Categories
Industry Insights IT Solutions Managed IT Services

Attention Android Users, “Stagefright” Vulnerability Risk

With over 1 billion Android devices, a security firm has shown how a simple vulnerability could affect over 95 percent of Android devices.

The “Stagefright” vulnerability for Android phones exploits via a simple text message giving the cyber criminals full access to your device.  The bad news is most phones will not be patched anytime soon as manufacturers work on closing this security hole.

Unfortunately Android software has been susceptible to security flaws for years as it is an open design compared to Apple’s iOS.

 

How do I protect myself from Stagefright vulnerability?

If you’re using Google Hangouts as your default SMS client, you need to disable automatic downloading of media files sent via MMS.

To disable Auto Retrieve MMS in the default SMS client on the Samsung Galaxy S6, go to:

  • Messages app
  • More
  • Settings
  • More settings
  • Multimedia messages
  • Auto retrieve

By disabling Auto Retrieve MMS, you will partially mitigate this vulnerability until an official patch release.

 

What is your Mobile Device Management (MDM) company policy?

proactive managed services toronto

 

365 iT SOLUTIONS provides its clients with real uptime, productivity and profitability. As Toronto’s leading IT consulting firm, we offer cutting edge Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Is your business protected? Take advantage of our Complimentary Network and Security Audit by 365itSolutions.com or give us a call at 416-398-9889 and we can chat!

 

 

Categories
Industry Insights IT Solutions Managed IT Services

Why Apps Fail on Protecting Privacy

 

Recently, 85% of Android and iOS apps have failed at protecting privacy.  The Global Privacy Enforcement Network (GPEN) was formed in 2010 in response to Cross-border Cooperation in the Enforcement of Laws Protecting Privacy.

They released a report that has revealed that the majority of Android and IOS apps fail when it comes to protecting privacy.

 

  • 85% of the apps fail to clearly explain how they are collecting, using and disclosing information

 

Of the 1,211 apps examined, the study found that 85% did not clearly explain what data was being collected and nearly one in three requested an excessive amount of personal information.  Many experts believe that the use of third-party advertising platforms are responsible. Privacy leaks from mobile apps do not come from the app itself but from the advertisements which are added.

 

  • 1 in 3 apps appeared to request an excessive number of permissions to access personal information

 

Researchers did note that there are some good practices as some apps use notifications to warn users when certain instances of data collection such as location information was about to take place.

__________________________________________________________________________________________

365 iT SOLUTIONS is a leading IT consulting firm in Toronto. We provide industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com

Categories
Industry Insights IT Solutions Managed IT Services

CryptoLocker Copycat holds Android Data for Ransom

Recently authorities have taken down CryptoLocker malware operations there have been reports that there is Android malware called Koler that that claims to encrypt user’s mobile data which could potentially land the user in trouble with the police.

 

Koler encrypts data plus takes over a device’s screen by posting a message that is hard to get rid of.  It can be uninstalled of by simply rebooting your Android device.  There is another malware known as SimpleLocker also known as Andr/Slocker-A that really encrypts users’ data and holds it for ransom just like CryptoLocker does for Windows computers.

 

There have been a number of variants of SimpleLocker and much like Koler, the malware fills a user’s screen with a message that will not go away.  Victims could try to reboot their device to get rid of the malware but users have to be quick because it reappears on the screen pretty fast.  Users might not encounter SimpleLocker if their Android device is configured to download only software from Google Play.  SimpleLocker is not cloud-controlled like CryptoLocker. The malware uses an encryption key that is embedded in the SimpleLocker code itself rather than from command centre.

 

Android has always given IT professional’s shivers because it is such an open operating system. Now there’s another reason: The discovery of Ransomware that encrypts user data.

 

The discovery was made by security vendor ESET, who calls it Android/SimpleLocker. The good news is the ransom demand is made in Russian, with payment demanded in Ukrainian currency. The bad news is there will likely be an English version shortly.

 

Staff at many organizations bring Android devices into the enterprise, forcing a number to move to open mobile policies (BYOD).

 

Here are a few options for companies with Android mobile devices in their network:

  1. Allow staff to use secure devices from BlackBerry and Apple.
  2. Enforce rules that if Android devices are to be allowed, only applications from Google Play can be downloaded.
  3. Separate corporate from personal data on Android devices, although it isn’t clear that will solve the problem.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto. We provide industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com