How Safe is Your Data When You Download Mobile Apps?

Jan 5

NQ Mobile | Mobile Security Research, News & Press, Products & Services, Security Updates | 1 Comment

There’s a lot of talk these days about being cautious when downloading new apps to your mobile device. How, exactly, can an app compromise your personal information? You may think the stuff on your phone doesn’t have much value, or that it’s so obscure that no one would even recognize it.  And, you may be one of the lucky people who never downloads a noxious app, but don’t count on it.

A recent Nielsen study shows that the majority of smartphone owners do download apps, especially games. Since thousands of people are successfully using thousands of apps, what’s the risk? If an app is free or cheap, what’s the harm? A good rule of thumb is to remember that nothing is free, so avoid those tempting offers.  But also be aware that even apps that aren’t offered for cheap-or-free can introduce malware into your wonderful mobile device.

Most of us heard about the Netflix scam that surfaced in November of 2011.  A rather inept criminal replicated the Netflix logo and sign-on screen well enough to fool lots of people. It didn’t look threatening, and had all the familiar characteristics of Netflix, however, the fake app, which detonated when downloaded, released a Trojan – a piece of code that opens up and releases malware. When the user logged in with a password, the malicious software sent the login data to an obscure URL. As it turns out, the Netflix scam didn’t do much damage, since all it gathered was sign-in data. Maybe its greatest achievement was to serve as a wake-up call to mobile users.

Truly malicious code often hitches a ride on an app that appears harmless. Once released, it silently cruises through your device and gathers the email addresses of your contacts, your location history, your calling and browsing history, your texts, your photos and, perhaps most damaging, your purchasing history, including PINs and passwords. The data is smoothly and quietly transmitted to an obscure site where cyber-criminals either use the data themselves, or sell it to thieves who make use of it. What does the end-user cyber-criminal do with it?  First, they may make huge purchases of merchandise with your credit card or bank information. All the information in your texts, emails and voice messages can be scanned for anything that might be of value. Your contacts’ addresses may be used for spreading viruses or spam, and text messages can be used as a spreading tool for malicious worms.

Cleverly built stealth tools can begin dialing premium phone numbers at great expense to you, without your knowledge, consent or any sign of what’s taking place until you see your bill at the end of the month.   These premium numbers pay the receiver of the call immediately, and can mean big dollars for the owners of the numbers.  You’ve seen these numbers before – we used to call them “900” numbers.  It costs money to call them.

One of the worst scams involves replicating the style and logo of banks, retailers and credit card institutions.  These fake screens, which may look very familiar, prompt users to contact them immediately. Usually, the message seems urgent, and wants you to verify your personal information — for your own good. The truth is, if your bank or credit card company needs to contact you, they will never send you a popup or email notice on your mobile device.  Never, ever fall for this kind of phishing attempt.  The good news is that these ploys have been around long enough that most users know not to buy in.

Finally, some malware that travels on apps is able to dig down to the root of your mobile device, and actually reconfigure the system to its own advantage. It makes copies of your email and text transmissions and sends it on to be used for fraudulent purposes.

Apps are an essential part of owning a mobile device.  What can you do to protect your information, your assets and your mobile phone? Always use secure sites, and check on your bank or retailers’ encryption status. Look carefully at your bills and monitor your phone’s battery use. Download apps that come from reputable developers and retailers. Note any odd behaviors on your mobile device. Never, ever update personal information over your phone for banks or retailers.Protect your device with a strong security package that will snag malware or alert you to threats. Read everything you can about an app before downloading it.  By taking precautions, you can plan on hours of fun enjoying your new apps.

Top Mobile Security Resolutions for 2012

Jan 3

NQ Mobile | Mobile Security Research, News & Press, Products & Services, Security Updates | No Comments

The year 2012 has arrived, as predicted.   A new year tends to bring celebration and introspection, as well as a lot of new toys and gadgets to entertain us.  Before you get to having too much fun downloading apps and exploring all the things your new mobile device can do, consider these New Year’s Resolutions to make your mobile experience fun and carefree:

