More Pre-Loaded Lenovo Spyware

Security,
28
Oct 2015

Lenovo-Yoga-658x370-2212b47ff38e685e

Several weeks ago, Lenovo was found to be preloading spyware onto their laptops; now it’s been discovered they’re loading spyware onto their Thinkpads.

Yes, Lenovo has certainly disgruntled a whole new sector of customers. And what with the Thinkpad range being marketed as a business laptop it’s particularly worrying for business customers.

After all, which business wants to get caught up in any type of security threat which could potentially distribute their customers details to third party sources?

Let’s take a quick look at exactly what’s happening.

The Spyware Scandal

spionage_w492_h312

The Thinkpad range was purchase by Lenovo from IBM and these refurbished models are being packaged with a piece of software called ‘Lenovo Customer Feedback Program 64’ which is causing the latest controversy.

But what exactly does this spyware do?

Well, it’s there to send customer feedback back to Lenovo’s servers to help improve their products and service. There’s not anything particularly nefarious about that. However, it’s also been discovered that this piece of software contains the following files:

  1. TVT.CustomerFeedback.OmnitureSiteCatalyst.dll
  2. TVT.CustomerFeedback.InnovApps.dll
  3. TVT.CustomerFeedback.Agent.exe.config

It’s the first file which is interesting as it relates to Omniture who are an online marketing and web analytics company. What they do is monitor people’s behaviour online to help build a snapshot of how internet traffic is moving across the web.

Now, although Lenovo do disclose in their EULA (End User Licence Agreement) that software will be transmitting customer feedback to the Lenovo servers it is buried away amongst a lot of text. Additionally, there is no mention that internet usage will be monitored and passed on to Omniture for what is surely financial profit.

Just imagine the security risks this could have with your business if hackers are able to find a loophole in this spyware and can piggyback onto your internet connection? It could spell serious security issues for the security of yours and your customers’ data.

Removing the Spyware

Virus-Removal

Thankfully, it’s not a mammoth task when it comes to removing the spyware, so just follow these steps:

  1. Download ‘Task Scheduler View’ which is a useful piece of software which displays all the tasks running in Windows
  2. Within Task Scheduler View you will want to disable anything which is related to Lenovo customer feedback and/or Omniture
  3. It’s also recommended to rename the folder “C:\Program Files (x86)\Lenovo” e.g. “:\Program Files (x86)\Lenovo-test” to help prevent any other dubious files being activated or installed

This should that your Thinkpad and your confidential data remain secure and are not at risk of being exploited.

When Will Lenovo Stop?

This is the third security scandal to hit Lenovo this year after the Superfish and BIOS modifying controversies, so consumers are understandably losing their patience with Lenovo.

Although Lenovo claims on their website that “Lenovo takes customer privacy very seriously and the only purpose for collecting this data is to improve Lenovo software applications” it remains to be seen when they will follow through on this pledge.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Predicting Failure: How Hard Drives Warn Us

hardware
26
Oct 2015

hard-drive-failure

Hard drives are valuable containers of data, so when they fail it can be costly. Therefore, it’s essential you know how to monitor your hard drive’s health.

Now, you don’t need to worry, as you don’t need a PhD in computer health to analyze the health of a hard drive. Instead, you just need to refer to a monitoring system known as SMART (Self-Monitoring, Analysis and Reporting Technology) to investigate whether your hard drive is on the edge of failure.

It’s a good idea to integrate SMART into your monitoring procedures, so let’s take a look at exactly what it does and how to use it.

What is SMART?

Smart-HDD-Virus

SMART helps to keep an eye on your hard drive’s health by monitoring various attributes (up to 30 depending on the manufacturer) present. These attributes may vary slightly in description between manufacturers, but are all essentially the same.

Now, these attributes are assigned certain parameters which can provide definitive information that your hard drive is struggling for breath. And the parameters you really need to pay attention to are:

  • Value – This property indicates the current health of the attribute and starts off as a high number, but declines over the hard drive’s lifetime.
  • Identifier – This provides a description of what the attribute means and is indicated by a number, but will also have a text description too e.g. ‘Reallocated Sectors Count’
  • Threshold – This parameter tells you the failure limit for this attribute, so once the threshold is passed it spells trouble for your hard drive.

How Can You Monitor SMART?

It’s possible to view SMART data by using the ‘command prompt’ option in Windows, but many users are unfamiliar with command prompt, so it’s not always recommended.

Luckily, there are many third party pieces of software such as CrystalDiskInfo which allow easy navigation of SMART data, so it’s well worth downloading as it’s free and tells you everything you need to know.

CrystalDiskInfo

If, however, you do want to go the command prompt route then take the following steps:

  1. Hit the Windows key and do a search for ‘Command Prompt’
  2. Open command prompt and type in the following: wmic diskdrive get status

If your hard drive is working just fine then you’ll get an ‘OK’ status displayed. This can give you a quick bit of reassurance, but you’re unable to get an overall picture of the hard drive’s health with this approach.

