March 4th, 2014
Many iPhone, iPad and Mac users rely on the ‘Lost Mode’ feature to keep their device safe in the event that it’s misplaced or stolen and to be able to find it. ‘Lost Mode’ contains a security vulnerability, however, that a recent open-source hacking project is able to exploit to access the device and all of the data stored there. Paul Ducklin of Naked Security delves into the details.
‘Lost Mode’ is able to be activated by users of Apple devices when they log in to iCloud on another device. If your device is on, you can see approximately where it’s located. You can also tell the device to reboot, which will result in the device locking upon restart and requiring a four-digit code to access it. That code, also known as a “system lock PIN”, is chosen by the user when ‘Lost Mode’ is activated.
The idea is that if your device has been stolen or found by someone else, that person won’t be able to steal your information or even use or sell your device because of the lock. The recently released “iCloud Hacker” project demonstrates why the system lock isn’t as secure as it seems.
“iCloud Hacker” isn’t overly complicated in its attack. Since it knows that a 4-digit PIN is required, it simply tries every combination of numbers until it finds the right one. This would be possible for any human to perform also, but incredibly tedious. Apple devices don’t lock or shutdown after a certain number of failed log-in attempts, but after six failed attempts, a user must wait 5-minutes before trying again. This delay means that it could take weeks for a human to break into a device.
With “iCloud Hacker”, the human element is eliminated and codes are tirelessly inputted until one is successful. It also works around the 5-minute wait time by rebooting the device after six attempts.
Many are calling for Apple to improve security associated with ‘Lost Mode’, but there’s actually a fundamental security problem contained in any lost device. An intelligent criminal doesn’t even need to break the lock on your device. Instead, they only need to remove the hard drive and put it into another device. There, they can read and copy everything on it.
This prevents a criminal from using your device themselves or selling it to someone else, but your data and information is still very much at risk. Especially dangerous is the possibility that your hard drive is copied, returned to your device and your device is returned to you. With the lock still in place, many users will believe that their device and data are safe, when in actuality a criminal has all of their data.
Whether you’re using ‘Lost Mode’ or not, it’s important to encrypt your stored data. On your Mac, enable ‘Full Disk Encrpytion’ and you’ll add an extra layer of protection. There’ll be another password required to use your device and you’ll be given a 24-character recovery key in case you forget your password.
If you’d like to improve the security on any of your devices, or your device is in need of repairs, call Geek Rescue at 918-369-4335.
February 26th, 2014
It’s common knowledge that computers need to be protected with antivirus programs and other security tools to keep from being infected with malware and attacked by other means. Very little attention is given to protecting a router, however. Wireless routers have become common. A decade ago, many homes used wired connections to the internet, but with the rise of mobile devices came the rise in demand for wireless internet. The more devices are connected to a router, however, the more valuable a target it is for attackers. As many as 70-percent of these routers contain vulnerabilities and suffer from a lack of security. These factors explain why attacks on routers have been steadily increasing over the past year.
So, what’s at stake if your router is attacked? A compromised router allows a third party inside your firewall. From there, they’re able to monitor all activity and data being sent through the router. Emails, log-in credentials, credit card information and more is available to be intercepted and monitored. Steve Bell at the BullGuard blog published a few ways to improve your router’s security.
Just as it’s important to keep your computer’s operating system and antivirus program updated, it’s important to regularly check for router updates as well. Updates to the firmware may not be automatically pushed to your router, even if the update is able to eliminate a serious security vulnerability. That’s why it’s vital that you regularly check with the manufacturer’s website to see if any recent updates have been created.
The lack of security for most users browsers comes from a simple lack of knowledge of the device’s capabilities. Many routers come with an option to encrypt data, but it may not be turned on by default. Be sure to read through your router’s manual or browse through the settings to find useful security tools.
A quick look through settings can not only allow you to enable more robust security on your router, but it also can help you avoid attacks. The first change you need to make after setting up your router is to choose a new name, which is also called a service set identifier, or SSID. You’ll also want to change the password. Routers are sent out with default names and passwords. Attackers know these typical passwords because manufacturers use the same ones over and over. Changing them immediately improves security.
Router attacks are difficult for typical users to detect. That opens the possibility that a criminal could be monitoring your activity through a compromised router for months. To avoid that, you’ll want to take the necessary security precautions.
If you’d like help setting up a secure wireless network, or have been the victim of an attack, call Geek Rescue at 918-369-0745.
