Zimperium Blog

Cutting through the Weekly Mobile Security Noise: Privacy threats – from the global to the personal

This week we learned that when it comes to cyber security, no one is safe. From larger corporations such as Microsoft, to individual consumers, everyone’s at risk. The latest headlines continue to reflect security breaches and threats to private data. In the meantime, the best option for us is to become informed about the evolving nature of these attacks and take the necessary precautions to protect ourselves. This week we’ve been monitoring conversations around the Superfish flaw, SIM card hacks, Android malware and Chrome security updates.

Superfish security flaw also exists in other apps, non-Lenovo systems
Last week security experts discussed an adware program called Superfish, a poorly designed malware which was preloaded on some Lenovo laptops. Security experts found issues with Superfish, saying that the same malware is also used in other software programs, “First, the software used the same root certificate on all systems and second, the private key corresponding to that certificate was embedded in the program and was easy to extract.” Security researcher named Filippo Valsorda also created a site where users can verify if they have been affected by the Superfish with instructions on how to remove its root certificate from Windows and Firefox.

The Great SIM Heist
American and British spies hacked into the computer network of Gemalto, the world’s largest creator of smartphone SIM cards. The group stole the card’s encryption keys, which can use to monitor mobile communications with limited warrants, approval or permission. Christopher Soghoian, the principal technologist for the American Civil Liberties Union says, “The theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment.” He says.” Once you have the keys, decrypting traffic is trivial and the news of this key theft will send a shock wave through the security community.” Among Gemalto’s clients are: AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.

Android Malware Only Pretends to Turn Off Phones
Android users beware: The most popular OS is also the one most frequently targeted by malware. New findings from security experts say, “A nasty new hijack tricks users of rooted phones into thinking that their phones are powered off, then goes to work with surveillance and texting scams. Amsterdam-based security company AVG released a blog post about the sneaky malware, which has no specific name. The way it functions is fairly ingenious. When a user turns off a phone, the malware shows an animation of the shutdown process turns the screen off and begins exploiting the device.” The easiest way to avoid this is to think very cautiously when apps ask for permission, we need to be sure to read the terms so you can fully understand what the details of the request. Currently, AVG estimates that the malware is present on about 10,000 devices, mostly in China. Devices running Android 5.0 Lollipop appear to be immune.

Chrome security update warns against sneaky software downloads as well as malware
This week Google added another security update to Chrome, continuing its efforts to protect users from online threats. Google defines unwanted malware as, “Anything with dishonest behavior, such as piggybacking on the installation of another program, apps that are difficult to remove, and software that fails to live up to its advertised functionality. “Also software that changes your browser’s homepage can also be qualified as malware. Google’s definition of unwanted programs isn’t just about malware, but also tricky programs that try to sneak onto your system.” The search giant defines unwanted software as anything with dishonest behavior, such as piggybacking on the installation of another program, apps that are difficult to remove, and software that fails to live up to its advertised functionality. Even software that changes your homepage—a not uncommon occurrence—can qualify as unwanted software from Google’s point of view. Users with the latest Chrome updates will start to receive pop up’s in their browser, warning them when they have encountered a harmful site. “The new Chrome security warnings join other security features, such as warnings about potentially harmful programs you’re about to download and sites known to deliver malware.”