Τετάρτη 29 Ιουλίου 2015

0 comments
Theodore,

Stagefright: The Latest Android Phobia


Zimperium zLabs, discovered what they believe to be the worst Android vulnerabilities discovered to date. The vulnerability, nicknamed 'Stagefright', it is a media library that processes several popular media formats. Since media processing is often time-sensitive, the library is implemented in native code (C++) that is more prone to memory corruption than memory-safe languages like Java.

These issues in Stagefright code critically expose 95% of Android devices, an estimated 950 million devices. Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS.

Android devices since version 2.2 are vulnerable. Devices running Android versions prior to Jelly Bean (roughly 11% of devices) are at the worst risk due to inadequate exploit mitigations.

The Stagefright vulnerability was assigned with the following CVEs:
  • CVE-2015-1538 
  • CVE-2015-1539 
  • CVE-2015-3824 
  • CVE-2015-3826 
  • CVE-2015-3827 
  • CVE-2015-3828 
  • CVE-2015-3829 
Fixes for these issues require an OTA firmware update for all affected devices. The bug was reported by Zimperium zLabs, in April in order to give Google enough time to fix the problem and send patches out to its partners. The security company says that Google has done so -- but that most manufacturers have not reissued them to users, working to the traditionally slow pace of Android phone partners. Devices older than 18 months are unlikely to receive an update at all.

Risk mitigation

Consider changing the settings on your Android apps that use MMS, like Messaging and Hangouts. Deselect “automatically retrieve MMS messages.” In the meantime, consider using alternate messaging services.

Other than that, keep your phone number private. Researchers plan to present more details at the Black Hat conference next month.

Image credit: Stagefright, Zimperium blog

Τετάρτη 1 Ιουλίου 2015

0 comments
ISL Admin,

Cyber Safety Tips for Summer Vacation


Haven't taken your summer vacation yet? You should make sure that you enjoy your vacation to the fullest by avoiding the stress of dealing with identity theft.

Last Day in the Office
When you will be away from work for an extended period, make sure your computer, external drives and other copies of sensitive information are behind a locked door, in a locked cabinet, or under close supervision from others. Before traveling with your computer, make sure you have a current backup of your files.

Be Cautious of Public WiFi Networks
When you connect to email, social networking sites or online stores via public WiFi, make sure you are using a secure connection (https://), so that traffic is encrypted and no one else can access the information. Always check with the hotel first to properly connect to their network and correct SSiD (bad guys might try to setup sneaky networks like “Hotel_Free_Wireless”). Perhaps you should consider turning off features on your computer or mobile devices that allow you to automatically connect to WiFi.

Save the (Public) Social Media Vacation Posts Until You Get Back Home
It may be tempting to post details of where and when you'll be traveling, but don't. By revealing such specifics, you are providing information that could be used by criminals to target your home while you're gone. Before you post your travel plans or vacation photos on Facebook or Twitter, stop and think: ‘who will be able to see this?’. Another common scam involves compromising email accounts to contact your friends or family with requests for help, claiming that you were robbed while on vacation and need money. Sending private posts and photos during your vacation to family and friends is ok, but if you post them publicly, you increase the risk of someone using that information for malicious activities. Also, make sure your children understand what, and when, they should post regarding your vacation plans.

Mobile Devices
If you are traveling with a laptop computer or USB drives, don't get separated from your computer bag. When getting out of a taxi, bus or train; be sure you have all of your items with you. Back up any important data before traveling, also make sure to have your smartphones and tablets locked with a security code/PIN to protect if stolen. Most devices allow you to activate the GPS tracking option to locate the device if stolen. If your device goes missing, report it immediately to the police and your service carrier. If the thief might have access to your banking, email and other accounts, change your passwords immediately.

Monitor Account Activity
Prior to your trip, write down important contact numbers such as credit card, banking and your cell phone customer service so you can quickly report any lost or stolen items. When you return from your trip, use a secure network to check your online bank account for any unauthorized purchases while you were gone.

Have a great and safe summer!