Data security Archive

Malicious USB charging stations–how to protect your mobile devices

AC USB charger

It may come to a point where a USB charging device offered by a stranger may be treated with distrust

I have seen some recent press coverage generated especially by the security-software industry about the concept of USB-based charging devices stealing data from smartphones and tablets that normally charge from these devices. This issue was brought to public attention at the start of the World Cup 2014 where the fear that an increased number of travellers pouring in to Brazil for the soccer may be a breeding ground for threats to the safety of personal and business data kept on mobile devices owned by these visitors.

The devices that are being considered of concern are “walk-up” charging facilities installed in commonly-accessible places or made available for everyone to use. The concern was brought about with a laboratory experiment involving a small “homebrew” computer circuit connected to an iPhone running iOS 6 and this computer discovering the data on that device. They said that this device could be concealed in a box the size of a “wall-wart” or built in physically or logically to a “walk-up” charging facility. Here, the device could gain access to your data on an iPhone or iPad running iOS 6 or earlier because those earlier iterations of the iOS operating system don’t indicate in a user-facing manner what kind of host device you are connecting your mobile device to.

USB symbol that indicates that your Android device is connected to a computer device

USB symbol that indicates that your Android device is connected to a computer device

Android user are luckier because all of the iterations of that operating system indicate whether your mobile device is being plugged in to a computer device rather than a power-supply device and tell you how they are presenting themselves to the host device i.e. a “Media Transport Protocol” device, a “Picture Transport Protocol” device or a “Mass Storage” device.  You have the ability to determine how your device presents itself by tapping on the “Connected as” message in the Notification Screen which will show the possible modes. As well, you will see the USB trident symbol in the Notification Bar at all times while the connection is active.

The “Media Transport Protocol” mode primarily exists to allow the host access to the media content on your device and may be exploited by entertainment setups like home AV devices, in-vehicle infotainment setups and airline in-flight entertainment screens for playback via the device’s screen and speakers or headphones. On the other hand, the “Picture Transport Protocol” mode allows access to the pictures and videos in the default folders on your device and is exploited by PictBridge-capable printers and printing kiosks for “walk-up” printing of digital pictures. As well, the “Mass Storage” device mode presents your device to the host as a USB “memory key”.

USB device type notification on Android

USB device type notification on Android

iOS users can protect themselves by bringing their iPhones, iPads and iPod Touches up to date with the latest version of that operating system. Here, iOS 7 and newer versions will pop up a dialog box asking whether the user trusts the computer device that they are plugging in to and if they don’t assent, the Apple connection port just becomes a power-and-audio port rather than a power-audio-data port.

Device types supported on your Android device

Device types supported on your Android device

Other suggestions to deal with this issue include properly shutting down your mobile device when letting it charge up at a public charging facility or someone else’s computer, or charging it from an AC charger or external battery pack that you own and bring with you. Even ideas like being frugal with the way you use your mobile gadgets in order to “spin out” their battery runtime like cutting back on multimedia or gaming, or turning off functions like Wi-Fi and Bluetooth unless you actually are using them have been put forward.

New iOS 7 dialog box that identifies if the other device is a computing device

New iOS 7 dialog box that identifies if the other device is a computing device

The main issue here is keeping your mobile devices on the latest version of their operating system and paying attention to situations where your mobile device identifies that what is ostensibly a charging device is infact a computer device and the host device doesn’t come clear on its functionality.

Personally, it could become the time for the USB specification and other host-peripheral connection specifications to be revised to factor in “privilege levels” and trust ecosystems when it comes to device connectivity. This could mean that a connection may only be a “battery charging / power delivery” connection unless a level of trust is established between both devices as regards their functionality and it could even just lead to a removal of the “plug-and-play” features of these systems.

Send to Kindle

You can get Kaspersky desktop security for free if you bank with Barclays

Article – From the horse’s mouth

Barclays Bank

Special offer for Barclays Bank online customers

My Comments

Kaspersky Internet Security 2014 - press image courtesy Kaspersky LabsIn 2009, I had reviewed a copy of Kaspersky Internet security and had found that it was the start of things to come for a capable desktop-security program. Then I had read some comparisons of various desktop security programs and found that this same program was doing its job without trading off performance unlike the Norton software where I have heard complaints about sluggish performance. Lately, I have even recommended this program as a desktop-security solution for people who have asked me about their home-computer security needs.