What Do You Need to Look for in SMART Data?

Now, having a long list of data in front of you is all well and good, but you need to know what you’re looking for. Thankfully, Backblaze has investigated the most crucial attributes to monitor and these are:

  • SMART ID 5 – Reallocated Sectors Count
  • SMART ID 187 – Reported Uncorrectable Errors
  • SMART ID 188 – Command Timeout
  • SMART ID 197 – Current Pending Sector Count
  • SMART ID 198 – Uncorrectable Sector Count

If these values are sitting at 0 then you can sigh a sigh of relief as it demonstrates a healthy hard drive. Anything above 0, however, and it’s a telltale sign that your hard drive is at risk from failure.

It’s a good idea, though, to keep your eyes on all the attributes to try and identify any potential problems.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

10 Security Best Practices for Businesses

Security,
24
Oct 2015

banner-05

It’s essential for businesses to protect their data assets from any potential security threat. Here are tips to help your business achieve this.

The world of IT security, however, can be an intimidating landscape and many business owners struggle to put a plan of action together. And this leaves them vulnerable to security attacks.

Thankfully, though, we’ve learned a thing or ten about protecting data from rogue elements and will be sharing these security best practices with you.

  1. Segment Your Networks
    ibwf_diagram_3

One of the best strategies to minimize data loss is by segmenting your networks. The use of firewalls between each network segment will prevent attackers gaining access to all of your data at once. It’s likely that this frustration will lead to attackers giving up and heading elsewhere.

  1. Visualize What You’re Securing

Data, in its purest form as binary code, isn’t something you can physically see. And it’s this lack of physical mass which means it’s difficult to assess the knock on effect of implementing new security policies. To prevent leaving your business open for attacks, keep detailed visibility records of your networks and their configurations. This allows you to make future changes which won’t compromise your security.

  1. Don’t Give Everyone Admin Rights
    1311_WindowsPromote2

There needs to be a level of control when it comes to your network, so you can’t issue everyone admin rights. Sure, it may save users a little time in sorting out network issues such as installing new hardware, but it also sets your network up for an attack by making admin rights less privileged.

  1. Keep Tabs

It’s vital that you create a ‘security knowledge’ database to help keep everyone on the same page as to who has specific access to which security features. This allows a hierarchy to be observed and easy to understand processes to be carried out when dealing with applications or even decommissioning them.

  1. Carry out Security Training

Everyone in your organization will need to undergo some form of security training. This allows your business, as a whole, to be more secure from attacks. And it doesn’t need to be intense training either, it may be as simple as going through the company IT policy with new starters or regular email updates about current viruses and malware.

  1. Regularly Patch your Systems
    3

The easiest security attack is one that targets a known vulnerability e.g. an opportunity to get into your system via a ‘back door’ in a piece of software. Therefore, always make sure you install every patch you’re offered as it could make a huge difference to your chances of staying secure.

  1. Analyze your Security Stats

The only way to confirm that your security efforts are working is to analyze their performance every month. This is why you will want to measure metrics such as number of attacks, user errors etc. to monitor exactly which direction your security is heading in.

  1. Communicate with Other Teams
    cross functional team

Communication needs to be clear and defined between your security team and other in-house teams to guarantee high levels of security. Any changes that are made in-house need to be communicated between security and the corresponding team to allow security provisions to be updated/implemented. Likewise, your security team has to inform all other teams of any upcoming security changes to keep everyone aware.

  1. Reduce Outbound Access

Many data thefts occur from within businesses, so it’s good practice to limit the amount of outbound access available. So, if, for example, your business has no need to use Google Docs then put a block on it and prevent any data leaking out via this avenue. Don’t forget: insider data theft can not only be disastrous, but also highly embarrassing.

  1. Automate Certain Security Tasks

It’s a tough job to monitor every single aspect of your data security, so why not automate some of the more basic tasks e.g. monitoring unauthorized attempts at bypassing firewalls. This gives your security team more time to concentrate on more complex security issues.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

KeyRaider Malware Causes Havoc for Apple Devices

Security, , ,
22
Oct 2015

trouver-et-suprimer-malware-keyraider-infoidevice

Users running Apple’s iOS software may have been exposed to a nasty piece of malware which threatens to steal user data and make unauthorized app purchases.

This malicious software has been dubbed ‘KeyRaider’ and has been responsible for uploading sensitive user information to a central server. This type of data theft is alarming enough, but affected users are also having to contend with KeyRaider purchasing apps without authorization.

The KeyRaider infection, so far, only appears to affect Apple devices which have gone through the ‘jailbreak’ process, but up to 225,000 accounts have been compromised as a result.

How did KeyRaider Start?

Jailbreaking an Apple device involves removing hardware restrictions enforced by iOS and is a fairly common practice for Apple users who are tech savvy. The aim of jailbreaking is to give more control over how the device runs and to enhance functionality.

