Connect with us

Featured

More threats to Android and iOS

Published

on

A recent report has shown that cyber criminals are continuing to leverage security flaws in Android and iOS, meaning that manufacturers and carriers need a more integrated set of security strategies to keep their consumers’ phones safe from malware and the like.

Cyber-criminals continue to leverage the gaps in the security of Android and iOS operating systems to target mobile device users, regardless of platform, which is causing an increase in the already exponential growth of mobile malware.

According to the Trend Micro Q3 Security Roundup Report, Mediaserver vulnerabilities that were found in Android signalled that Google, manufacturers and carriers need a more integrated set of security strategies. Attackers also continue to find alternate means of breaking through iOS security walls. In the past quarter, modified versions of app-creation tools like Xcode and Unity made it clear that Apple’s walled garden approach to security can no longer spare iOS from attacks.

“Google has released a report that says less than 1% of apps found in the Google Play Store are potentially harmful,” says Darryn O’Brien, country manager at Trend Micro Southern Africa. “However, that doesn’t mean that users aren’t at risk. Android’s latest worry is Mediaserver, which handles all media related tasks and recently became and is likely to remain an active attack target. We have seen attackers exploit at least five vulnerabilities in the service in just this last quarter.”

“We found a bug in Mediaserver that could leave Android phones silent and users unable to send texts or make calls. As of July 2015, reports stated that over half of Android devices were vulnerable to this flaw. The Stagefright vulnerability, gave attackers the power to install malware on affected devices by distributing malicious MMSs which reportedly put 94.1% of Android devices at risk by July 2015,” says O’Brien.

Another vulnerability found in Mediaserver was capable of causing devices to endlessly reboot and allowed attackers to remotely run arbitrary code, to which 89% of Android devices were susceptible at the time. O’Brien adds that the fifth vulnerability known as CVE-2015-3842, allowed remote code execution in Mediaserver’s AudioEffect component and was seen in the landscape in August this year.

“The discovery of these Android vulnerabilities prompted Google to implement regular security updates for the platform, so that was positive. However, the platform’s current state of fragmentation may affect some users as security patches might not make their way to all devices unless there’s support from manufacturers and carriers,” says O’Brien.

Apple’s walled garden approach has given it a reputation as a safer choice when it comes to mobile devices as it meant stricter app-posting policies and thus more secure apps. But according to the Q3 Security Roundup, this belief was dispelled in the last quarter when several iOS applications on the App Store and third-party stores where infected with a piece of code called “XcodeGhost”. Through these malicious apps, cybercriminals could execute fraud, phishing and even data theft.

“A scary vulnerability in iOS in the past quarter was Quicksand, which was capable of leaking data sent to and from mobile-device-management (MDM) enabled users, and that put not only personal data but corporate data at risk. The operating system’s AirDrop feature also featured in the exploit landscape and was even able to reach users whose devices weren’t configured to accept files sent through AirDrop.”

According to the report, the technology giant was swift in addressing the issues and removed infected applications from its App Store. However, Trend Micro believes that there are bound to be increasing iOS threats in the future as the mobile user base continues to expand.

“Cybercriminals will make it their mission to find more ways around Apple’s strict policies and walled garden. Cross-platform threats that put not only individuals but also businesses at risk, can also be expected to continue,” says O’Brien.

“Mobile devices are a gold mine for cybercriminals and they will continue to be targeted. Mobile malware will grow and it’s important that local mobile users are aware that they aren’t safe from these types of threats just because South Africa may not be a main target. Having sufficient security on all your mobile devices is essential to the safety of your own data, and now, even the data of your workplace.”

Featured

Did an earthquake take out SA Internet?

Seabed avalanches caused by an earthquake could have cut several undersea cables, leading to one of South Africa’s biggest Internet outages yet, writes ARTHUR GOLDSTUCK.

Published

on

Picture by TooMuchCoffeeMan from pixabay.com

There is still no official explanation for freak breaks 11 days ago in two separate undersea cables that provide international access to South Africa’s Internet users. However, as reported in the Sunday Times yesterday, the most common causes of such breaks are damage by ship anchors and earthquakes at sea.

However, the freak occurrence of two separate cables being cut simultaneously far out at sea, as happened on the morning of 16 January, can only be explained by sea-bed activity.  One of the cables was cut in two places, and it is widely believed that a third major cable was also cut.

The cable damage mostly occurred in or near an area called the Congo Canyon, which starts inland and extends 220km into the sea. It is known for having the world’s strongest “turbidity currents”, underwater sediment avalanches over hundreds of kilometers, which are known to destroy undersea cables.

