study-reveals-xiaomi-huawei-lenovo-phones-contain-malware-by-default

It’s not just PCs that are at threat of malicious software (malware), smartphones are fast becoming the prime target for malware, but how has this happened?

First of all, what exactly is malware? Essentially, it’s a nasty string of code or a program which enters software with the main aim of stealing data, taking control of your system or flooding your device with irritating ads.

And you only have to look at the rise of the smartphone to understand exactly why it’s such an attractive prospect for installing software. More people now use their smartphone to access the internet than they do their laptop and this has led to the following issues:

  • Even the most advanced PC user does not fully understand smartphone security as it involves different software and operating systems
  • The average smartphone user is not even aware that their phones can be hacked or monitored

However, the latest malware scandal to hit the smartphone world involves three Chinese smartphone manufacturers (Lenovo, Xiaomi and Huawei) actually preloading their phones with malware. Not exactly the most honest strategy for reassuring users that their data is safe, is it?!

Uncovering the Scandal

881665_NpAdvMainFea

Smartphone malware has been a growing concern for some time, so the German security firm G Data decided it was time to asses the landscape.

And their study reported some shocking findings.

Smartphone malware epidemics are now so common that they’re being discovered roughly every 14 seconds. That means by the time you’ve finished reading this article around 15 smartphone malware epidemics will have erupted. This is very troubling news for every smartphone owner who values their security.

Many brands have been implicated in the scandal, but the most prominent and weighty accusations have been leveled at Lenovo, Xiaomi and Huawei.

Who’s to Blame?

Obviously, once a scandal as hot as this lands, the accused are quick to clear their name and the brands affected have claimed that whilst the malware does exist, it has been installed on their phones by third-party middlemen.

Xiaomi has gone on to comment that this will only occur when purchasing their smartphones through unauthorized dealers. Now, whilst this does sound plausible it’s not ringing true with a number of consumers.

Many consumers feel that the brands involved in the scandal are knowingly involved in the scandal and are, in fact, making a quick buck from allowing this malware to be installed on their smartphones. It doesn’t help that Lenovo has recently been implicated in a bloatware scandal with their laptops, so the level of distrust for such large brands is widespread.

However, actually proving that the manufacturers behind the malware install is incredibly difficult. The malware itself actually clings on to other innocent apps, much like a parasite, and even if these apps are installed it then heads straight to the smartphone’s firmware. This makes it very difficult to pinpoint exactly how the malware got on the smartphone.

The Future of Smartphone Malware

android-malware-01

G Data has conceded that they probably haven’t uncovered the full extent of pre-installed smartphone malware, so many other brands and models could be infected before they’re even turned on for the first time.

This is quite concerning for the huge number of smartphone users which seems to be growing larger by the day. Understanding that your smartphone is at risk is therefore essential in this day and age. And avoiding unauthorized dealers should be an absolute given to limit your chances of falling prey to malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Lenovo-Yoga-658x370-2212b47ff38e685e

It’s irritating to find a fresh PC full of unnecessary preloaded software, but a Lenovo rootkit has been found sneaking software onto PCs after installation.

Preloaded software such as this is called ‘bloatware’ as it uses up vital system resources, but provides virtually no benefit to the user. Many users, therefore, like to perform a fresh Windows install after unpacking their system to eradicate this pesky bloatware.

However, Lenovo have decided to work around this procedure and are still managing to force their software onto Lenovo systems!

Let’s take a look at how they’re achieving this and what it means for you.

Access via Rootkit?

Many people are accusing Lenovo of resorting to rootkit tactics to make sure their software remains on your system.  A rootkit is a malicious piece of software which grants access to your system to remote users. This is commonly used by criminals to steal passwords or credit card details.

However, in this instance Lenovo isn’t actually using a rootkit and they’re not trying to steal your personal details.

How is Lenovo Gaining Access?

20150814192021

Lenovo is actually loading bloatware on to systems by taking advantage of an official piece of Windows software known as the Platform Binary Table (WPBT). The WPBT allows manufacturers to install trusted software to systems in order for them to run properly.

This software needs to be stored within the machine on a physical medium e.g. a hard drive. Now, the most obvious thing to do would be to uninstall this unwanted software, but this is where Lenovo starts to play nasty.

Built into the Lenovo system’s firmware is a piece of software known as the Lenovo Service Engine (LSE). And the LSE runs before Windows boots up and replaces Microsoft’s version of ‘autochk.exe’ with its own.

