WhatsApp and Telegram media files aren’t so secure

A security flaw found in WhatsApp and Telegram on Android lets hackers mess with your photos, payments, and voice notes

  • Security firm Symantec has found a vulnerability in WhatsApp and Telegram’s Android apps which could let hackers intercept and alter files sent between users, such as photos, documents, or videos.
  • The security firm refers to the theoretical attack as “Media File Jacking.”
  • Although Symantec made recommendations to the developers to shore up their security, WhatsApp said the suggested changes would “create privacy complications” and “limit how photos and files could be shared.”

While they’re known for strongly encrypting messages in transit, apps like WhatsApp and Telegram may not always be able to keep files safe after they’re on your phone. Today, researchers from Symantec explain how hackers could use a malicious app to subtly alter media files sent through the services.

Security firm Symantec says it has found a security flaw in the Android apps for WhatsApp and Telegram, which could allow hackers to “manipulate” files transferred between users.

WHATSAPP STORES MEDIA THROUGH EXTERNAL STORAGE

On Android, apps can choose to save media, like images and audio files, through either internal storage that’s only accessible through the app, or external storage which is more widely available to other apps. WhatsApp, by default, stores media through external storage, and Telegram does so when the app’s “Save to Gallery” feature is enabled.

According to the researchers, the design means malware with external storage access could be used to access WhatsApp and Telegram media files, maybe even before the user sees them. If a user downloads a malicious app, for example, and then receives a photo on WhatsApp, a hacker could manipulate the image without the receiver ever noticing. A hacker could theoretically alter an outgoing multimedia message as well.

The researchers call the attack “Media File Jacking.” In many ways, it’s a known issue, and a trade-off between privacy and accessibility for messaging apps on Android. By using the external storage setting, which is widely used, apps are more compatible with others, allowing pictures and other data to move more freely. But that comes with a cost: last year, researchers pointed out similar issues.

Telegram did not immediately respond to a request for comment. A WhatsApp spokesperson said changing its storage system would limit the service’s ability to share media files, and even introduce new privacy issues. “WhatsApp has looked closely at this issue and it’s similar to previous questions about mobile device storage impacting the app ecosystem,” the spokesperson said in a statement. “WhatsApp follows current best practices provided by operating systems for media storage and looks forward to providing updates in line with Android’s ongoing development.”

Still, these aren’t just any messaging apps. As the researchers point out, users generally trust encrypted apps “to protect the integrity of both the identity of the sender and the message content itself.”

“However,” the researchers write, “as we’ve mentioned in the past, no code is immune to security vulnerabilities.”

Devices in Singapore were hit by malware which secretly replaces apps with malicious versions

A dangerous new mobile malware named after The Matrix’s main villain has infiltrated more than 25 million Android devices around the world – and more than 6,000 in Singapore, a report has revealed.

On Thursday (July 11), cybersecurity software company Check Point Software Technologies’ research arm (Check Point Research) said in a news release that the malware – dubbed “Agent Smith” – automatically replaces installed apps with “malicious” versions without the user’s knowledge.

The dubious software stealthily does this by disguising itself as a Google-related app and exploiting known Android operating system vulnerabilities.

Google Play Store apps which were reportedly found to be affected by Agent Smith malware.
Check Point Research

Singapore least affected in SEA, India worst-hit globally

Nearly one million devices in Southeast Asia fell victim to the trickery and were “quietly” infected, according to Check Point Research. Although 6,257 devices in Singapore were found to be hit with Agent Smith, this statistic was far from the worst.

Indonesia, which was the most affected country in the region, had 572,025 devices affected by the malware while India had more than 15 million infected devices and over 2 billion infection events – the highest in the world.

The top 10 countries with the most number of Agent Smith infections.
Check Point Research

Other Southeast Asian countries that were affected include The Philippines (226,701), Malaysia (55,647), Thailand (52,848) and Vietnam (32,916). Singapore was observed to have the least number of attacks in the region.

What does Agent Smith do?

Check Point Research noted that Agent Smith currently uses “broad access” to the devices’ resources to display fraudulent advertisements for financial gain. However, the team said the software “could easily be used for far more intrusive and harmful purposes”, such as stealing banking credentials and eavesdropping.

Agent Smith’s flow of attack as portrayed by Check Point Research.
Check Point Research

It added that the activity resembles previous malware campaigns like Gooligan, Hummingbad and CopyCat.

Check Point Software Technologies’ head of mobile threat detection research, Jonathan Shimonovich, said: “The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own.

He added that the best protection against invasive mobile malware attacks from the likes of Agent Smith would be to combine advanced threat prevention and threat intelligence while adopting a “hygiene first” approach to safeguard digital assets.

