Security Flaw In SD Cards Exposed

December 31st, 2013

SD card

If you use a smartphone or digital camera, you’re probably familiar with SD cards. They’re the small cards that store data using flash memory. For most users, they only think about their SD card when they’re transferring contacts to a new phone or removing pictures from their camera. As Stephen Shankland reports for CNet, however, a new technique exposed by security researchers has demonstrated how vulnerable SD cards are to “man in the middle” attacks.

A man in the middle attacks is true to its name. When data is transferred from one location or device to another, a third party intercepts that data in order to monitor, modify or copy it. This allows a criminal to gain access to valuable data like credit card information, or encryption keys. They could also substitute malicious files for trusted files in order to infect users with malware.

The vulnerability in SD cards exists in the cards’ microcontrollers. These are like built-in computers that manage the data stored on the SD card. By reverse engineering an SD card, researchers were able to install and run new firmware on the microcontroller then installed an application that would intercept data being sent by the device.

The specific attack used in the researchers’ demonstration doesn’t work for any flash-memory device because of variations in the microcontrollers, but this example exposes vulnerabilities for all devices using flash memory. This means similar attacks could be used to steal data from solid-state drives or eMMC storage for smartphones.

This is yet another example of the vulnerability of mobile devices. With millions of users and a general lack of security in place, mobile devices are an inviting target for hackers and new threats are emerging all the time. While this particular attack will need a change to the make-up of SD cards to close the vulnerability, other threats need only smarter user behavior. Remember that your mobile device faces the same risks as your PC and protecting it requires vigilance.

If any of your devices have been infected with malware, bring it to Geek Rescue or give us a call at 918-369-4335.

Scareware Observed Targeting Android Users

December 24th, 2013

Virus warning

The amount of malware for smartphones grew exponentially throughout 2013. Because of its open source environment and number of users, Android phones were targeted most. Now, it seems some of the same tactics used for years by cyber criminals on PCs are transitioning to Android smartphones. Satnam Narang reports for Symantec that scareware has been observed attempting to trick users into downloading malware to their devices.

Scareware is a common practice used by hackers. By using social engineering, a criminal convinces a user that they’re facing an impending threat and need to buy or download a product to protect themselves. Usually, the scareware scam involves telling users that there is a virus or malware on their device and offering to remove it.

The latest scam observed targeting Android users involves mobile ads. They claim the user’s device has been infected by a trojan called MobileOS/Tapsnake. Tapsnake is a legitimate threat to Android users that’s been around since 2010, but it’s used here only to make the scam seem more credible. The ads include a button that claims to install a security app on your phone or scan and remove this threat. In actuality, you’re downloading malware.

Avoiding this type of scam should be simple. First, no online ad will scan your device and alert you of any malware it discovers. But, some unsuspecting users fall for it because they’re extremely worried about threats to their smartphone. This particular scareware displays on any smartphone, however. So, even iPhone users will be alerted that their Android device is at risk.

If you encounter on of these ads and are concerned about your phone, run your existing security app or download a trusted one from the Play store. To avoid accidentally downloading a malicious app, never download directly from a website.

If your smartphone has actually been infected by malware, bring it to Geek Rescue or call us at 918-369-4335.

How To Fix Android’s Biggest Flaws

December 23rd, 2013

Android with wrench

There are millions of Android users worldwide, but there are also plenty of annoyances that come with using an Android phone. Eric Ravenscraft at LifeHacker listed some of the most frustrating Android features and how to fix them.

  • Battery Life

Your smartphone’s battery dying in the middle of the day isn’t a problem limited to Android users, but it may be the one most complained about. As your phone gets older, the battery life tends to get worse. The obvious solution would be to buy a new smartphone. There are a number of newer options with either larger batteries or more efficient software that extends battery life. Not everyone wants to replace their phone just to get a longer lasting battery, however. And you don’t have to. You could also buy another battery instead. Either a second battery that you keep charged, or a larger capacity battery to replace your existing one. If you’d rather not spend any money, look at removing apps that cause the most drain, or download apps that help you control app’s battery usage. You can also disable bluetooth, GPS and WiFi capabilities when you’re not using them.

  • Bloatware

The apps and features that manufacturer’s load onto phones before you buy them are rarely useful. They’re referred to as bloatware or crapware by most and usually do nothing but take up space and resources. Unfortunately, you can’t always delete these apps, but you can disable them. Go to the app’s settings and you’ll find a ‘Disable’ button that will keep that app from taking up battery or updating. It will still take up storage space, however.