Barclays, a well-known UK bank who had been the victim of a “distraction-burglary” hacking scam, has now offered a partnership deal with their online-banking customers by offering free copies of this software. This also applies to those of us who have continued a subscription with Kaspersky for the software and the subscription is up for renewal.

What I like of this is that Barclays have led the field by a partnership with a desktop security software vendor to protect their customers from the varying forms of malware that can compromise the sanctity of their customer’s banking and personal data.

Send to Kindle

AVM Fritzbox 7490 to be the first router to offer automatic firmware updating

Article (German language / Deutsch Sprache)

Automatische Updates für Fritzbox-Router | PC Welt

From the horse’s mouth

AVM

Software update page

My Comments

AVM FRITZ!Box 3490 - Press photo courtesy AVM

AVM Fritzbox 3490 to be able to update itself like your Windows or Mac computer

One of the big holes in data security that has been recently identified is the typical Internet gateway device sold to most households and small businesses as the “edge” between their home network and Internet connection.

This hole has been identified because most of the devices, especially those sold through most retail, value-added reseller and most service-provider channels, work simply on the firmware installed in them when they left the factory. As we all know, a lot of this firmware can be full of bugs and software exploits that place the home network and the computer equipment on it at risk of security breaches.

Most regular and mobile computer equipment and some set-top boxes benefit from a continual update process with the ability to have the critical updates delivered by the software vendor automatically without any user intervention. But this doesn’t hold true for the typical consumer router, which requires the customer to install updated firmware manually. In a lot of cases, the user may either have to run a firmware-installation tool on their regular computer or download a special firmware-package file from the manufacturer’s Website and subsequently upload the firmware to the device via its Web-based management interface.

A few devices may allow you to deploy updated firmware by causing the device to download and install the latest firmware from the manufacturer’s Web site by clicking on an “Update” button. These devices make the job easier but you have to regularly visit that user interface to check for new updates and start the update process.

These tasks can be considered very difficult for anyone to do unless they have had a lot of computer experience and expertise and is something commonly performed by the computer expert in the family or community.

AVM, a German company who makes premium-grade routers and networking gear for consumers and small business, have answered this need with the latest firmware for the Fritzbox 7490 Internet gateway device. This firmware offers automatic updating for firmware patches to enhance the device’s security.and reliability.

You would have to visit the AVM site to download and install the latest firmware in to the Fritzbox 7490 but this would be the last time you would need to do this because the Fritzbox could simply “look after itself” when it comes to the updates. There is a question remaining about whether AVM will roll this feature out to other Fritzbox routers and network devices so as to keep them secure.

At least AVM are setting a good example for all Internet-gateway-device manufacturers and resellers to follow by putting up the idea of self-updating equipment in to the consciousness. This could even extend to other devices like smart TV and devices that constitute the “Internet Of Everything” as we think of the smart home.

Send to Kindle

The French have fielded another alternative to TrueCrypt

Article (French language / Langue Française)

VeraCrypt, une alternative française à TrueCrypt | Le Monde Informatique

From the horse’s mouth

Idrix

VeraCrypt product page

My Comments

TrueCrypt is a source-available encryption engine used primarily in Windows 7 and 8 as part of the BitLocker volume encryption function that the operating systems offer. Lately, further maintenance of this encryption engine had ceased with accusations of the likes of NSA putting pressure on the developers to cease maintaining it.

A few other third-party encryption engines have surfaced from Europe such as the VeraCrypt engine from France and a fork of this engine constructed in Switzerland. This is in response to Europeans having a distrust for “big government” having access to personal data due to being burnt by the Hitler, Mussolini and Franco regimes in the West and the Communist governments in Russia and the East.

Idrix has worked on the French VeraCrypt project which is pitched as being easy to use for small business, non-profit organisations and individual users. Like all encryption software, it doesn’t support the ability to “trans-crypt” i.e. convert an encrypted volume over to another encryption mechanism.

