mobile security

Identity and Access Management

May 9th, 2016

Research director Felix Gaehtgens at the Gartner Identity and Access Management (IAM) Conference in London mentioned that issuing one-time password (OTP) tokens to third-party organizations can cause many problems. He mentioned that some third-party organizations even hang one-time password tokens on a wall with the name of the companies they belong to, facing a webcam.

“For employees or contractors working internally who need privileged access, having OTP is great. But not for external third party workers,” he said. “Why? Because third parties leave OTPs on their desks; when they go on holiday they leave them for other people to use. It happens all the time.”

Also with shared password comes the biggest risk of accountability. Companies can take various steps to secure there data.

Phone

He suggested to call instead of OTP tokens.

“What you need to do is choose something that is hideous to share, like something linked to a particular mobile phone,” he said. “That’s because a worker isn’t going to leave his phone behind when he goes away on holiday.”

Many Phone-based authentication systems are available in the market.

Dedicated person for IAM

He suggested sponsorship approach where internal employees act as sponsors for external workers and keeps track of them.

“When I suggest this people say ‘Ooh, are you going to delegate third-party privileged access to a third party?’ said Gaehtgens. “The answer is ‘no.’ They have to make a request to your organization for access for a particular employee. But they can de-authorize their own people (for example when they leave the organization).”

Third Party Access

Providing short term access for related resources will secure the data after the work is done.

“So you need to be able to say ‘You can access this system for four hours’ and give out privileges in small chunks,” Gaehtgens said. “Instead of the general sys admin model, you need to give them just what they need.”

Access Management

One can use privilege access management (PAM) and shared account password management (SAPM) tools. to manage third-party access privileges.

IAM on the Record

When third parties have privileged access to your systems, Gaehtgens said it’s important to record at least some of their sessions. “You should let everyone know they are being recorded; at the very least this should make people less sloppy,” he advised.

“Every so often you will see a complete idiot who you never want on your systems again, as they clearly don’t know what they are doing,” he said. “But you may also learn something. Third parties may do something better than you, so you can watch what they do and use it to build up your best practices.”

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Malicious spyware in Google Play

May 11th, 2013

New malicious spyware spreading around in Google Play, threatening millions of Android users. The good news is that you’re only infected if you downloaded a funny Russian app, intended to transcribe other common applications. The bad news is it’s probably popular applications since millions of users have already been infected.

The spyware received the non-surprising name ‘bad news’, and is currently detected in 32 different applications, created by four different developers. We can’t tell exactly how many devices got infected, because Google Play is not showing exact number of downloads, but only a relatively wide range, so all we can say now is that between two million to nine million, not bad for relatively new spyware.

The great wisdom inherent in this particular spyware is that it is installed in the form of advertisements server that alerts users later on, thus it does not look dangerous at the initial stage, or when it is placed in the apps store, because there is no initial spyware expression as it “wakes up” only after some time.

Please note that it is unknown if all the infected app developers intended to harm. May be that they were just planning to develop a user-friendly application, but unfortunately bought a tainted platform. One of the recommendations to Android app developers: Observe carefully third-party libraries listed in your application. Even if you meant for the best, you may be putting users at risk.

So what does this spyware do? Two things you would not be very happy to happen to your device. First, it sends false alerts encourage you to download other infected apps, including ‘AlphaSMS’ that in turn sign your name without your approval to premium SMS services that cost money.

Second, it sends your phone number and your device identification number to the Spyware developers – two pieces of data that when are in the wrong hands, the sky’s the limit.

You obviously assume Google is doing something about this. You are right. The company operates the ‘Bouncer’ service that scans the applications for traces of spyware, but it is among the ongoing anthology in which no society cannot always win. Not even Google. As of today, Google removed all known infected apps from its store. On the other hand, it is only those that are known, it is unclear how many more unknown still out there in the market.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Mobile devices malware detection

May 9th, 2013

A new method for identification of mobile devices malware, which usually are not detected by the common detection methods, and uses advanced methods of machine learning.

Cellular phones security is an intensively studied area by security companies and research institutions around the world since the release of G1 devices Android based operating system in 2009.