9544245659_899baface2_z

Now, a whole industry has sprung up around jailbreaking in order to really highlight what an Apple device can do and to show off developers’ coding skills. And at least one amateur developer has decided to exploit this desire by creating jailbreak tweaks which hide a nasty surprise.

Once these tweaks are installed on an Apple device the system becomes compromised and puts the user at risk of a serious infringement of their security.

The Malicious Tweaks in Full

Two jailbreak tweaks in particular have been identified for putting users at risk of contracting the KeyRaider malware and they are:

  • iappstore – This jailbreak tweak promises to allow jailbroken devices to download paid apps from the App Store without spending a single cent.
  • iappinbuy – Many apps require users to make in-app purchases to enhance that app’s experience e.g. unlocking extra features in games. And this particular tweak pledges to circumnavigate the payment.

Despite many Apple users doubting the authenticity of these tweaks, they were downloaded over 20,000 times. And every single download puts users’ personal data at risk.

What Type of Data Is Being Stolen?

KeyRaider appears to be stealing three types of data from users under the following categories:

  • Usernames, passwords and the Apple devices ‘global unique identifier’
  • Push notification service certificates and private keys
  • App Store purchase logs

These three forms of data carry very powerful user information which is allowing KeyRaider to create high levels of panic particularly due to the financial edge.

How to Protect your Apple Device

sunset_ios_8_wallpaper-copy-1160x725

The simplest piece of advice we can give you is NOT to jailbreak your Apple device. They’re pretty amazing bits of kit as they are, so some things are better off left alone. However, I appreciate that many people want that little bit extra, so we advise the following:

  • Do NOT download the iappstore or iappinbuy app.
  • Avoid downloading anything from Cydia Substrate which is like the App Store, but for jailbroken devices – this is where the malicious tweaks first surfaced.
  • If something sounds too good to be true – such as not paying for paid apps – then it probably isn’t worth installing.

By following this advice you will safeguard your Apple device from disruptive malware such as KeyRaider.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

SmartPhone Malware Found on Popular Brands

Security,
20
Oct 2015

study-reveals-xiaomi-huawei-lenovo-phones-contain-malware-by-default

It’s not just PCs that are at threat of malicious software (malware), smartphones are fast becoming the prime target for malware, but how has this happened?

First of all, what exactly is malware? Essentially, it’s a nasty string of code or a program which enters software with the main aim of stealing data, taking control of your system or flooding your device with irritating ads.

And you only have to look at the rise of the smartphone to understand exactly why it’s such an attractive prospect for installing software. More people now use their smartphone to access the internet than they do their laptop and this has led to the following issues:

  • Even the most advanced PC user does not fully understand smartphone security as it involves different software and operating systems
  • The average smartphone user is not even aware that their phones can be hacked or monitored

However, the latest malware scandal to hit the smartphone world involves three Chinese smartphone manufacturers (Lenovo, Xiaomi and Huawei) actually preloading their phones with malware. Not exactly the most honest strategy for reassuring users that their data is safe, is it?!

Uncovering the Scandal

881665_NpAdvMainFea

Smartphone malware has been a growing concern for some time, so the German security firm G Data decided it was time to asses the landscape.

And their study reported some shocking findings.

Smartphone malware epidemics are now so common that they’re being discovered roughly every 14 seconds. That means by the time you’ve finished reading this article around 15 smartphone malware epidemics will have erupted. This is very troubling news for every smartphone owner who values their security.

Many brands have been implicated in the scandal, but the most prominent and weighty accusations have been leveled at Lenovo, Xiaomi and Huawei.

Who’s to Blame?

Obviously, once a scandal as hot as this lands, the accused are quick to clear their name and the brands affected have claimed that whilst the malware does exist, it has been installed on their phones by third-party middlemen.

Xiaomi has gone on to comment that this will only occur when purchasing their smartphones through unauthorized dealers. Now, whilst this does sound plausible it’s not ringing true with a number of consumers.

Many consumers feel that the brands involved in the scandal are knowingly involved in the scandal and are, in fact, making a quick buck from allowing this malware to be installed on their smartphones. It doesn’t help that Lenovo has recently been implicated in a bloatware scandal with their laptops, so the level of distrust for such large brands is widespread.

However, actually proving that the manufacturers behind the malware install is incredibly difficult. The malware itself actually clings on to other innocent apps, much like a parasite, and even if these apps are installed it then heads straight to the smartphone’s firmware. This makes it very difficult to pinpoint exactly how the malware got on the smartphone.

The Future of Smartphone Malware

android-malware-01

G Data has conceded that they probably haven’t uncovered the full extent of pre-installed smartphone malware, so many other brands and models could be infected before they’re even turned on for the first time.

This is quite concerning for the huge number of smartphone users which seems to be growing larger by the day. Understanding that your smartphone is at risk is therefore essential in this day and age. And avoiding unauthorized dealers should be an absolute given to limit your chances of falling prey to malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More