It will be initially issued for the Windows regular-computer platform but a port is being expected soon for the MacOS X (Apple Macintosh) and Linux platforms. As well, it is being made available for free and as open-source software.

But what I see of this is an attempt for European companies to “break through” the US stranglehold that can accompany the computer software scene and for European culture and norms to be respected in this field.

Send to Kindle

Chinese spies now charged with cyber espionage

Articles

IT-focused News

FBI Issues Wanted Posters For Five Chinese Army Officers | Gizmodo

DOJ’s charges against China reframe security, surveillance debate | PC World

US authorities name five Chinese military hackers wanted for espionage | The Register (UK)

General News

US Charges China With Cyber-Spying On American Firms | NBC News

Previous coverage on this topic

Symantec Symposium 2012 – My Observations From This Event

The issue of cybercrime now reaches the national level

My Comments

I have heard and will cite previous coverage about the issue of nation states engaging in cyber espionage against other nation states and businesses within these other nation states. For example, I attended the Symantec Symposium in 2012 and listened to the keynote speech by a guest speaker from the Australian Federal Police and he mentioned about organised crime and nation states engaging in the cyber-espionage or sabotage. He even said that it isn’t just servers or regular computers that were at risk but mobile devices like smartphones, point-of-sale / point-of-payment equipment and other dedicated-purpose computing devices being also at risk.

Subsequently, I watched the ABC Four Corners “Hacked” broadcast which covered the issue of cybercrime reaching a national level. This telecast covered key points including a small business who manufactured electronic equipment for defence purposes that fell victim to a Chinese cyber attack along with the theft of blueprints for ASIO’s new offices,

The recent indictment of Chinese military officers by the US government, along with FBI serving “wanted notices” on these officers has underscored the issue of nation states being involved in cyber espionage. It highlights the theft of intellectual property that private companies or government departments hold close to their heart for economic or strategic advantage.

It was even looked at in the context of the National Security Authority debate regarding cyber surveillance by that government department of Uncle Sam’s especially when there was the leaks that were put out by Edward Snowden, The US President Barack Obama even wanted to establish a global discussion regarding the cyber hacking and surveillance.

It got to the point where Mark Zwillinger, the Department Of Justice lawyer ran this line:The only computers these days that are safe from Chinese government hackers are computers that are turned off, unplugged, and thrown in the back seat of your car. Personally I would take this further by saying that the only computers these days safe from the Chinese government hackers are those that are turned off fully, unplugged and securely locked in the boot (trunk) of a sedan (saloon) or similar car.

As well, it would have us “wake up and smell the bacon” when it comes to nation states, especially those that don’t respect human rights, engaging in cyber warfare.

Send to Kindle

Desktop security moves from virus-hunting to more tasks according to Symantec

Article

“Antivirus is dead” says maker of Norton AntiVirus | PC World

Antivirus Is Dead — Long Live Antivirus | Krebs On Security

My Comments

What did anti-virus software do?

McAfee LiveSafe desktop security program

A typical desktop-security program in action

Previously, an anti-virus program was regularly vetting software against a known signature-based list of virus software or, in some cases, Trojan-Horse software. Better programs of this class also implemented “heuristics-based” detection that observed software behaviour for known virus-like characteristics.

The software authors beihind the anti-virus programs were playing cat-and-mouse with the malware authors who are trying to get their rotten software on to our computers. For example, malware authors use “crypting” services to hide their software from the gateway software, typically through the use of obfuscation.

What have the anti-virus software programs evolved to?

These have evolved to robust “desktop security” software suites that perform many different security functions for the computers they are protecting.

Firstly they work with your email client software to vet your incoming email for spam and phishing emails. This will typically work with client-based email setups like Outlook, Apple Mail, Windows Live Mail and others rather than Webmail setups like GMail or Hotmail.

As well, they implement a desktop firewall that  verifies traffic coming to and from the Internet and home network so that malware can’t easily “report to sender” to fulfill its task.

