McAfee Mobile Security 4.5 for Android is here!

Intel Security just launched the latest version of our award-winning Android app–McAfee Mobile Security (MMS). MMS has evolved beyond providing AV protection to provide performance boosting and Android Wear features. We are proud to arm our users with these new powerful tools for optimized device performance to aid in users’ eternal struggle to gain longer battery life, more power, speed, and storage on their Android smartphones and tablets.

As the number and variety of devices in our lives increases, so does the number of threats and potential risks to our privacy. By using wearable devices we gain convenience and flexibility but open ourselves to a variety of threats, such as identity theft, insurance fraud, stalking, and many others. To address this emerging vulnerability, MMS has introduced Android Wear watch support, enabling users to stay safe and productive even when they are on the go. You can prevent loss, stay on top of mobile threats and boost your mobile device performance–all done straight from your smart watch.

Get it free here and let us know what you think!

MMS

Features include:

  • Intel Device Protection Technology. Built into the Android OS on Intel devices, this works to proactively block malware delivered through malicious apps and websites, while also conserving battery power.
  • Privacy. Deep app inspection provides a thorough crosscheck of all of your apps and informs of potential privacy violations. PIN protect your apps and create up to three user profiles.
  • Wi-Fi Protection. Alerts of non-secured Wi-Fi connections and automatically disconnects the device if it detects someone is attempting to hack into your connection in order to send your emails, keystrokes and other information to a separate server, known as ARP spoofing.
  • Web Protection. Blocks users from visiting or opening phishing sites and browser exploits in texts (SMS) and multi-media messages, emails, QR codes and social networking posts.
  • CaptureCam. Takes a picture and captures your phone’s location when there are multiple incorrect attempts to unlock your device, while your phone is on. Images and location are sent directly to your account.
  • Remote Locate, Lock, Wipe and Alarm. In the event your device is lost or stolen, use the remote lock and wipe feature from the McAfee Mobile Security management portal, or via text message from another phone, to ensure that none of your private data falls into the wrong hands.
  • NEW! Get the Most out of your Device. Add more time to your battery life when you need it most. Clean up your device’s memory to make it run faster and longer. Optimize your internal storage space to fit more apps and files.
  • NEW! Protect your mobile data plan. Never go over your limit again– monitor your usage, get threshold alerts, and bust data-hogging apps.
  • NEW! Pair your Android Wear. Never miss a security issue or leave your smartphone or tablet behind. Take actions straight from your Android Wear watch to find and secure your mobile device, fix critical issues and extend battery on your phone or tablet.
  • NEW! Easy access. Quickly boost your device and fix issues with just one tap–straight from your Home Screen Widget.

“ASP.NET MVC: Audit Logging”

Guest Editor: Today’s post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will take a look at creating an audit logging action filter in the ASP.NET MVC framework.

Audit logging is a critical step for adding security to your applications. Often times, audit logs are used to trace an attacker’s steps, provide evidence in legal proceedings, and used to detect and prevent attacks as they are occurring. If you’re not convinced yet, many regulatory compliance laws, such as HIPAA, also require security-specific audit logs to be kept. With that said, let’s take a look at some high-level things to consider as you build out your audit logging functionality.

Events to Log:
The first step is deciding which events require logging. While regulatory compliance laws, such as HIPAA and PCI, may specify exactly which actions should be logged, each application is different. Here are some general actions to consider logging in your applications:

  • Administrative actions, such as adding, editing, and deleting user accounts / permissions.
  • Authentication attempts
  • Authorized and unauthorized access attempts
  • Reading or writing to sensitive information, such as HIPAA, PCI, encryption keys, authentication tokens, API keys, etc.
  • Validation failures that could indicate an attack against the application

Details to Log:
Each audit log entry must provide enough information to identify the user and their action in the application. The following details provide some details to consider:

  • Timestamp identifying when was an operation/action performed?
  • Who performed the action.? This is often achieved with a unique user identifier, session token hash value, and source IP address.
  • What operation/action was performed? Include the URL, action / method, and action result.
  • Which record(s) were impacted?
  • What values were changed?
  • Determine an event severity level to assist the operations team with incident response

Threshold Monitoring
In addition to the above, it is also helpful to monitor the application for unusual activity. Capturing high volumes of requests beyond normal usage can help detect automated attacks, such as password guessing, SQL injection, or access control attempts. Blocking IP addresses performing unusual activity and notifying the operations team will go a long way towards incident detection and response.

