Tag: malware

Germany’s IT Security Agency Warns of “Critical Weaknesses” in Apple’s iOS

Comments

pdf warning in ios

The average consumer simply doesn’t care about security today, but they will in 5 years. You can’t go an entire week without reading a story about the Chinese Government or some hacker group trying to access an individual or corporation’s private data. As smartphones become more ubiquitous, users are going to buy more of the smartphone platform that affords them more protection against malware and potential theft of personal data.

Recently, Germany’s Federal Office for Information Security warned that clicking on an infected PDF file “is sufficient to infect the mobile device with malware without the user’s knowledge” on several versions of Apple’s iOS operating system. A statement filed said that cyber criminals could access confidential information such as passwords, online banking data and emails.

RIM is Also Collecting Location of Its Users’ BlackBerrys But Doing it Right

Comments

location data blackberry

At the Where 2.0 conference it was announced that Apple was secretly collecting the location of every iPhone and weren’t telling users. This led to a Senate hearing of Apple and Google execs who had to explain themselves and answer to why they are collecting the data without the user’s knowledge. Recently, SmrtGuard decided to do some digging around to see if RIM collects this same data for a BlackBerry, and yes they do. The difference is that RIM does it in a very transparent way that users can opt out of, which is exactly how Apple and Google should have done it.

Many of you have noticed this option but in case you haven’t, go to Options > Device > Location Settings and scroll down a little. There, you’ll see the Enable GPS option with a message that says: “Anonymously collects data to improve the speed and accuracy of future location services.” The intent is pretty clear and RIM is building a database of location data in order to be able to improve their software. RIM is explicit that the data is anonymous and give the user the ability to disable. Again, if Apple and Google had been this open about their location data collection, it probably wouldn’t have turned into such a debacle.

Read more over at SmrtGuard’s Resource Center where they’ll have regular content in the mobile security space.

Veracode’s TXSBBspy Spyware Proof-of-Concept for BlackBerry

22 Comments

TXSBBSpy Demo from Veracode on Vimeo.

Tyler Shields, senior researcher at Veracode Research Lab developed a proof-of-concept spyware package that demonstrates how simple it is to retrieve private data from a BlackBerry.

The above video demonstrates the spyware package, which he calls TXSBBspy, and uses it to take some very confidential information. In the demonstration, he uses some basic, publicly available functions to remotely dump all email and SMS messages, send the contents via e-mail, and conduct real-time monitoring of phone messages. He also remotely listens to a room using the BlackBerry’s mic, and follows the a user unknowingly by listening to their GPS updates.

This is a hot topic right now for BlackBerry as more users are downloading applications and accepting permissions without fully understanding what they’re allowing the app access to. Personally, I think RIM needs to give very specific instructions to the user about what they’re allowing an app to access. The permissions screen is far too vague.

Security and Compliance Issues Facing Today’s Corporations

Comments

zenprise_mobile_manager

by Ahmed Datoo, VP of Marketing for Zenprise

The widespread consumerization and general adoption of smartphones in the workplace is adding another layer of IT complexity. It’s important to remember that carrying a smartphone is similar to having a computer in your pocket. Therefore, these devices face the same security threats as a PC. Along with network vulnerabilities that stem from malware embedded Websites and email attachments, applications are also at risk.

The increased popularity and availability of smartphone applications creates security implications for employees who increasingly download these apps onto their corporate phones. Today’s enterprise is ill equipped to handle the expected wave of device issues resulting from rogue applications. A rogue application could cause a security threat by pulling sensitive data from the network.
Continue reading about security and compliance issues facing today’s corporations

SMobile Systems release solution for Etisalat BlackBerry spyware

74 Comments

blackberry security shield

I was recently contacted by the good people at SMobile Systems, the providers of the only Antivirus/AntiSpyware solution for BlackBerry, about my article regarding malicious code found in a recent Etisalat update.

SMobile Systems have released a solution for the recent spyware-laden update sent to BlackBerry users on the Etisalat network in the United Arab Emirates.

The spyware intercepts emails and drains battery life remarkably fast. According to Chris Eng at Veracode, “the server receiving the initial registration packets (i.e. “Here I am, software is installed!”) got overloaded. Devices kept trying to connect every five seconds to empty the outbound message queue, thereby causing a battery drain. Some people were reporting on official BlackBerry forums that their batteries were being depleted from full charge in as little as half an hour.”

If you are in the UAE and on the Etisalat network, I recommend going to the SMobile Systems site and purchasing their SMobile Security Shield or Anti-Theft and Identity Protection software, which will remove the spyware, as well as any other malicious code on your device. If you have already purchased the product, all you need to do is update your software to be protected.

We are living in an age where our smartphones are becoming our personal computers, and therefore the focus of those who want to exploit our personal data in any way they can. Dan Hoffman, CTO of SMobile Systems said it best, “The truth about smartphones is that they are used in the same manner as personal computers and are susceptible to the same threats. It has become clear that smartphone users need to proactively ensure their devices contain the necessary security software to protect not only their e-mail and messaging data, but also to protect their identity and the integrity of their mobile financial transactions.”

Security Shield for BlackBerry is available for $35.41 CAD.

Anti-Theft and Identity Protection is available for $29.99 per year.