News

7/3/2016
08:00 AM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

6 Ways To Keep Androids Safe

Security managers have their hands full protecting Android devices, but there are common sense steps they can take to beat back attackers.
Previous
1 of 7
Next

Image Source: www.technewstoday.com

Image Source: www.technewstoday.com

Android malware has found its way into security industry news again in the past several days.

First, Trend Micro reported last week that the so-called “Godless” mobile malware can target any Android running Android 5.1 (Lollipop) or earlier. The company said the malware has affected more than 850,000 devices worldwide and can be found in prominent app stores such as Google Play.

Then on Wednesday, Cheetah Mobile estimated that a Chinese hacking organization was making $500,000 a day via a Trojan dubbed “Hummer.” Calling it the most prolific Trojan in history, the company reported that during the first half of 2016 alone, Hummer infected nearly 1.4 million devices worldwide. In China alone there were 63,000 infections a day.

Despite Google’s attempts over the past several years to do a better job issuing patches and vulnerability reports, the news about Android phones being attacked should come as no surprise.

Farokh Karani, director of North American Sales & Channels for Quick Heal Technologies, said the company’s research found that 90 percent of Android devices two years or older have an operating system that’s vulnerable. That’s significant because Statistica reports that about half of the installed based of Android phones are at least two years old. 

“We’ve found that there are a lot of users who don’t upgrade every two years, like many techies do, and they are vulnerable to malware,” he said.

And Mike Murray, vice president of research and response at Lookout, added that as companies continue to rely on enterprise-class mobile devices and smartphones in the enterprise to replace laptops they are more vulnerable to attack.

“Attackers are increasingly shifting their focus to mobile platforms, seeking out vulnerabilities to exploit and developing more sophisticated attacks,” he said.  

Dark Reading spoke to Lookout and Quick Heal Technologies to learn more about what security managers can do to protect their users. Here’s what they recommend to keep the hackers at bay, including a detailed list of Quick Heal’s Top 10 Android malware strains from a recent quarterly report.

.

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Gen Chang
50%
50%
Gen Chang,
User Rank: Apprentice
7/5/2016 | 11:01:34 PM
Re: More ways
I'm surprised you didn't list a browser with adblocking capabilities. All the rest of your suggestions are great. The last one, I'm not familiar with, and so, will look it up. I'm using a new global ad blocker for no-root that's just been published to GitHub. Block This is the name, and if you Google the name, there's lots more information. XDA has a couple threads and readit too.
Anwarali
50%
50%
Anwarali,
User Rank: Apprentice
7/5/2016 | 1:37:41 AM
Re: More ways
good post.

theb0x
100%
0%
theb0x,
User Rank: Ninja
7/4/2016 | 9:53:17 AM
More ways
1) Disable all unnessisary services / applications

2) Keep Bluetooth off unless currently being used to help prevent Bluejacking attacks

3) Install a firewall. There are plenty of firewalls that do not require root. (ie No Root Firewall) They use a locally bound VPN loopback to allow the filtering of all network traffic

4) Turn off WiFi when not being used to prevent authentication with rogue access points and MITM attacks

5) Use a VPN on all Wifi networks

6) Be aware of apps with excessive permisions

7) Disable EXIF geolocation metadata on your camera

8) Encrypt your phone

9) Set a screen autolock that requires a pin / pattern

10) Disable ADB Developer Tools

11) Disable visable passwords typed in all apps

12) Install Netcut Defender to prevent ARP Spoofing and Internet Gateway Spoofing attacks

 

 

 
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-1732
PUBLISHED: 2018-08-17
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sen...
CVE-2018-15356
PUBLISHED: 2018-08-17
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15357
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15358
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-15359
PUBLISHED: 2018-08-17
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.