Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Remote Access Tools Threatens Smartphones

March 7, 2012 by  
Filed under Smartphones

Comments Off on Remote Access Tools Threatens Smartphones

Malware tools that allow attackers to gain complete remote control of smartphones have become a major threat to owners around the world, security researchers say.

In a demonstration at the RSA Conference 2012 here Wednesday, former McAfee executives George Kurtz and Dmitri Alperovitch, who recently founded security firm CrowdStrike, installed a remote access tool on an Android 2.2-powered smartphone by taking advantage of an unpatched flaw in WebKit, the default browser in the OS.

The researchers showed an overflow audience how the malware can be delivered on a smartphone via an innocuous looking SMS message and then be used to intercept and record phone conversations, capture video, steal text messages, track dialed numbers and pinpoint a user’s physical location.

The tools used in the attack were obtained from easily available underground sources, Kurtz said. The WebKit bug, for instance, was one of 20 tools purchased from hackers for a collective $1,400.

The remote access Trojan used in the attack was a modified version of Nickispy a well-known Chinese malware tool.

Learning how to exploit the WebKit vulnerability and to modify the Trojan for the attack, was harder than expected, said Kurtz. He estimated that CrowdStrike spent about $14,000 in all to develop the attack.

But the key issue is that similar attacks are possible against any smartphone, not just those running Android, he said.

WebKit for instance, is widely used as a default browser in other mobile operating systems including Apple’s iOS and the BlackBerry Tablet OS. WebKit is also is used in Apple’s Safari and Google’s Chrome browsers.

Several mobile remote access Trojans are already openly available from companies pitching them as tools that can be used to surreptitiously keep tabs on others.

Source…

Adobe Says No To Android’s Chrome

February 17, 2012 by  
Filed under Internet

Comments Off on Adobe Says No To Android’s Chrome

Chrome for Android will not run Flash Player, the popular software that Apple has famously banned, Adobe confirmed Wednesday.

The acknowledgment was no surprise: Last November, Adobe announced it was abandoning development of Flash for mobile browsers. In other words, Google missed the Flash boat by several months.

“Adobe is no longer developing Flash Player for mobile browsers, and thus Chrome for Android Beta does not support Flash content,” said Bill Howard, a group product manager on the Flash team, in an Adobe blog Tuesday.

The stock Android browser included with the operating system does support Flash, noted Howard.

Adobe explained its decision to halt work on Flash Player for mobile browsers as necessary to shift resources, notably to its efforts on HTML5, the still-developing standard that will ultimately replace many of the functions Flash has offered.

“We will continue to leverage our experience with Flash to accelerate our work with the W3C and WebKit to bring similar capabilities to HTML5 as quickly as possible,” Danny Winokur, the Adobe executive in charge of interactive development, said last year. He was referring to the World Wide Web Consortium standards body and WebKit, the open-source browser engine that powers Chrome and Apple’s Safari. “And we will design new features in Flash for a smooth transition to HTML5 as the standards evolve.”

Analysts read the move as a tacit surrender to the trend, first seen at Apple, to skip support for Flash on smartphones and tablets. In 2010, former Apple Steve Jobs had famously dismissed Flash as unsuitable for mobile devices because it was slow, drained batteries and posed security problems.

Source…

Kindle Fire Raises Privacy Concerns

December 5, 2011 by  
Filed under Consumer Electronics

Comments Off on Kindle Fire Raises Privacy Concerns

Amazon told a Massachusetts congressman that the Silk browser in its Kindle Fire tablet doesn’t pose a privacy threat to customers, but the lawmaker wasn’t satisfied with that statement.

U.S. Rep. Ed Markey (D-Mass.), the co-chairman of a congressional caucus on consumer privacy, on Tuesday released the results of questions he had put to Amazon CEO Jeff Bezos in October about Silk and the data it collected.

Markey wasn’t happy with Amazon’s answers.

“Amazon’s responses to my inquiries do not provide enough detail about how the company intends to use customer information, beyond acknowledging that the company uses this valuable information,” said Markey in a statement.

“Amazon states ‘Customer information is an important part of our business,’ but it is also important for customers to know how the company uses their personal information,” Markey continued. “Amazon is collecting a massive amount of information about Kindle Fire users, and it has a responsibility to be transparent with its customers. I plan to follow-up with the company for additional answers on this issue.”

Silk, which is based on the open-source WebKit engine, connects to Amazon’s cloud service and servers by default. The service will handle much of the work of composing Web pages, pre-rendering and pre-fetching content, and squeezing the size of page components, a way, claimed Amazon, to speed up browsing on low-powered devices like the Kindle Fire.

Source….

Apple Has A Hole In MAC OS X

November 18, 2011 by  
Filed under Computing

Comments Off on Apple Has A Hole In MAC OS X

Apple has failed to fix a bug in its Mac OS X operating system that allows processes to bypass the sandbox protection in place.

The flaw was discovered by Anibal Sacco and Matias Eissler from Core Security Technologies. They let Apple know about the problem on 20 September, and while Apple acknowledged their submission, it said that it did not see any security threat, forcing the Core Security Technologies team to publish the report to the public this month.

The problem appears to be with the use of Apple events in several default profiles, including the no-network and no-internet ones. When Apple events are dispatched a process can escape the sandbox, which could be exploited by hackers.

The vulnerability could lead to a compromised application restricted by the use of the no-network profile gaining access to network resources through the use of Apple events to execute other applications that are not restricted by the sandbox, making it a significant security threat.

Only the more recent versions of Mac OS X are vulnerable to this bug, including 10.5.x, 10.6.x, and 10.7.x. Those using 10.4.x are safe from the exploit.

Source…