  1. Decide on a password no one could possibly guess.  Include special characters and at least one number.  Write it down in a safe place.  Change your passwords every few weeks.
  2. Try to use just one credit card on all mobile purchases; check your statements regularly.
  3. Don’t make purchases on your mobile device in public places or through a public Wi-Fi.
  4. Keep your phone locked when you’re out and about, and don’t lend it out.
  5. Do a quick check online and with friends to find out if the app you want to download has been known to carry malware.
  6. Remember to download any manufacturer’s updates to your device in a timely way.
  7. Don’t let your device record anything you don’t want made public, including photos.
  8. Remember not to download any uninvited app or respond to any unknown texts or voicemail.
  9. Learn how to read and understand Terms of Service and Permission Agreement screens.
  10. Only make financial transactions on secured sites.
  11. Don’t provide a lot of personal detail on social media sites.
  12. Download the best security package, to snag malware, including phishing scams, Trojans and viruses, before they are ever able to reach your device.  Add theft and loss protection as an extra safety measure.

It’s worth taking a little time to learn about the signs of malware, and to become aware of all the ways in which your data could be compromised.  Learning about malware shouldn’t make using your mobile device less pleasant, but instead, should give you some peace of mind.  As a famous superhero once said, “Knowing is half the battle.”

Have a safe, prosperous and peaceful 2012.

A Brief Peek at the Business of Cyber Crime

Jan 2

NQ Mobile | Mobile Security Research, News & Press, Products & Services, Security Updates | 1 Comment

The creation and exchange of mobile malware is big business, much like any other. What does the malware industry really look like?  Do people in black trench coats meet in empty warehouses in the dead of night to buy and sell their specialized ill-gotten treasures of credit card numbers and code cracking secrets? How do cyber criminals stay underground?

First of all, malware architects probably don’t bear much resemblance to the hardcore drug-dealer on a big- city street corner. To design effective malware, one needs a substantial understanding of technology in order to discern its weak spots and know how to break them. This isn’t work for the feeble-minded. Secondly, most cyber criminals never need to leave the privacy of their homes to conduct their illicit business dealings. A maker of malware can market his goods to a network of underground operators, who’ll buy his well-turned-out package, or kit, and in turn, put the malware to work out in the field. Certainly, not all perpetrators of cybercrime are inventors – some of the most prolific criminals simply buy and use the handy pre-programmed kits cranked out by the bigger brains.

Once the owner of a malware kit has gleaned some valuable data, he might want to sell it, rather than use it to commit the crimes himself. The purchasers of stolen data represent another level of fraud. Purchasing fraudulent information often involves simply finding an automated online “store” that sells stolen data. These cyber stores offer everything from bank account and credit card numbers to private information gleaned from unwitting users.  If a purchase of this data is made by an experienced fraudster, there is no way to track the seller or the buyer. This level of cyber thief will actually use the stolen data to take out fraudulent loans, drain bank accounts, and make large purchases of merchandise that can be sold elsewhere.

How do certain strains of malware travel and spread so quickly? There is apparently a certain level of collaboration and, perhaps, respect within the growing malware industry. Malicious code is often shared, modified, re-energized and improved upon among this vast, and somewhat loosely-connected sector of people, who find cybercrime to be a more intriguing and faster way to make money.

It’s not a hopeless situation.  While mobile users are becoming more aware of the need for added security, retailers and banks are hurrying to put into place new security measures to accommodate the rapidly expanding number of folks who’re using mobile devices instead of computers to conduct their business.  Simply put by e-Commerce Times, mobile security’s just plain tougher for online retailers than PC security. While a computer’s IP address is connected with one location, mobile users connect through different gateways and Wi-Fi’s across a much wider geographical range. The demand for retailers to revamp their security systems to accommodate mobile users is strong and retailers are struggling to catch up in our currently strained economy.  But they will catch up because they have to.

For now, as wise consumers we must consciously protect ourselves from the threat of mobile criminals.  Downloading a strong security package can allow you take a deep breath with the knowledge that you’re well-protected from the threats of mobile malware.

A Future Filled with Mobile Technology

Dec 31

NQ Mobile | Mobile Security Research, News & Press, Products & Services, Security Updates | No Comments

It’s hard to imagine a time when we might look back at finger swipe, face recognitionmagic hand and Siri as awkward relics of a forgotten age.  But, the future of the mobile device isn’t in question. Without a doubt, handheld, wireless devices will become even more of a staple in the modern world, and will morph over time in innate intelligence and sophistication, in ways we’ve not yet dreamed of.