Normally, autochk.exe is used to verify the integrity of your file system, but Lenovo’s variant installs software which connects to the internet and downloads the bloatware via the WPBT.

The problem is that because the LSE runs before Windows boots up it’s almost impossible to stop this happening even when you’ve deleted the bloatware. It will simply download again thanks to the LSE!

Cleaning up Lenovo’s Bloatware

115717-104371-i_rc

Once news of Lenovo’s shady activities came to light they were confronted with a lot of bad press.

Not surprisingly they soon released a tool to help remove this rogue software from their systems. There are also numerous guides online advising how to remove the threat manually, but this involves burrowing deep into your system’s code and is best left to an expert.

It was also revealed that all desktop machines which were built between 10/23/2014 – 04/10/2015 contained the LSE, so this is a huge number of systems which have been, to all intents and purposes, infected.

Final Thoughts

The LSE debacle has caused a lot of harm not only to Lenovo customers, but also to Lenovo’s brand values. And the ease with which the WPBT was exploited will also raise many questions about just how secure Windows is.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Firefox blocks Flash

Many people thought Adobe’s Flash would be playing online videos forever. However, it’s now been blocked in the Firefox browser, so is it coming to an end?

Yes, Mozilla – the makers of the popular internet browser Firefox – have announced that as of the latest update (V. 18.0.0.203) they will be automatically blocking Flash from running in their browser. This comes shortly after Google announced that their Chrome browser would automatically be pausing irritating Flash videos.

Things aren’t looking good for Flash, but what are the basics behind this seemingly enforced retirement of a perennial piece of web software?

What is Flash?

browser-preview-01

Adobe Flash is a design program specially created to design online graphics, create apps and, perhaps most famously, power online videos.

The birth of Flash actually took place during the mid-1990s, but it wasn’t until 2005 that Adobe took control of the software.

And it was around this time that a new generation of exciting web sites hit the internet and ushered in an era known as Web 2.0.

The emerging websites of Web 2.0 were highly innovative and prized usability and user generated content above anything else. And what was powering these amazing websites? It was, of course, Flash.

Problems with Flash

adobe flash player hacked

Flash, however, now finds itself in a precarious position where big players in the online arena appear to be trying to force it out of existence.

But why is this? What exactly is Flash struggling to cope with in the modern age?

.

  • Security Issues – Perhaps the biggest nail in Flash’s coffin has been Adobe’s inability to create a safe piece of software. Riddled with security flaws, Adobe has been accused of failing to protect its users from security attacks. Only recently, the Hacking Team spyware company lost a huge 400gb worth of files thanks to a Flash vulnerability.
  • The Rise of Mobile Devices – Mobile device internet usage is now outstripping desktop internet usage, but Adobe has failed to adapt to this new digital landscape. Steve Jobs – the godfather of mobile devices – famously refused to accept Flash as part of Apple’s iOS as it was too power hungry, unreliable and constantly crashing.
  • HTML5 – What Steve Jobs was backing was a new update of the HTML web programming language called HTML5. And this language was especially designed with mobile devices in mind, so programmers rapidly shifted from the headaches of coding in Flash to HTML5. This is why YouTube, for so long the great backers of Flash, have shifted to HTML5 as their preferred video delivery system.

Is It Game over for Flash?

Mozilla’s dramatic move isn’t actually an outright blocking of Flash. Mark Schmidt of Mozilla has confirmed that this is only a temporary blocking until Adobe can prove that Flash isn’t infested with security bugs.

However, it certainly feels as though Flash is on the ropes with the increasingly powerful HTML5 language outperforming it in almost every area. Maybe it’s time for Adobe to accept that technology has moved on and Flash should be discarded as a relic of times gone by.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Win10-security

With the release of Windows 10 just around the corner, learn about three new security features in Windows 10 being introduced in the operating system.

Microsoft has been branding Windows 10 as a system that will include security upgrades like biometric authentication and app-vetting.

Learning from past mistakes, Microsoft took note from the after the disappearance of the start menu in Windows 8. In fact, many users found it a challenge to navigate through Windows 8 because of the heavy tile-like set up. Windows 10 will bring the start menu back along with Cortana – a personal assistant and new browser called Edge. It is said that Microsoft is trying to emulate the Smartphone experience for a PC or a laptop with Windows 10.

Here are three interesting security features coming to Windows 10:

Device Guard

Device guard is a feature that will automatically block applications that lack an authentic vendor signature. Lenovo, Acer, HP are teaming up with Microsoft to utilize device guard on all their devices using Windows based services.

