A recent report has shown that cyber criminals are continuing to leverage security flaws in Android and iOS, meaning that manufacturers and carriers need a more integrated set of security strategies to keep their consumers’ phones safe from malware and the like.
Cyber-criminals continue to leverage the gaps in the security of Android and iOS operating systems to target mobile device users, regardless of platform, which is causing an increase in the already exponential growth of mobile malware.
According to the Trend Micro Q3 Security Roundup Report, Mediaserver vulnerabilities that were found in Android signalled that Google, manufacturers and carriers need a more integrated set of security strategies. Attackers also continue to find alternate means of breaking through iOS security walls. In the past quarter, modified versions of app-creation tools like Xcode and Unity made it clear that Apple’s walled garden approach to security can no longer spare iOS from attacks.
“Google has released a report that says less than 1% of apps found in the Google Play Store are potentially harmful,” says Darryn O’Brien, country manager at Trend Micro Southern Africa. “However, that doesn’t mean that users aren’t at risk. Android’s latest worry is Mediaserver, which handles all media related tasks and recently became and is likely to remain an active attack target. We have seen attackers exploit at least five vulnerabilities in the service in just this last quarter.”
“We found a bug in Mediaserver that could leave Android phones silent and users unable to send texts or make calls. As of July 2015, reports stated that over half of Android devices were vulnerable to this flaw. The Stagefright vulnerability, gave attackers the power to install malware on affected devices by distributing malicious MMSs which reportedly put 94.1% of Android devices at risk by July 2015,” says O’Brien.
Another vulnerability found in Mediaserver was capable of causing devices to endlessly reboot and allowed attackers to remotely run arbitrary code, to which 89% of Android devices were susceptible at the time. O’Brien adds that the fifth vulnerability known as CVE-2015-3842, allowed remote code execution in Mediaserver’s AudioEffect component and was seen in the landscape in August this year.
“The discovery of these Android vulnerabilities prompted Google to implement regular security updates for the platform, so that was positive. However, the platform’s current state of fragmentation may affect some users as security patches might not make their way to all devices unless there’s support from manufacturers and carriers,” says O’Brien.
Apple’s walled garden approach has given it a reputation as a safer choice when it comes to mobile devices as it meant stricter app-posting policies and thus more secure apps. But according to the Q3 Security Roundup, this belief was dispelled in the last quarter when several iOS applications on the App Store and third-party stores where infected with a piece of code called “XcodeGhost”. Through these malicious apps, cybercriminals could execute fraud, phishing and even data theft.
“A scary vulnerability in iOS in the past quarter was Quicksand, which was capable of leaking data sent to and from mobile-device-management (MDM) enabled users, and that put not only personal data but corporate data at risk. The operating system’s AirDrop feature also featured in the exploit landscape and was even able to reach users whose devices weren’t configured to accept files sent through AirDrop.”
According to the report, the technology giant was swift in addressing the issues and removed infected applications from its App Store. However, Trend Micro believes that there are bound to be increasing iOS threats in the future as the mobile user base continues to expand.
“Cybercriminals will make it their mission to find more ways around Apple’s strict policies and walled garden. Cross-platform threats that put not only individuals but also businesses at risk, can also be expected to continue,” says O’Brien.
“Mobile devices are a gold mine for cybercriminals and they will continue to be targeted. Mobile malware will grow and it’s important that local mobile users are aware that they aren’t safe from these types of threats just because South Africa may not be a main target. Having sufficient security on all your mobile devices is essential to the safety of your own data, and now, even the data of your workplace.”
Opera launches built-in VPN on Android browser
Opera has released a new version of its mobile browser, Opera for Android 51, which features a built-in VPN (virtual private network) service.
A VPN allows users to create a secure connection to a public network, and is particularly useful if users are unsure of the security levels of the public networks that they use often.
The new VPN in Opera for Android 51 is free, unlimited and easy to use. When enabled, it gives users greater control of their online privacy and improves online security, especially when connecting to public Wi-Fi hotspots such as coffee shops, airports and hotels. The VPN will encrypt Internet traffic into and out of their mobile devices, which reduces the risk of malicious third parties collecting sensitive information.
“There are already more than 650 million people using VPN services globally. With Opera, any Android user can now enjoy a free and no-log service that enhances online privacy and improves security,” said Peter Wallman, SVP Opera Browser for Android.
When users enable the VPN included in Opera for Android 51, they create a private and encrypted connection between their mobile device and a remote VPN server, using strong 256-bit encryption algorithms. When enabled, the VPN hides the user’s physical location, making it difficult to track their activities on the internet.
The browser VPN service is also a no-log service, which means that the VPN servers do not log and retain any activity data, all to protect users privacy.
“Users are exposed to so many security risks when they connect to public Wi-Fi hotspots without a VPN,” said Wallman. “Enabling Opera VPN means that users makes it difficult for third parties to steal information, and users can avoid being tracked. Users no longer need to question if or how they can protect their personal information in these situations.”
According to a report by the Global World Index in 2018, the use of VPNs on mobile devices is rising. More than 42 percent of VPN users on mobile devices use VPN on a daily basis, and 35 percent of VPN users on computers use VPN daily.
The report also shows that South African VPN users said that their main reason for using a VPN service is to remain anonymous while they are online.
“Young people in particular are concerned about their online privacy as they increasingly live their lives online,” said Wallman. “Opera for Android 51 makes it easy to benefit from the security and anonymity of VPN , especially for those may not be aware of how to set these up.”
Setting up the Opera VPN is simple. Users just tap on the browser settings, go to VPN and enable the feature according to their preference. They can also select the region of their choice.
The built-in VPN is free, which means that users don’t need to download additional apps on their smartphones or pay additional fees as they would for other private VPN services. With no sign-in process, users don’t need to log in every time they want to use it.
Opera for Android is available for download in Google Play. The rollout of the new version of Opera for Android 51 will be done gradually per region.
Future of the car is here
Three new cars, with vastly different price-tags, reveal the arrival of the future of wheels, writes ARTHUR GOLDSTUCK
Just a few months ago, it was easy to argue that the car of the future was still a long way off, at least in South Africa. But a series of recent car launches have brought the high-tech vehicle to the fore in startling ways.
The Jaguar i-Pace electric vehicle (EV), BMW 330i and the Datsun Go have little in common, aside from representing an almost complete spectrum of car prices on the local market. Their tags start, respectively, at R1.7-million, R650 000 and R150 000.
Such a widely disparate trio of vehicles do not exactly come together to point to the future. Rather, they represent different futures for different segments of the market. But they also reveal what we can expect to become standard in most vehicles produced in the 2020s.
The i-Pace may be out of reach of most South Africans, but it ushers in two advances that will resonate throughout the EV market as it welcomes new and more affordable cars. It is the first electric vehicle in South Africa to beat the bugbear of range anxiety.
Unlike the pioneering “old” Nissan Leaf, which had a range of up to about 150km, and did not lend itself to long distance travel, the i-Pace has a 470km range, bringing it within shouting distance of fuel-powered vehicles. A trip from Johannesburg to Durban, for example, would need just one recharge along the way.
And that brings in the other major advance: the i-Pace is the first EV launched in South Africa together with a rapid public charging network on major routes. It also comes with a home charging kit, which means the end of filling up at petrol stations.
The Jaguar i-Pace dispels one further myth about EVs: that they don’t have much power under the hood. A test drive around Gauteng revealed not only a gutsy engine, but acceleration on a par with anything in its class, and enough horsepower to enhance the safety of almost any overtaking situation.
Specs for the Jaguar i-Pace include:
- All-wheel drive
- Twin motors with a combined 294kW and 696Nm
- 0-100km/h in 4.8s
- 90kWh Lithium-ion battery, delivering up to 470km range
- Eight-year/160 000km battery warranty
- Two-year/34 000km service intervals
Click here to read about BMW’s self-driving technology, and how Datsun makes smart technology affordable.