Welcome!

API Journal Authors: Liz McMillan, Carmen Gonzalez, Harry Trott, Elizabeth White, Pat Romanski

Blog Feed Post

Your Mobile Device is About to Be Hacked

In the PC world, hacking, viruses and cybercrime started out fairly slowly, with pranks and viruses meant to causes a nuisance. Along the way, hackers learned how to use technology to steal real money and never be caught. Organized crime and hacker syndicates are now commonplace, and are training tomorrow’s cyber thieves. Cybercrime has surpassed drug trafficking as the most lucrative illegal business.

The Mobile Market is Ripe for Hackers
As we begin 2013, the number of mobile connected devices now exceeds the world population. Not only is it a much larger market, but one that contains a customer base that includes seniors and preteens, the favorite targets of savvy hackers. Mobile hacking is on the rise, but it has come close to hitting its stride. The number of mobile malware cases targeting Google’s Android platform went from 30,000 to 175,000 from the 2nd to 3rd quarters of 2012, according to recent report from Trend Micro.

The PC industry and its growth have spawned a new generation of tech savvy users… and the largest numbers of hackers ever to exist. Moving to mobile devices is the logical next step. As Billy the Kid famously answered when he was asked why he robbed banks: “That’s where the money is.”

Paris HiltonHacking mobile devices is certainly not new and good hackers don’t discriminate against any platforms or operating systems. There have already been well publicized hacks of celebrity cell phones as early as 2005. A teen famously hacked into Paris Hilton’s mobile device and revealed contacts and photos online. The same skills that might make good pranks or be the envy of friends are used for far more sinister and profitable attacks. The same teen was involved in the attack on the LexisNexis Group, exposing the personal information of more than 300,000 consumers.

The Mobile Device Makers Dirty Little Secret
Mobile manufacturers are making it easy for hackers to see everything you do. Because of the small form factor of these devices, manufacturers use a form fill feature that uses your keystrokes to determine what word you are typing. Its intentions are good in that it makes it easier for you to text, but it gives hackers access to EVERYTHING you have ever typed since you booted the phone.

They have, in essence, embedded a keylogger on every device. All your keystrokes are stored in an unencrypted cache file. All a hacker needs to do is write malware that accesses that cache and provides that data to them. If anyone is attending the RSA Security Conference in San Francisco on February 25-March 1 in San Francisco, StrikeForce Technologies will be showing how this is done at Booth 539.

Hackers can also design malware that seeks out certain words or phrases asking just the keystrokes that follow. They look for bank names (to steal your login/password credentials), your company’s VPN URL (for a potential data breach), retail sites (to steal your credit card information), as well as college application and student loan companies (to gain access to your personal and financial information).

Mobile malware has already been used for some of the world largest data breaches. FinFisher, Loozfon and Dougalek, are examples of mobile malware that have already had their day in the sun. FinFisher is a piece of spyware that hijacks your Android phone so it can be controlled remotely. It has used web links and SMS system update texts to infiltrate your device. Loozfon will steal your number and your address book. Dougalek is an SMS Trojan that led to one of the largest data breaches in history (according to Kaspersky Labs, SMS Trojans account for more than half of all mobile malware). When these types of malware are on your system, problems will follow.

Some may tell you that Apple iOS is more secure, but that isn’t necessarily true. Apple devices only run one application at a time, which makes it impossible (at this point) to run anti-malware in the background. It is true that the majority of hacks currently occur on Android devices, but that’s mainly because that’s where the larger number of users reside. In July 2012, malware was found for the first time in the IOS (Apple) App store.

HackersThe most common ways mobile malware infects your mobile devices is through app stores, phishing attacks/adware, SMS Trojans or root access malware. Google Play (Android App Store) and Apple App Store each have anti-virus programs that seek out infected files, but just as in the PC world, they are only effective against known malware. That still leaves the door wide open for zero day attacks, and any newly written malware (thousands are written every day). Malware can also be hidden inside popular applications.

There’s a Good Chance You’re Already Infected

Some reports indicate that 50 percent of mobile devices already have unpatched vulnerabilities. If your device is infected, it can be used to perpetrate friends, family, coworkers or breach your company’s VPN. Many of these malware programs include keyloggers that track every keystroke you make on your mobile keypad. They steal your credentials, personal information, login/password for banks, social media, VPN and have that information sent to them in forms of email SMS or even phone calls. Some malicious programs will just trigger your device to continuously call or text 866 or 900 numbers.

How Can I Tell if I’m Infected?

  • Look for performance issues like slow responses or quirks you haven’t noticed before
  • Lock up. Ransomware will lock your device and ask for money (or to click a link) to unlock it. When unlocking the device they often install keyloggers hitting you yet again.
  • Watch your call history. Look for calls you don’t remember making

Mobile device hacking (and keylogging in particular) involves a wide range of crimes, including: identity theft, credit card fraud, data breaches and even physical theft (home robbery, abductions, and more). Imagine your teenage daughter is texting her friend, saying she is home alone, unaware that a keylogger is on her system. The criminal knows her address and that she is alone.

Even your photos are at risk. Actress Scarlett Johansson’s photos were stolen from her phone and posted online. Imagine what the result of a sexting incident posted online can do to someone’s reputation. A simple keylogger could ruin lives, cause terrible embarrassment, or get you fired from your job.

How 
Download some sort of anti-virus software. Anti-virus vendors that make solutions for mobile include the usual suspects like Symantec, McAfee, Kaspersky, Lookout, Sophos, and Trend Micro, among others. Most experts agree that they do little to prevent malware on mobile devices. The entire premise of anti-malware is flawed because it only protects from the “known.” It’s akin to arresting criminals and assuming that will end crime. Although they are only marginally effective, it’s better than nothing.

Anti-malware software should be paired with keystroke encryption. StrikeForce Technologies’ MobileTrust solution provides keystroke encryption that encrypts all of your keystrokes, making it impossible for hackers (even zero day attacks) to steal your information (all hackers will see are 1234567890123456789 etc.). It also includes a password vault that stores all passwords in an encrypted database, a strong password generator enables users to create and store hard-to-crack passwords, two-factor authentication and an encrypted database.

Additional Tips to Potentially Prevent Malware

  • Assume anything you type (or photograph you take) is visible to the world. Unless you have enabled keystroke encryption, don’t type anything you don’t want exposed.
  • Disable the features of the phone you don’t use (less for hackers to work with)
  • Check out application reviews and reliability before downloading
  • Be cautious of any deals that sound too good to be true (watch the home based business scams)
  • Be very careful about the types of geo-location apps you download
  • If you are suspicious about a message from a friend, do not open it. Verify its origin (contact your friend) before proceeding.
  • Don’t connect to unknown wireless networks

Remember, it’s up to YOU to protect yourself.

 

Read the original blog entry...

More Stories By Shelly Palmer

Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

@ThingsExpo Stories
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web ...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, will share examples from a wide range of industries – includin...
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at 20th Cloud Expo, Ed Featherston, director/senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
"Once customers get a year into their IoT deployments, they start to realize that they may have been shortsighted in the ways they built out their deployment and the key thing I see a lot of people looking at is - how can I take equipment data, pull it back in an IoT solution and show it in a dashboard," stated Dave McCarthy, Director of Products at Bsquare Corporation, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effici...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
"IoT is going to be a huge industry with a lot of value for end users, for industries, for consumers, for manufacturers. How can we use cloud to effectively manage IoT applications," stated Ian Khan, Innovation & Marketing Manager at Solgeniakhela, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data professionals...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Onalytica. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...