Users are also advised to only perform downloads on trusted app stores to lower their exposure to infection as third party stores would typically lack the necessary security measures to block adware-loaded apps, Shimonovich said.

Indiscriminate infections

According to Check Point Research’s online blog, Agent Smith started proliferating through widely-used third party app store “9Apps”, and targeted mainly Hindi, Arabic, Russian and Indonesian speaking users.

Although primary victims were observed to be mostly based in India (59 per cent), the research team said that unlike previously seen malware campaigns that did not involve Google Play and affected mostly developing countries, Agent Smith had a “significant impact” on developed nations – where Google Play is “readily available” – as well.

These include the US which saw approximately 303,000 infections, Saudi Arabia (245,000), Australia (141,000) and the UK (137,000).

A world infection heat map showing the hotspots of Agent Smith attacks. The most number of infections were observed in India.
Check Point Research

Check Point added that it has submitted data to Google and law enforcement units to facilitate further investigation. At the time of publishing the report, no malicious apps were found to remain on the Google Play Store, it said.

Laptop Infected With 6 of History’s Most Dangerous Viruses Sold For $1.3 Million

  • A laptop that’s utterly infested with six of the worst computer viruses and malware known to man was sold at auction for $1.345 million on Monday.
  • The types of viruses on the laptop are said to have caused $95 billion in financial damages worldwide.
  • The laptop has had its internet connectivity and ports disabled, which hopefully means the malware within has no way to spread…hopefully.

A 2008 Samsung NC10 laptop running Windows XP just sold at auction for a whopping $1.345 million.

Although the 11-year-old machine may have nostalgic value to some, what makes this one so special (and expensive) is that it comes with live specimens of six of the most dangerous computer viruses in existence.

In a livestream on Twitch, the laptop can be seen turned on and running the viruses and malware. But the laptop wasn’t sold as a cyber weapon on a darkweb black market. It was sold as art.

The virus-infected laptop is an art installation called “The Persistence of Chaos” by artist Guo O Dong.

persistence of chaos malware laptop

According to a website promoting the piece, Dong is a “contemporary internet artist whose work critiques modern day extremely-online culture. The Persistence of Chaos was created as a collaboration between the artist and cybersecurity company Deep Instinct, which provided the malware and technical expertise to execute the work in a safe environment.”

Dong said the viruses in the laptop have caused $95 billion in financial damages. It’s unlikely that the laptop itself was the cause of the $95 billion in damages. It’s more likely that the viruses it contains are the same that are known to have caused damages worldwide.

“The sale of malware for operational purposes is illegal in the United States”

Dong’s laptop is “airgapped,” which means its ability to connect to the internet has been disabled. Its ports have also been disabled, so USB sticks can’t be used to transfer its threats.

The terms of the auction also state that “The sale of malware for operational purposes is illegal in the United States. As a buyer you recognize that this work represents a potential security hazard. By submitting a bid you agree and acknowledge that you’re purchasing this work as a piece of art or for academic reasons, and have no intention of disseminating any malware.”

Of course, anyone with an intermediate knowledge of computers would have no trouble figuring out a way to extract the viruses from the hard drive, despite the fact that the laptop itself is airgapped.

The details of the auction, including the selling price, were reported by Dong himself on his website. So it’s worth taking the claims with a grain of salt until the sale can be verified. Deep Instinct, the firm that Dong partnered with, did not immediately return a request for comment.

The buyer of The Persistence of Chaos is anonymous. Here’s hoping Dong’s dangerous art didn’t fall into the wrong hands.

 

Check out the infamous computer viruses running on the most dangerous laptop in the world:

Malware:

ILOVEYOU

The ILOVEYOU virus, distributed via email and file sharing, affected 500,000+ systems and caused $15B in damages total, with $5.5B in damages being caused in the first week.

MyDoom

MyDoom, potentially commissioned by Russian e-mail spammers, was one of the fastest spreading worms. It’s projected that this virus caused $38B in damages.

SoBig

SoBig was a worm and trojan that circulated through emails as viral spam. This piece of malware could copy files, email itself to others, and could damage computer software/hardware. This piece of malware caused $37B in damages and affected hundreds of thousands of PCs.

WannaCry

WannaCry was an extremely virulent ransomware cryptoworm that also set up backdoors on systems. The attack affected 200,000+ computers across 150 countries, and caused the NHS $100M in damages with further totals accumulating close to $4B.

DarkTequila

A sophisticated and evasive piece of malware that targeted users mainly in Latin America, DarkTequila stole bank credentials and corporate data even while offline. DarkTequila costed millions in damages across many users.