Predictions by research firms like Gartner suggest that the mobile device will increasingly make good use of our five senses.  As computing becomes more mobile-centric, user interfaces will be required to become more sensitive in terms of gesture, voice and video, as they accomplish even more sophisticated tasks, according to Gartner’s experts.

Utilizing information about its user, mobile devices may become more “contextually aware.” What that means is the system will be able to “sense” the users’ preferences, based on their activities, and become more helpful in predicting their needs. The mobile device will then be able to offer the most helpful and logical content, based on what it “knows” about its owner. Likewise, image-recognition technology is growing, primarily as a result of the handy cameras built into mobile phones.  Your phone will summarize your photos to determine what you might need.  The QR systems that ask consumers to scan their unique icons for specialized information are only a preview into what’s to come in this field.

We might assume that Near Field communication (NFC) is also in its infancy. This exciting technology of merely waving a mobile phone over a reader will no doubt become a way of life for us in the very near future, not only as consumers but as workers and citizens.

As mobile interfaces and apps change and grow more sophisticated, they’ll need to be adaptable for both the consumer and the enterprise.  At some point, the wide array of mobile technologies may need to homogenize to accommodate all types and brands of mobile device platforms.  You might be able to remember back in the early days of computing, when we couldn’t run an Atari or Apple disk application on an IBM system. It’s easy to assume that the public will only stand for the restrictions and confinements of specific-apps-for-specific-operating-systems for a short period of time.  We’re a busy and demanding population, and we like our conveniences.

In the meantime, NetQin Mobile Security (soon to be NQ Mobile) is keeping up with the changes, and continues to protect the interests of its one hundred million mobile phone subscribers with its amazing cloud technology.

The mobile phone, once a novelty, will probably replace our methods of bill-paying, consumer purchasing, and performing our jobs, just as the PC once did, except that the future of mobile may only require us to touch, wave, blink or even just look like ourselves, in order to do what we once did.  The future of mobile technology’s exciting, and the possibilities, phenomenal.

The Mobile World in 2012

Dec 30

NQ Mobile | Mobile Security Research, News & Press, Products & Services, Security Updates | No Comments

American society and culture are changing rapidly.  In 2012, we’ll see the use of mobile devices become even more prevalent. The existing mobile giants, as well as thousands of smaller companies, will surely continue to offer more amazing features and apps for every use and genre.  But the use of mobile devices is also being taken very seriously in ways that’ll affect our lives. Are we really ready for the mobile age?

Mobile phones and cameras are helping law enforcement officers log crimes and snag criminals. For instance, in the aftermath of several bank robberies, officials have required all operating cell phones in the vicinity of the crime to be turned over to be examined for evidence that may have been caught.  As individuals, our mobile phones give citizens the power to capture unique and momentous events that might otherwise be lost forever — and everyone wants the bad guys to get caught.

A thought-provoking use of mobile phones can be seen within the worldwide Occupy movement.  Protesters are using mobile devices to publicize their participation, posting videos of alleged police unfairness, and using the medium to promote their various causes.  Simultaneously, the FBI and local government agencies are using their own mobile methods to monitor the protests and track criminal behavior. Officers are using mobile devices to identify protestors who have outstanding warrants or other police records, and they’re staying in close communication with one another for crowd control.  At one protest site in New York, a cell phone recharging station was built for cell phone users who want to ride a stationary bike that transmits enough energy to charge their phones.

Now called “hactivism,”the practice of using the Internet to make a social or political statement via cybercrime has been reported numerous times this year. Using mobile hacking to expose personal and corporate information is almost a given, as we move into 2012.  We Americans are determined to exercise our rights of political activism. While malicious apps and serious breaches were reported at the highest levels in 2011, we can expect more in 2012.  This year brought alarming ruptures within our military’s mobile systems, and mobile breaches in the systems of several large financial institutions.  It turns out that hacking, Trojans, spyware and malware is not always just a method for finding money.