They also implement a wider malware-checking mandate such as catching out rootkits, adware and spyware. Sometimes this is done on a “software reputation” mechanism or observing for particular behaviour traits.

Another function is to implement a “reputation check” for the websites that you visit. This checks whether a Website is a host for questionable software or implementing other questionable practices. This may also be included with a desktop content-filtering function which filters against pornography, hatred and other undesireable content.

They also work as a privacy watchdog by monitoring Websites or social-media services for improper activity that threatens your privacy or that of your child or other vulnerable person.

But, wait, there’s more!

Some of these programs offer extra functionality in the form of a password vault which looks after the passwords for the Websites and other resources you visit.

They may offer a client-server VPN so you can use the Web from other networks like your friends’ and relatives homes or public networks in a secure manner. Similarly, they offer a secure file-storage option, whether on the cloud or on your local machine.

Different levels of functionality available

Most desktop security suites pitched at the home or small-business user tend to be sold with client-focused manageability where you set their parameters to manage that particular client computer. If you have multiple computers, you have to manually replicate that same setup across those computers. As well, they are priced either “per machine” or in a licence-pack that covers up to five or, in some cases, ten machines. You may be lucky to have the software provided as a site-licence that covers equipment owned by a particular household.

Conversely, desktop-security software that is targeted at the big business or at some small businesses is set up for management of multiple machines from one logical point. This includes the ability to deploy the same software across multiple machines yet have the same standards preserved across the multiple machines. They are typically priced in licence-packs that encompass many machines or may also offer a site-licence deal which covers all equipment kept at a particular location or by a particular organisation.

Send to Kindle

Macintosh users–keeping your computer secure

Article

Apple users: Try these five tips for better Mac security | Naked Security

My Comments

Just lately, I have heard over the dinner table that a few Apple Macintosh computer users have been facing issues with malware and other software with questionable behaviour. Some of these attacks were mainly “overlay attacks” that worked with the user’s Web experience.

What previously used to happen was that Windows computers were the target for viruses, worms, Trojans and similar malware due to them having a stronger installed base compared to the Apple Macintosh platform. This caused some people to switch to the Apple Macintosh platform because of less malware threats occurring on that platform.

But even in 1989 when I was made aware of the virus issue, the awareness about viruses and similar malware was targeted across all personal-computing platforms that were in operation through that year i.e. the MS-DOS-based IBM PC, the Macintosh, the Commodore Amiga and the Apple II amongst others. At that time, there was awareness about keeping a “clean” system and keeping control over how you shared your files.

Similarly, we started to see the arrival of signature-driven anti-virus programs that could scan hard disks or removable “floppy disks” for viruses. Some of these initially scanned the boot sector but moved towards checking files for these viruses. They became a very important part of every computer user’s software toolkit as the virus activity increased. But through the 1990s as the Internet came on the scene, the malware activity was more focused on the MS-DOS / Windows platform with Apple Macintosh users not having as much of that activity. At that time, the MS-DOS / Windows platform was effectively the computing platform for most personal and business computing applications including gaming with the Macintosh being used by creative types due to its inherent prowess with multimedia.

This lead to a sense of complacency concerning secure computing for the Macintosh platform on both Apple’s and their users’ part. Microsoft took proper steps in updating and patching the Windows computing platform since 2001 with the arrival of Windows XP and hardening that platform with the arrival of Windows Vista and 7. Similarly, Windows users jumped over to the Macintosh platform for their home computing because they saw Windows as being slow and virus-ridden; and also due to the arrival of Apple’s iPod and iPhone products.

Lately, the Apple Macintosh has become the target for various malware campaigns including “write-once run-anyone” attacks based on Adobe Flash and Java software platforms. This is due to the increased new-found popularity that the Macintosh has acquired and, in another context, activities involving the Internet, networks or removeable media are still being seen as vectors where the Mac can share Windows-targeted malware.

Upgrade to Mavericks if you can

To stay secure, Apple Macintosh users need to upgrade to the 10.9.2 Mavericks version of MacOS X, with this version being equipped with various security improvements in a similar way to what Microsoft did with Windows 7. This can be done with newer Macintosh computers and for free with Macs running Lion or Mountain Lion versions.

