Mobile Ad Networks Puncture Your Personal Defenses

Tired of pesky ads popping up while you’re using your favorite mobile apps?

That should be the least of your worries. As it turns out, mobile ad networks and affiliate programs are unknowingly advertising much more than they bargained for.

In fact, the code used by advertisers and other third parties for mobile tracking can be exploited to provide attackers with access to your personal data, or even the ability to take control of your mobile device.

But how, you might ask, did these ad networks get their hands on your personal data in the first place?

When a mobile ad company implements a marketing program through advertisements within a mobile app, all of the permissions that you originally granted the app itself are grandfathered in. So, if the app is able to access your photos or emails, the ad company will also be able to see that information.

Our experts at McAfee Labs™ noted in their recent report that a top mobile threat to be on the watch for in 2015 stems from the rise in open and commercial mobile malware source code.

This increase in commercial, malicious code makes it easy for even those with limited technical knowledge to pose a threat. In other words, you don’t have to be a stealthy hacker to exploit vulnerabilities in the code behind free mobile apps that are supported by ad networks.

Once hackers have successfully taken advantage of these vulnerabilities, they might as well have your phone in their hands. Every action from tracking your device to making phone calls or rewriting and deleting your files becomes available to the hacker.

Now, on to the ‘so what’ for you: what can mobile users do to keep these ad networks from puncturing their personal defenses? We’ve got a few quick tips that if followed, are sure to keep your personal information just that—personal.

  • Take note of the permissions you are granting each of your mobile apps. Does app X really need access to your photo library, or can it run just as efficiently without it? Only grant mobile apps extra permissions if they absolutely require them in order to function.
  • If an app is requesting permissions you aren’t comfortable with, don’t install it. Following suit with the above, usually mobile users must be willing to agree to a few permissions prior to downloading an app. So, if there are certain asks that seem fishy or unnecessary, find an alternative app to download.
  • Be vigilant in securing your mobile device. If you want to protect your personal privacy, this is the place to start. McAfee® Mobile Security is free for both Android and iOS and offers widespread protection for your privacy. Including a feature that notifies Android users if downloaded apps are accessing things they shouldn’t be.

Stay on top of the latest consumer and mobile security threats by following @IntelSec_Home on Twitter and like us on Facebook.

lianne-caetano

Media network survey: data usage and privacy top agenda

Back in October, some of you may remember that we surveyed the Media Network readers and members. It was a broad litmus test on a variety of issues facing the industry – ranging from data usage, to remote working, privacy, and pressures on creativity – to see what’s top of the industry’s collective mind. The most resounding set of interconnecting responses were related to data and its use.

data sharing fear graph
Photograph: www.datawrapper.de

First up, we found that only 15% of members surveyed feel that customers are becoming more willing to share their data – the vast majority feel that consumers are clamming up in the face of companies requesting increasing amounts of data from us. Interestingly, 42% believe that we’ve hit a sharing plateau, with 33% convinced that we’re all sharing less.

Next we asked respondents whether their customers are worried about their data privacy. With more than two-thirds saying yes, it’s clear that customers are concerned, and consequently it’s no surprise that they are sharing less.

Is it because companies aren’t communicating how they’re safeguarding data, or because customers simply don’t trust any assurances in the light of high-profile security breaches, such as the Sony hack surrounding the release of The Interview?

Incidents like this remain stained in the public consciousness and are only likely to increase in frequency. A new Snowden document has revealed a secret US cybersecurity report, which argued that there is a clear imbalance between the development of offensive versus defensive capabilities, “due to the slower than expected adoption … of encryption and other technologies”.

David Cameron’s recent attack on secure communications will further dent the chances of a customer handing over their private data, for fear of it being shared against their will – even if they otherwise trust and value the brand in question.

All of these developments should give companies cause for concern, given the number of critical business areas that now turn to incoming customer data for support.

The majority of businesses surveyed are now relying upon customer data to inform content creation, to generate leads, and to improve customer service. If data dries up, then everybody ends up a loser.

Given high-profile hacks and warnings on encryption, it’s of great concern that only two-thirds of respondents are confident that their companies are anonymising customer data – with the remainder either retaining user-identifying personal information, or not being sure what they do.

Consequently, there seems to be a disconnect between consumer and media outlook on our data, and in a sizable minority of business, a lack of protection of that data. Many global information security issues are out of the hands of individual businesses, but as a starting point, we must do everything we can to anonymise and user data – not only to protect consumers’ information, but to improve perception of that protection – and ultimately, trust.

data strategy over reliance graph
Photograph: www.datawrapper.de

Our survey also revealed some contradictions between perception and practice in companies’ work. We found that more than 65% of those surveyed claim to use the data they collect both to inform content creation and improve customer service. Despite this, less than 50% are incorporating data analysts in their creative processes, suggesting that the data that is being collected with the purpose of improving content may have little bearing on the eventual creative outcome. Yet, only 20% of respondents believe that an over-reliance on data can harm creativity. Which begs the question, why are companies not better incorporating the data they are collating in their creative decisions?

Despite this, 44% of respondents place oversight of data management with marketing teams, rather than with sales or IT, who amass 25% between them. These figures suggest that the importance of data when planning campaigns is understood. However, with more than 40% of respondents admitting to publishing content without any clear advance strategy, it’s clear that for many companies, appropriate planning for the usage of what is collected requires considerably more thought.

