Wednesday, March 26, 2014

Security: Software Piracy, Android Phones, and SMS Spam

[Courtesy: Android Authority]
 Security: Software Piracy, Android Phones, and SMS Spam
Ever since the creation of computers, people have been distributing software to avoid paying money or paying to distribute something that people don't want. Pirated Applications and Spam are two primary means to distribute viruses, malware, and worms. Baby steps against these on-line monsters are occasionally made.

In Review: 2013

From January to November last year, nearly 2 viruses, trojans, or generic malware was discovered each month in the Android mobile application market. December had a couple more discovered. For the malware discovered, there are countless numbers of mobile applications which have not yet been discovered... to steal credit card information, identities, or even "command and control" applications to turn your mobile device into a robot against unsuspecting targets (while you pay for the data traffic that is produced!)

Starting: 2014

While consolidating a list of mobile malware in the Android market was not completed, it is clear that there is some progress in this space... no matter how small.

2014-03-25 U.S. Government First Convictions Over Pirated Mobile Android Applications
The US has enforced its first convictions for illegally distributing counterfeit mobile apps, after two Florida men pleaded guilty for their part in a scheme that sold pirated apps with a total retail value of more than $700,000. Thomas Allen Dye, 21, and 26-year-old Nicholas Anthony Narbone both pleaded guilty to the same charge - conspiracy to commit criminal copyright infringement - earlier this month and are due to be sentenced in June and July respectively. Both men were in the Appbucket group, of which Narbone was the leader, which made and sold more than a million copyrighted Android mobile apps through the group's alternative online market.

2014-03-26 Chinese Arrest 1,500 in Fake Cellular Tower Text Message Spam Raid
China’s police have arrested over 1,500 people on suspicion of using fake base stations to send out mobile SMS spam. The current crackdown, began in February, according to Reuters. Citing a Ministry of Public Security missive, the newswire says a group operating in north-east Liaoning province, bordering North Korea, is suspected of pinging out more than 200 million spam texts.

In Conclusion:
Be diligent! Remember to purchase your applications from reputable places, don't be seduced into stealing applications on-line or purchasing them under list price. Being a thief could make you a victim!

Tuesday, March 4, 2014

Security: Linux, Viruses, Malware, and Worms

Not long after the advent of The Internet, the creation of worms, viruses, and other malware had become prevalent. Microsoft based platforms were the original serious target, because of poor security measures. Over time, malware had started to attack Linux based Android mobile phones. Now, the latest attacks appear to be hitting Linux based consumer grade internet routers, which were originally used to help protect Microsoft Windows based platforms in the home. These attacks have spiked in the first two months of 2014.

[Huawei TP-Link image, courtesy rootatnasro]
2013-01-11 - How I saved your a** from the ZynOS (rom-0) attack!! (Full disclosure)
Hello everyone, I just wanted to discuss some vulnerability I found and exploited for GOODNESS .. just so that SCRIPT KIDIES won’t attack your home/business network .
Well, in Algeria the main ISP ( Algerie Telecom ) provide you with a router when you pay for an internet plan. So you can conclude that every subscriber is using that router . TD-W8951ND is one of them, I did some ip scanning and I found that every router is using ZYXEL embedded firmware.

[Linksys Router, courtesy ARS Technica]
2014-02-14 - Bizarre attack infects Linksys routers with self-replicating malware
Linksys is aware of the malware called “The Moon” that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers. The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default. Customers who have not enabled the Remote Management Access feature are not susceptible to this specific malware. Customers who have enabled the Remote Management Access feature can prevent further vulnerability to their network, by disabling the Remote Management Access feature and rebooting their router to remove the installed malware. Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.

[ASUS Warning, courtesy ARS Technica]
2014-02-17 - Dear Asus router user: You’ve been pwned, thanks to easily exploited flaw
"This is an automated message being sent out to everyone effected [sic]," the message, uploaded to his device without any login credentials, read. "Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection. You need to protect yourself and learn more by reading the following news article:"
Two weeks ago, a group posted almost 13,000 IP addresses its members said hosted similarly vulnerable Asus routers.

If you are doing any serious internet based work, one might suggest that care is taken to watch the firmware of your consumer grade internet router, and upgrade the firmware as they become available. If you are running a business, a commercial grade router with a managed service may be of special interest. A short PDF on "SOHO Pharming" helps clarify risks. The avoidance of Linux based Android phones or consumer grade Linux routers may be the next best step.