BlackEnergy

BlackEnergy 2 uses sophisticated rootkit/process-injection techniques, robust encryption, and a modular architecture known as a “dropper”. BlackEnergy was used in a cyberattack that prompted a large-scale blackout in Ukraine in December 2015.

Google kept unencrypted, plaintext copies of some G suite business customer passwords on its servers for more than ten years

  • Google accidentally kept un-encrypted user passwords belonging to its enterprise customers on its internal servers for a period of more than a decade, the company revealed in a corporate blog post on Tuesday.
  • “We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Suzanne Frey, Google Cloud VP of Engineering wrote.
  • The implementation error causing the issue happened 2005 and according to TechCrunch, wasn’t discovered until April of this year.
  • Google did not estimate how many user accounts were impacted, nor did the company answer Business Insider’s question regarding the number of improperly stored passwords.
  • The company said “we have seen no evidence of improper access to or misuse of the affected passwords.”

An undisclosed number of Google enterprise users have had their passwords stored in plaintext on the tech giant’s internal systems for over a decade, according to a corporate blog post on Tuesday.

“We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Suzanne Frey, Google Cloud VP of Engineering wrote.

Google said the issue stemmed from giving account administrators – for instance, a company’s head of IT – the ability to manually set passwords for employees – say, on an someone’s first day. But back in 2005, an error was made, Google said, and the admin portal ended up storing unhashed copies of passwords on the tech giant’s encrypted servers. In other words, for the past 14 years, some G Suite users have had their corporate passwords stored in such a way that would have been readable by authorized personnel, like account administrators or certain Google employees.

Google first found the issue this April and said it has since been fixed. In its blog post Tuesday, Google did not estimate how many user accounts were impacted, nor did the company answer Business Insider’s question regarding that number.

This February, Google announced that its G Suite platform – which includes apps like Gmail, Docs, and Hangouts – has over 5 million paying businesses.

“To be clear, these passwords remained in our secure encrypted infrastructure,” Frey wrote. “This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”

Google said G Suite administrators have been notified and that it will update passwords that have not already been changed. It also said that none of its free consumer accounts were included in the mishap.

Cloud Security: Is the Cloud Ready for Your Confidential Data?

Cloud Security: Is the Cloud Ready for Your Confidential Data?

What is Cloud Computing?

You can’t look at any technical section of a newspaper or website these days without reading about “cloud computing.” The term seems to be popping up everywhere. So, what exactly is cloud computing? A simplistic definition is computing on the Internet. It allows users the ability to access everything on the Internet, from software to their stored data, without having to store anything on their actual computer. The user only needs a computer with a web browser in order to access the cloud.

What is So Great About Cloud Computing?

Cloud computing has the potential to allow small businesses or businesses on a budget the ability to have high quality computing at a lower cost. Business owners no longer need to invest in expensive IT equipment or pay an entire IT staff that would normally be required in order to keep a computer system running. Storing data on the cloud would help reduce IT costs while still allowing businesses to grow.

What Security Problems Does Cloud Computing Needs to Address?

Cloud computing is such a new technology that many of the kinks have not even been completely realized much less worked out to a satisfactory level. The Federal Trade Commission (FTC) is looking into what potential security and privacy concerns cloud computing could have for consumers. Some of these concerns are:

  • If you store your valuable business documents on the cloud and the cloud goes down, will it be coming back up with all of your important documents in tact.
  • It is also important to know that the company with whom you are storing your important information is financially stable and will not suddenly disappear taking all of your valuable information with it.
  • Where is your company located and where will your data physically be stored? If your data is stored in another country, is that country required to comply with the same security standards that you would expect from your home country.
  • Who is in charge of storing and managing your data? It is important to know that the people managing your data have the proper security clearance and credentials, and that they are handling it securely and not using it improperly for their own financial gain.
  • How secure is the login? Would hackers be able to easily gain access to your data?
  • Is your data encrypted so that others cannot easily view it?
  • Is the cloud storage company willing to undergo a certification process and willing to comply with certain security standards?

At this point, it is unknown how providers plan to resolve these issues, but whatever the solutions they will be critical to the future of cloud computing. Cloud computing has so much to offer businesses from flexibility to growth potential to tremendous cost savings. If the confidential data stored in the cloud isn’t secure, the only thing cloud computing will be able to offer businesses is a giant headache.

