August 11th, 2014
Having your smartphone stolen is bad news for a number of reasons. Beyond the fact that you now have to replace your phone, you also run the risk of having valuable data stolen from it. Texts, pictures, passwords and other files are all vulnerable when your smartphone is stolen or even lost. But, there are ways to protect your data before this scenario plays out. At Gizmodo, David Nield explains a few methods for securing your smartphone’s data so a thief can’t access it.
Every smartphone includes the option to lock the screen, but an estimated half of users don’t use any type of lock function. This becomes especially problematic when your phone is stolen, or you just leave it behind or unattended for a few minutes. Many users are reluctant to put a lock in place because they don’t want to have to enter their PIN each time their screen goes to sleep. But, for Android users, there are apps available that only put locks in place when you leave your house or workplace. Or, you could use a lock pattern instead of a number combination. Anything is better than leaving your phone completely vulnerable.
Much like lock screen functions, remote features that both wipe your smartphone’s data and locate the device are available to all users. They just need to be set up or activated. Unfortunately, many users either don’t know about them, or fail to activate them before they need them. Apple, Android and even Windows phones all have the capability to be remotely wiped and located in the event they’re lost or stolen. Do some research and make sure you’re prepared with your device.
Keeping strangers from poking through your phone is half the battle, but the other half is getting that data back. If you regularly create back-ups of your most important files, you’ll never have to worry about losing them. This comes in particularly handy if you find yourself needing to remotely wipe your phone. You can do so even if you’re not positive it’s been stolen because you’ll have back-ups of everything readily available.
It’s also a good idea to change passwords on accounts you have an app for, like social media or banking apps, to keep strangers out. You can also look into two-factor authentication to make accounts safer, but that won’t help as much in the event that someone else has control of your device.
If you need help securing any of your devices, or your having other issues with them, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
July 21st, 2014
Spam is a well-known problem for email users. In the past couple of years, it’s also become a problem being distributed over text messages on smartphones. Now, as Adam Clark Estes reports for Gizmodo, iPhone users have to be wary of spam being sent via iMessage.
Security firm Cloudmark recently warned users about iMessage spam. That warning seems to have been issued because of a massive spam campaign that aims to sell counterfeit goods to consumers.
Links are sent to users via iMessage directing them to websites dedicated to promising name brand goods, like Oakley and Ray-Ban sunglasses and Michael Kors bags for low prices. While some sites of this nature are designed to steal credit card and other personal information or infect users with malware, it appears these sites actually do deliver the goods. But, they’re not legitimate.
Currently, the campaign has only targeted users in the biggest cities in the US. The spam has been spotted in New York City, Los Angeles, San Diego and Miami. In fact, this campaign alone has reportedly accounted for nearly half of New York City’s SMS spam, which includes spam being distributed via text message.
There are good reasons why spammers would want to use iMessage for their campaigns, rather than text messages and email. With email, most users have effective spam filters that prevent them from ever seeing the message. Text messages cost spammers money, especially if they’re sending them internationally. Meanwhile, iMessage is free to use and allows for the targeting of users with little to no security in place.
While this particular campaign may not have targeted your area, you can be sure that iMessage spam is a growing trend. Be wary of any messages received from someone not in your contacts and don’t click on links sent to your smartphone unless you know what they are.
If your device has been attacked or infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
June 2nd, 2014
For businesses, creating a secure IT infrastructure is difficult even if you’re only working with a handful of desktop computers that all run the same operating system and applications. Complications come from adding new devices, especially when employees begin using their own personal devices on your network. In most cases, it’s not the devices themselves that cause problems, but rather the apps they’re running. At Beta News, Ian Barker explains how mobile apps threaten the security of your business.
Even for individual users, relatively secure smartphones are exploited through security vulnerabilities in mobile apps. These aren’t malicious apps, but rather legitimate apps that contain flaws and hold high risk permissions.
According to studies, the average smartphone contains about 200 apps. This includes apps that come pre-installed from the manufacturer or service provider and those that the user downloads themselves. Each app averages about 9 permissions, or abilities to access and use your phone’s data, which includes access to your social media profiles, location and more. Of these nine permissions, about five would be considered high risk on average for each app. This means if the app were exploited, a criminal could cause significant harm to your device, or to your finances and identity, through these high risk permissions.
