then re-install malware in the early stages of their restarting process.

Oldboot is referred to as advanced malware because it has so many capabilities. It’s able to send text messages from a user’s device, modify the browser’s homepage, launch phishing attacks and more.

Perhaps the biggest problem is very little is known to date about what specific Android devices are at risk or even how devices are infected. Most Android malware infects devices through malicious apps. Occasionally, these malicious apps find their way into the official Google Play app store, but more often they’re downloaded from an untrusted source.

Other dangers include malicious text messages and emails and malicious websites visited on your smartphone.

If you think your device has been infected by any form of malware, bring it to Geek Rescue or give us a call at 918-369-4335.