In 2012, most individual mobile users will become much more conscious of malware, cybercrime and security issues.  It’s highly likely that private users, as well as businesses, will become more interested in protecting their mobile devices, as cybercrime grows.  While most of us don’t seem to be too concerned about carriers’ intrusions, like the ones we saw this year with the CarrierIQ question, it’s interesting to ponder the degree to which Americans are willing to tolerate invasion of our privacy. We shouted back loudly when President Bush’s wiretapping scheme went too far in looking for terrorists. It might be a bit ironic that, while our government hurries to pass legislation to regulate the cyber industry, its own investigative agencies are working to find stealthy ways to detect espionage and criminal activities.

Finally, companies like Nixle are developing mass notification systems that “allow government organizations to communicate with the public via text/SMS…”as a service of Homeland Security. Nixle claims it can reach over 85 percent of the population instantly through mobile texting. The service is now available to government and law enforcement agencies.

While hackers and cyber criminals are are in gross violation of the law, others are using similar tactics for different purposes. What’s ultimately deemed legal or illegal in mobile stealth will begin to play out in 2012, and will surely prove to be a fascinating aspect of mobile security history.  In the meantime, as we watch history unfold, the best practice is to protect our own mobile devices with a strong, reliable mobile security package.

Using Your Own Mobile Device for Work?

Dec 26

NQ Mobile | Mobile Security Research, News & Press, Products & Services, Security Updates | No Comments

When you go back to work next week with your shiny new mobile device, will you want to use it for work as well as play?  There’s an ongoing discussion among corporate executives and IT Managers who are trying to address the implications of employee-owned mobile devices being used for work.  Is it risky?  Most certainly.  Does the idea make sense? Absolutely.

The cost savings for a corporation that allows its employees to use their mobile phones for business can be considerable.  Employees enjoy using their personal devices that house their own chosen apps, and are conformed to their own comfort levels.  They find they can be much more effective and comfortable in business-to-customer relationships.  Further, a“BYOD” policy affords the convenience of conducting all mobile communications through one phone.  Employees are increasingly finding it more efficient and pleasant to access corporate data from their private mobile devices, and employers are beginning to agree with the idea, in theory.

The risks, if not easy to assess, are easy to guess.  Free-form, random access to a company’s data base and document files can be an ominous prospect.  Many associates in the field are negotiating sensitive contracts and accessing proprietary documents in order to conduct business.  With all the potential for hacking, malware and data breaches, in general, any corporate IT manager could feel a lot of trepidation for activities that are not secured and encrypted under corporate control.

So, what solutions might be agreeable to both employee and corporate IT departments? In organizations where the idea is in its infancy, employees are often asked to provide proof of an approved security package.  In IT divisions that have been considering the problem for a while, managers are beginning to construct policies that require any personal access to corporate data to be encrypted with corporate-owned or licensed software, and which won’t allow access without a specific corporate password.  Companies clearly recognizing the cost savings and advantages of BYOD, are also beginning to offer free website support to employees through their intranet systems and some are even purchasing large licensing contracts for software which employees are required to download.

Overall, bringing a personal mobile device to work can be a win-win for both the enterprise and the employee, so long as everyone understands that protection of corporate information is a priority, and that a data breach can hurt the entire enterprise.  Employees who do access company information should be careful not to allow their children to use their phone, and should be ever-conscious of the potential for malware.  Corporations would do well to teach employees how to read the terms of agreements on downloads, and to recognize the precautionary measures that everyone should be aware of while using a mobile device, whether for personal or business purposes.

Happy Mobile Holidays

Dec 23

NQ Mobile | Mobile Security Research, News & Press, Products & Services, Security Updates | No Comments

The holidays are here.  How many mobile phones are sitting quietly in the lost and found of department stores and restaurants as we wind up this busy shopping season?  How many others are riding in the pockets of someone who happened to see one sitting unattended?  Thousands of shoppers stop what they’re doing to make a call or text, or sit down for a refreshing drink or lunch during this time of year, and leave their phones behind. Lost phones typically show up in malls, concert halls and public transport vehicles, like taxis and buses.  Only a small percentage of them are turned into a manager or the local police department. While there’s no available stats for the U.S., estimates are that lost phones number in the millions each year, and the thousands every day.