Eight Ways To Keep Your Small Business Secure

Eight Ways To Keep Your Small Business Secure

If you own and operate a small business, lowering costs is an important part of keeping your company in the black. Cutting costs on your IT budget could inadvertently compromise your company’s security. Even though small businesses may not have all of the resources that large corporations do, they are still just as vulnerable to the same security threats. Here are ways to help secure your small business:

Purchase Anti-virus Software

Every computer is vulnerable to the wide variety of viruses, trojans, and worms that are on the Internet. These malicious software programs can do anything from damage your computer and files to steal your password and other important information stored on your computer. Purchase a good anti-virus software program and make sure that it is always up to date. Also, check to see that your anti-virus software checks for spyware, adware, and any other type of malware that could be hiding on your computer.

Avoid Phishing Emails

It is important to discuss with your employees the importance of not opening spam email, attachments or forwards that could possibly contain viruses. Make sure that your email has a filtering system that helps to filter out spam and other malicious email. Responding to phishing emails can be another costly mistake. Phishing emails are disguised as legitimate emails that then request login and password information. Changing passwords monthly can help to lessen the damage should an employee accidentally respond to a phishing email.

Minimize Damage From Dishonest or Disgruntled Employees

It is often difficult to predict if one of your employees will become disgruntled or dishonest, but you can put some safeguards in place to help minimize the damage should you find that you have one. Thoroughly screen your employees before hiring them, especially if they will have access to any confidential or financial company information. Limiting the number of employees that have access to this confidential information and changing your company passwords often can help to prevent former employees from accessing company computers.

Secure Your Wireless Network

Make sure that your wireless router is encrypted, and that your business is using WPA2 wireless security. A firewall is another important key to protecting the security of your small business. A firewall will allow access only to authorized users while blocking unauthorized access to the computer.

Have An Internet Use Policy

Aside from the obvious lack of productivity that personal Internet use can cause for your business, it can often be too easy to click on websites that contain malicious software that could easily infect your company computer and shut your system down temporarily or even permanently.

Avoid Having Everything on One Computer

Purchasing computer equipment is costly, so many small businesses will try to get away with fewer computers in order to save money. If you have your financial information on the same computer that your employees are accessing their company emails, you could risk losing everything that is vital to running your business should an infected email slip through.

Have a Data Backup System

Be sure to have some type of data storage and backup system in place in the event that your current system goes down. Having all of your files readily available to you in case of an emergency can ensure that your business will retain customers and continue to run smoothly no matter what the disaster.

Minimize Damage From Stolen Equipment

It difficult to prevent break-ins or equipment from being stolen from your home or office building, but you can have some security by ensuring that all of the information on your computer is encrypted and password protected.

Trying to scrimp when it comes to your small business’s computer security can be a costly mistake. Arm yourself with the knowledge of what your business could be up against and take steps towards prevention. The investment will give your company the security necessary to keep your information secure

Making The Switch To Managed Services

Making The Switch To Managed Services

When the time comes to make the switch to managed services, it is important to know what you are looking for from a provider. As most business owners have or are beginning to realize, there are plenty of benefits that can be realized by bringing on a managed services provider to address IT and other needs. In order to get the most from your managed services contract you must carefully compare all potential providers to ensure they are willing and able to provide the services you need to keep your business moving forward in the future. If your managed services provider cannot supply the following three things (at minimum) keep looking until you find a company that addresses these issues.

  • Security- The managed services provider that you choose should work with vendors that guarantee security. This is imperative when trusting an outside party to handle and maintain private and confidential data that is crucial to the running of your business. Service providers should provide detailed proof of security procedures as well as how they intend to keep abreast of changes in the industry.
  • Recovery- Managed services providers are not only contracted to help keep the day-to-day running of your business going smoothly. They are also an important part of any recovery situation that follows a natural or man made disaster. It is important to discuss with potential providers what procedures they have in place to guarantee your downtown will be minimal and that you will be up and running as soon as possible after an emergency. These precious minutes and hours can make or break the recovery of your business.
  • Customer Service- As with any other business, if there is no customer support backing up the products or services, there isn’t much of a commitment from the provider.

Why are these three things important? To understand you must consider the managed services model. Managed services providers are hired by a company to provide any or all of the following services:

  • website hosting
  • network monitoring
  • network security
  • remote data backup
  • recovery services

Originally these services were provided to large corporations while small to medium size companies struggled to maintain an IT budget that was often more expensive then beneficial. Managed services providers charge a flat, or monthly fee, making it possible for smaller businesses to reap the benefits offered at a much lower price than in-house IT staff or outsourcing on an as needed basis.

The managed services platform continues to grow as many businesses look for ways to reduce costs in this tough economy. By offering technological services that might otherwise be beyond the reach of a small business budget, managed services make it possible for smaller businesses to remain competitive with others in their industry. Small business owners must take the time to carefully review and research each provider before signing on the bottom line. A good managed services provider can change the way you do business- in a positive direction, whereas the wrong choice could be a costly mistake that does more harm than good to your business.

5 tips for Creating a business continuity plan for your small business

Is your business prepared for any type of disaster? Even though small businesses may not have as many employees or as much equipment, they are still as vulnerable to disaster as a large corporation. If your business office were to be destroyed by a fire, you could lose valuable business if you don’t plan ahead. Many businesses don’t want to take the time and the expense to prepare a business continuity plan, but can you really afford not to make one?

Make a List of All Possible Disasters

The best place to start is to list different types of disasters and try to determine what could be lost in each case, and what you can do to prevent that loss. In Singapore, we don’t have natural disaster however we still need to prepare for man made disasters such as fire, office flooding etc. Next, try to estimate how long it would take, and how much it would cost, for you to get your business up and running again.

Communication

The middle of a crisis is not the time to frantically search for phone numbers. Even small businesses need emergency contact numbers. Have all emergency contact numbers posted or programmed into every phone. Do you have an alternate mode of communication should your main phone lines shut down? Could your clients seamlessly contact you without ever knowing that your office was in the middle of disaster recovery? The same principal applies to email and fax. Making arrangements regarding communication are critical to keeping your business running smoothly. Communicating with staff and clients can mean the difference between complete shutdown, or minimal a business interruption.

Preserving Your Data

In the event of a disaster, it is important to know that everything you need to function as a business is available. Identify all vital systems, documents, and data. While it is important for every business to back up their data on a regular basis, what if a fire destroyed your office? For this reason, offsite storage is critical to preserving your business’ valuable information. Offsite data storage allows to access to all of your stored data from any computer and from anywhere in the world.

A Temporary Work Site

It is also important to plan for a temporary work site. Depending on the goods or services your business offers, can you continue smooth operation if your office is shut down? Storing products in a second location can allow you to maintain your regular business schedule.

Test Your Plan

One of the keys to successful disaster recovery is testing your business continuity plan on a regular basis. It is important that you and your staff know exactly what to do, where to go, and how to access the necessary items you need to keep your business running smoothly to the outside world, even if you are standing in the middle of a disaster. Schedule regular plan tests to ensure that everyone in your office is on the same page and ready should disaster strike. Hopefully, you will never have to use your business continuity plan, but it is smart business to be prepared for any emergency should one arise.

The year’s worst computer passwords: “Donald” joins the list

When we picture a nefarious hacker infiltrating our accounts we like to imagine a super-skilled computer wizard bashing away at a keyboard in front of an epic collection of monitors. But in reality, when many personal accounts are compromised it is because someone simply guessed an obvious password. In a list of the most commonly used passwords of 2018 it was astoundingly revealed that a huge number of people still use “password” as their password.

For eight years now password management software company SplashData has published an annual list of the most common, or worst, passwords of the year. The list is generated by examining all the big password leaks that filter out onto the internet. This year the list was generated from over five million passwords.

The top few spots remained unchanged from prior years, with the two most popular passwords being “123456” and “password’. Some new entries on the list include “sunshine” (8th spot), “princess” (11th), and “charlie” (21st). Perhaps sensing the tenor of our times “donald” appeared on the list for the first time as the 23rd most popular password.

“It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year,” remarks SpashData’s CEO, Morgan Slain.

It’s estimated that around 10 percent of people use at least one of the top 25 passwords, so it is no surprise that you don’t need to be a genius hacker to get into some accounts. Digging deeper into the top 100 passwords reveals how often people pick out similar keyboard patterns for passwords. “1qaz2wsx”, for example, is the 59th most popular password, while “1q2w3e” sits at 86 on the list.

See below for the top 25 passwords of 2018, and with any luck you won’t see any of your passwords on the list.

1. 123456
2. password
3. 123456789
4. 12345678
5. 12345
6. 111111
7. 1234567
8. sunshine
9. qwerty
10. iloveyou
11. princess
12. admin
13. welcome
14. 666666
15. abc123
16. football
17. 123123
18. monkey
19. 654321
20. !@#$%^&*
21. charlie
22. aa123456
23. donald
24. password1
25. qwerty123

Check our the top 100 here.

If your password made the top 100 worst passwords list this year, you’d probably do well to change it. SplashData recommends you:

1. Use passphrases of twelve characters or more with mixed types of characters.
2. Use a different password for each of your logins. That way, if a hacker gets access to one of your passwords, they will not be able to use it to access other sites.
3. Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites.