Hacking Your Phone and the Internet of Things

Wouldn’t it be fantastic if your refrigerator could inform you when it was out of milk, or vegetables? And wouldn’t it be even more convenient if your fridge could communicate these things to you across town—through a text message?

It may seem like some kind of science fiction, but with the Internet-of-Things (IoT)—the connection of common appliances, devices, and services through the Internet—such scenarios are looking more like science future than fiction. IoT has grown from an inspiring tech phenomenon to a very tangible component of our daily lives. And this is only the beginning. Aside from connected refrigerators, thermostats and game consoles, one of the most ubiquitous examples of IoT are mobile devices. Smartphones and tablets now have the ability to keep us connected to our homes, social profiles, bank accounts, as well as our favorite stores—for better or worse.

What happens when the mobile devices that add such ease to our lives, and connect us to our smart devices away from home, end up opening the door to hackers and other cyber snoops? In December, multimedia messaging app, WhatsApp, was found to have left its users exposed through a security oversight that allowed messages sent over Wi-Fi to be viewed as plain text—for those who have the right know-how. Additionally, earlier this year, Snapchat, another mobile messaging app, was hacked, leaking 4.6 million usernames and phone numbers. Although the perpetrators claimed that they did so with the intention of exposing the vulnerability that Snapchat had yet to address, and only posted partial phone numbers, they were still able to gain access to users’ sensitive information with ease. Even though the consequences of these security lapses were fairly benign, each belies an underlying problem: the Internet of Things is here but the security necessary to protect users isn’t quite there yet—especially when it comes to connecting with mobile apps.

While hyper-connected convenience is great, there are also inherent risks associated with having all of your things accessible not only to each other, but to you through your mobile device. If you can control your lights, heating, television, and locks from miles away, potentially so can hackers. The rush to offer connectivity creates a lot of opportunities for businesses to cut-corners on security, putting users at risk. If a hacker can compromise your smartphone, they can compromise any or all of your other IoT devices linked to your mobile device—as well as all of the accounts connected to them. That can be a frightening thought when you consider all of the data now stored on mobile devices, from location and contact information to payment data like credit card numbers and back accounts.

Most manufacturers have focused on the convenience of syncing our devices without considering the potential virtual and physical threats if these technologies were ever compromised. This app security oversight is not the first (nor will it be the last) time that safety is overlooked for convenience, meaning it is up to users to be proactive about their own safety when connecting via mobile to IoT and other smart devices.

As we’ve discussed in previous blog posts, the Internet-of-Things hinges on how much access you grant these devices to your smartphone and home network. While securing the Internet-of-Things may seem challenging, it doesn’t have to be. Here are a few security-conscious options to keep in mind as the world around us becomes more connected:

  • Use secure, complex, and unique passwords on all of your devices and update them regularly. When a password option is offered, take it. This means using at least eight characters with uppercase and lowercase letters, symbols and numbers in a random order.  Refrain from using the same password for all of your devices.
  • Scan your devices for viruses. Not all IoT devices have software to scan them for malware or viruses, but you can stop hackers before they can get into such smart appliances by monitoring your home network and mobile devices with McAfee security products.
  • Limit the amount of access an app has to your data. By limiting an app’s access to your contacts, email, location or other sets of data, you can stave off the possibility of your smartphone, and by extension, your information, being compromised in a cyberattack.
  • Update your devices and apps when you can. By updating your devices (both mobile and IoT) and apps, you’re ensuring you have the latest protections against security vulnerabilities, making it harder for hackers to gain access to your personal information.
  • Stay up to date on cybersecurity with McAfee. By staying up to date on the latest security news and using comprehensive solutions, you’ll have a head start on protecting yourself from hackers and other risks. McAfee® Mobile Security comes with many features to help prevent your mobile devices from being infected by malicious software, including Wi-Fi protection to warn you when you’re connected to a risky network. In addition, McAfee LiveSafe™ service provides complete security for all of your devices including smartphones, tablets, PCs and Macs with real-time protection against mobile viruses, spam, and more.

For the latest updates on consumer threats and mobile security, follow us on Twitter at @McAfeeConsumer and on Like us Facebook!


The post Hacking Your Phone and the Internet of Things appeared first on McAfee Blogs.

McAfee Mobile Security: Now Available for iOS Devices

Apple fans rejoice! You too can take a bite out of cybercrime with our latest product release. We recently launched McAfee® Mobile Security for iOS devices, featuring a number of comprehensive protection options available previously only to Android users. Available for free, the software provides iPhones and iPads with a secure vault for private content, jailbreak detection, backup capabilities, and more.

The growing number of mobile devices globally has opened up a new market for cybercriminals with mobile threats increasing steadily.  While Apple does an exceptional job at securing iOS, clever cybercriminals are finding new ways to get into these devices as well. The reality is that being proactive about device safety is crucial for everyone.

Aside from physical threats, many privacy and identity loopholes in iOS devices are putting users at risk. The voracity with which consumers are downloading apps and the trust they have put into saving personal and sometimes critical information on such apps has also led to new threats. While Apple is known for the strict policies it imposes on app developers, there are certain less-than-desirable features that can slip through the cracks. For instance, apps with location tracking, data storage, and other potentially harmful capabilities may be sharing more than iOS users are aware. Key Features include:

Store sensitive information in the Secure Media Vault. Protect your precious information from prying eyes by storing your photos/videos on the local secure vault with authentication protection. In the event your device is lost or stolen, sensitive data will remain secure. The SecureSnap feature allows you to take photos that get stored directly into the vault.

Backup data and restore your contacts. It can take a long time to build out your contacts list. You don’t want to have to start from scratch in the event your device is lost or wiped—and now you won’t have to with our iOS offering.  Once everything is saved, it’s simple to restore your data to a new device, even if it’s an Android phone or tablet.

Locate and track lost or stolen devices. We all need a little help finding things sometimes, especially if you happen to misplace your phone or it falls into the hands of criminals. Locate your iPhone or iPad on a map using the remote management portal as well as send a message to your device so that someone who finds it knows how to get it back to you. In addition, the SOS feature automatically saves the last known location of your device before the battery runs out.

Jailbreak Detection for your iPhone. Jailbreaking a device not only voids some Apple warranties, but it can also leave them vulnerable to malware and other threats. Our Jailbreak Detection feature informs you if a device has been tampered with so you don’t fall victim to software malfunctions or rogue apps.

Ensure the protection of your Apple devices from the latest threats—download McAfee Mobile Security for iOS today from the iTunes store. For more information about McAfee solutions on other mobile operating systems, visit www.mcafee.com/US/mms.

For the latest updates on consumer threats and mobile security, follow us on Twitter at @McAfeeConsumer and on Facebook and tell us what you think!


The post McAfee Mobile Security: Now Available for iOS Devices appeared first on McAfee Blogs.

Businesses must become better at communicating about security risks

According to recent research, over a third (38%) of IT professionals believe that collaboration between IT security, risk management and business is poor, non-existent or adversarial. Not only that, but 47% rated their communication of relevant security risks to executives as “not effective”.

With security and compliance a key issue in today’s business environment, this points to a significant problem that potentially puts the organisation at risk. But why is communicating about security so difficult – and how can this be improved?

Communicating any technical concept to a non-technical audience can be challenging, and it’s even more difficult with security, which is often perceived to be a “blocker” rather than an enabler. In other words, people regard it as putting restrictions on the activity that allows them to do their job. As a result business users often prefer to see IT security as something that is solely the responsibility of the IT department. It’s difficult to change this perception without a concerted effort to articulate the role that everyone in the organisation has to play in managing risk.

Organisations that take security seriously appoint roles or assign responsibilities at the executive level. This enables them to implement a business-wide security strategy that addresses change management activities as well as the technical aspects of IT security. In my opinion, a strategy for effective communications will include five key points:

Executive level sponsorship

Setting the right tone at the top is critical to ensure staff take their IT security responsibilities seriously. Management must demonstrate their own commitment to the IT security strategy through prioritisation of resources and their own communication activities.

By offering strong sponsorship to risk management initiatives and stating the importance of these to the organisation’s overall strategy, senior executives are able to prioritise these activities in the minds of staff throughout the organisation.

Appropriate language

It is important to remember that most people in the organisation will be unfamiliar with IT security concepts or terminology. It is therefore essential that communications use language that will be understood and that complex ideas are simplified appropriately. For example, describing the risk of a denial of service attack would perhaps be better articulated as the risk of “losing access to IT systems and resources”.

Targeted communications

A communications strategy should also recognise that there will be several different audiences within one organisation and outline tactics that relate to each.

Messaging should be tailored to different audiences and clearly articulate the role that each has to play in the IT security strategy. For example, messaging for an IT competency centre will be different from that for a team working in a buying department.

One technique is to ask the audience to consider the consequences of something going wrong. For example, if an organisation suffers a financial fraud it is more likely to be the finance department held accountable than IT. Understanding the repercussions of a failure and how this would affect them personally can often help business users to understand their role in preventing such failures.

Communication channels

Each organisation will be different and this needs to be reflected in the communication channels used. If everyone reads the newsletter then this will be an effective channel. However, if the company intranet has a better readership then that should be used. At the same time, it is also important to include a variety of methods to ensure that the entire audience is reached.

An ongoing process

Communication about IT security is not a one-off activity; it is a continual process. The strategy should define a programme for communications that gradually builds up staff understanding of their IT security responsibilities, their role in safeguarding the organisation’s information assets and why this is important.

It is also important that IT security projects account for change management activities such as communications and training. Consideration of these should be embedded in project management methodology.

Many organisations focus on the technical elements of IT security, with little attention given to the business change aspects. However, effective risk management is not possible without the support of staff throughout the organisation.

Clearly, technology is critical to managing organisational risk. However, it can only be truly effective if everyone throughout the business understands the role they have to play.

Richard Hunt is managing director of Turnkey Consulting

Get more articles like this sent direct to your inbox by signing up for free membership to the Guardian Media Network – this content is brought to you by Guardian Professional.

Facebook: #1 App for Mobile Users

With the plethora of mobile apps flooding the market today, offering literally hundreds of thousands of options for any variety of needs and wants from banking to gaming—it’s probably difficult to pin down a favorite for most people. Or is it?

A recent Consumer Intelligence Research Partners (CIRP) poll found the majority of mobile users prefer the social media app that helps them stay in touch with friends and family—Facebook. According to the study, 45% of respondents highlighted the popular social network as one of their three most used mobile apps. In addition, Facebook beat out other heavy hitters like Instagram and Google Maps, as the top app producer. Despite coming in second and third respectively, Twitter and Candy Crush still fell far behind Facebook, which had four times the usage of either app. Moreover, fewer than 10% of mobile device owners included other popular apps, such as YouTube and Pandora, among their most frequently used.

And while new studies say teens are losing interest in Facebook (which could be read as the beginnings of a phase-out for the social network), the undeniable popularity of the mobile app reveals some interesting trends. Last year for instance, 78% of U.S. Facebook users were mobile, and global mobile daily active user count reached more than 469 million. With so many active mobile users all over the world, it is no surprise that there are constant scams and other threats targeting Facebook’s user base. Mobile app security risks are impacted both by how consumers use the Facebook app as well as communication channels like public Wi-Fi networks.