A lost phone during the holidays can cast a shadow over the season, and add an extra measure of uninvited stress that no one enjoys.  People lose and misplace their belongings every day, however, when a mobile device goes missing, so does a lot of information about its owner.  Most people use their mobile phones for much more than calling and texting friends.  The majority of mobile phones contain telling data about purchases, banking transactions, and other private information that was never intended to be shared.  Of course, not everyone who finds a lost mobile phone is a cyber criminal, but there’s a good chance you could see some charges on your credit cards or withdrawals from your bank account, even if a mischievous teenager happens to find your phone.

It doesn’t feel good to be that vulnerable, especially when it comes to your finances.  But a lost phone can often mean much more to its user.  Loss of photos, music and contact lists can be extremely distressing, as well as a pain to reconstruct.  Don’t forget that when you lose a contact list, your friends and family suddenly become vulnerable, as well.

A great holiday gift for yourself and your loved ones is the peace of mind that comes with having a strong anti-loss and theft package for the family phones. NetQin Mobile Security Premium provides several features that lend a sense of comfort when a phone is misplaced or stolen. First, an alarm feature can be activated on the device from a remote location, so that if it’s anywhere in the vicinity, you’ll know it. If it’s in the hands of a thief, everyone else will know it, too.  The next step would be to activate the remote lock feature that blocks anyone from “opening” your phone. Finally, if you’re sure it’s a goner, you can remotely wipe clean the data stored on your phone, so that nothing sensitive reaches the hands of anyone with bad intentions.  Of course, if your phone turns up under your friend’s couch cushions, you can easily restore the data and be on your merry way.

In the U.S., we tend to live our lives at a pace that demands a smooth, unfettered routine, and doesn’t leave much room for mini-disasters, like lost mobile phones. Make yourself more comfortable this year with the knowledge that, if your phone ends up in the wrong hands, you can protect it from a distance.  Relax and enjoy a happy holiday.

In an Age of Malware – What Can We Trust?

Dec 22

NQ Mobile | Mobile Security Research, News & Press, Products & Services, Security Updates | No Comments

This year has brought a wave of mobile malware, the likes of which we’ve never seen.  News reports in 2011 tell us of malware invasions in government institutions, where safety used to be a foregone conclusion. This year, our government’s military mobile system’s been hacked. Other large agencies, such as public transportation systems, and even the FBI, have been victimized by mobile hackers. The accounts of famous and high-profile celebrities have been hacked and infected.

While most cybercrime’s unleashed for the purpose of collecting data and money, groups organized for change and betterment, such as the Occupy movement, are taking responsibility for some major breaches, as well. While Occupy’s goal may be to fight for a better world, their hacking activities demonstrate just how vulnerable any mobile system can be – even those of tightly wound government bureaucracies. With continued disruptions in long-standing systems, such as intelligence and government defense agencies, is it possible our country’s government will witness a cyber-based revolution?  Perhaps that’s what Occupy hopes for.

Looking at the malware problems that have surfaced within large-scale organizations may make us feel more comfortable.  After all, most of us are just humble, low-profile individuals who use our mobile devices for fun and a little business now and then.  But don’t forget — most cybercriminals don’t work for social change.  They are simply out to find sources of information that will lead to money.

Since social networking’s become an everyday concept for millions of mobile users, criminals have developed ways to get to that information, as well.  Large networks, like Facebook, that house the data of millions of users, are doomed to be breached as hackers look for goldmines of personal information. Malware propagators also use major headlines and popular topics of conversation to trick thousands of curious users into clicking on noxious links.

What can we do as individual mobile users, when we can’t tell a poisonous link from a good one; or when we just want to download an app, and don’t know if we’re getting the real thing or a clone that’s housing a nasty gremlin?  First, don’t put any information on your social networking accounts that could be of interest to a criminal.  Secondly, make sure you are using trusted sources for your financial interactions, and ignore any offer or link that has the potential to be infected.

Most importantly, download a mega-security system, like NetQin Mobile Security, to deflect these monsters from ever reaching your mobile phone. NetQin protects over a hundred million users around the world.  It was the first company to design its security system entirely for mobile, instead of trying to convert PC security to mobile, which has proved to be an awkward transformation for many security companies. NetQin is a trusted leader in its field.  Well known for its comprehensive, enormous database of malware, NetQin’s powerful system catches and exterminates malware before it reaches its goal, which could be your phone.

This coming year promises to bring some real challenges for mobile users, but being aware of the potential and taking the proper precautionary steps will go a long way toward protecting you and your family against cybercrime.