February 25th, 2014
There’s a security flaw in Apple’s mobile operating system, iOS. No, it’s not the same flaw that we reported yesterday. That widely publicized flaw allows attackers to intercept data being sent between your phone and web servers and an update that fixes it is already available for most affected users. This new flaw, as Lance Whitney of CNet reports, allows for the remote capture of “every character the victim inputs” on an iPhone or iPad.
The vulnerability was uncovered by security firm FireEye. A keylogging app is able to run in the background of any iOS 7 device because of a flaw in the Background App Refresh setting.
You may be wondering what the danger of a hacker being able to monitor every press of your touchscreen, or home button, or volume controls is. Attackers aren’t just able to monitor when you touch your screen, but precisely where on the X and Y axis. That means that passwords and log-in credentials could be stolen. Your phone’s lock screen could also be compromised. Think of everything you use your phone or tablet for and then consider how dangerous it would be to have a stranger looking over your shoulder the entire time.
Unlike the SSL vulnerability that was revealed recently, this iOS vulnerability requires a malicious app to be installed on the device first. Of course, there are a number of ways an app can make it’s way to your iPhone. Apps downloaded directly from the official App Store are usually legitimate, however. So, these malicious apps would likely come from 3rd party app stores or email attachments.
Apple has publicly stated that they’re working with FireEye to create a patch to fix the problem. In the meantime, users can close any apps running in the background by double-tapping their Home button. Close any apps you aren’t currently using. If there’s an app running that you don’t recognize, there’s a good chance that it’s malware.
If you have a device that’s been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 24th, 2014
Over the weekend, Apple released an update to its mobile operating system, iOS. Version 7.0.6 for iOS 7 devices and 6.1.6 for iOS 6 devices were seemingly rushed out to fix a bug that put users’ data at a significant risk. At Gizmodo, Brian Barrett explains why iOS users should update their devices as soon as possible.
The bug, or security vulnerability, that Apple is now attempting to fix involves a flaw in the operation of SSL, which stands for Secure Sockets Layer. Using SSL allows for private and secure communications between your web browser and the servers it need to communicate with to access different websites. When you see the small lock icon appear in your browser’s address bar, that means that SSL is functioning and securing your connection to the site you’re currently on.
Without SSL, everything you send to a server and receive back is up for grabs. SSL verifies that your browser is contacting the correct server for the website it’s displaying, but the Apple bug prevents that from happening. This opens the door for what’s called “man in the middle attacks”, which refers to a third party intercepting data intended for someone else. So, your log-in credentials for any online account you have, payment information for an online purchase, emails and a number of other potentially costly possibilities can all be stolen and monitored by criminals.
The vulnerability affects not only browser Safari, but also Calendar, Facetime, Keynote, Twitter, Mail, iBooks and more. Any time you’ve used one of these apps on an unsecured network, which could be anything from free WiFi in a coffee shop to the network at your job that doesn’t require a password, all the data you’ve accessed and submitted could have been intercepted.
This flaw has an update for devices dating back to the iPhone 3GS and fourth generation iPod Touch. Any devices older than that likely won’t have an update available to fix the problem. This is also an issue for Mac users with the OS X operating system. While there’s a known vulnerability for Macs, there isn’t currently a patch or update to fix it.
While exploits of this vulnerability only recently began being spotted, the SSL flaw has been in both iOS and OS X since September of 2012. For the past year and a half, data has been available through a fairly simple exploit on one of the most popular mobile devices. If you haven’t already updated, do so now. If there isn’t an update available for your device yet, avoid using the affected apps on any unsecured networks.
Security vulnerabilities are a serious concern for any device. If you’ve experienced an attack and have a device infected with malware, or want to explore additional security options, contact Geek Rescue at 918-369-4335.
February 20th, 2014
Nearly every day, news stories are written about security vulnerabilities being patched or exploited. Most users believe that if they keep their applications updated, they’ll be safe from attacks. While it’s true that regular updates do eliminate some vulnerabilities in applications, they don’t take the possibility of a successful attack away completely. As Mark Wilson reports for Beta News, security firm Cenzic recently published its Application Vulnerability Trends Report and found that 96-percent of all applications contain security issues.
Not only does nearly every application being used have security flaws, but also the media number of flaws per application is 14. So, it’s likely that even up to date, well-patched applications still have vulnerabilities that would allow for successful attacks.