Security researchers recently found that a significant amount of users who clicked on a malicious Facebook link have done so from a mobile device. With smaller screens and an on-the-go nature, mobile devices make it easier to fall for scams or click on dangerous links, as it is more difficult to check where the links originate. Additionally, users may not always follow safe mobile browsing and usage best practices due to the hurried nature of our modern lifestyles. One of the most common ploys uses links appearing to come from a Facebook “friend” that instead lead you straight into a phishing site, infects your device with malware, and/or takes you to a spam or fraudulent site. There is typically less suspicion around things that seemingly come from people we know, so users are less apt to check before clicking on these types of spam messages. When browsing Facebook updates on a mobile device, it is important to pay close attention to the website address before clicking. Misspellings, extra characters (or symbols) and other anomalies are typically signs of a potential scam.

Another risk mobile app users face is from unsecure Wi-Fi connections. Many people set their phones to use public Wi-Fi networks whenever possible, which saves on data usage, but also leaves them vulnerable to having login credentials snooped or sidejacked. The latter is a Wi-Fi-related risk that extends to apps and services and can be avoided by always using a secure connection when accessing an online account from a mobile device. With Facebook specifically, you can set your account to only use “https” URLS, but this setting does not currently extend to the mobile app. As a general rule of thumb, websites beginning in “https” are always a safer bet as they have additional security on the backend, and ensure that information such as payment data and other actions are encrypted at every stage.

Best practices for safely using the Facebook mobile app can extend to all forms of social media, from Twitter to Tumblr and beyond. Forgoing public and/or unsecured Wi-Fi networks, as well as practicing safe browsing on any platform can help protect personal information and mobile devices from cybercriminals. Additionally, using two-step verification on all social media sites that offer it is another way to add an extra layer of security to your sensitive accounts. McAfee® SiteAdvisor® is included in the McAfee® Mobile Security package and helps protect your device against potential phishing sites, browser exploits, malicious links within text messages, email, social networking sites, and QR codes. There is no need to open the app, SiteAdvisor works with your phone or tablet’s default browser in the background.

With more users than ever accessing personal data via mobile apps, the need for security awareness has never been higher for businesses and consumers alike. Some basic mobile security tips to remember below:

  • Turn off Wi-Fi when outside of your home. When out and about, it’s good practice to turn off Wi-Fi on your mobile device. That way it won’t automatically connect to any Wi-Fi that is in the area. And, it will help save your battery life since your mobile will not be constantly searching for an available Wi-Fi connection.
  • Limit the access of your third-party apps. Always be careful about what information your apps can access. Under your settings you can view and grant/restrict which apps use your location, camera, microphone or other data and which have access to your social networks.
  • Only download apps from official sources. Third-party app stores and websites can be a breeding ground for risky apps and malware. When downloading the Facebook app or other popular options, stick to downloading apps from trusted online sources, such as the Google Play and Apple App stores.
  • Be cautious about opening links or downloading attachments. Whether it’s Facebook, Snapchat, or another messaging app, be wary of clicking links from unknown sources. Look for red flags like misspellings and when in doubt, avoid them altogether.
  • Don’t forget about mobile security software. Just because you practice safe browsing doesn’t mean that your device or personal accounts shouldn’t have extra security. McAfee® Mobile Security comes with many features like McAfee SiteAdvisor to help prevent you from hitting risky websites as well as Wi-Fi protection to warn you when you’re connected to a risky Wi-Fi connection.

To keep up with the latest security threats, make sure to follow @McAfeeConsumer on Twitter and like us on Facebook.


The post Facebook: #1 App for Mobile Users appeared first on McAfee Blogs.

Instagram Direct: Your Private Messages to Marketers

A picture may really be worth a thousand words when it comes to how we communicate and consume media on mobile devices today. Photo and video messaging has taken over as the next big trend, with U.S. mobile phone users now sending 8% fewer text messages than they did last year. In light of the growing popularity of this communications trend, existing mobile messaging services are attempting to capitalize on this preference for photos as well as compete with newcomers like Snapchat, through private messaging and sharing features.