Keep the operating system and software up-to-date

As well, as part of proper computer housekeeping, it is important to keep the Mac “lock-step” with the latest operating-system updates. Here, you can use the Apple-Menu / System Preferences / App Store option to have the Mac check for and download the updates from Apple by itself; or go to the Apple-Menu / Software Update menu to cause it to check for updates. The latter option can be of use with a MacBook that is used “on-the-road” and you are able to check in at a Wi-Fi hotspot or other Wi-Fi network.

Similarly, keep Adobe Flash and Oracle Java up-to-date by using options in the Apple-Menu / System Preferences menu to check for automatic or manual updating for these programs. If any other “write-once run-anywhere” software-development platforms show up on the Macintosh platform, treat these like you would with Adobe Flash – they can become a path for distributing malware that “hits across all platforms”.

This also applies to the application software and utilities you also run on your Mac and, here, you go to whatever software-option menu there is to check for software updates or cause automatic software updating to occur.

Don’t enable Java if you don’t need it.

As for Java which appeals as a “write once run anywhere” coding system, don’t enable it unless you are intending to run a known trusted program that uses this language or are developing Java software. OS X Mavericks comes with this deactivated by default but you can deactivate this in your Web-browser option menus.

Take advantage of full-disk encryption if you have confidential data

Another practice you could use for all computer platforms is to take advantage of full-disk encryption. Most operating systems provide this as a function that you can use with MacOS X providing it “across the board” for recent iterations in the form of FileVault. Similarly, a commercial or open-source third-party full-disk-encryption tool can do the job better than what the operating system provides.

These tools encrypt and decrypt on an “on-the-fly” basis and mainly protect the local volumes on the computer with some business-tier USB memory keys providing a similar full-disk encryption for their own volumes.

Use a good anti-malware or desktop security program for the Macintosh

Check for and use a good anti-malware program for the Mac platform like Kaspersky, Sophos, AVG or ClamXav . As well, keep the anti-malware program that you run on automatic update in order to keep them ahead of the malware game.

It is also worth noting that the good programs in this field can also keep the Macintosh from being a conduit for spreading Windows-based malware around the Windows platform. This is whether the files are passed through email, message-based file transfers, network-hosted / Internet-hosted file sharing points or removeable media.

Another sign of a good anti-malware program is the ability for it to scan your computer’s primary storage (RAM and paging files) to protect against malware that works on data being held in this space. This is because most data normially encrypted on a secondary storage or in transit is kept “in the clear” in the RAM and is vulnerable to RAM-scraping malware.

Keep stock of what is installed on your Mac

Another way malware gets on to computers is when you load software “in a hurry”. Typically what can happen with some freeware tools is that they can “push” browser extensions and toolbars or utilities of doubtful provenance on to a computer. This can lead to it underperforming or malware creeping in and taking over the system.

If you download from the Mac App Store or similar download locations, check for the app’s reputation by looking at comments, star-ratings and the like. This is something I have raised previously in relation to app stores for mobile-computing platforms along with the newer App stores that are opening up for regular computers and dedicated-purpose devices.

With your browsers and other applications, keep tabs on what plugins, extensions, toolbars and other add-on modules are running and if you notice something being awry about the module since you installed, don’t hesitate to remove it. A good article on this topic concerning uninstalling applications on the Mac is this one on MacRumors.com which highlights that dragging an application bundle to the Trash may not be the only method available.

Conclusion

The main issue here is that the Apple Macintosh is a computing platform vulnerable to malware and will become more so as it be becomes more popular as a mainstream computing platform. So you would need to continue with proper computer-housekeeping practices to keep your Mac from these threats.

Send to Kindle

Malaysia Airlines air disaster–another event bringing out the online scams

Article

Fake Malaysia Airlines links spread malware | CNET News

My Comments

Every time there is a major event that affects many people or brings out mass intrigue, a computer-security situation climbs on to that event’s tail.

What happens is that Websites with a questionable motive pop up like nobody’s business and links to these sites appear in spam emails or on the Social Web. The “link-bait” text draws people to these sites are laden with malware or set up to harvest Web-surfers’ personal or financial information for questionable purposes. The Malaysian Airlines air disaster drew out its own link-bait in the form of fake news links that purport to lead to video footage of the plane being discovered or survivors being found.

