Click here to close now.

Welcome!

Search Authors: Carmen Gonzalez, Pat Romanski, Roger Strukhoff, Elizabeth White, JP Morgenthal

Blog Feed Post

Your Mobile Device is About to Be Hacked

In the PC world, hacking, viruses and cybercrime started out fairly slowly, with pranks and viruses meant to causes a nuisance. Along the way, hackers learned how to use technology to steal real money and never be caught. Organized crime and hacker syndicates are now commonplace, and are training tomorrow’s cyber thieves. Cybercrime has surpassed drug trafficking as the most lucrative illegal business.

The Mobile Market is Ripe for Hackers
As we begin 2013, the number of mobile connected devices now exceeds the world population. Not only is it a much larger market, but one that contains a customer base that includes seniors and preteens, the favorite targets of savvy hackers. Mobile hacking is on the rise, but it has come close to hitting its stride. The number of mobile malware cases targeting Google’s Android platform went from 30,000 to 175,000 from the 2nd to 3rd quarters of 2012, according to recent report from Trend Micro.

The PC industry and its growth have spawned a new generation of tech savvy users… and the largest numbers of hackers ever to exist. Moving to mobile devices is the logical next step. As Billy the Kid famously answered when he was asked why he robbed banks: “That’s where the money is.”

Paris HiltonHacking mobile devices is certainly not new and good hackers don’t discriminate against any platforms or operating systems. There have already been well publicized hacks of celebrity cell phones as early as 2005. A teen famously hacked into Paris Hilton’s mobile device and revealed contacts and photos online. The same skills that might make good pranks or be the envy of friends are used for far more sinister and profitable attacks. The same teen was involved in the attack on the LexisNexis Group, exposing the personal information of more than 300,000 consumers.

The Mobile Device Makers Dirty Little Secret
Mobile manufacturers are making it easy for hackers to see everything you do. Because of the small form factor of these devices, manufacturers use a form fill feature that uses your keystrokes to determine what word you are typing. Its intentions are good in that it makes it easier for you to text, but it gives hackers access to EVERYTHING you have ever typed since you booted the phone.

They have, in essence, embedded a keylogger on every device. All your keystrokes are stored in an unencrypted cache file. All a hacker needs to do is write malware that accesses that cache and provides that data to them. If anyone is attending the RSA Security Conference in San Francisco on February 25-March 1 in San Francisco, StrikeForce Technologies will be showing how this is done at Booth 539.

Hackers can also design malware that seeks out certain words or phrases asking just the keystrokes that follow. They look for bank names (to steal your login/password credentials), your company’s VPN URL (for a potential data breach), retail sites (to steal your credit card information), as well as college application and student loan companies (to gain access to your personal and financial information).

Mobile malware has already been used for some of the world largest data breaches. FinFisher, Loozfon and Dougalek, are examples of mobile malware that have already had their day in the sun. FinFisher is a piece of spyware that hijacks your Android phone so it can be controlled remotely. It has used web links and SMS system update texts to infiltrate your device. Loozfon will steal your number and your address book. Dougalek is an SMS Trojan that led to one of the largest data breaches in history (according to Kaspersky Labs, SMS Trojans account for more than half of all mobile malware). When these types of malware are on your system, problems will follow.

Some may tell you that Apple iOS is more secure, but that isn’t necessarily true. Apple devices only run one application at a time, which makes it impossible (at this point) to run anti-malware in the background. It is true that the majority of hacks currently occur on Android devices, but that’s mainly because that’s where the larger number of users reside. In July 2012, malware was found for the first time in the IOS (Apple) App store.

HackersThe most common ways mobile malware infects your mobile devices is through app stores, phishing attacks/adware, SMS Trojans or root access malware. Google Play (Android App Store) and Apple App Store each have anti-virus programs that seek out infected files, but just as in the PC world, they are only effective against known malware. That still leaves the door wide open for zero day attacks, and any newly written malware (thousands are written every day). Malware can also be hidden inside popular applications.

There’s a Good Chance You’re Already Infected

Some reports indicate that 50 percent of mobile devices already have unpatched vulnerabilities. If your device is infected, it can be used to perpetrate friends, family, coworkers or breach your company’s VPN. Many of these malware programs include keyloggers that track every keystroke you make on your mobile keypad. They steal your credentials, personal information, login/password for banks, social media, VPN and have that information sent to them in forms of email SMS or even phone calls. Some malicious programs will just trigger your device to continuously call or text 866 or 900 numbers.

How Can I Tell if I’m Infected?

  • Look for performance issues like slow responses or quirks you haven’t noticed before
  • Lock up. Ransomware will lock your device and ask for money (or to click a link) to unlock it. When unlocking the device they often install keyloggers hitting you yet again.
  • Watch your call history. Look for calls you don’t remember making

Mobile device hacking (and keylogging in particular) involves a wide range of crimes, including: identity theft, credit card fraud, data breaches and even physical theft (home robbery, abductions, and more). Imagine your teenage daughter is texting her friend, saying she is home alone, unaware that a keylogger is on her system. The criminal knows her address and that she is alone.

Even your photos are at risk. Actress Scarlett Johansson’s photos were stolen from her phone and posted online. Imagine what the result of a sexting incident posted online can do to someone’s reputation. A simple keylogger could ruin lives, cause terrible embarrassment, or get you fired from your job.

