Tech Friday

 
  • Malicious apps were installed from the Google Play 335 million times in September:
    • 172 malicious apps hosted on Google Play were installed more than 335 million times in September of 2019
    • Lukas Stefanko, an ESET researcher, said the majority of these apps contained malware 
    • The adware functionality was concealed inside otherwise functional apps and displays advertisements even when the app is closed  
    • "Unwanted ads or adware is popular category because after install it doesn’t request any further inputs, like banking trojans, and can simply generate revenue for developers right from the beginning" Stefanko said
    • Earlier this year, researchers found a fake photo utility and fashion app. Each contained adware and had been downloaded over 1 million times  
    • Another type of malicious app installed from Google Play relies on "subscription scams", which is when a user can use an app free for a nominal trial period and is then charged without their permission
    • Sophos researchers recently discovered 15 subscription scam apps that had more than 20 million downloads 
    • Stefanko said "Subscription scams rely on the [fact] that users might forget to unsubscribe after 3-day free trial period and then gets automatic payment for the service"
    • Google has been working to prevent malicious apps from being uploaded to Play and will suspend or remove them when found
    • According to Google, "All Android apps undergo rigorous security testing before appearing in the Google Play Store. We vet every app and developer in Google Play, and suspend those who violate our policies"  
    • Andrew Ahn, Google Play product manager, said the number of app submissions rejected by Play increased by more than 55% in 2018
    • Google Play also suspended 66% more apps in 2018
    • Google also has a bug bounty program to help find malicious apps in Google Play
    • Additionally, Google Play Protect can manually scan downloaded apps to ensure they are still safe  
    • Regarding Play Protect, Google said it "scans billions of apps daily to make sure everything remains spot on"  
    • Google reported more than two billion active Android devices last year and Play Protect scanned and verified up to 50 billion apps per day
    • Google also said it removed 700,000 bad apps in 2017 and 99% of bad apps are identified and rejected before they are installed
    • Users can double check app reviews and look for external validation of apps before downloading them
    • While it's thought to be more difficult due to the rigorous screening Apple gives apps before they are placed in the Apple store, Apple has been hit with malicious apps in the past as well
    • If you're not paying with money, you're paying with data. You're the customer not the product
    • Be skeptical of free apps
  • Hacked Apple Lightning cable nears release:
    • A hacker who goes by "MG" has developed a malicious Lightning cable that is a perfect impostor for the very expensive, proprietary iPhone cable required to charge an iPhone
    • Known as "O.MG", the cable contains a tiny Wi-Fi transceiver that can operate as an access point or a wireless client
    • When the cable is connected to a computer (to charge a phone or exchange data), an attacker within about 300 feet can connect to the cable and access the connected computer
    • The hacker gave away prototypes at DEFCON 27 and is now preparing to sell them through penetration testing site Hak5
    • "Not even your computer will notice a difference – until I, as an attacker, wirelessly take control of the cable" MG told Vice
    • The cable won't allow an attacker to access the iPhone but it has a menu to select different malware payloads to deliver to the connected computer
    • Duckyscript can allow it to act as a virtual keyboard and launch keystroke injection attacks
    • "It’s like being able to sit at the keyboard and mouse of the victim but without actually being there" MG said  
    • In April 2019, a video was released by MG and the team of hackers working on the cable which indicated they are developing additional functionality
    • When released, the device will target red teams (white hat hackers) for use in penetration testing
    • MG says he is planning to create other types of cables
    • What you do to protect yourself:
      • Don't ever use a cable you found somewhere
      • Be wary of using someone else's cable
      • Beware cheap cables
      • Never leave your devices and bags unattended in a public space
      • Mark your cables 
      • Only use a cable to charge your device with a power block, transfer data using other mechanisms 
    • Learn more here: https://shop.hak5.org/products/o-mg-cable
    • Watch the video here: https://twitter.com/_MG_/status/1094389042685259776
  • Tesla's "Smart" Summon feature videos are scary:
    • And are from the front lines of the Coming Software Apocalypse...
    • Tesla released V10 of its vehicle software earlier this week and it includes the much awaited "Smart Summon" (SS) capability
    • SS is supposed to allow drivers to summon their vehicle via their smartphone 
    • Tesla describes SS as follows: "customers who have purchased Full Self-Driving Capability or Enhanced Autopilot can enable their car to navigate a parking lot and come to them or their destination of choice, as long as their car is within their line of sight. It’s the perfect feature to use if you have an overflowing shopping cart, are dealing with a fussy child, or simply don’t want to walk to your car through the rain."
    • But it has not gone as planned many instances thus far
    • Customer videos, photos and reports hitting the Internet seem to show that SS is not only not ready for prime time, it's downright dangerous 
    • The National Highway Traffic Safety Administration (NHTSA) is looking into Tesla's Smart Summon feature
    • A NHTSA representative said "Safety is NHTSA's top priority and the agency will not hesitate to act if it finds evidence of a safety-related defect"
    • Elon Musk recently said "Summon is improving rapidly"
    • Some issues that have been noted by customers include:
      • A summoned Tesla drove into a parking structure pole  
      • A couple Teslas that jumped the curb when summoned
      • A summoned Tesla nearly hitting another car in a parking lot with few cars
      • A Tesla without a driver pulling across a lane which forced another driver to slam on their brakes to avoid a collision
      • A Tesla pointing itself at oncoming traffic and causing a traffic jam when summoned
    • Creating software and the sensor systems to enable this functionality is very complex and sophisticated
    • Watch one of the videos here: https://youtu.be/aH4zmcn5Wbc

Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here