News  Android
Android malware time bomb

Millions of downloads

The usual advice given to smartphone users who want to avoid smartphone virus infections is to only download from trusted sources. That's been questioned recently following the discovery of an app in the Google Play store which pulls a sneaky new trick - it waits 30 days before plastering your handset with ads.

The app has between 5 and 10 million downloads and is a card game called Durak. It even shows the ads when you unlock your handset, i.e. the app itself isn't running at all.

Ads designed to scare

Even the actual ads shown aren't your regular pet food or soda drink offerings. These scare users with dire warning of their handset being riddled with pornography or viruses, and insist on clicking links to cure this which - you guessed it - just results in further malware being downloaded.

This new trend is a worry because of the time delay. Users often install an app, use it for a day or so then just leave it. So, if 30 days later their phone starts to misbehave there is no immediate connection between that and the app they ran. When you consider the number of apps users churn through in that time, tracking the offender down becomes nearly impossible.

News  Tizen

No Tizen smartphone viruses reported

News this week that Samsung has launched its first two Tizen handsets in India was greeted with mild curiosity by the smartphone industry, and naturally how it tackled the various issues faced by the existing platforms was of interest.

In a not entirely tongue-in-cheek tone, one observer pointed out that at least it doesn't have any smartphone viruses aimed at it - yet. This got us thinking - just what is the security model for Tizen like? Surely it can benefit from the experience of the existing systems and take the best approaches from them, since it is quite literally starting with no legacy baggage.

Apps need two signatures

A very interesting feature is that unlike Android, which requires just one signature (the developer) to sign its Apps, Tizen needs two - the author and the distributor. This in theory can allow multiple authorized App stores, whilst combating malware by forbidding sideloading totally. In practice, this looks to be aimed at the carriers, since each could have an app store serving their customers only.

News  Apple
Masque Attack threat to iPhones, iPads

Hackers can fake legitimate apps

A vulnerability in all Apple devices running iOS7 or later - that's a whopping 95% of them - has surfaced which can trick users into replacing installed Apps which they are familiar with, and therefore trust, with malicious ones.

Termed "Masque Attack" by the internet security company FireEye, the attack worked by replacing the icons on a users home screen with identical ones the user was familiar with. The Apps these launched, however, had been replaced by malware.

Getting these apps onto the devices in the first place was always considered nearly impossible, but with the recent discovery of malware such as "WireLurker" this now becomes a real concern.

News  Apple
Has Apples iCloud been hacked?

Celebrity photo leaks sparks iCloud hack panic

Apple's CEO, Tim Cook, has announced that Apple will add additional security steps to block hackers from the iCloud following the celebrity photo leak scandal. These new measures include alerting users through email and push messages when a password change is attempted, a restore operation performed or when the network first encounters a new device. Cook also announced further enhancements to the two factor authentication system, which he encourages all users to activate in the new version of iOS.

The concerns focus around the backup feature the iCloud supports - in particular the fact that users were not notified when someone accessed a backup on another device. This is because it's thought that these offline backups were used as the attack vector in the celebrity nude photo hack, and not a direct breach of the iCloud itself.