Click Here to Subscribe For FREE SMS Alerts on Disaster Awareness

Refresher Training of CERT by FOCUS

Wednesday, May 1, 2013

When apps attack, no secret’s safe

Chennai: You may fiercely guard your e-privacy by installing anti-virus software and desisting from downloading anything on your smart phone, but someone somewhere may still have access to some of your data. 

    If a friend or acquaintance has compromised his own privacy while downloading an app, he could have inadvertently put you at risk just because you were in his contacts list. Welcome to the new world of app permissions and malicious software, where increasingly the user is not in command of his own data. 
    There are two ways in whi
ch we expose ourselves: One, by accidentally touching a strategically placed ad on an app; two, by inadvertently authorizing an app to access your data without understanding the permissions it seeks. 
    As per a 2012 report by a digital security firm, Bit9, more than two-thirds of all Android apps seek at least one 
high-risk 'permission' and one-fourth access your private information like email and contacts. 
    "Applications ask for a number of permissions which they may not really need. Most of us don't bother to understand what giving access to an app means to our privacy and we just go ahead and click 
install," says cyber forensics expert K Rama Subramaniam. 
    Virtually every app asks for permission to access your mobile phone data of varying degrees, from location to address book to even text messages. 
    The Facebook app asks for permission to access almost everything, including your microphone. The Google Plus app takes permission to read your call log, take pictures and videos, and record audio. This does not mean these app developers mine your data, though they can. Fortunately, the big players have behaved responsibly. In 2011, Google took about 50 apps off its Android market after complaints of data theft. It again removed more than 20 apps this year for similar activities. 

Don't install apps from unknown sources Don't store critical passwords and PIN numbers on your mobile phone Read all permissions sought carefully before installing apps Go through the privacy policy, however lengthy it may be, before you click 'I agree' If you see unusual calls or unwanted data usage, check for the erring apps 
Ads on free apps can be harmful 
Chennai: Not owning a smart phone doesn't guarantee immunity against data theft either. Cyber criminals can still easily reach your data since in a world where your privacy is intricately woven into your social groups like friends and colleagues, any breach in their accounts can lead to loss of your private information. 
    Smart phones are prime targets because of the sheer amount of information stored in them. According to cyber security firm Symantec, 69% of Indians access the internet, including work e-mails, through mobile phones. Users also store passwords and card details on their phones so once access is granted to an invasive app, nothing is hidden from the attacker's eyes. 
    Advertisements running inside a huge number of free apps today aren't safe either. 
Though in most cases they are just promotions, they can also be used to disguise viruses, trojans and links to damaging websites. And they are often carefully placed on the screen so that you are likely to click them while playing a game or chatting. "Known as 'madware', short for mobile adware, their numbers have grown by 55% every month since July 2011," says Symantec managing director Shantanu Ghosh. 
    Not only do these ads have the potential to steal your information, they also drain the mobile battery faster and eat up your 2G/3G data plan because the ads need to keep changing every few seconds. "Madwares collect browsing information like history and bookmarks, and send the information to a remote server on the internet controlled by a stranger," says Mahendra Negi, COO of Trend Micro, a software security company. 
    And it is not just the cleverness of the attacker that is making it possible; it's your careless that aids the theft. "This year is expected to be a watershed year for madware, as advanced mobile technology will create new opportunities for cyber criminals," says Ghosh. 

As AP polls near, netas turn to hackers 
Hyderabad: In the run up to elections in Andhra Pradesh next year, a few politicians are using technology to checkmate their political foes by keeping tabs on their daily messages, e-mails and even telephonic conversations by hacking into smartphones. This has led to around150 professional hackers in Hyderabad being in great demand. 
    Some politicians said they are extremely worried at the situation. "I have stopped replying to mails from my phone and have started using my official mail to only contact my officers," D Sridhar Babu, minister for civil supplies told TOI. 
    Offered amounts starting from Rs 1 lakh, hackers have been approached to hack into MLAs, MPs and even ministers' smartphones, a few hackers told TOI. "These kinds of enquiries are becoming common now, especially since elections are round the corner," a hacker said. "I was asked whether I can hack into a top politician's mail id and get access to his mails. The person also said that I will get whatever amount I demand. But I flatly refused these offers and politely told him that this is unethical and I cannot do it," he added.
    It takes a hacker close to a week or two at the most to prepare a special code and send it in the form of mail or an application link to the target. Once the link is clicked, or the application is downloaded, the hacker has complete control over the computer or smartphone. TNN


Popular Posts

Slide Presentation


Enter a Youtube URL to download:

Powered by KeepHD.com
Custom Search

Daily Green News


blogger templates | Make Money Online