The FBI has
issue what appears to be a very fire warning regarding Android OS and the
description of the malware is scaring the crap out of me.
Ouch. Big ouch.
Maybe this
is a case to be made for buying only from Google and embracing the Nexus brand
rather than Amazon, Barnes & Noble, HTC , or Samsung.
In the
press release, the G-men has a list of recommendations to follow when getting
an Android device.
- When purchasing a Smartphone, know the
features of the device, including the default settings. Turn off features
of the device not needed to minimize the attack surface of the device.
- Depending on the type of phone, the operating
system may have encryption available. This can be used to protect the
user's personal data in the case of loss or theft.
- With the growth of the application market for
mobile devices, users should look at the reviews of the developer/company
who published the application.
- Review and understand the permissions you are
giving when you download applications.
- Passcode protect your mobile device. This is
the first layer of physical security to protect the contents of the
device. In conjunction with the passcode, enable the screen lock feature
after a few minutes of inactivity.
- Obtain malware protection for your mobile
device. Look for applications that specialize in antivirus or file
integrity that helps protect your device from rogue applications and
malware.
- Be aware of applications that enable
Geo-location. The application will track the user's location anywhere.
This application can be used for marketing, but can be used by malicious
actors raising concerns of assisting a possible stalker and/or burglaries.
- Jailbreak or rooting is used to remove certain
restrictions imposed by the device manufacturer or cell phone carrier.
This allows the user nearly unregulated control over what programs can be
installed and how the device can be used. However, this procedure often
involves exploiting significant security vulnerabilities and increases the
attack surface of the device. Anytime a user, application or service runs
in "unrestricted" or "system" level within an
operation system, it allows any compromise to take full control of the
device.
- Do not allow your device to connect to unknown
wireless networks. These networks could be rogue access points that
capture information passed between your device and a legitimate server.
- If you decide to sell your device or trade it
in, make sure you wipe the device (reset it to factory default) to avoid
leaving personal data on the device.
- Smartphones require updates to run
applications and firmware. If users neglect this it increases the risk of
having their device hacked or compromised.
- Avoid clicking on or otherwise downloading
software or links from unknown sources.
- Use the same precautions on your mobile phone
as you would on your computer when using the Internet.
We’ll
be back later to commend on the significance of this press release. The feds don’t do these kinds of things
unless they know something is up. Just
last week, the SecDef (Secretary of Defense) in his party suit gave a dire
warning about cyber attacks and the media is all over the latest volley of bank
attacks from Tehran
It’s not
likely this is related but more about privacy and identity thefts but you
cannot discount just how bad things are out there now and how much worse it
could get.
No comments:
Post a Comment