Creating an Audit Logging Action Filter
Now that we know what to do, let’s discuss how using ASP.NET MVC. The framework provides a centralized feature, known as Action Filters, which can be used to implement audit logging in your applications. ASP.NET Action Filters are custom classes that provide both declarative and programmatic means to add pre-action and post-action behavior to controller action methods. More information about Action Filters may be found here.

Let’s create an example action filter and apply it to the AccountController.Login() and HomeController.Contact() methods from the SecureWebApp project that was described in the previous article ASP.NET MVC: Data Validation Techniques.

login

First, create a new class called AuditLogActionFilter.cs, as shown in the following code snippet:

using System.Linq; using System.Web; using System.Web.Mvc; using System.Web.Routing; namespace SecureWebApp.Audit { public class AuditLogActionFilter : ActionFilterAttribute { public string ActionType { get; set; } public override void OnActionExecuting(ActionExecutingContext filterContext) { // Retrieve the information we need to log string routeInfo = GetRouteData(filterContext.RouteData); string user = filterContext.HttpContext.User.Identity.Name; // Write the information to “Audit Log” Debug.WriteLine(String.Format(“ActionExecuting – {0} ActionType: {1}; User:{2}” , routeInfo, ActionType, user), “Audit Log”); base.OnActionExecuting(filterContext); } public override void OnActionExecuted(ActionExecutedContext filterContext) { // Retrieve the information we need to log string routeInfo = GetRouteData(filterContext.RouteData); bool isActionSucceeded = filterContext.Exception == null; string user = filterContext.HttpContext.User.Identity.Name; // Write the information to “Audit Log” Debug.WriteLine(String.Format(“ActionExecuted – {0} ActionType: {1}; Executed successfully:{2}; User:{3}” , routeInfo, ActionType, isActionSucceeded, user), “Audit Log”); base.OnActionExecuted(filterContext); } private string GetRouteData(RouteData routeData) { var controller = routeData.Values[“controller”]; var action = routeData.Values[“action”]; return String.Format(“Controller:{0}; Action:{1};”, controller, action); } } }

The newly created custom action filter AuditLogActionFilter overrides OnActionExecuting() and OnActionExecuted() methods to write audit information to debug output window (for testing purposes). In a real scenario, use a logging framework (e.g. nLog, log4net, etc.) to write the details to a secure audit logging repository.

It’s very easy to apply the logging filter to the Login() method using our new annotation. With just one line of code, add the AuditLogActionFilter with a custom ActionType argument.
[HttpPost] [AuditLogActionFilter(ActionType=”UserLogIn”)] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task Login(LoginViewModel model, string returnUrl) {

And to the Contact() method:
[AuditLogActionFilter(ActionType=”AccessContactInfo”)] public ActionResult Contact() {

The ActionType parameter is just an example showing that it’s possible to pass data into the action filter. In this particular case, the ActionType identifies the action being taken for the audit log. Once the value is passed to the action filter, any logic can be added to handle special cases.

When debugging the application, logging in and visiting the contact page cause the following lines to be written to the console output.
Audit Log: ActionExecuting – Controller:Account; Action:Login; ActionType: UserLogIn; User: Audit Log: ActionExecuted – Controller:Account; Action:Login; ActionType: UserLogIn; Executed successfully:True; User: Audit Log: ActionExecuting – Controller:Home; Action:Contact; ActionType: AccessContactInfo; User:taras.kholopkin@gmail.com Audit Log: ActionExecuted – Controller:Home; Action:Contact; ActionType: AccessContactInfo; Executed successfully:True; User:taras.kholopkin@gmail.com

This shows how easy it is to create a custom-logging filter and apply it to important security-specific actions in your applications.

To learn more about securing your .NET applications, sign up for DEV544: Secure Coding in .NET!

About the author
Taras Kholopkin is a Solutions Architect at SoftServe, and a frequent contributor to the SoftServe United blog. Taras has worked more than nine years in the industry, including extensive experience within the US IT Market. He is responsible for software architectural design and development of Enterprise and SaaS Solutions (including Healthcare Solutions).