  • Notifications

So many apps are using notifications now that it’s hard to keep up with all of them. If you’re tired of wading through social media, game and email notifications, check for a ‘Notifications’ setting on each app. It may be in the app itself or in the Android app settings. Turning off notifications also reduces battery drain. If you can’t stop the notifications through a settings menu, there’s another way for Android 4.1 and newer users. In your ‘app manager’, uncheck the ‘show notifications’ option and you’re done.

Fixing these annoyances will improve your experience with your Android smartphone. If you have more serious issues, like broken hardware or a malware infection, bring your device to Geek Rescue or call us at 918-369-4335.

Android Security Apps Improving But Lack One Crucial Feature

December 18th, 2013

Android smartphone

The number of smartphone users worldwide is continually growing. The way they use their devices is also expanding with more internet browsing and online activity than ever before. Unfortunately, this means that smartphone users are becoming a more valuable target for hackers and malware. Protecting your mobile device with antivirus or anti-malware apps is important, but as Mathew J. Schwartz reports for Information Week, even the best antivirus apps available to Android users can’t remove malware from your phone.

That may sound like an odd statement but Android antivirus apps can’t delete or even quarantine threats they detect. The reason for this limitation is Google’s Android Application Sandbox. Every Android app runs in this sandbox, which isolates app data and code execution from other apps on the device. With each app isolated, an antivirus app doesn’t have the permissions needed to delete malware it finds.

Security apps are getting better for Android, however. Researchers testing 28 different security tools for Android found that their average success rate improved in the past three months, from 90.5-percent to 96.6-percent. They found that the best apps come from familiar names like Avast, Symantec, Avira and Kaspersky.

When choosing a security app, there’s more to consider than just if it can detect malware. You want an app that doesn’t overly drain your battery and one that loads quickly and runs efficiently. You also have to consider how accurate its detection rate is. You don’t want false positives going off each time you attempt to install a clean app.

Despite the improvements being made to Android security apps, they’re going to continue to be lacking until they’re allowed to actively treat the malware infections they detect. Google has remained silent on when that might be.

In the meantime, users must be in charge of their own security. When using your smartphone, you can’t rely on security precautions to keep you safe. Instead, you’ll need to steer clear of malware by avoiding suspicious links and untrusted malware. Understand that your device isn’t secure and don’t visit potentially dangerous websites.

If you have a malware infection on any of your devices, including your smartphone, bring it to Geek Rescue or call us at 918-369-4335. We remove malware, viruses and fix any issue you’re having.

Apple’s iOS 7.1 Moves To Second Beta Version

December 16th, 2013

Apple symbol

Apple released iOS 7, its latest version of the operating system included on iPhones and iPads, in the middle of September. Here it is three-months later and iOS 7.1 has taken another step closer to its release. Unlike iOS 7, 7.1 won’t be so groundbreaking and will feature mostly bug fixes and small tweaks. As Carly Page reports for Inquirer, the second Beta version of iOS 7.1 has been officially made available to developers.

Perhaps the most exciting of the included tweaks is a toggle for ‘Car Display’. In and of its self , this isn’t that exciting but it hints at something Apple may release in the near future. ‘iOs in the car’ has long been a rumored feature bound for release. This feature would allow users to link their iPhone or iPad to their car in order to control their music, navigation and messages while driving.

Other changes in this version of iOS include some tweaks to settings menus. Touch ID and Passcode settings have been moved to the main Settings menu to make them easier to find. In iOS 7, they’re buried under multiple options. Users will now also be able to adjust button shapes through the Accessibility setting.

The iTunes Match process has been made faster than ever, which it easier for users to access music stored in the cloud. Also faster is the animation speed used for all interactions with the operating system. This doesn’t actually make the device faster, but it will feel faster than before.

Many of these small changes won’t even be noticeable to many users, but they will make devices easier to use and introduce some options for more customization. The second Beta version of iOS 7.1 is currently available for download at Apple’s developer website.

At Geek Rescue, we know the ins and outs of iPhones, Androids and all smartphones. If your device is giving you trouble, bring it to one of our locations or give us a call at 918-369-4335.