Here’s to a New Generation of App Developers

Dec 15

NQ Mobile | Mobile Security Research, Products & Services, Security Updates | No Comments

As statistics skyrocket for sales of mobile devices and apps, the future of mobile app development’s looking very bright for a new generation of developers. While most app developers are diligent and enthusiastic about what they do, they’re often faced with some fairly unsettling challenges that can, unfortunately, result in security problems.

One challenge involves the initial choice of platforms, a decision which is often forced to be made before the release of the next new mobile device.A certain amount of market fortune-telling is involved when a developer comes up with a serious new business app that, ultimately, doesn’t really hold much appeal for the typical consumer of a flashy pink iPhone. Not knowing in advance the whims of a fickle consumer world, working on speculation can often prove wasteful. For example, who knew for sure that Android sales would top i-Phone sales this year?  Choosing a platform, investing in development, and then tweaking and re-adjusting to make modifications required for other platforms is expensive and time-consuming, especially in a market that demands the speedy release of the next app. Combine those pressures with an insane pace of development and production, and you can end up with an app that’s not polished, slightly dysfunctional or even riddled with issues that make it vulnerable to malware.

Another good example of a challenge to new app developers is the aspect of Android’s platform that can allow privileges to an app without the owner’s agreement. Loading an “unprivileged” app can then result in escalated privileges. A good cyber-criminal can use this vulnerability to gain access to the root level of the device and take full control. An experienced developer would carefully address this potential security issue, but a new app designer might not.

The Android’s open development platform has opened up enormous new opportunities for fledgling developers. Although big app stores like Amazon’s require a fairly intensive testing period, small companies releasing a slap-dash app is not uncommon, given the pressures to which developers are subjected.  A novice developer might produce an app with beautiful graphics that’s full of flaws in terms of functionality and security.  One bad app can jeopardize the success of a small app company on a tight budget, as well as create havoc for unwitting consumers who find their devices infected with malware.

Often under the constraints of very tight budgets, the mature skills required to quickly develop healthy apps for a growing range of hardware are formidable, making the success of a small app company iffy. Do these pressures and challenges excuse a carelessly crafted mobile app? They don’t, but they help us understand how a new generation of mobile app developers might release apps that leak data or invite breaches.

As testing standards and security policies strengthen and develop, consumer demands for flawless mobile apps will increase. New developers will eventually gather all the implements and information into their toolbelts as the mobile app development industry matures and strengthens.  Until then, it’s a good idea to have a robust security package on board, just in case.

A Malware-Free Holiday: Tip of the Week

Dec 13

NQ Mobile | Mobile Security Research, News & Press, Products & Services | No Comments

So many apps – so little time.  In the bustle of holiday shopping, many folks are taking a minute to relax and download some cheery apps to their mobile phones.  The market’s flooded this year with apps for everything from holiday carols to spiritual mantras, games and meditative tones for soothing the weary holiday soul.

Downloading most apps is so simple, a child could do it.  With a couple touches or clicks – mission accomplished.  The “accept” box is usually just a minor annoyance as the final step before finally being able to open that app you just bought. However, there’s something that some people tend to overlook.  When you “accept” a permissions agreement, you may be asking a lot of activity you didn’t bargain for.

It’s not a great time of year to sit down and read some legalese, but if you force yourself to take a few moments and carefully read what you’re giving away in exchange for your new app, you might be less eager to accept it. Many apps, toward the end of the agreement screen, tell you all the ways in which they will be using your information for their own purposes.  Maybe you have so little personal data on your device that being an open book doesn’t bother you.  But, if you’ve been shopping, banking, or texting something private, or if you even plan to do any of these in the future,  you’re at risk for getting your data stolen.

How can you better enjoy that little indulgence of pleasure of holiday games and cheery ringtones?

°Choose your apps from a well-known company – there are lots of hungry cyber criminals out there.

°Don’t download anything that comes to you as a freebie or a special offer.  These can prove to be highly contaminated with viruses or even Trojans, looking for your data.

°Take a minute to read the agreement you’re about to click through – it may contain more than you think.

°Download NetQin Mobile Security for everyone in your family with a mobile device, for a worry-free way to enjoy the holidays.

Older Posts »