Your mobile apps could be spying on you and telling secrets!

I am sharing this article, written by Shelly Tzoumas – Thanks, Shelly!

How close are relentless cyber criminals to hacking your mobile device—really? Security reports indicate 1 in 5 Android apps contain malware. What do you need to know? To find out, Shelly sat down with Alex Hinchliffe, Mobile Malware Research Manager at Intel Security, who explained the risk and provided five valuable mobile safety tips.

“Your everyday tasks may be the most revealing,” explains Hinchliffe. “Despite a recent rise in ransomware malware, today’s biggest mobile threat is data leakage from app ad libraries and other privacy-invasive apps.”

Tip 1:  Skip the ‘free’ version of apps and don’t download apps that share too much

We all, by nature, want to get something for free. Usually, when you download the “free” version of an app, you accept in-app advertisements. The ads are a little annoying, but the worrisome part is happening behind the scenes. The app has permissions to collect data from your mobile device that it doesn’t need.

“Typically, ad libraries are tracking your tasks, what network you are using, and collecting your account information,” says Hinchliffe. The data enables retailers to target you with coupons and promotions. “You can avoid over-sharing by reading the app reviews and permissions information,” advises Hinchliffe. “We are finding only a handful of ad libraries associated with malware, so the risk here is primarily to your privacy.”

Tip 2:  Install a good security software to guide you through confusing app permissions

If you are using an Android device today, you have little control over apps once you install them.  This means you don’t know how the app is using any permissions you may have granted.  Some mobile security apps, like McAfee Mobile Security help by alerting you to permissions when you download an app. They can also inform you if the app is able to do something you don’t expect.

Tip 3:  Avoid third party app stores and direct download sites; get your apps directly from the Play Store, Apple Store or Microsoft

The reports of mobile malware are staggering and we asked Hinchliffe to help us better understand the landscape. McAfee Labs reports a staggering 6 million mobile malware samples in their zoo (see chart), most of which are designed for Android. Few mobile breaches, however, have been reported. “When you look at data breaches as a whole, like the Verizon Data Breach Investigation Report does, stats in the mobility vector are low,” says Hinchliffe. “This can be deceiving because mobile malware is evolving from spyware to more dangerous capabilities that give the attacker remote control over the device, or to encrypt your cherished photos and other data then hold them to ransom.”

Just as attackers learn how to gain control of devices, more and more users are switching to mobile payments. In fact, overall dependence on mobile devices is growing with reported usage of more than 30 hours a month.

“The primary method of installing malware on mobile remains consistently via apps delivered through third-party app stores or direct download sites,” says Hinchliffe.

Tip 4:  Don’t click hyperlinks sent in SMS messages – even links in messages sent from trusted contacts

The scariest scenario involves SMishing (SMS phishing). “Mobile attackers are sending SMS (text) messages, prompting users to click a hyperlink to a direct download site,” describes Hinchliffe. “Unsuspectingly, they download malicious apps and, if installed, lose control of their data or even their device.”

Tip 5:  Avoid connecting to your web accounts with mobile apps, or only connect to websites offering two-step verification

Bad apps are universal, as evident by recent reports showing thousands of apps in Apple’s App Store could be used to spy on your communications. Further, McAfee found 18 of the 25 most downloaded apps from all primary app stores remain vulnerable to man-in-the-middle (MITM) attacks four months after the vulnerabilities had been reported.

“This means that all communications between the mobile apps and their websites, including usernames and passwords, are potentially viewable by cybercriminals,” says Hinchliffe.Your Tasks

As we go mobile-first, so follows fraud

Browsing the news last week – as you do – a couple of stories caught my eye which I felt compelled to write about. Both stories are industry ‘firsts’, and both of them concern our smartphones.

The first of these stories that I happened to chance upon was while reading PaymentWeek. Largely overlooked by many of the press, the article explained that mobile fraud is now outpacing that of online and in-store fraud for the first time.

The research, published by a company called Kount Inc., confirms what we’ve been talking about here at Intel Security for some time; that your mobile phone is just as much a target for hackers and criminals than your desktop computer is, yet still too many of us continue to flaunt the risks by not securing our devices.

