Category: Android

Attention Android users still on versions 11 or earlier: A critical security update demands your immediate attention. Multiple hacking groups are targeting outdated Android devices with open-source mobile ransomware variants, prompting urgent warnings from cybersecurity experts.

Recently, Check Point issued an alert via Telegram, highlighting that devices that have reached end-of-life status are particularly vulnerable. These attacks have resulted in a concerning 60% success rate across more than 120 campaigns orchestrated by threat actors.

BlackBerry’s threat analysts underscored the broader risk, cautioning that all Android devices running versions 10 and earlier are susceptible to these threats.

According to Check Point’s findings, a significant 87.8% of vulnerable devices are still operating on Android versions 11 and earlier, whereas only 12.5% are on Android 12 and 13.

The vulnerable devices span various manufacturers including Samsung, Google, Xiaomi, Redmi, Motorola, OnePlus, Vivo, and Huawei, highlighting the widespread nature of the threat.

To mitigate these risks, users are strongly advised to promptly install the latest security updates and consider upgrading to newer Android operating systems whenever feasible. Leading OEMs such as Samsung and Motorola now offer smartphones with guaranteed minimum support of 2 OS upgrades and 4 years of security updates, making them a safer choice. Models like the Galaxy series from Samsung and Google Pixel series are recommended for users prioritizing security and longevity in their devices.

The post Ransomware attacks on obsolete Android devices appeared first on Cybersecurity Insiders.

Recently, many Android phone users may have received emails about the activation and use of the ‘Find My Device’ feature. For those unfamiliar with this development, here’s a summary to safeguard the information stored on your phone in case it is lost or misplaced.

Smartphones have become indispensable in our daily lives. Whether for ordering food, navigation, or communication, they are now essential tools rather than mere commodities.

Let’s focus on Android devices to delve into the essence of this article, setting aside Apple iPhone users.

Imagine losing or misplacing your phone without remembering where. What if someone accesses the data stored on your device? They could potentially misuse it, discard the data, or even use sensitive information like messages, photos, and videos to threaten or blackmail you.

To address this scenario effectively, Google offers the ‘Find My Device’ application. This app can be downloaded onto your Android phone and requires you to log in with your Gmail ID and password. Once installed, it connects to GPS satellites via mobile data to protect your device from being misplaced or lost.

So, what exactly is ‘Google Find My Device‘?

It’s a crucial tool that, once installed and connected, allows users to track their lost or misplaced Android phones. This feature is available to be activated on smartphones running Android 11 and later versions. Unfortunately the older versions will not support this essential security tool.

Users can access the web version of Google Find My Device to locate their phone, ring it to find its location audibly, lock it with a password, or in extreme cases, erase all data remotely to protect their privacy.

Moreover, this feature extends to other connected devices like smartwatches, enhancing overall security.

One of the standout features of this Google-launched mobile security application is its capability to function even when the lost device is offline, effectively meeting our security needs and ensuring the protection of stored data.

 

The post Google find my device helps secure your information stored on the phone to the core appeared first on Cybersecurity Insiders.

The surge in Zero Click hack, where malicious software infiltrates devices without user consent, has become a concerning trend. To counter this, the National Security Agency (NSA) offers a simple yet effective defense tip at no cost to users.

A quick remedy to such cyber threats is often as straightforward as rebooting the device. Rebooting clears background applications and associated data, thwarting sophisticated digital attacks. This action closes all apps, logs out of social media accounts, and denies perpetrators access to sensitive information stored on the device.

Additionally, users are advised to steer clear of public Wi-Fi networks and avoid connecting to unknown Bluetooth devices. Opting for secure 4G or 5G networks over public connections helps keep smartphones free from spyware, as telecom networks typically monitor for malicious activity.

Similar precautions apply to both iPhone and Android devices when combating Spear phishing attacks.

Interestingly, a 2015 Pew Research report revealed that a significant majority of tech-savvy individuals rarely power off their smartphones, if at all, with only a handful adhering to daily reboots.

Keeping device software up to date and promptly addressing software bugs is equally crucial.

Furthermore, exercising caution when clicking on URLs or SMS containing suspicious links is imperative to prevent account compromise, identity theft, and social engineering attacks like phishing.

To minimize risks, users should avoid using devices with outdated software and hardware, opting instead for regular upgrades every one to two years. However, this leads to another challenge—electronic waste generation—that often ends up polluting oceans and harming ecosystems.

The post Android and iPhone users are vulnerable to Zero Click hacks appeared first on Cybersecurity Insiders.

The National Security Agency (NSA) of the United States has recently issued a set of comprehensive guidelines aimed at enhancing the security of Android and Apple iPhone users against various digital threats such as hacks and snooping campaigns. These guidelines are particularly pertinent for users in India and other Asian countries, which have been increasingly targeted by sophisticated cyber-attacks.

Outlined below are the top 11 mobile security tips recommended by the NSA:

Location Services: Users are advised to avoid carrying their devices to sensitive locations and to disable location services when not needed. Furthermore, it’s recommended to restrict access to location tracking features for mobile applications, enabling them only when necessary.

Powering Off the Device: Security agencies are advocating for regular powering off of mobile devices, as this simple action can disrupt potential malware. In-fact in an interview last year, Australian Prime Minister Anthony Albanese urged the same to his country’s populace.

Avoid Sharing Sensitive Information: Users should refrain from sharing sensitive information such as card details, Aadhaar or Green Card details, and banking information on their mobile phones to prevent exploitation by online criminals.

Exercise Caution with Email and SMS Links: Users are urged to exercise caution when clicking on URL links shared via SMS or emails from unknown senders, as they may lead to malicious content or mobile ransomware.

Disable Wi-Fi and Bluetooth: It’s advisable to disable Wi-Fi and Bluetooth when not in use, as leaving them enabled can pose security risks. Additionally, connecting to public Wi-Fi networks can potentially compromise device security.

Keep Software and Apps Updated: Regularly updating the software and apps on mobile devices is crucial, as it helps to patch vulnerabilities and enhance security.

Utilize Biometrics: Using biometric authentication methods such as fingerprint or PIN to secure account access adds an extra layer of security to mobile applications and data.

Screen Lock: Enabling automatic screen lock after a period of inactivity helps to prevent unauthorized access to the device by acquaintances or strangers.

Download Apps from Official Stores: Users are advised to download apps only from official app stores to minimize security risks. Furthermore, it’s recommended to refrain from storing or entering sensitive data into applications.

Microphone and Camera Security: Covering the device’s camera and disabling the microphone when not in use can mitigate the risk of unauthorized surveillance by malicious software.

Password Protection: Users should avoid using easily guessable passwords and opt for strong, alphanumeric passwords with a minimum length of 9 to 12 characters to secure online accounts effectively.

By adhering to these mobile security best practices, users can significantly reduce their vulnerability to various cyber threats and safeguard their personal and sensitive information effectively.

The post NSA suggests these 11 mobile security tips to Android and iPhone users appeared first on Cybersecurity Insiders.

This week the podcast is more lavatorial than usual, as we explore how privacy may have gone to sh*t on Google Maps, our guest drives hands-free on Britain's motorways (and is defamed by AI), and ransomware attacks an airplane-leasing firm. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by BBC Technology Editor Zoe Kleinman.

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN:

The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.

The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.