The most likely culprit is a 5.6 magnitude earthquake that struck the Atlantic Ocean near Ascension Island shortly before the cables were cut on the morning of 16 January. The earthquake occurred just before 8am South African time, and local ISPs reported losing international access from just before 10am. The epicentre of the earthquake was more than a thousand kilometres off the coast of Africa, but disturbances caused by seismic activity at sea become more powerful as they approach the coast. Combined with turbidity currents, this could well have taken out all cables in the area.

The West Africa Cable System (WACS) was cut in two places, and the South Atlantic 3 (SAT3) cable in one location. Industry insiders believe that the Africa Coast to Europe (ACE) cable was also cut, but it has not been publicly confirmed.

South Africa is connected to the global Internet via seven such cables, with a total capacity of 42.3 terabits per second (tbps).  These cables, in turn, connect to additional cables connecting the West and East coasts of Africa, with a single cable running from Angola to Brazil providing another 40 tbps.

However, it emerged in the past week that smaller ISPs in South Africa had bought capacity on only one or two cables. In a freak occurrence, two of the most commonly used cables, the WACS and SAT 3 cables, were cut simultaneously, plunging millions of Internet users into data darkness.

Customers of the major mobile network operators – Vodacom and MTN – were largely unaffected, as these tend to have both part-ownership and access to most of the cables running up both the East and West coasts of Africa.

Visit the next page to read about how ISPs have battled to reroute access, how massive resources are needed to deal with these kinds of outages, and when the ship will reach the breakage points.

Previous Page1 of 4

Continue Reading

Featured

Lenovo express-delivers new range from CES to SA

Published

on

Lenovo has unveiled its new range of ThinkBook laptops, barely two weeks after they were showcased at the Consumer Electronics Show in Las Vegas. 

The company’s newest sub-brand, ThinkBook, is intended to meet the demand for more aesthetically pleasing, yet agile and powerful devices.

The new range is aimed at small and medium enterprises. According to the Small Enterprise Development Agency (SEDA), there are more than 2-million SMEs in South Africa – although there are only 667,433 in the formal sector. This tallies with estimates in recent editions of SME Survey, produced by World Wide Worx, which suggest 650,000 active, formal businesses in South Africa. These SMEs employ about 14% of the South African workforce. 

Lenovo argues that access to affordable, yet efficient, technology is a crucial factor in aiding business success and contributing towards the success of the nation. The company has found, in its own research, that younger people prefer working, creating and communicating online “with stylish devices that make a statement”. This means they require streamlined laptops which can be used to collaborate from any remote location, to enhance productivity.

Lenovo said in a statement on Thursday night: “Backed by customer research, ThinkBook is specially designed for SMEs, who typically purchase consumer laptops for perceived design and price advantages but can no longer rationalise their lack of extended services and warranties – core needs of any business. ThinkBook allows growing firms to keep a competitive edge in attracting today’s young tech-savvy execs with trendy yet cost-effective devices. 

Thibault Dousson, general manager of  Lenovo for Europe, Middle East and Africa, said at the launch event: “With the capacity, SMEs have to grow and upskill the country’s workforce, they are perfectly positioned to bridge the gap between the public sector and large enterprise. Bearing in mind the demands of the digital economy, this sector needs skills and resources in order to compete, and that is where devices such as the ThinkBook come in.”

In South Africa, ThinkBook laptops are now available in 13-, 14- and 15-inch variants. The flagship ThinkBook 14 and ThinkBook 15 devices are powered by Windows 10 Pro and up to 10th Gen Intel Core processing, which Lenovo says combines high performance with intuitive, time-saving features. Options include Intel Optane memory, WiFi 6, and discrete graphics.

The ThinkBook 15 comes at just 18.9mm thin, while the ThinkBook 14 is a mere 17.9mm, both with FHD displays and two Dolby Audio speakers, dual-array, Skype certified microphones and a USB 3.1 (Gen2, Type-C) port.

Lenovo has also introduced the ThinkBook S series, including an elegant 13.3-inch ThinkBook 13s. The sleek and light device is constructed of a metallic finish on an all-aluminium chassis, alongside a narrow bezel display. As with the ThinkBook 14 and 15, the ThinkBook 13s also features advanced Intel processing and an FHD display, Dolby Vision and Harman speakers with Dolby Audio.

Visit the next page to read about the design and features of the new ThinkBook range.

Previous Page1 of 2

Continue Reading

Trending

Copyright © 2019 World Wide Worx