The good news is that this grim news is actually an improvement over last year’s report. In 2012, 99-percent of tested apps displayed security flaws. However, the media number of flaws per application was 13.
Mobile users specifically also have the concerns of what downloaded apps are allowed to access. Cenzic found that 80-percent of mobile apps had excessive privileges, which means they’re able to access data they shouldn’t need or are capable of controlling features they shouldn’t be able to.
The takeaway for users is that even a well-secured network, computer or mobile device can be undone by an insecure application. For example, many of the attacks on Apple devices stem from apps with vulnerabilities that have been added to an otherwise secure environment. These vulnerabilities open the door for attackers to access data and remotely control devices.
For businesses, this means that a renewed investment in security is likely needed. If applications your company regularly relies on are likely to contain security vulnerabilities, data needs to be protected in other ways, like encryption.
This also introduces concerns about employees bringing their own devices into the workplace. Apps on those devices that aren’t even used for business could contain flaws that allow attackers onto your network.
To find out how to better protect your data, call Geek Rescue at 918-369-4335.
February 19th, 2014
Over the past few months, wireless routers have become more of a target for attacks and more vulnerabilities have surfaced. Attacks on routers can be extremely costly as hackers could gain access to any data you are sending out or receiving and could even gain access to information stored on your hard drive. Seth Rosenblatt of CNet reports that vulnerabilities in Asus routers have put those users particularly at risk.
There are nearly a dozen Asus routers vulnerable to active attacks. Hackers are able to exploit this vulnerability to gain access to access data stored on networked drives. If you’re using the cloud storage options included with Asus routers, there’s a good chance that criminals could gain access to anything stored there.
The vulnerability was first discovered more than six-months ago, but Asus has been silent about a fix. Now, after evidence of attackers exploiting the security flaw have surfaced, Asus has released a firmware update fix. There’s still one problem, however. The update isn’t being automatically sent to all affected browsers. Instead, users have to visit the Asus site themselves and manually install the fix.
Since Asus hasn’t done a good job publicizing the availability of this update, many users are still vulnerable to attacks.
Experts are speaking out about the improvements needed from manufacturers in order to keep routers safe from attacks. Because there is so much to gain by launching an attack against a router, companies need to do a better job making security a priority and getting their products patched before hackers have a chance to exploit vulnerabilities.
If you’re router has been attacked or your computer has been infected with malware, call Geek Rescue at 918-369-4335.
February 17th, 2014
It’s become well-known that more threats exist for Android users than exist for users of Apple devices. One of the reasons that malware often targets the Android operating system is because of the relative insecurity of the app store, Google Play. Malicious apps have repeatedly infiltrated Google Play and infected users. According to a post at GMA News, a number of malicious apps are currently available through the app store and they’ve already infected more than 300-thousand users.
Though the names of specific apps aren’t named, there are believed to be a number of apps responsible for malware infections. These apps typically pose as legitimate versions of other apps, or as different versions of popular, or trendy, apps. Most recently, the game Flappy Bird, which was taken out of app stores, has spawned a number of malicious copycats.
When a user mistakenly downloads one of these malicious apps, it steals the users phone number and uses it to sign up for a premium SMS service. This ends with additional fees being included on a user’s monthly bill. The attacker likely receives some sort of commission for bringing additional users to the service.
Part of this process involves the malware intercepting messages sent to a user’s smartphone and sending messages without the user’s knowledge. Because the premium service needs confirmation before it can begin to charge you, the malware must intercept the confirmation message containing a PIN, then send a message back with that PIN.
To gain access to a user’s phone number, the malware uses a vulnerability in the popular messaging app, WhatsApp. Even though users without WhatsApp could become download a malicious app and be infected, it’s not clear if the malware would have the same capabilities.
To avoid downloading an app that will infect your smartphone, be sure to carefully read the permissions the app requires. These malicious apps clearly state in their permissions that they read text messages and need a connection to the internet. While some apps needs those permissions legitimately, most do not. If an app asks for permissions they shouldn’t need, it’s best to avoid downloading.
If your smartphone is infected by malware, bring it to Geek Rescue or call us at 918-369-4335.
February 17th, 2014
A recently discovered form of malware is being called “the most sophisticated malware yet” by experts. As Timothy B. Lee reports for The Washington Post, this threat is capable of infecting almost anyone and of stealing almost anything.
