Welcome!

Wearables Authors: Liz McMillan, Stackify Blog, William Schmarzo, Carmen Gonzalez, Elizabeth White

Blog Feed Post

Your Mobile Device is About to Be Hacked

In the PC world, hacking, viruses and cybercrime started out fairly slowly, with pranks and viruses meant to causes a nuisance. Along the way, hackers learned how to use technology to steal real money and never be caught. Organized crime and hacker syndicates are now commonplace, and are training tomorrow’s cyber thieves. Cybercrime has surpassed drug trafficking as the most lucrative illegal business.

The Mobile Market is Ripe for Hackers
As we begin 2013, the number of mobile connected devices now exceeds the world population. Not only is it a much larger market, but one that contains a customer base that includes seniors and preteens, the favorite targets of savvy hackers. Mobile hacking is on the rise, but it has come close to hitting its stride. The number of mobile malware cases targeting Google’s Android platform went from 30,000 to 175,000 from the 2nd to 3rd quarters of 2012, according to recent report from Trend Micro.

The PC industry and its growth have spawned a new generation of tech savvy users… and the largest numbers of hackers ever to exist. Moving to mobile devices is the logical next step. As Billy the Kid famously answered when he was asked why he robbed banks: “That’s where the money is.”

Paris HiltonHacking mobile devices is certainly not new and good hackers don’t discriminate against any platforms or operating systems. There have already been well publicized hacks of celebrity cell phones as early as 2005. A teen famously hacked into Paris Hilton’s mobile device and revealed contacts and photos online. The same skills that might make good pranks or be the envy of friends are used for far more sinister and profitable attacks. The same teen was involved in the attack on the LexisNexis Group, exposing the personal information of more than 300,000 consumers.

The Mobile Device Makers Dirty Little Secret
Mobile manufacturers are making it easy for hackers to see everything you do. Because of the small form factor of these devices, manufacturers use a form fill feature that uses your keystrokes to determine what word you are typing. Its intentions are good in that it makes it easier for you to text, but it gives hackers access to EVERYTHING you have ever typed since you booted the phone.

They have, in essence, embedded a keylogger on every device. All your keystrokes are stored in an unencrypted cache file. All a hacker needs to do is write malware that accesses that cache and provides that data to them. If anyone is attending the RSA Security Conference in San Francisco on February 25-March 1 in San Francisco, StrikeForce Technologies will be showing how this is done at Booth 539.

Hackers can also design malware that seeks out certain words or phrases asking just the keystrokes that follow. They look for bank names (to steal your login/password credentials), your company’s VPN URL (for a potential data breach), retail sites (to steal your credit card information), as well as college application and student loan companies (to gain access to your personal and financial information).

Mobile malware has already been used for some of the world largest data breaches. FinFisher, Loozfon and Dougalek, are examples of mobile malware that have already had their day in the sun. FinFisher is a piece of spyware that hijacks your Android phone so it can be controlled remotely. It has used web links and SMS system update texts to infiltrate your device. Loozfon will steal your number and your address book. Dougalek is an SMS Trojan that led to one of the largest data breaches in history (according to Kaspersky Labs, SMS Trojans account for more than half of all mobile malware). When these types of malware are on your system, problems will follow.

Some may tell you that Apple iOS is more secure, but that isn’t necessarily true. Apple devices only run one application at a time, which makes it impossible (at this point) to run anti-malware in the background. It is true that the majority of hacks currently occur on Android devices, but that’s mainly because that’s where the larger number of users reside. In July 2012, malware was found for the first time in the IOS (Apple) App store.

HackersThe most common ways mobile malware infects your mobile devices is through app stores, phishing attacks/adware, SMS Trojans or root access malware. Google Play (Android App Store) and Apple App Store each have anti-virus programs that seek out infected files, but just as in the PC world, they are only effective against known malware. That still leaves the door wide open for zero day attacks, and any newly written malware (thousands are written every day). Malware can also be hidden inside popular applications.