Take, for example, the findings of a study we published earlier this year. This revealed that a quarter of people don’t even have basic mobile protection, like pin or password in place. And increasingly, even a password won’t provide you with adequate security to protect your phone.

Earlier this month, experts revealed a critical vulnerability affecting a frightening 95 per cent of all Android smartphones, possible to be exploited by hackers with a single text message. I don’t need to do any maths to tell you that’s a lot of smartphones.

So why are our mobiles becoming such a target for fraudsters and criminals?

The second story I want to talk about provides a very good explanation, which is that smartphones have now overtaken laptops as the most popular means of accessing the internet – up to two hours every day, according to Ofcom. I’m guessing that figure is an average across lots of different age groups because, if I think about how much my nephew uses his phone, two hours doesn’t cover half of it.

Ofcom does indeed support my assumptions, reporting that those aged 16-34 are most likely to prefer smartphones, although interestingly usage is also growing amongst the older generations, particularly those aged 55-64.

Both of these stories point to one frightening conclusion – as we head into the mobile-first age, hackers, cyber criminals and fraudsters aren’t very far behind us. We need to start thinking of our smartphones for what they are; sophisticated, micro-computers, which are vulnerable to attack unless we protect them. And exactly the same can be said for any smart device, whether that’s a phone, watch, car, or even fridge.

This isn’t just a warning for consumers either, there’s certainly more that can be done from within the industry too. For example, ensuring that smartphones are equipped with some sort of security software out-of-the-box, just in the same way that a new laptop would.

So, if you’re reading this and you haven’t thought about securing your mobile, please do yourself a favour and do something about it. Start thinking smarter when it comes to your smartphone. There’s lots of useful information on the Intel Security blog, including this piece I wrote earlier in the year.

The post As we go mobile-first, so follows fraud appeared first on McAfee Blogs.

Subway, Sandwiches & Security

Remember that wallpaper they used to have at Subway sandwich shops? You know, with all the pictures of clunky, outdated modes of transportation? Subway’s wallpaper always provided an interesting window into the past and gave the place a sense of nostalgia.

So, imagine security researchers’ surprise when it was uncovered that Subway’s mobile app is anything but old-fashioned and in fact, employs some of the toughest and most technologically advanced security standards available.

Recently, a white hat hacker attempted to crack the Subway mobile app just so consumers would know whether or not their payment data was safe. In the end, this researcher did succeed, but he also uncovered some interesting quirks along the way.

What this researcher found was the kind of impregnable built-in security features normally used by mobile apps in the financial industry. For example, the app uses a custom app signature verification process, signaling that its guards are up against reverse engineering.

This means that the Subway mobile app has systems in place to prevent hackers from breaking through their site with fraudulent certificates. When a hacker attempts to get through, perhaps to access users’ payment information, they will instead be greeted by a popup stating that the verification has failed, calling out the hacker for tampering with the mobile app.

While this high level of security is certainly commendable, it also poses a question – why would a mobile app used for ordering sandwiches go to such great lengths in the name of cybersecurity?

One theory is that Subway appears to be responding to the recent spike in threats that have developed in the mobile space.

As was unveiled in the most recent McAfee Labs Threats Report, the number of new mobile malware samples jumped 49% between the first quarter of 2014 and the first quarter of 2015, a sobering statistic.

If Subway’s security efforts are any indication, it would seem that companies across all industries are feeling the pressure to implement tighter security measures in their mobile apps.

However, it’s never wise to rely on mobile apps alone for keeping your information safe and secure. So, while these mobile apps refine their privacy measures and work to introduce higher levels of protection, let’s take security into our own hands.

Having comprehensive security installed on your mobile device is key. McAfee® Mobile Security is free for Android and iOS users, and provides a variety of protections that will help keep unwanted eyes off of your devices.

Another quick tip? Be sure to pay close attention to the permissions that your mobile apps are requesting. A wallpaper app for instance, shouldn’t need access to your texts or location and may be up to something fishy if it’s trying to request access to them.

As always, to keep up with the latest security threats, make sure to follow @IntelSec_Home on Twitter and like us on Facebook.

lianne-caetano