Enter Instagram Direct, the most recent and talked about update to the largely popular Instagram app, which allows you to upload, share, comment, and like pictures and videos with specific users—off the public feed. After selecting a photo or video to upload, you now have the option to share either publicly under “Followers” or privately under “Direct.” Just as with posting publicly to your followers, with Instagram Direct you can attach a message or caption to each image or video. But unlike sharing on the public feed, with Instagram Direct, you select a specific group of people with whom you wish to share (presently, anywhere from 1-15 followers). Only those to whom the image or video is directed can view it. They can either comment directly below the post, or reply with their own image/video message to you or all of those on the thread. Once the photo or video has been sent, you can see who has viewed the media and continue conversations in Instagram Direct, which is accessible at the top right of the Instagram mobile app home screen. Previously, unless you had your Instagram account set to Private, any media posted was automatically viewable to anyone who follows you.

While many Instagram users will celebrate this update, communicating via private message versus a public post may not be that much more confidential. Instagram has emphasized the intimacy and privacy aspects of Instagram Direct by pointing out that only people you follow will be able to send you pictures and videos without prior authorization—which can include brands on Instagram.

This direct messaging option could also be used to get more of your information into the hands of marketers and retailers. Most mobile apps and social networking channels generate revenue from two main sources—advertising and data mining. While seemingly innocuous, the information revealed in mobile communications can tell companies who your friends are, where your photos were taken in real-time, and much more. The addition of Instagram Direct gives Instagram itself, Facebook, and other third parties access to data that is even more personal than what was previously shared publicly. According to Instagram’s privacy policy under Facebook, information like cookies, log files, and location data can be shared with certain affiliate companies, service providers as well as advertisers.

The time stamps and geo-location tags attached to images taken on a mobile device could potentially be used by marketers to send more targeted, timely and possibly intrusive offers to unsuspecting users. Mobile location data can be a veritable gold mine in the right hands, but may not be something users would be so willing to share if they knew how it was going to be used. Aside from location-based features for navigation and travel, an increasing number of social media users are setting social network accounts like Instagram, Facebook, and Twitter to include location tagging in their posts and comments.

Considering that the information shared via Instagram Direct could be even more personal in nature, this “we see it, we share it” take on user data is worrisome.  Online Google searches are already being used for advertising targeting and retargeting, so imagine how much more directed ads could be when used in tandem with location information and time stamps.

Personalization versus privacy has become a huge debate, and so far, there is no real resolution on the horizon. Companies like Facebook will continue to capitalize on the popularity of social sharing, so it’s up to the users to control how much information is available. Below are some tips to help your personal messages, photos, and videos stay private when using social media and messaging services like Instagram Direct.

  • Disable location sharing on all social networks. The Pew Research Center stated that 30% of all social media users (mobile and online) have location tagging set to default on at least one of their social networks (e.g. Twitter). Location sharing should be considered on a case-by-case basis. You don’t want to “over share” when it comes to your location, especially considering how it could be used when tied in with the “personal” information you have posted about yourself on social media channels.
  • Control which of your apps use location tagging. Most mobile devices let you enable overall location services in the general Settings. On both iOS and Android devices, you can set the location-tagging permissions for each app—individually, or disable them completely.
  • On Apple mobile devices (iOS 7 through iOS 4) go to Settings > Privacy > Location Services. From this menu, you can select to enable device-wide location tagging as well as determine the permissions for individual apps.
  • On Android devices: go to Settings > Location Services and select to enable Google’s location services, and then enable/disable GPS satellites and/or Wi-Fi.
  • Beware what you share. Images can come back to haunt you on the Internet, whether you set them to private or not. Once your data is out, it can never be retrieved, so think carefully before posting on social channels.

To keep up with the latest security threats, make sure to follow @McAfeeConsumer on Twitter and like us on Facebook.


The post Instagram Direct: Your Private Messages to Marketers appeared first on McAfee Blogs.