Mobile Security

The explosive growth of mobile apps has attracted a criminal element looking for new ways to distribute malware that can be used to commit fraud, identity theft and steal confidential data. Malicious apps are an effective way to infect users, since they often exploit the trust people have in brands and companies they do business with.

Read more: http://www.techcentral.ie/malware-infected-android-apps-spike-in-the-google-play-store/#ixzz2uEkBBrPR

Due to a security flaw in the Samsung Galaxy S3 your phones data can be wipe just by surfing web pages (on a compromised website). Hackers have become aware of this security flaw and they are placing hidden code in webpages that will trigger the remote wipe feature of this phone without the permission or any input from the phones user. This code is presently circulating online through websites but it’s also possible that attackers may adopt the code to a test message distribution method, QR code or NFC tag.

Other reports on the internet are saying that they have uncovered more codes built into Samsung devices that could be used in other attacks like killing the phones SIM card. Beside claim we have not seen any evidence of such code yet.

It is also believed that this code may also trigger a factory reset on Galaxy S2 and other Samsung devices that use Samsung's "TouchWiz" interface.

How to Protect you self for this issue:
Backup you Smart Phone content, and check regularly on the Samsung website to see if they have released an update to fix your phone.
The only way to guard against the attacks is to switch off "service loading" in settings, and disable QR code and NFC apps.

How to Test your Phone
You can test your phone by entering any one of the two codes provide here:

*2767*688#
or
*2767*2878#

Please make BACKUP of your all data on your phone before use this code because it you phone is vulnerable the code will wipe all data on your phone and reset it back to factory default.

Devices from other Android manufacturers appear to be unaffected
 

1. Password Protect your device.
Set a password and screen lock so that nobody can access your mobile device. Set you phone so that if a unauthorised person enters too many incorrect password the phone will automatically wipe all data. This will help to prevent the private data on your mobile phone from getting into the wrong hands.
2. Hardware Encryption
Android phones doesn’t have any hardware encryption. So you should not store any sensitive emails or information on your Android phone. There are several third party encryption app that you can use on your mobile phone. One good encryption app is "Keeper Password & Data Vault" for storing passwords and information.
If you connect your android phone to an Exchange server you should use a app like "Touchdown" to encrypt your email, calendar and contact info that is stored on the Android mobile device.

3. Remote Wiping
Android supports automatic and remote wiping.
To remote wipe you need to use third-party apps, this feature is possibly via the security policies on a Microsoft exchange server.

4. Virus Risk
Android devices are more at risk to viruses and intrusions than iOS devices , due to the openness of the platform. There are several anti-virus and security products on the market, one of the best I have come across is Trend Micro Mobile Security.

5. Rooting Android devices (not recommend)

More info on Rootin Android Devices
More info on Keeper Password and Data Vault here.
More info on TouchDown here.
More info on Lookout Mobile Security here.
More info on Trend Micro Mobile Security for Android here.

Search the internet and you will find a lot of great tutorial on rooting your android devices but, how many of these tutorial will highlight the fact that by doing this you are compromising the security of your android device.

How many times have you downloaded a application or game that has the all or some of the following requirement like full Internet access, GPS location, Read Contacts, etc… STOP and think, why would a game or simple app require this type of functionality or access.

As soon as you grant these rights to an application, there is very little you can do to stop them sending all of your contacts information across the internet, etc… .

Even non-root applications can be harmful so image the risk of rooted application

What might a malicious root application do? or Maybe I should re-ask the question – What can a malicious root application not do?

Example of some of the things a malicious root-enabled application could do:

  • Replace your apps with a modified version
  • Install a key logger to log your keystrokes
  • Delete files (your data)
  • Upload copies of your private date to the internet
  • Download and attempt to install a different modified ROM
  • Download and install another application that wakes up nightly to call Premium numbers or sends SMS to premium numbers
  • Gain access to your Market account and make purchases on your behalf
  • Destroys your android device.
  • Uploads your contact list to the internet.

This is just some of the list, I don't believe I need to build a long list to highlight the danger

Trend Micro Smart Surfing

Trend Smart Surfing is a comprehensive free application for iPhone, iPod touch and iPad. It is considered as the first secure browser to guarantee web protection while surfing using these devices.

Smart Surfing incorporates a high end technology known as “in the cloud” Web Reputation technology to protect the user from any malicious threat. It automatically blocks all harmful malicious content. It provides protection against phishing and pharming attacks.

It has a color coded search engine to identify harmful web pages and the configuration is pretty simple. Protection level strength and its notification are easy to modify. One more thing, it offers multi-tab browsing so users can browse multiple WebPages concurrently.