There’s a Good Chance You’re Already Infected

Some reports indicate that 50 percent of mobile devices already have unpatched vulnerabilities. If your device is infected, it can be used to perpetrate friends, family, coworkers or breach your company’s VPN. Many of these malware programs include keyloggers that track every keystroke you make on your mobile keypad. They steal your credentials, personal information, login/password for banks, social media, VPN and have that information sent to them in forms of email SMS or even phone calls. Some malicious programs will just trigger your device to continuously call or text 866 or 900 numbers.

How Can I Tell if I’m Infected?

  • Look for performance issues like slow responses or quirks you haven’t noticed before
  • Lock up. Ransomware will lock your device and ask for money (or to click a link) to unlock it. When unlocking the device they often install keyloggers hitting you yet again.
  • Watch your call history. Look for calls you don’t remember making

Mobile device hacking (and keylogging in particular) involves a wide range of crimes, including: identity theft, credit card fraud, data breaches and even physical theft (home robbery, abductions, and more). Imagine your teenage daughter is texting her friend, saying she is home alone, unaware that a keylogger is on her system. The criminal knows her address and that she is alone.

Even your photos are at risk. Actress Scarlett Johansson’s photos were stolen from her phone and posted online. Imagine what the result of a sexting incident posted online can do to someone’s reputation. A simple keylogger could ruin lives, cause terrible embarrassment, or get you fired from your job.

How 
Download some sort of anti-virus software. Anti-virus vendors that make solutions for mobile include the usual suspects like Symantec, McAfee, Kaspersky, Lookout, Sophos, and Trend Micro, among others. Most experts agree that they do little to prevent malware on mobile devices. The entire premise of anti-malware is flawed because it only protects from the “known.” It’s akin to arresting criminals and assuming that will end crime. Although they are only marginally effective, it’s better than nothing.

Anti-malware software should be paired with keystroke encryption. StrikeForce Technologies’ MobileTrust solution provides keystroke encryption that encrypts all of your keystrokes, making it impossible for hackers (even zero day attacks) to steal your information (all hackers will see are 1234567890123456789 etc.). It also includes a password vault that stores all passwords in an encrypted database, a strong password generator enables users to create and store hard-to-crack passwords, two-factor authentication and an encrypted database.

Additional Tips to Potentially Prevent Malware

  • Assume anything you type (or photograph you take) is visible to the world. Unless you have enabled keystroke encryption, don’t type anything you don’t want exposed.
  • Disable the features of the phone you don’t use (less for hackers to work with)
  • Check out application reviews and reliability before downloading
  • Be cautious of any deals that sound too good to be true (watch the home based business scams)
  • Be very careful about the types of geo-location apps you download
  • If you are suspicious about a message from a friend, do not open it. Verify its origin (contact your friend) before proceeding.
  • Don’t connect to unknown wireless networks

Remember, it’s up to YOU to protect yourself.

 

Read the original blog entry...

More Stories By Shelly Palmer

Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

@ThingsExpo Stories
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs ofte...
SYS-CON Events announced today that Systena America will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Systena Group has been in business for various software development and verification in Japan, US, ASEAN, and China by utilizing the knowledge we gained from all types of device development for various industries including smartphones (Android/iOS), wireless communication, security technology and IoT serv...
DevOps at Cloud Expo – being held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real r...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search and...
The 21st International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
SYS-CON Events announced today that Technologic Systems Inc., an embedded systems solutions company, will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Technologic Systems is an embedded systems company with headquarters in Fountain Hills, Arizona. They have been in business for 32 years, helping more than 8,000 OEM customers and building over a hundred COTS products that have never been discontinued. Technologic Systems’ pr...
SYS-CON Events announced today that Carbonite will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Carbonite protects your entire IT footprint with the right level of protection for each workload, ensuring lower costs and dependable solutions with DoubleTake and Evault.
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs oft...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo Silicon Valley Call for Papers is now open.
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...