Android Malware Threat Makes Covert Phone Calls

December 10th, 2013

Smartphone phone call

Malware being made specifically for mobile devices is growing rapidly thanks to the number of smartphone users also growing. Hackers target any device that could be profitable for them, which is also why most mobile malware is a threat to Android users, who make up most of the mobile audience. One recently discovered threat is drawing interest from security experts because it marks a jump in the capability of malware attacks. As Graham Cluley writes on his security blog, MouaBad.P is a piece of Android specific malware that’s capable of making phone calls without user interaction.

MouaBad is a family of mobile malware that allows hackers to control a smartphone remotely. In earlier instances, this malware was used for sending text messages to premium numbers, which charged the users. MouaBad.P is the first time experts have observed the ability to remotely make phone calls without any user interaction.

The malware typically makes it onto a smartphone through an infected app. Once installed, Mouabad.P is able to make phone calls while your screen is off and your phone is locked. It stays hidden by ending all calls once you turn your screen on. It does leave a trail, however. By checking your call logs, you’ll be able to tell if a third party has been making phone calls without your knowledge.

Currently, this type of attack has only been seen in Chinese-speaking regions. Mouabad.P is specifically made to target these countries and won’t work for smartphones outside this region. However, its existence suggests similar threats could be coming to the US soon.

To keep your phone safe from all threats, be extremely cautious about what you download. Also, make sure you’re running an effective, updated security app at all times.

If your smartphone or any other device is infected with malware, bring it to Geek Rescue or call us at 918-369-4335. We’ll clean off the malicious apps and files and help you better secure your device against the next attack.

The Biggest Security Risks For Android Users

December 9th, 2013

Risk on smartphone

Worldwide, Android is actually the more popular choice for smartphones than Apple devices. But, security issues are a common complaint of users and a common reason many opt for Apple instead. Bob Violino of InfoWorld reports that these concerns over security are mostly overblown, but points out the two risks that exist for all Android devices.

  • Google Play

The Android version of the App Store is Google Play. It’s a marketplace where users can download all kinds of apps. But, it’s regarded as much less protected than Apple’s App Store. The nature of Android is that it’s open for development. This encourages new, innovative apps and features to be developed, but also allows for malicious apps to find their way into the marketplace. Many apps ask for more permissions than they need, even if they aren’t actively malicious. Performance issues and data loss are often attributed to a bad app. Because Google Play does not set up enough precautions to keep malicious apps out, it’s a legitimate concern for Android users.

  • Fragmentation 

In the context of the Android platform, fragmentation refers to the many different manufacturer’s and versions of the Android operating system that are currently running on users’ devices. Unlike Apple’s iOS that is consistent for all users, manufacturer’s are able to tweak and alter Android specifically for their devices and aren’t forced to roll out updates once they become available. The result of this is that outdated versions with security flaws are allowed to run, which is a danger to users and to any network they connect to. The majority of Android users are running out of date versions of the operating system. This poses a significant threat to businesses who allows employees to use their own devices on the company network.

The Google Play store and fragmentation are both legitimate concerns for security with Android. For individual users, being more cautious about what apps you download and being proactive about updating your device’s operating system both help to overcome these problems. For businesses, a robust compliance policy, an end to support for older versions of Android and other security provisions allow your company to use Android devices without as many security issues.

For help securing a device or a network, or to fix an existing problem with a device, come by or call Geek Rescue at 918-369-4335.

USB 3.1 Features New Connector Design

December 6th, 2013

USB connection

Standard USB connectors that help us attach our mouse, printer, digital camera, smartphones and more have been around for nearly two decades. It’s fair to say then that it’s time for an update on the design. As Sam Byford reports for The Verge, USB newest connector will feature an entirely new design that will allow for thinner devices.

The new connector, called Type-C, will be rolled out with the USB 3.1 specifications and should start hitting the market some time after the middle of 2014. The new design means that all of your older USB cables will be obsolete for new devices unless used with an adapter. However, Type-C aims to make a more universal connector that’s reversible. This means that both ends of the cable can be used right side up or upside down on nearly every device. Apple products are, of course, an expected hold out.

Type-C hasn’t been seen by the public yet, but the connectors are expected to be about the same size as the current micro-USB connectors found on many phones, cameras and mp3 players. These smaller connectors allow devices to be thinner than ever before because they’re no longer bound to the bulky by comparison current USB plug ins. For example, the Samsung Galaxy Note 3 has been criticized for its seemingly over-sized USB port, which doesn’t seem to match with the rest of the device’s design.

