Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

7/3/2016
08:00 AM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

6 Ways To Keep Androids Safe

Security managers have their hands full protecting Android devices, but there are common sense steps they can take to beat back attackers.
Previous
1 of 7
Next

Android malware has found its way into security industry news again in the past several days.

First, Trend Micro reported last week that the so-called “Godless” mobile malware can target any Android running Android 5.1 (Lollipop) or earlier. The company said the malware has affected more than 850,000 devices worldwide and can be found in prominent app stores such as Google Play.

Then on Wednesday, Cheetah Mobile estimated that a Chinese hacking organization was making $500,000 a day via a Trojan dubbed “Hummer.” Calling it the most prolific Trojan in history, the company reported that during the first half of 2016 alone, Hummer infected nearly 1.4 million devices worldwide. In China alone there were 63,000 infections a day.

Despite Google’s attempts over the past several years to do a better job issuing patches and vulnerability reports, the news about Android phones being attacked should come as no surprise.

Farokh Karani, director of North American Sales & Channels for Quick Heal Technologies, said the company’s research found that 90 percent of Android devices two years or older have an operating system that’s vulnerable. That’s significant because Statistica reports that about half of the installed based of Android phones are at least two years old. 

“We’ve found that there are a lot of users who don’t upgrade every two years, like many techies do, and they are vulnerable to malware,” he said.

And Mike Murray, vice president of research and response at Lookout, added that as companies continue to rely on enterprise-class mobile devices and smartphones in the enterprise to replace laptops they are more vulnerable to attack.

“Attackers are increasingly shifting their focus to mobile platforms, seeking out vulnerabilities to exploit and developing more sophisticated attacks,” he said.  

Dark Reading spoke to Lookout and Quick Heal Technologies to learn more about what security managers can do to protect their users. Here’s what they recommend to keep the hackers at bay, including a detailed list of Quick Heal’s Top 10 Android malware strains from a recent quarterly report.

.

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Gen Chang
50%
50%
Gen Chang,
User Rank: Apprentice
7/5/2016 | 11:01:34 PM
Re: More ways
I'm surprised you didn't list a browser with adblocking capabilities. All the rest of your suggestions are great. The last one, I'm not familiar with, and so, will look it up. I'm using a new global ad blocker for no-root that's just been published to GitHub. Block This is the name, and if you Google the name, there's lots more information. XDA has a couple threads and readit too.
Anwarali
50%
50%
Anwarali,
User Rank: Apprentice
7/5/2016 | 1:37:41 AM
Re: More ways
good post.

theb0x
100%
0%
theb0x,
User Rank: Ninja
7/4/2016 | 9:53:17 AM
More ways
1) Disable all unnessisary services / applications

2) Keep Bluetooth off unless currently being used to help prevent Bluejacking attacks

3) Install a firewall. There are plenty of firewalls that do not require root. (ie No Root Firewall) They use a locally bound VPN loopback to allow the filtering of all network traffic

4) Turn off WiFi when not being used to prevent authentication with rogue access points and MITM attacks

5) Use a VPN on all Wifi networks

6) Be aware of apps with excessive permisions

7) Disable EXIF geolocation metadata on your camera

8) Encrypt your phone

9) Set a screen autolock that requires a pin / pattern

10) Disable ADB Developer Tools

11) Disable visable passwords typed in all apps

12) Install Netcut Defender to prevent ARP Spoofing and Internet Gateway Spoofing attacks

 

 

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.