Most Mobile Apps Unsafe.

[duncan]

http://www.infopackets.com/news/technology/mobile/2011/20110817_most_mobile_apps_unsafe_risk_id_theft_report.htm

[ritchie58]

That's an eye opener! With the huge popularity of smart phones these days that would put a lot of people at risk for identity theft for using those apps. I bet a lot of folks don't even think twice about security before downloading and installing these dangerous apps and that's what makes the whole situation pretty scary. One solution would be to have the companys that produce smartphones limit the ability of apps to access personal data somehow within their operating systems. I think it would be to their advantage to do something like that. If you owned a smartphone, became a victim of identity theft because of that would you want to continue using that particular model? I think not.

[duncan]

the other possible solution is that Sourcefire

release an android app that acts as an anti-malware scanner for mobile phones.

 

more android malware

http://www.scmagazin...ing-charts.aspx

[ritchie58]

I did mention in the Ideas section of the forum months ago about the idea of creating an Immunet anti-malware app for phones. Seems to me the time is ripe to develop such an application. I'm sure it would be a money maker for Sourcefire. The idea I was thinking of in my earlier thread would be for the manufactures to incorporate an encrypted folder within the operating system that all your personal data would be kept. Only apps that absolutely needed to access your personal data (such as banking apps) would be permitted to do so at your discretion. You would temporarily unencrypt the folder for the app to read the data. Then the encryption algorithm would automatically initialize once the app is done with the folder. Seems like a good idea to me.

[duncan]

I do recollect reading an online article re/ mobile phone av app.

Pretty sure it was a sourcefire initiative,

I cannot find anything on google relating to this however.

 

A dated looking similar situation:

http://thepcsecurity...ndroid-mobiles/

 

And 7 years ago it looked like it was going somewhere.

http://www.pcworld.com/article/118834/trend_micro_gives_away_mobile_antivirus_app.html

[sweidre]

Hi,

I will continue to use Mobile Phones as extra telephones only (no links to Internet or computers). For me security/safety is the major thing!

Cheers,

sweidre

[duncan]

`Hi,

I will continue to use Mobile Phones as extra telephones only (no links to Internet or computers). For me security/safety is the major thing!

Cheers,

sweidre '

That may be the case but a huge percentage of people use their mobile for internet apps and the hacking includes txt and voicecalls...

[sweidre]

the hacking includes txt and voicecalls...

Hi Duncan,

I doubt that SMSes & Voice Calls are being hacked! But, we have a new law here in Sweden, that all telephone operators & ISPs are obliged to store all SMSes, telephone calls (also from the stationary phones) and emails for a certain number of years, so that Swedish authorities might use this info, if serious crimes are suspected to have happened or are planned to happen (such as female trafficing, money laundering, murder, drug smuggling, sex abuse of children,.......) The Swedish parliament embraced this law, in spite of limitation of speeach, that is against the Swedish constitution in fact.

 

This is not hacking but bugging as during the old communistic regime of the Soviet Union, but now legal in Sweden with unclear exceptions!

 

Cheers

sweidre

[duncan]

`I doubt that SMSes & Voice Calls are being hacked! '

You seem to be extreme in your requirement for internet security.

And yet all anyone really needs to do is familarise and harden a linux installation to enjoy secure browsing and a lightning fast system responce.

Phones are getting hacked to oblivion and back, anyone that is targetted can have every phone call and every text message recorded and used for whatever purpose that the hacker requires.

The technology to intercept mobile phone traffic is initiated by the telecommunications industry, this technology is passed to law enforcement agencies, the technology is then available to organised crime syndicates via corruption and other methods.

A classic example is the use of this technology by outlaw motorcycle gangs such as the hells angels.

If you do not believe this is true, then so be it, but I am afraid it is.

Wireless transmissions of any kind are open to abuse.

Also ISP's have access to all internet traffic including any website that a client might access as well as any emails, instant messages, etc. (and they keep logs of all internet activity)

Out of the hundreds of thousand telcos, law enforcement agencies and ISP's it is only logical that a certain amount of corruption exists.

You don't seem to fully understand that all the internet security is useless if the wrong people want to watch what an individual or organisation is doing.

Why do you think that anon has been severely disrupted by global government and law enforcement?

This is not some half baked paranoia, it is reality.

So if someone wanted to record your mobile phonecalls/text messages and they had the right contacts, then it would be recorded.

[sweidre]

This is not some half baked paranoia, it is reality.

So if someone wanted to record your mobile phonecalls/text messages and they had the right contacts, then it would be recorded.

OK Duncan,

To an extent I agree with you! As I wrote earler, according to the new Swedish law all telephone calls (wired & wireless), SMSes, emails & faxes (not normal "snailmail" letters though) must be recorded & saved by the ISPs & the telephone operators a certain numbers of years, so that the Swedish authorities can trace committed or planned crimes. This new law is bad enough, because it is against the constitution of Sweden.

Now, you enter a new realistic dimension here! Of course, there can be an illegal leakage of info from the ISPs, telephone operators & from the Swedish authorities to criminals of any kind. In fact the new Swedish law might facilitate crimes instead of preventing them! (This was an argument by the opposition against founding this new law!)

In the old days we said, that in Sweden we do not have any corruption or infiltration of illegal employment. But today Sweden is international, subject to international & domestic crimes. So, everything is now possible in this calm corner of the world.

Cheers,

sweidre

[duncan]

bit off topic but related to thread.

http://www.securitypark.co.uk/security_article266694.html

[sweidre]

bit off topic but related to thread.

http://www.securityp...icle266694.html

Hi Duncan,

Interesting article, that all should read in full:

Personallly I consider most what was written there, but I noted down some important/difficult sentences:

----------Start quotes----

1. "unfortunately it isn’t you that’s been hacked. It’s your information stored by the companies you trust that’s been compromised."

2. "We conservatively estimate that the average family’s personal information has been breached 10 times since June."

3. "Organisations ask you to trust them to store your information. They even provide a box for you to tick to show that you don’t want your details shared with ‘interested third parties’. And, with the best will in the world, they don’t intend to spill their databases into the black market. However, the stark reality is that all too often someone’s lax security controls allow a malicious person to gain entry to your personal records."

4. "What organisations fail to grasp is that, each time your record is breached, organised cyber criminals are piecing together bits of information about you, your habits, and that of your family’s that together creates a complete picture."

5. "You can’t personally go into every organisation and ask them how they protect your information. That said, perhaps if more people were willing to challenge organisation’s about their security strategy before doing business, companies might do more to protect your information."

6. " - Be careful about the personal information you divulge when filling in registration forms. Ask yourself whether the organisation really needs that much information about you and, as importantly, can you trust them to keep it safe? They’ll tell you how they intend to use the information but don’t be afraid to ask how they’re going to protect it to."

----------End quotes----

My comments:

1. True! Trusted companies are my suppliers of my OS (Microsoft) & softwares (freewares & sharewares in particular), PayPal & other intermediary "Pay Companies" used between me and the shareware suppliers, (some "Pay Companies" give no email addresses and the emails from the "Pay Companies" cannot be replied to), my ISP (Internet connection & subscription & given email addresses,) storing all my email correspondence, my banks, fora (forums), miscellaneous suppliers used for purchase of things over the Intenet, etc. Of course, I will fill in the forms with necessary info, that they can (will) use by distributing to 3rd parties.Using banking & purchasing via the Internet is convenient, but the info can (will) of course be given to 3rd parties. Why do I get SPAM emails addressed to my email address, but from email addresses, that I have never contacted? Of course, there are more leakages of my personal details to unknown 3rd parties!

2. True! May be more than 10 times!

3. True, but I cannot prove it or check what organinisation(s) that has (have) leaked my info!

4. True, but until now, I have received some SPAM emails, asking me in bad Swedish to give details of my webmail address signed by my Swedish ISP (but fortunately in not proper Swedish) & so called Nigeria emails. ( I have many anti-malware programs, and until now, I have not got any Viruses/Trojans, only FPs. But I can never know, if my computer is 100% clean!) Every change of month, I check if my bank accounts have been misused during the passed month. Fortunately not, until now!

5. True! If the organisation has a forum, where all users/members can discuss this common security issues, and together appoint a body to examine the misuse by the organisation. (But, in a case like this, the organisation will exclude (=ban) complaing users/members, of course.)

6. True! Sometimes the compulsory fields are marked with asterisks (*), voluntary fields without (*). To be honest, I do not have time to read all info given, if it is provided! In addition, I do not believe in all info; it is just to calm the user/member!)

 

Please, click on the link to the full article provided by Duncan above. Try to follow the instructions given therein, even if it hard to do everytime! Cheers, sweidre

[duncan]

http://www.malwarecity.com/blog/all-data-stored-on-your-smartphone-gone-in-60-seconds-1156.html

[ritchie58]

Just read your latest link Duncan. Gone in sixty seconds, wooosh! A nice app for the bad guys wouldn't you say? I thought it interesting and relevant that there was a link to Bitdefender's security app for Android included in the article.