This feature will protect users from malware. When a user executes an app, Windows will run a credential check and notify the user about whether or not to trust the app. Device guard is unique because it can make these analytical decisions outside of window’s OS – which is known to be susceptible to hackers and malware.

Device guard is different from antivirus software as it is immune (for now) to stealth attacks and tampering. However it will guide your antivirus by flagging questionable apps. It will be functional even if Windows Kernel is not.

Windows Hello

windows-hello

Imagine your fingerprints, iris or your face being the key to access to your computer. Biometrics makes it all possible without the need to worry about passwords. Windows Hello attempts to make users immune to password hacking attacks as it lets them carry out their every-day online activities without having to key in a password or store one on your device or a network server. Your device will need a sensor to register such biometric information. So unless you are planning to buy a new device capable of Windows Hello, you won’t be able to experience it.

Passport

Windows-Passport

Microsoft is streamlining passwords by introducing Passport. Passport will allow you to access apps and services online without entering a password. This will be done by using a ‘pin’ or Microsoft hello. Before authenticating, Microsoft will be able to verify if you are in possession of your device. Passport will use Microsoft’s Azure Active Directory Services to accomplish this task.

For more ways to stay informed with new technologies, contact your local IT professionals.

Read More


coffee_on_computer_key

A recent security loophole has affected Starbuck’s customers thanks their mobile app. Read more on this story to learn how it happened and how to avoid it.

For some unlucky coffee lovers, it was not a great morning when they found that hackers were draining their bank accounts through Starbucks mobile app. Starbucks were not the prime target as many would think. The sneaky attack was aimed at users who were directly impacted by the latest Starbucks hacking incident.

Point of entry

It seems that the attacker had spotted vulnerability in Starbucks’ app that permits multiple attempts to guess the correct password.starbucks-tb

Not only did user’s passwords become compromised, the attack exposed some users with the same ID and password for logging into other existing accounts. In theory, this could give an attacker the keys to access and “drain” your online banking accounts and other significant accounts where shopping transactions are permitted.

Considering that 18% of Starbucks’ total transactions are made via their app, its imperative for Starbucks to take corrective measures to handle this issue.

The dirty deed

It’s estimated that $2 billion dollars were made in transactions via mobile payments alone in 2014. Yet, it was incredibly easy for the hackers to carry out this hacking attack.

  • The attackers managed to acquire stolen passwords and ID’s from “black-hat” sources.
  • The attackers used a program to test out combinations of stolen ID and password on the Starbucks app until they successfully gain access into an account.
  • These programs are believed to be sophisticated and efficient enough to process thousands of ID and password combinations every second.
  • Once the attackers were able to access an account, they’d add a gift card to it.
  • After adding the gift card, hackers would then typically transfer all the money from the user’s main account on the app to the gift card itself.
  • The gift card is then managed entirely by the hackers who pocket all the funds.

The real danger lies on what other accounts the hacker may have access to once they’ve compromised an account through the Starbucks App. PayPal account or Credit Card details are also at risk as these can be linked to Starbucks accounts. All this can lead to unimaginable financial damage in both the short and long run.

The “Gift” card

Ever wondered what happens to the money transferred to the gift cards?

Hackers or thieves, whichever way you look at it, will sell or resell these gift cards for their face value. They sometimes fetch less on the internet, churning real dollars out of Starbucks dollars. It may be worth holding on to your real wallet for a little longer!

635671531553796731-star

The whole Starbucks hacking ordeal was first reported by consumer journalist, Bob Sullivan. In fact CNN-Money was able to interview many who had experienced same scandals in the past. The interviews reveal Starbucks slacking on security procedures by not having enough secure authentication processes in place for transactions. For instance, transactions involving those who deposit money onto gift cards or initiate money transfers from bank accounts.

How to stay protected

If ever you’ve been a victim of such a scam, then we suggest you put in a complaint about it to Starbucks ASAP. They will most likely investigate the matter; however you may be prompted to take it up with you bank or PayPal.

Also be sure to update, cycle and change your passwords at your earliest convenience. If you suspect your account details were stolen, your old account credentials may have been sold under scheming “underground” trade sites that buy lists of user credentials.

Many customers have uninstalled the Starbuck’s app and have started to pay with cash or with credit/debit cards. We suggest you follow this advice too until tighter security measures are put in place.

For more ways to safeguard your personal data, contact your local IT professionals.

Read More