At Geek Rescue, we know tech. If you’re experiencing problems with any of your devices, old or new, bring them in to one of our locations or call us at 918-369-4335.

Help For Choosing Between Android Smartphones

December 4th, 2013

Stack of smartphones

Most people change smartphones every couple of years, if not sooner. For some, the decision on what new phone to get is an easy one. You might be dedicated to iPhones or have a particular Android model that you want to stick with. Others have a more difficult time deciding between the various options available to them. Eric Ravenscraft of Lifehacker wrote an extensive piece about how to choose a new Android smartphone. Here, we’ll look specifically at what features are most important and how to choose the smartphone with the best features for you.

  • Camera

No one carries their smartphone and a digital camera around everywhere they go. Most users want a phone with a quality camera and it’s one of the most varied features from phone to phone. Just because one smartphone’s camera boasts more megapixels doesn’t necessarily mean it’s the best. Each manufacturer uses different tactics and designs to create a better camera. So, do some research and look for comparison tests online that show the type of images a camera will capture and in what settings they’re best used.

  • Display

Some users will opt for the biggest, brightest and best high-definition display they can find simply because it has the best specs. That isn’t necessarily wrong, but those super charged displays will cost you battery life and processing power and most users can’t tell much of a difference. The big deciding factor for display is between AMOLED or LCD. AMOLED are usually brighter, with more saturated color. They also use less battery because they only light pixels as they’re needed. LCD provide a more realistic color representation. Different displays are best for different users, but don’t rely on number of pixels to choose your next phone.

  • Battery Life

The amount of time your battery lasts would probably be first in this list for most people. Once again, you can’t judge battery life on one statistic alone. Some manufacturers include larger capacity batteries to power more powerful processors and brighter screens for longer. Others optimize hardware to use less battery. Both are good ways to improve battery life so research is key to picking the right phone. Battery comparisons and tests are available online.

  • Manufacturer Specific Features

If you haven’t narrowed down your choices by using the first three features, this one could help you make a final decision. Manufacturer’s like Samsung, HTC and Motorola all put their own spin on what comes with their smartphones. HTC includes a live news feed of your social media profiles on your home screen and a feature to control your television. Motorola phones come with a voice control app. These features probably won’t win you over by themselves, but they could help you decide between your top two options.

When choosing a new smartphone, you don’t need to worry about which phone is the best. You need only worry about which is the best for you. Before you even start researching phones, take a moment to think about how you plan to use it and what you need it for.

If you have issues with a new smartphone, or would like to fix up your current phone to feel like new, bring it in to Geek Rescue or call us at 918-369-4335.

Could Facial Scanning Be Apple’s Next Security Feature?

December 3rd, 2013

Facial scanning of man

Apple introduced Touch ID as a security feature that recognizes a user’s fingerprint to unlock the iPhone 5S. That feature has come under scrutiny after security experts and hackers uncovered flaws and ways to by-pass it. Some users have also complained that Touch ID doesn’t always recognize their finger, or it takes too long to scan. Soon, Apple users may not have to worry about scanning fingers at all.

Lance Whitney, of CNet, reports that Apple has been granted a patent on an idea that would allow facial scanning to replace the current Touch ID feature.

The facial scanning function, which was patented under “Personal computing device control using face detection and recognition”, is still in its infancy. It appears, however, that Apple plans to make it a security feature on future products.

In many ways, it works the same as Touch ID does for your fingers. A user would start by scanning their own face and the face of anyone else they want to have access to their smartphone or tablet. The scan would record the shape, texture, color and size of your features and store them. Then, to unlock the device, you would have to again scan your face. Only registered users would be able to unlock the device, while unauthorized users would be stuck at the lock screen.

Calls, emails, texts and other notifications would also be locked behind the facial scanner. So, if a call comes in, your smartphone would scan your face before allowing you to answer.

Many of the same security flaws and workarounds that existed with Touch ID after it was introduced are still possible with facial scanning. A password would likely still act as a back-up for situations where the facial scan didn’t work, which opens the door for hacking. But, this is another interesting step for improved security on mobile devices.

If you’d like to improve the security on any of your devices, or you’re having problems like broken hardware, slow performance, or malware, bring your device to Geek Rescue or call us at 918-369-4335.