For businesses, this introduces hundreds of potential vulnerabilities for each employee and multiple data leaks associated with each vulnerability. Mobile security specialist, Mojave, categorizes about half of the mobile apps they examine to be at least moderate risk, which means they have access to a large amount of valuable data and don’t have a large amount of security associated with them.
Keeping your business secure requires close attention to not only every device that connects to your network, but also every application that device is running. Without that, you risk an employee opening the door for an attack that compromises your company’s data, or your customer’s.
For help securing your business, or recovering from an attack, call Geek Rescue at 918-369-4335.
May 28th, 2014
Identity theft and malware infections are two of the biggest security related worries for internet users. Unfortunately, both often stem from a lack of security for social media sites. Facebook, Twitter and other popular social media platforms are continuously working to make users safer, but you can take some additional steps on your own too. At Gizmodo, David Nield offers a few tips for how to make your social media accounts nearly unhackable.
- Two-Factor Authentication
Most of your social media accounts require nothing more than a password to log-in. When you stop and think about how much valuable information is available to anyone with access to your account, however, you’ll likely decide that more protection is needed. With two-factor authentication, you’ll log-in with a unique PIN sent directly to you via text message or through a mobile app. No device will be able to access your account without first going through this process. For Twitter, head to the ‘Security and Privacy’ menu in ‘Settings’ to enable two-factor authentication. Similarly on Facebook, the option is found under the ‘Login Approvals’ section of the Security Settings page.
Instagram, Facebook, Twitter and many other social media sites allow users to add apps to their profiles for extra features. These may be related to games, photo sharing and editing or a number of other uses. These apps often create a security flaw that allows criminals to hack your account, however. While having no apps is the safest, that may not be realistic. If you’d rather not sacrifice apps entirely, regularly audit your apps and remove those that you no longer use or that the developer is no longer updating.
Phishing scams have infiltrated social media through instant messages, or in the case of Twitter, malicious tweets and profiles. Clicking on a bad link often leads users into trouble, but the most popular web browsers have some protections in place for these scenarios. Users must keep their browsers up to date, however, in order to be protected. Even with these security features, it’s a good idea to avoid any link you’re not absolutely sure about.
On the devices you use the most, your social media accounts are likely available without the need to sign in. No one wants to enter their password every time they check Facebook or Twitter on their smartphone, but what happens if your phone is lost or stolen. Now, whoever finds your device can look through your profiles, send out messages and steal whatever personal information is available. To limit this possibility, make sure to put a secure lock on your device. Require a PIN, password or pattern to be put in whenever the screen turns off.
In addition to these suggestions, it’s also a good idea to use a strong, unique password for each account and change it regularly, especially when there’s news of a large site being hacked.
If you’ve been the victim of an attack through social media, email or another source, bring your infected device to Geek Rescue or call us at 918-369-4335.
May 27th, 2014
Apple devices are extremely popular, which unfortunately makes them a target for theft. To combat this as much as possible, Apple includes features to help users find lost or stolen devices, but these features contain security vulnerabilities of their own. The latest reports, as noted by Loek Essers of TechWorld, center around the “Find My iPhone” feature and a form of ransomware.
When ‘Find My iPhone’ is enabled, users are able to track it to see its current location or lock the device and display a custom message. Users are reporting that their iCloud accounts are being hacked and ‘Find My iPhone’ enabled on their own devices, however. A message informing them that they’ve been hacked by “Oleg Pliss” is displayed and a $100 ransom is demanded.
Users have also reported that while they’re able to log-in to their Apple accounts, they’re unable to disable Lost mode and unlock the device on their own.
At least for some of the victimized users, the problem may stem from the eBay hacking from earlier this month. Some users admit they use the same passwords for their Apple account as they did for eBay.
For now, Apple has been silent on the issue and hasn’t officially suggested a way to unlock hacked devices. The only fix to be found so far is to restore the device to factory settings.
It’s not just iPhones that have been affected either. All Apple device have a similar feature to help find them when they’re lost or stolen and all are vulnerable to this same ransom tactic. So far, users in Australia, Great Britain and Canada have all reported being hacked, but no users from the US have had the same problem.
Before the problem spreads to the US, it’s a good idea to change your passwords, especially if you held an account at eBay that may have been compromised.
If any of your device are hacked, infected with malware, or break, bring them to Geek Rescue or call us at 918-369-4335.
April 25th, 2014
There have been plenty of warnings about malware targeting Android devices. The Android operating system, due in large part to its open source nature, has been plagued by security threats at a much higher rate than Apple’s iOS. Still, there’s never been a documented trojan capable of sending premium SMS messages victimize users in the United States. As Adam Greenberg of SC Magazine reports, a trojan known as FakeInst has now done just that.
FakeInst isn’t only capable of sending text messages that cost users money. It’s also able delete messages, steal them and respond to contacts.
Users in the US also are far from the only victims of the SMS trojan. In all, 66 countries have been affected, including Canada, Mexico, France, Spain and Italy.
Unlike some other more malicious threats that infect devices through no real fault of their users, FakeInst has a specific infection method. A phishing website is set up that attracts users who are on their Android smartphone looking for pornographic content. The site asks visitors to download an application. After installing the application, the user is then asked to send a text message to a service to access content. These actions allow the trojan to infect the device and decrypt the necessary information needed to take over SMS capabilities.
This ends with the malware sending premium text messages that cost about $2 each.
Researchers have tracked the trojan to Russian origins, where the first reports of infection were found.
Thankfully, for most users this threat is easy to avoid. Don’t install apps from outside of the official Google Play store and certainly don’t download apps from less than reputable websites.
If your smartphone or other device has been infected by any type of malware, bring it to Geek Rescue or call us at 918-369-4335.
April 22nd, 2014
At the end of March, HTC released their latest flagship smartphone, the HTC One M8. Leading up to the release and in the weeks since, the device has earned rave reviews for a number of innovative features and high quality specs. But, it’s not perfect, as no smartphone could be. At CIO, Al Sacco explained his biggest beefs with HTC’s offering.
The first feature that sticks out about the One M8 is that it uses dual lenses on its rear-facing camera. HTC calls it “UltraPixel” technology. The two lenses are expected to accurately calculate the distance of subjects in order to yield better images. In reality, bright light environments result in washed out colors. Combined with the lower than expected 4 MP, the One M8’s camera is a definite disappointment.
The One M8 comes with a bundle of software that gives the device a number of features that sound great on paper. In practice, many users find them cumbersome, annoying or useless. HTC Sense features include gesture based commands and a home screen panel designed to deliver interesting information. In most cases, these features feel gimmicky and actually inhibit users from accomplishing their tasks.
The fact that the One M8 features memory card support is noteworthy. With a capacity for microSD cards up to 128GB, users are able to add plenty of space for nearly any application. The execution of this memory card support is lacking, however. Specifically, the only way to open the slot to add or remove a memory card is with a small tool that comes with the phone. This is limiting for a mobile device that might not stay close to the tool at all times. It’s also extremely easy to lose or misplace the tool, which means you’ll be left prying open the memory card slot with a paper clip.
This final complaint isn’t about the actual smartphone at all. Instead, it focuses on the highly publicized Dot View case, which has appeared in most of the advertising for the One M8. Some readers will immediately see the case’s display as similar to a Light Bright. There are small holes that display lights of different colors to allow users to check the time, get notifications and even answer phone calls without opening the case and turning on the screen. Again, on paper this sounds great. The problem is how cheap the case feels. At a retail price of $45, that’s unacceptable. It’s also awkward to use and keep open when you actually want to use your phone. Since it doesn’t do anything revolutionary, considering most smartphones display similar information on their lock screen, this case certainly isn’t a reason to purchase the device.
These flaws don’t necessarily mean that the HTC One M8 is not right for some users. No smartphone is perfect, but it’s best to understand the positives and negatives before hitching yourself to your next phone.
Regardless of the make and model of your smartphone, Geek Rescue is here to fix it when it breaks. When you have issues with any of your devices, come by or call us at 918-369-4335.
April 16th, 2014
Users of Android smartphones are already at a significantly higher risk of malware infection than their iPhone counterparts. Experts, however, are warning of even more threats coming throughout 2014. One of those threats has already been identified and has infected millions of devices. Chris Smith of BGR reports on the Android malware threat called ‘Oldboot’ that is also being referred to as “the biggest threat to the operating system to date”.
Oldboot is capable of installing malicious apps on a device and can even remain hidden from detection or “fight” antivirus apps by modifying or uninstalling them. But, what makes it so dangerous is Oldboot’s ability to re-infect devices even after seemingly being removed. This malware is stored in the memory of devices and alters booting files. Infected devices then re-install malware in the early stages of their restarting process.