How 
Download some sort of anti-virus software. Anti-virus vendors that make solutions for mobile include the usual suspects like Symantec, McAfee, Kaspersky, Lookout, Sophos, and Trend Micro, among others. Most experts agree that they do little to prevent malware on mobile devices. The entire premise of anti-malware is flawed because it only protects from the “known.” It’s akin to arresting criminals and assuming that will end crime. Although they are only marginally effective, it’s better than nothing.

Anti-malware software should be paired with keystroke encryption. StrikeForce Technologies’ MobileTrust solution provides keystroke encryption that encrypts all of your keystrokes, making it impossible for hackers (even zero day attacks) to steal your information (all hackers will see are 1234567890123456789 etc.). It also includes a password vault that stores all passwords in an encrypted database, a strong password generator enables users to create and store hard-to-crack passwords, two-factor authentication and an encrypted database.

Additional Tips to Potentially Prevent Malware

  • Assume anything you type (or photograph you take) is visible to the world. Unless you have enabled keystroke encryption, don’t type anything you don’t want exposed.
  • Disable the features of the phone you don’t use (less for hackers to work with)
  • Check out application reviews and reliability before downloading
  • Be cautious of any deals that sound too good to be true (watch the home based business scams)
  • Be very careful about the types of geo-location apps you download
  • If you are suspicious about a message from a friend, do not open it. Verify its origin (contact your friend) before proceeding.
  • Don’t connect to unknown wireless networks

Remember, it’s up to YOU to protect yourself.

 

Read the original blog entry...

More Stories By Shelly Palmer

Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

@ThingsExpo Stories
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect at Hookflash, will walk through the shifting landscape of traditional telephone and voice services ...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Architect for the Internet of Things and Intelligent Systems at Red Hat, described how to revolutioniz...
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner is Product Manager of the Omega DevCloud with KORE Telematics Inc., will discuss the evolving requirements for developers as IoT matures and conduct a live demonstration of how quickly application development can happen when the need to comply...
Container frameworks, such as Docker, provide a variety of benefits, including density of deployment across infrastructure, convenience for application developers to push updates with low operational hand-holding, and a fairly well-defined deployment workflow that can be orchestrated. Container frameworks also enable a DevOps approach to application development by cleanly separating concerns between operations and development teams. But running multi-container, multi-server apps with containers is very hard. You have to learn five new and different technologies and best practices (libswarm, sy...
SYS-CON Events announced today that DragonGlass, an enterprise search platform, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. After eleven years of designing and building custom applications, OpenCrowd has launched DragonGlass, a cloud-based platform that enables the development of search-based applications. These are a new breed of applications that utilize a search index as their backbone for data retrieval. They can easily adapt to new data sets and provide access to both structured and unstruc...
Converging digital disruptions is creating a major sea change - Cisco calls this the Internet of Everything (IoE). IoE is the network connection of People, Process, Data and Things, fueled by Cloud, Mobile, Social, Analytics and Security, and it represents a $19Trillion value-at-stake over the next 10 years. In her keynote at @ThingsExpo, Manjula Talreja, VP of Cisco Consulting Services, will discuss IoE and the enormous opportunities it provides to public and private firms alike. She will share what businesses must do to thrive in the IoE economy, citing examples from several industry sector...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons. In the IoT vision, every new "thing" - sensor, actuator, data source, data con...
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists will peel away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem fil...
IoT is still a vague buzzword for many people. In his session at @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, discussed the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. He also discussed how IoT is perceived by investors and how venture capitalist access this space. Other topics discussed were barriers to success, what is new, what is old, and what the future may hold. Mike Kavis is Vice President & Principal Cloud Architect at Cloud Technology Pa...
Disruptive macro trends in technology are impacting and dramatically changing the "art of the possible" relative to supply chain management practices through the innovative use of IoT, cloud, machine learning and Big Data to enable connected ecosystems of engagement. Enterprise informatics can now move beyond point solutions that merely monitor the past and implement integrated enterprise fabrics that enable end-to-end supply chain visibility to improve customer service delivery and optimize supplier management. Learn about enterprise architecture strategies for designing connected systems tha...
There's Big Data, then there's really Big Data from the Internet of Things. IoT is evolving to include many data possibilities like new types of event, log and network data. The volumes are enormous, generating tens of billions of logs per day, which raise data challenges. Early IoT deployments are relying heavily on both the cloud and managed service providers to navigate these challenges. In her session at Big Data Expo®, Hannah Smalltree, Director at Treasure Data, discussed how IoT, Big Data and deployments are processing massive data volumes from wearables, utilities and other machines...
SYS-CON Events announced today that the "First Containers & Microservices Conference" will take place June 9-11, 2015, at the Javits Center in New York City. The “Second Containers & Microservices Conference” will take place November 3-5, 2015, at Santa Clara Convention Center, Santa Clara, CA. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
Since 2008 and for the first time in history, more than half of humans live in urban areas, urging cities to become “smart.” Today, cities can leverage the wide availability of smartphones combined with new technologies such as Beacons or NFC to connect their urban furniture and environment to create citizen-first services that improve transportation, way-finding and information delivery. In her session at @ThingsExpo, Laetitia Gazel-Anthoine, CEO of Connecthings, will focus on successful use cases.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
The recent trends like cloud computing, social, mobile and Internet of Things are forcing enterprises to modernize in order to compete in the competitive globalized markets. However, enterprises are approaching newer technologies with a more silo-ed way, gaining only sub optimal benefits. The Modern Enterprise model is presented as a newer way to think of enterprise IT, which takes a more holistic approach to embracing modern technologies.