A proper practice is to keep the software on personal and other computer equipment “lock-step” with the latest software updates and patches and simply to “think before you click”. This is more so with anything that appears “too good to be true” or “out of the norm” for that situation.

Facebook users also have to be careful about the “fake events” which are being used as a spam-distribution vector. Here, as I previously covered, this causes notifications to appear in the user’s Facebook Notification list with your computer or mobile device popping up messages and sounding an audible alert to these notifications if a Facebook client is running. As well, if a user accepts these events, information appears on their Timeline about that event.

Send to Kindle

Vodafone Germany to provide SIM-based end-to-end encryption for smartphones

Article

Vodafone Germany looks to provide end-to-end encryption with SIM signatures • The Register

My Comments

The SIM card could be the heart of corporate-grade end-to-end mobile data security

The SIM card could be the heart of corporate-grade end-to-end mobile data security

If a company or person wanted to have highly-secure data or voice communications on their smartphone or tablet, they had to install an “over-the-top” software package and establish a separate password or key for the secure path..

Now Vodafone Germany, who is part of the Vodafone mobile-telephony conglomerate, have worked on a SIM-based setup that they can easily provide as part of a value-added service. This is based around all the passwords and keys being part of the SIM card and software held on the handset making use of these keys along with native apps to provide the secure tunnel.At the moment, this is offered to larger corporate and government customers but could be offered to small business accounts especially as some of these businesses also provide goods and services to the large corporate and government user base

One reason I would suspect that Vodafone have worked on this concept is to provide an easy-to-deploy end-to-end encryption service for consumers and small business in the wake of the Snowden affair. At the moment, the setups would be designed to work with Android devices but with Blackberry and Windows Phone ports being considered. In the case of Windows Phone, this could allow for the concept to be taken further to Windows-based tablets, laptops and desktops which are used for a lot of business computing.

A limitation that I see with the SIM-based solution is that it is dependent on a device having an integrated 3G or 4G modem thus wouldn’t be considered truly “transport independent”. I see this as being of importance as people use Wi-Fi hotspots provided by many different venue hosts and not many of these are kept secure by the venue owners thus making the customers’ data vulnerable. Similarly, this will also be of concern for client-to-box VPN setups where the “other end” of the VPN tunnel connects to the Internet via a fixed WAN connection like cable, DSL or fibre-optic.

This could be a step for mobile carriers and telcos to provide the encryption needed for secure communications especially in the wake of some serious spying scandals.

Send to Kindle

A refresher article about those “fake malware” phone calls

Article

Just Recorded A Scam Hoax Virus Call | Barb’s Connected World

Previous Coverage

Fake “Virus Infection” Phone Calls – Be Aware Of Them

My Comments

I have previously covered the issue of home and small-business computer users receiving “virus-alert” phone calls and am refreshing this topic with a reference to a recording of one of these calls that a tech blogger had done and published to keep it alive in your memories. These purport to be from Microsoft, a desktop-security software firm or similar entity stating that your computer is infected with a virus.

Typically they require the user to head to a particular Website and either supply email-address or personal banking details or download software of questionable provenance. This leads to the user being at risk of a spam attack, wire-fraud incident or malware / spyware infection.

When you receive these calls, immediately hang up on these callers. You also have to remember that the typical situation with handling computer troubles is that you take the effort to seek help. This help would be provided by a computer-expert neighbour, friend, relative or acquaintance, your business’s IT department (if it has one) or an IT contractor whom you are dealing with.

Sometimes demanding their business-registration or tax-registration details to prove they can legitimatiely do business in your jurisdiction can effectively put them on notice as one friend has done when he received one of these calls.

As well, keeping your computer’s operating system, application software and desktop-security software up-to-date is a wise data-housekeeping practice so you are protected against the malware. I would even extend this to keeping the firmware on your home-network devices up-to-date so as to protect against software exploits that take advantage of bugs in older firmware.

Send to Kindle