Oldboot is referred to as advanced malware because it has so many capabilities. It’s able to send text messages from a user’s device, modify the browser’s homepage, launch phishing attacks and more.
Perhaps the biggest problem is very little is known to date about what specific Android devices are at risk or even how devices are infected. Most Android malware infects devices through malicious apps. Occasionally, these malicious apps find their way into the official Google Play app store, but more often they’re downloaded from an untrusted source.
Other dangers include malicious text messages and emails and malicious websites visited on your smartphone.
If you think your device has been infected by any form of malware, bring it to Geek Rescue or give us a call at 918-369-4335.
April 14th, 2014
Last week, news of the Heartbleed bug, which threatens the integrity of HTTPS enabled websites worldwide, broke. In addition to a worry that important data sent between users and websites could be compromised and stolen, there is also a concern that mobile services could be vulnerable. Stephanie Mlot at PC Mag explains how Heartbleed threatens the security of Android users specifically.
Naturally, Google was among the most potentially costly sites should users fall victim to Heartbleed. Not only are Google’s services among the most used online, but they also have access to a lot of personal information that is extremely valuable to criminals. So, Google set out early to patch their services and protect their users.
So far, Google services Search, Gmail, YouTube, Wallet, Play, Apps, AdWords, Maps and Earth have all been patched.
For the Android crowd, every version of the mobile operating system is safe from Heartbleed save for Android 4.1.1. It’s unknown exactly how many users have this version installed on their devices, but some iteration of Android 4.1 is being used by more than a third of Android users. It’s estimated that the number of affected users is in the millions and devices affected include popular manufacturers Samsung and HTC.
A Google spokesperson stated that patching information is being distributed to manufacturers, but this slow process is one of the main issues regarding Android security. Unlike Apple, which can push updates and patches to all of its users directly, Android users must wait for each manufacturer to tailor patches to their specific environment. In cases like this one, that can leave users and data vulnerable to known exploits for days and even weeks.
Blackberry has released a statement informing users that a fix for their Android devices will be made available by the end of the week. Other manufacturers have been quiet, however.
The best option for users in the meantime is to assume that data can be stolen from their device. If your Android device uses the 4.1.1 operating system, which can be checked in the Settings menu under ‘About Phone’, don’t use your device to log-in to online accounts or to message personal information.
While users will have to wait for an official patch to protect themselves from Heartbleed, for any other problems with your Android device or other mobile devices, come by Geek Rescue or call us at 918-369-4335.
April 3rd, 2014
The “Find My iPhone” feature is a valuable security tool and the last hope for users who have had their smartphone stolen or have lost it. Previously, reports surfaced pointing to vulnerabilities in Apple’s “Lost Mode”, which allows users of iPhones, iPods and Macs to lock their device remotely. As Ashley Feinberg reports for Gizmodo, a security flaw has also been found in “Find My iPhone”, which allows strangers to completely unlock a stolen device.
“Find My iPhone” allows users to log in to their iTunes account and find the location of their smartphone as long as the device is still turned on. Not only does this help users recover lost phones, but it also ensures that criminals can’t steal and sell iPhones. As long as the original user’s iCloud account information is still on the device, it can be tracked down.
Erasing the iCloud account requires an Apple ID password. While breaking that password is possible, it would usually require a minimum of a few hours to do so, which would provide the rightful owner plenty of time to find their missing device.
A video recently posted to YouTube, however, demonstrates how criminals can by-pass the need for a user’s Apple ID password and delete their iCloud account. Doing so doesn’t even require a great deal of technical expertise. All that’s needed is for the “Delete Account” button to be pressed at the same time as the “Find My iPhone” switch from the iCloud settings menu. That brings up the password prompt and the delete window at the same time, which freezes the device.
From there, after restarting the device, you’ll find that you’re able to delete the iCloud account without a password and have free reign.
While no fix for this issue exists yet, Apple has likely been working on one since this exploit was made public. Users who have a PIN in place to lock their iPhone are already partially protected from this bug. Even if their device is stolen, the PIN has to be broken before anyone would even have access to this exploit.
While Geek Rescue can’t find your missing smartphone, we do fix it when it breaks. For any issues with your device, call us at 918-369-4335.