Called Careto, this malware is actually a suite of tools used for collecting data from infected users. This highly targeted attack starts as a phishing scam. An email made to look like it’s from a major publication is sent to a user. Those that click on the provided link are taken to a malicious website that scans the user’s computer to find vulnerabilities.
Careto is capable of infecting a number of operating systems. Windows, OS X and Linux users are all at risk. Experts believe that mobile versions of the malware that target iOS and Android will be developed soon.
It’s when the malware has infected a user that the real trouble starts. Nearly everything a user does can be recorded by Careto. Network traffic is intercepted, keystrokes are logged, screen captures are taken, Skype conversations are monitored and all file operations are tracked. The malware can also sniff out encryption keys stored on a device.
The nature of the malware also allows for software or plug-ins to be added easily. This means additional capabilities are being added to steal other data or to add more features.
Because Careto is so complex, it’s difficult to detect, even if you’re running an up to date antivirus or anti-malware program. The best way to avoid infection is to be extremely cautious regarding links in emails. If a link is sent to you, it’s better to go to the site directly, rather than following the link. This eliminates the possibility that you’re being sent to a fake, spoofed, site.
If your computer is infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 14th, 2014
There are a number of advantages to becoming a more mobile business. Employees are able to access data from virtually anywhere, which can make them more productive and give them access to vital information when meeting with clients. It’s also much easier for them to collaborate with others. There’s also the bring your own device trend that allows employees to integrate their own mobile devices into their work. All of these allow for more productivity and connectivity, but they also all introduce new security concerns. At Network World, Ed Tittel lists some best practices all business owners should be familiar with for dealing with mobile security.
With more smartphones being used worldwide and more valuable data being accessed with them, it stands to reason that they’re becoming a more valuable target for criminals. Attacks have been observed on both iOS and Android devices. For devices that are used to access company data, you can’t afford to let them connect to your network without proper security apps in place.
Typically, mobile communications are relatively easy for hackers to intercept. That’s why most experts recommend the use of a VPN, or virtual private network, to encrypt all communications between mobile devices and company servers. Cloud storage and an employee’s smartphone may both be properly protected, but when data is transferred between them there exists a vulnerability. Using a VPN eliminates that threat.
If a device is used to access company data, it should be secured with multiple forms of authentication. It goes without saying that smartphones should require a password to unlock, but newer devices also allow for fingerprint scanning or even facial or vocal recognition. In addition, companies need to plan ahead for cases when devices are lost or stolen. The ability to remotely lock and wipe lost devices is vital to security.
Once an employee begins using their mobile device for work, they lose the ability to use whatever software they choose. There must be some consideration to the security of the device and the company’s data. Completely blocking the downloading and using of third party software is one way. Another is to allow exceptions once IT or management is informed that an individual wants to download a third party application and it’s been cleared.
If you feel that you’ve put all the necessary precautions into place, you need to test to make sure there are no penetration points you’ve missed. How else will you be sure that your company’s data is protected from threats? Regular testing allows you to find vulnerabilities before the criminals do.
For help with the security at your business, contact Geek Rescue at 918-369-4335.
February 14th, 2014
This week, in the monthly edition of Patch Tuesday, Microsoft released a number of patches to fix vulnerabilities in Internet Explorer. Just days later, Microsoft has confirmed that a zero-day exploit is being used in an active attack campaign that targets IE 9 and 10. Brandan Blevins of Search Security reports more details.
The label ‘zero-day’ categorizes attacks that exploit vulnerabilities before a patch can be created. By definition, this is a case where attackers learned of a vulnerability before the developers.
The attack is also categorized as a “watering hole attack”, which means that a specific website is being targeted in order to infect the group that typically visits that site. In this case, the U.S. Veterans of Foreign Wars’ website has its HTML code tampered with in order to load a malicious web page for visitors. When that page loads, malware is downloaded and executed on the user’s machine.
The attack exploits what’s being called the “use-after-free” bug, which allows for one byte of memory to be modified at “an arbitrary address”.
Microsoft has not announced whether a patch will be rushed out to fix the vulnerability or if users will have to wait for March’s Patch Tuesday. In the meantime, there are two options for IE 9 and 10 users.
One is a complicated fix using Microsoft’s Enhanced Mitigation Toolkit Experience.
A simpler fix is to stop using IE 9 and 10 until a patch is released. Either change browsers to Chrome, Firefox or another popular choice, or upgrade Internet Explorer to version 11.
If your computer has already been infected with malware, bring it to Geek Rescue, or call us at 918-369-4335.