December 6th, 2011 — 11:17am
Although there is malware attacking all operating systems, increasingly the attacks are targeting the Android Market.
One of the key strengths of Android, being open source, also provides an avenue for exploitation. The Android Market doesn’t have the stringent filtering process used by Apple, for example, meaning that it is much easier to become infected with malicious software. Google has partially remedied the situation with an Android “Kill Switch” update, but doesn’t go far enough.
Mobile security can be enhanced in many ways. For example, BES has hundreds of policies that can be controlled and used to help lock down devices for enhanced security.
In addition, here are some easy user-level tips to be more secure:
• Only download from trusted sources
• Be mindful of what persmissions and access the downloaded app will request
• Keep your Mobile OS and software up-to-date
• Avoid sites that have questionable content. They are havens for malware.
• VPN Access: When accessing corporate network resources via smartphone, use a SSL VPN connection to secure the session.
• Password protect your mobile device to avoid personal data being accessed
The Mobile device revolution has increased productivity for businesses, and made communication more convenient for the public at large, but these benefits do not come without risks. Remain mindful of these risks, and take appropriate precautions so that your mobile device, data,m and personal information are secure.
Comment » | exploits, Mobile
July 19th, 2011 — 12:43pm
Hackers at Redmond Pie gave details of an exploit allowing someone to jailbreak version 4.3.4 of Apple iOS (it is important to note that this does not affect the iPad 2 device).
Jailbreaking is a means to circumvent normal security measures in Apple devices like iPhones and iPads. It allows anyone to use applications not approved by Apple’s App Store – obviously causing great concern to Apple over lost revenue.
“Apple has just pushed out iOS 4.3.4 for the iPhone, iPad and the iPod touch. And thankfully, we have cooked custom PwnageTool bundles which allows you to jailbreak any device (except for iPad 2) running iOS 4.3.4, and at the same time preserve your baseband for an Ultrasn0w unlock later on,” said Redmond Pie’s Uzair Ghani in a blog post.
At the moment, this jailbreak is “tethered”, meaning to take advantage of it, the device must be physically connected to a computer.
“No matter how annoying it may sound, it’s better than having no jailbreak at all,” Ghani said.
This latest in a string of hacks against iOS was releaed Friday, also the day that Apple released a security patch to repair PDF problems in their Safari Browser.
Typically to exploit the PDF vulnerability, an attacker would distribute a malicious PDF via email, or social networking sites and a user would unknowingly install malware by opening it. Attackers would then have access to personal and financial data stored on mobile Apple devices like the iPhone and iPad. They could even track a users location via the GPS capabilities in these devices.
This latest jailbreak exploit is likely to spur demands for increased vigilance by Apple. Germany issued a security warning to consumers in the wake of this latest hack release.
Popularity of the iPhone and iPad is only expected to grow. We can definitely expect more vulnerability exploits in the future.
Comment » | exploits, iOS