Welcome!

Web 2.0 Authors: Elizabeth White, Liz McMillan, David Cauthron, Yeshim Deniz, Aruna Ravichandran

Blog Feed Post

Your Mobile Device is About to Be Hacked

In the PC world, hacking, viruses and cybercrime started out fairly slowly, with pranks and viruses meant to causes a nuisance. Along the way, hackers learned how to use technology to steal real money and never be caught. Organized crime and hacker syndicates are now commonplace, and are training tomorrow’s cyber thieves. Cybercrime has surpassed drug trafficking as the most lucrative illegal business.

The Mobile Market is Ripe for Hackers
As we begin 2013, the number of mobile connected devices now exceeds the world population. Not only is it a much larger market, but one that contains a customer base that includes seniors and preteens, the favorite targets of savvy hackers. Mobile hacking is on the rise, but it has come close to hitting its stride. The number of mobile malware cases targeting Google’s Android platform went from 30,000 to 175,000 from the 2nd to 3rd quarters of 2012, according to recent report from Trend Micro.

The PC industry and its growth have spawned a new generation of tech savvy users… and the largest numbers of hackers ever to exist. Moving to mobile devices is the logical next step. As Billy the Kid famously answered when he was asked why he robbed banks: “That’s where the money is.”

Paris HiltonHacking mobile devices is certainly not new and good hackers don’t discriminate against any platforms or operating systems. There have already been well publicized hacks of celebrity cell phones as early as 2005. A teen famously hacked into Paris Hilton’s mobile device and revealed contacts and photos online. The same skills that might make good pranks or be the envy of friends are used for far more sinister and profitable attacks. The same teen was involved in the attack on the LexisNexis Group, exposing the personal information of more than 300,000 consumers.

The Mobile Device Makers Dirty Little Secret
Mobile manufacturers are making it easy for hackers to see everything you do. Because of the small form factor of these devices, manufacturers use a form fill feature that uses your keystrokes to determine what word you are typing. Its intentions are good in that it makes it easier for you to text, but it gives hackers access to EVERYTHING you have ever typed since you booted the phone.

They have, in essence, embedded a keylogger on every device. All your keystrokes are stored in an unencrypted cache file. All a hacker needs to do is write malware that accesses that cache and provides that data to them. If anyone is attending the RSA Security Conference in San Francisco on February 25-March 1 in San Francisco, StrikeForce Technologies will be showing how this is done at Booth 539.

Hackers can also design malware that seeks out certain words or phrases asking just the keystrokes that follow. They look for bank names (to steal your login/password credentials), your company’s VPN URL (for a potential data breach), retail sites (to steal your credit card information), as well as college application and student loan companies (to gain access to your personal and financial information).

Mobile malware has already been used for some of the world largest data breaches. FinFisher, Loozfon and Dougalek, are examples of mobile malware that have already had their day in the sun. FinFisher is a piece of spyware that hijacks your Android phone so it can be controlled remotely. It has used web links and SMS system update texts to infiltrate your device. Loozfon will steal your number and your address book. Dougalek is an SMS Trojan that led to one of the largest data breaches in history (according to Kaspersky Labs, SMS Trojans account for more than half of all mobile malware). When these types of malware are on your system, problems will follow.

Some may tell you that Apple iOS is more secure, but that isn’t necessarily true. Apple devices only run one application at a time, which makes it impossible (at this point) to run anti-malware in the background. It is true that the majority of hacks currently occur on Android devices, but that’s mainly because that’s where the larger number of users reside. In July 2012, malware was found for the first time in the IOS (Apple) App store.

HackersThe most common ways mobile malware infects your mobile devices is through app stores, phishing attacks/adware, SMS Trojans or root access malware. Google Play (Android App Store) and Apple App Store each have anti-virus programs that seek out infected files, but just as in the PC world, they are only effective against known malware. That still leaves the door wide open for zero day attacks, and any newly written malware (thousands are written every day). Malware can also be hidden inside popular applications.

There’s a Good Chance You’re Already Infected

Some reports indicate that 50 percent of mobile devices already have unpatched vulnerabilities. If your device is infected, it can be used to perpetrate friends, family, coworkers or breach your company’s VPN. Many of these malware programs include keyloggers that track every keystroke you make on your mobile keypad. They steal your credentials, personal information, login/password for banks, social media, VPN and have that information sent to them in forms of email SMS or even phone calls. Some malicious programs will just trigger your device to continuously call or text 866 or 900 numbers.

How Can I Tell if I’m Infected?

  • Look for performance issues like slow responses or quirks you haven’t noticed before
  • Lock up. Ransomware will lock your device and ask for money (or to click a link) to unlock it. When unlocking the device they often install keyloggers hitting you yet again.
  • Watch your call history. Look for calls you don’t remember making

Mobile device hacking (and keylogging in particular) involves a wide range of crimes, including: identity theft, credit card fraud, data breaches and even physical theft (home robbery, abductions, and more). Imagine your teenage daughter is texting her friend, saying she is home alone, unaware that a keylogger is on her system. The criminal knows her address and that she is alone.

Even your photos are at risk. Actress Scarlett Johansson’s photos were stolen from her phone and posted online. Imagine what the result of a sexting incident posted online can do to someone’s reputation. A simple keylogger could ruin lives, cause terrible embarrassment, or get you fired from your job.

How 
Download some sort of anti-virus software. Anti-virus vendors that make solutions for mobile include the usual suspects like Symantec, McAfee, Kaspersky, Lookout, Sophos, and Trend Micro, among others. Most experts agree that they do little to prevent malware on mobile devices. The entire premise of anti-malware is flawed because it only protects from the “known.” It’s akin to arresting criminals and assuming that will end crime. Although they are only marginally effective, it’s better than nothing.

Anti-malware software should be paired with keystroke encryption. StrikeForce Technologies’ MobileTrust solution provides keystroke encryption that encrypts all of your keystrokes, making it impossible for hackers (even zero day attacks) to steal your information (all hackers will see are 1234567890123456789 etc.). It also includes a password vault that stores all passwords in an encrypted database, a strong password generator enables users to create and store hard-to-crack passwords, two-factor authentication and an encrypted database.

Additional Tips to Potentially Prevent Malware

  • Assume anything you type (or photograph you take) is visible to the world. Unless you have enabled keystroke encryption, don’t type anything you don’t want exposed.
  • Disable the features of the phone you don’t use (less for hackers to work with)
  • Check out application reviews and reliability before downloading
  • Be cautious of any deals that sound too good to be true (watch the home based business scams)
  • Be very careful about the types of geo-location apps you download
  • If you are suspicious about a message from a friend, do not open it. Verify its origin (contact your friend) before proceeding.
  • Don’t connect to unknown wireless networks

Remember, it’s up to YOU to protect yourself.

 

Read the original blog entry...

More Stories By Shelly Palmer

Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

@ThingsExpo Stories
Technology is enabling a new approach to collecting and using data. This approach, commonly referred to as the "Internet of Things" (IoT), enables businesses to use real-time data from all sorts of things including machines, devices and sensors to make better decisions, improve customer service, and lower the risk in the creation of new revenue opportunities. In his General Session at Internet of @ThingsExpo, Dave Wagstaff, Vice President and Chief Architect at BSQUARE Corporation, discuss the real benefits to focus on, how to understand the requirements of a successful solution, the flow of ...
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo (http://www.CloudComputingExpo.com), moderated by Ashar Baig, Research Director, Cloud, at Gigaom Research, Nate Gordon, Director of T...

ARMONK, N.Y., Nov. 20, 2014 /PRNewswire/ --  IBM (NYSE: IBM) today announced that it is bringing a greater level of control, security and flexibility to cloud-based application development and delivery with a single-tenant version of Bluemix, IBM's platform-as-a-service. The new platform enables developers to build ap...

Focused on this fast-growing market’s needs, Vitesse Semiconductor Corporation (Nasdaq: VTSS), a leading provider of IC solutions to advance "Ethernet Everywhere" in Carrier, Enterprise and Internet of Things (IoT) networks, introduced its IStaX™ software (VSC6815SDK), a robust protocol stack to simplify deployment and management of Industrial-IoT network applications such as Industrial Ethernet switching, surveillance, video distribution, LCD signage, intelligent sensors, and metering equipment. Leveraging technologies proven in the Carrier and Enterprise markets, IStaX is designed to work ac...
"There is a natural synchronization between the business models, the IoT is there to support ,” explained Brendan O'Brien, Co-founder and Chief Architect of Aria Systems, in this SYS-CON.tv interview at the 15th International Cloud Expo®, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
C-Labs LLC, a leading provider of remote and mobile access for the Internet of Things (IoT), announced the appointment of John Traynor to the position of chief operating officer. Previously a strategic advisor to the firm, Mr. Traynor will now oversee sales, marketing, finance, and operations. Mr. Traynor is based out of the C-Labs office in Redmond, Washington. He reports to Chris Muench, Chief Executive Officer. Mr. Traynor brings valuable business leadership and technology industry expertise to C-Labs. With over 30 years' experience in the high-tech sector, John Traynor has held numerous...
Bit6 today issued a challenge to the technology community implementing Web Real Time Communication (WebRTC). To leap beyond WebRTC’s significant limitations and fully leverage its underlying value to accelerate innovation, application developers need to consider the entire communications ecosystem.
The 3rd International @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades.
The Internet of Things is not new. Historically, smart businesses have used its basic concept of leveraging data to drive better decision making and have capitalized on those insights to realize additional revenue opportunities. So, what has changed to make the Internet of Things one of the hottest topics in tech? In his session at @ThingsExpo, Chris Gray, Director, Embedded and Internet of Things, discussed the underlying factors that are driving the economics of intelligent systems. Discover how hardware commoditization, the ubiquitous nature of connectivity, and the emergence of Big Data a...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, phone and digital TV services to consumers primarily in rural areas.
SYS-CON Events announced today that IDenticard will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. IDenticard™ is the security division of Brady Corp (NYSE: BRC), a $1.5 billion manufacturer of identification products. We have small-company values with the strength and stability of a major corporation. IDenticard offers local sales, support and service to our customers across the United States and Canada. Our partner network encompasses some 300 of the world's leading systems integrators and security s...
IoT is still a vague buzzword for many people. In his session at @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, discussed the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. He also discussed how IoT is perceived by investors and how venture capitalist access this space. Other topics discussed were barriers to success, what is new, what is old, and what the future may hold. Mike Kavis is Vice President & Principal Cloud Architect at Cloud Technology Pa...
The Industrial Revolution in the 18th to 19th centuries was a period during which predominantly rural societies in Europe and America became industrial and urban. Advances in steam technology, transportation, mass production and the telegraph collectively transformed industry and society. Today, the Internet of Things (IoT) has the potential to once again transform industry and society just as the Industrial Revolution did. Analyst firm IDC forecasts that the IoT market will grow to $8.9 trillion by 2020 with anywhere between 30 to 50 billion connected autonomous things, making the potential g...
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world. The next @ThingsExpo will take place November 4-6, 2014, at the Santa Clara Convention Center, in Santa Clara, California. Since its launch in 2008, Cloud Expo TV commercials have been aired and CNBC, Fox News Network, and Bloomberg TV. Please enjoy our 2014 commercial.
From a software development perspective IoT is about programming "things," about connecting them with each other or integrating them with existing applications. In his session at @ThingsExpo, Yakov Fain, co-founder of Farata Systems and SuranceBay, will show you how small IoT-enabled devices from multiple manufacturers can be integrated into the workflow of an enterprise application. This is a practical demo of building a framework and components in HTML/Java/Mobile technologies to serve as a platform that can integrate new devices as they become available on the market.
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Located in booth #314, the Bsquare team will present DataV demos and discuss how DataV will help customers put their data to work to improve business outcomes. DataV is unlocking new initiatives across a wide landscape of customers in industries such as industrial manufacturing, transportation, retail and mobile. The solution is designed to complement a new project start or help to enrich an existing machine investment.
The Physical Web incorporates beacons that can be put in any small retail store, for example, so that every store now has "an app" for its customers. In this Birds-of-a-Feather session at Internet of @ThingsExpo, Scott Jenson, Product Designer at Google, will discuss the Physical Web and how it is an open standard so any device can broadcast a URL wirelessly, so any phone/tablet/watch nearby can see, and rank those devices. When the user taps on one, they just go to that web page. It's really that simple. It's about thinking small, enabling micro-information (what is in my prescription bottle...
BSQUARE is a global leader of embedded software solutions. We enable smart connected systems at the device level and beyond that millions use every day and provide actionable data solutions for the growing Internet of Things (IoT) market. We empower our world-class customers with our products, services and solutions to achieve innovation and success. For more information, visit www.bsquare.com.