More like this:

Avoiding mobile fraud: What small businesses need to know
Spotlight on standards: how to pick an IT security company

To get weekly news analysis, job alerts and event notifications direct to your inbox, sign up free for Media Network membership.

All Guardian Media Network content is editorially independent except for pieces labelled “Brought to you by” – find out more here.

Don’t Believe These 6 Mobile Security Myths

Smartphones are picking up popularity. You can now access email, social media, and other things from a device that fits in your pocket (most of the time). And, although we hear about breaches and security flaws in the news, it seems like a lot of us don’t think it applies to ourmobile device. Here are some of the most common mobile security myths.

  1. “Antivirus protection isn’t worth it for a smartphone.” Just because this device fits in the palm of your hand doesn’t mean it’s not worthy of as much protection as your computer. It should have comprehensive security that includes, antivirus, anti-malware and anti-spyware. Think of how often and indiscriminately you use that little thing, even while you’re in between bench press sets or stuck in line somewhere. The more you use it, the more important protecting the information on it becomes.
  1. “If I lose my phone I’ll just call it to find it.” A better way to locate it is to use an app with global positioning system (GPS), like McAfee® Mobile Security. With GPS, you can see the location of your device on a map, much easier than trying to hear your ringtone.
  2. “Smartphones don’t get phishing scams.” Actually, phishing scams can occur via text (also known as SMiShing ) and social media apps. Plus, the mobile device’s smaller screen makes it harder to detect suspicious links.
  1. “Apps for my phone are safe if they’re from trusted brands.” Fraudsters can easily make a malicious app look safe, and can even find its way into a reputable app store. McAfee Labs™ found that over 80% of Android apps track you and collect your personal information. Apps are also the main way that malware can be downloaded to your smartphone or tablet.
  1. “As long as my phone has PIN protection, it’s fine to have apps automatically log into my accounts.” A PIN is incomplete protection because hackers may guess the PIN code or use software to nail the four-digit sequence. You’d be surprised how many people’s PINs are 1234 or 2222. Even if you have a longer PIN or passcode on your device, it’s good practice to not have your apps automatically log you in, even though this may be convenient. You don’t want something to be able to easily access your bank accounts or post random messages on your social accounts.
  1. “SMS” adds protection. The short message service does not provide protection or monitoring of any kind. This means that text messaging is not secure and in fact, it’s often subject to spam.

Keep your mobile device safe with McAfee® Mobile Security, available on both Android and Apple devices. The Android version includes antivirus and anti-malware software, an app manager, anti-theft features, and web protection. The Apple version includes Secure Vault to protect your pictures and videos from prying eyes.

RobertSicilianoRobert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Every Step You Take, Every Call You Make: Is Your Phone Watching You?

Imagine a world where every mobile move you make – each text message and phone call – is broadcast to complete strangers. A world where owning a mobile device means giving up your right to personal privacy.

Unfortunately with the recent Signaling System 7 (SS7) research that has come to light, it appears that this world already exists – and we’re living in it.

SS7 is a set of telecommunication protocols that dates back to the 80s. These protocols are used to set up, manage and disconnect any calls that are made on the majority of the world’s publicly switched telephone networks. And, what’s worse is that its privacy measures are as dated as the protocols themselves.

Since SS7 was designed prior to the surge of mainstream cellular use, its security measures just haven’t kept up with the times.

During Chaos Communication Congress 31c3 this past month, frightening research was revealed regarding these dated security measures and the ease at which they allow SS7 to be exploited.

There are gaping holes that exist in the SS7 protocol that, when exploited, allow attackers to re-route calls and text messages or carry out distributed denial-of-service attacks.

What’s even more frightening is that these holes also allow anyone to easily learn a mobile user’s location and thus track their every move. This means that someone halfway around the world could compile a detailed profile of your movements, without you ever knowing.

All that’s needed to accomplish this grotesque invasion of privacy? A valid cell phone number.

Currently, anyone is able to purchase SS7 access from telecom and network operators. Some companies are even selling the ability to track your mobile device, wherever you go.  Once this access is granted and the victim’s mobile number is in hand, potential attackers can begin tracking, just as simple as that.

As we’ve discussed before, mobile spyware is a tool that allows hackers to gain control of your mobile device and turn it into a stalking machine. The flaws in the SS7 protocol create a giant, worldwide tracker out of your mobile device, amplifying the threat of such spyware – an extremely frightening reality for consumers.

A solution exists for a small subset of Qualcomm users, running firmware 4.1 or higher through a recently developed app called SnoopSnitch. This app offers protection against the vulnerabilities presented by SS7. Aside from this, there has yet to be a response from telecommunications providers detailing how they intend to fix this issue.

With SS7’s flaws and other mobile spyware running rampant, it’s now more vital than ever to install comprehensive security software on your mobile device. McAfee® Mobile Security is free for Android and iOS users, and offers a variety of protections, including one that detects and wards against most forms of spyware.

As always, to keep up with the latest security threats, make sure to follow @IntelSec_Home on Twitter and like us on Facebook.

lianne-caetano