Recently discovered a new and sophisticated type of malware named Dropdialer, which was distributed to the Google apps store. This malware is installed as legitimate software by the user. Hostile code actually installed later using the ability of the “Automatic Update”, which is used by the software and allows it to “pull” independent software updates from a remote server. In this way malware can spread to a large number of devices without being detected. Retrieving hostile code can occur at a future random or fixed time, or as a command received from a remote server. This capability can be implemented in any malicious application.

The standard Antivirus software usually cannot detect this type of malware (self-updating malware) because the original app is completely innocent and therefore can escape from any static analysis method (code analysis without execution) or dynamic analysis (monitoring software at runtime). The difficulty in identifying such malware is also due to the fact that the ability to self-update serves application developers’ legitimate needs such as application version upgrade, adding stages in different games, bug fixes, and more.

The new method for self-updating malware identification uses advanced algorithms of machine learning, which learns the normal behavior of applications, thus allow detecting abnormal behavior in real time which may indicate that the app is malicious. An analysis of mobile smart phone malicious apps shows that about 70% focus on stealing sensitive information. Therefore, in this study we use the characteristics of a network to study the behavior of applications because they can point to information leakage.

The use of a limited number of characteristics (network characteristics) and the machine-learning algorithm allows to perform the learning behavior of applications, the monitoring and identification on the device itself, which is of course resources limited (i.e. battery).

Examples of properties which are used for studying the behavior of applications are: number of bytes sent or received in different time windows, such as 5 minutes or time since the app was active and connected to the net, etc.

The degree of behavior of an application is performed by using an algorithm based on a technique called Cross-Feature Analysis, which “learns” the relationship of each property relative to other properties of a normal behavior. In the monitoring phase, each sample is checked against each feature and whether the same relationship with other properties is maintained. In other words, we calculate each characteristic probability that it is normal given the values of other viewed properties, and take into consideration the probabilities along the value that represents the distance from normal behavior.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

WhatsApp privacy practices under scrutiny

January 19th, 2013

One of the world’s most popular cross-platform applications “violates” international privacy laws, according to the Canadian and Dutch data protection authorities, because it requires users to provide their entire contact list to the service.

The Office of the Privacy Commissioner of Canada and the Dutch Data Protection Authority today announced their findings for what they called a “collaborative investigation into the handling of personal information” by the California-based company.

WhatsApp, an instant messenger application for iPhone, Android devices, and BlackBerry smart phones, provides a free service to rival text messaging, and sends more than 1 billion messages to users around the world every day.

In a statement, the agencies concluded that the application violated privacy laws in both the Netherlands and Canada because users had to provide access to all of their phone book contacts, including users and non-users of the application.

“The investigation revealed that users of WhatsApp — apart from iPhone users who have iOS 6 software — do not have a choice to use the app without granting access to their entire address book. The address book contains phone numbers of both users and non-users,” Jacob Johnstamm, chairman of the Dutch Data Protection Authority, said in a statement.

iPhone users running the iOS 6 mobile operating system are asked if they are willing to allow an application to access certain sensitive data on the device, such as location data, or in this case contact list data.

The two agencies explained that WhatsApp relies on a user’s phone number to populate the instant messenger’s contacts list. All the user’s phone numbers are transmitted to WhatsApp to “assist in the identification of other WhatsApp users.” But, rather than deleting the phone number of non-users, WhatsApp retains the numbers, albeit in an unreadable hash form.

This falls foul of both Canadian and Dutch privacy law, which states that personal data may only be retained for as long as it is required for the fulfillment of a certain service.

“Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp,” Johnstamm remarked.

“Our investigation has led to WhatsApp making and committing to make further changes in order to better protect users’ personal information,” Canadian Privacy Commissioner Jennifer Stoddart said in a statement.

While in breach of Dutch law, and though the Netherlands is a member of the European Union bloc of 27 member states, the mobile app is not thought to have breached wider European data protection law.

The Dutch authority will examine the California-based developer’s case in a “second phase” in which “further enforcement actions” may be enacted, including sanctions. While the Canadian authority does not have order-making powers, it will keep a close eye on the company.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta