Re-defining mobile security
Friday 9 May 2014
Friday 25 April 2014
My heart doesn't bleed. I have Secure Spaces!
The pervasive use of the OpenSSL libraries in Android apps, mostly gaming apps, has seen a disproportionate amount of attention placed on Android for failing to prevent the Heartbleed attack. A recent report ( http://au.ibtimes.com/articles/549464/20140424/google-android-play-store-heartbleed-bug-security.htm#.U1pbA_ldV8E ) with research from FireEye states that nearly 150 million Android app downloads were vulnerable to the Heartbleed bug.
Adding to this disturbing fact is that of 17 apps created to detect the Heartbleed issue, 6 of those apps did not include sufficient techniques to accurately detect the bug.
The report goes on to state that while many apps do not have direct access to banking or credit card information those gaming apps do typically have cross-linked authentication to Google, Facebook, Twitter or other social media apps that may have access to other important credentials.
With Secure Spaces I maintain a "quarantine" Space into which I place all of my newly downloaded apps. I have anti-malware tools in my quarantine Space that let me scan those apps and other apps that let me review all of the permissions and resources used by the downloaded app. Once I am satisifed I can then use the App Manager in Secure Spaces to move the app to my Open Space or another personal Space.
Even if I didn't use a quarantine Space (I am a bit of a geek) by simply placing the newly downloaded app into a personal Space or Open Space that does not have any contacts records, no access to my email or other critical information I can prevent a malicious app, even with the Heartbleed bug, from doing any real damage. Secure Spaces allows me to isolate my important information that I need from the neat apps that I want and lets me do it all on one device.
Adding to this disturbing fact is that of 17 apps created to detect the Heartbleed issue, 6 of those apps did not include sufficient techniques to accurately detect the bug.
The report goes on to state that while many apps do not have direct access to banking or credit card information those gaming apps do typically have cross-linked authentication to Google, Facebook, Twitter or other social media apps that may have access to other important credentials.
With Secure Spaces I maintain a "quarantine" Space into which I place all of my newly downloaded apps. I have anti-malware tools in my quarantine Space that let me scan those apps and other apps that let me review all of the permissions and resources used by the downloaded app. Once I am satisifed I can then use the App Manager in Secure Spaces to move the app to my Open Space or another personal Space.
Even if I didn't use a quarantine Space (I am a bit of a geek) by simply placing the newly downloaded app into a personal Space or Open Space that does not have any contacts records, no access to my email or other critical information I can prevent a malicious app, even with the Heartbleed bug, from doing any real damage. Secure Spaces allows me to isolate my important information that I need from the neat apps that I want and lets me do it all on one device.
Monday 21 April 2014
Ready to Rumble: IT vs Employee for BYOD
The challenge remains to
bring harmony to the enterprise's need for data protection and the employee’s
need for privacy and convenience. This issue existed to a small extent on the
desktop, grew larger with the portability and convenience of laptops but now
extends and dominates the discussion for mobile devices whether provided by the
company or owned by the employee.
Our mobile devices are
being used in entirely different ways than our desktops and laptops and this now
has to be factored into the decision to permit mobile devices onto corporate
networks. Failing to recognize the consumer requirements for mobile device use
is a guarantee to have any BYOD program fail.
In addition, our phones primary function is communications. It is not until recently that the Smartphone has added the capability to run apps and process data (like desktops and laptops). But our Smartphones introduce an entirely new range of security challenges not faced by desktops and laptops.
The Enterpise IT group has a difficult challenge to continue delivering a secure environment for corporate data while the borders of their network dissolve and their end-users demand choice over the devices that they use.
Check out Graphite
Software’s new infographic to learn how to achieve harmony between security, privacy
and convenience. Meet the solution that is allowing employees to use their
devices how they want without compromise, while empowering enterprise with
control, compliance and increased productivity in our BYOD world.
Download the infographic here: http://www.graphitesoftware.com/resources/BYOD%20end%20user%20vs.%20IT%20-%205.pdf
Tuesday 25 March 2014
More Than A Billion Android Devices Vulnerable To Pileup Attack!
A simple summary of the attack shows that an app downloaded by a device owner could contain bogus permissions that are simply ignored by the operating system, however if those permissions reflect features that eventually become available in a future version of Android then the permissions become active even though you as the device owner never specifically granted those permissions. What this could mean is that the app now has access to information or resources that you never intended it to have.
Of course, this attack does require that you download and install the app with these malicious permissions and perform a system update with a reboot of the device. Given that only 34% of device owners actually read the privacy policies of downloaded apps there is a strong likelihood that this type of app will make it onto a great many devices. Now specifically what the app will eventually do is up to the app and the future of Android capabilities.
At this time there is no Android fix to this issue but we expect that it will be dealt with quickly in the next Android update. If you are on an unlocked device and have control over your Android updates this is certainly good news. If you are on a device that receives infrequent updates then you are out of luck and must simply be far more diligent and watchful of the apps that you download.
However, if you are a Secure Spaces user you can rest far more comfortably. Secure Spaces divides an Android device up into "Spaces", like rooms in your house, so that you can place certain apps and data into one Space and keep them completely separate from the apps and data in another Space. So if you did download one of these apps and placed it into an isolated Space without any contacts, email accounts, Google accounts, or other sensitive information then there is very little harm that can come from the app. Secure Spaces is a consumer solution that gives the consumer control over how they want their device configured and how apps can, or can't interact with their data, like an app quarantine. Secure Spaces is ideal for consumer privacy, BYOD initiatives, device sharing with friends and family and mobile marketing initiatives.
Monday 24 March 2014
My Mobile Phone Runneth Over
Thinking that you need two or more phones? You don't. Stop the trade-off between privacy and convenience and stop jamming everything onto one home-screen.
We carry our phones all day long and use it for everything like work, email, banking, shopping, travel and play. We love to download new apps to see if they will make us more productive, simplify our life or allow us to have more fun. At the same time we want to be able to protect our personal information and our employer wants to protect company information.
With just one phone you are putting everything all together in one place: work apps, personal apps, game apps, downloaded apps. What does this mean? It means that we expose ourselves to malicious and over-permissioned apps that can lead to data loss and privacy breaches.
Take back control of your device, your data, and your privacy. With Secure Spaces you can organize your digital life into multiple “Spaces” on your phone, like rooms in your house.
Read more at: www.securespaces.com
Tuesday 11 March 2014
Mother Sues Google After Child Buys $66 Worth Of In-App Purchases In Marvel Running Game
We all do it, those of us with kids anyway. We let our kids use our mobile devices to play games, play music or surf the Web. It seems harmless, it distracts them from the constant "Mommy, mommy" coming from the back seat of the car or the other room of the house. While many may jump onto the "bad parenting" or "digital babysitter" argument there is another reason to be concerned with the practise of sharing your mobile device.
Recently a mother in California sued Google over the in-app purchases made by her child while playing a game on her mobile device. Read more here: http://www.androidpolice.com/2014/03/11/mother-sues-google-after-child-buys-66-worth-of-in-app-purchases-in-marvel-running-game/ . Now, it appears that at some point the mother had changed her phone settings to avoid being prompted all the time for her password, likely due to the inconvenience. What she didn't realize was that this made available her Google account information and stored credit card details for use with in-app purchases, or the ability to purchase items like "Smurfberries", or "level-ups" in downloaded games. Her child likely didn't know that they were doing anything wrong but in a short period of time they had racked up a significant amount of extras that the mother had never intended or been given the opportunity to decline.
This all comes back to the ongoing trade-off between security and convenience that has plagued the online world for years. The mobile industry has done very little to change the security/privacy paradigm, in fact, they have replicated all of the challenges that have been faced by desktop and server computers for decades.
Secure Spaces takes a different approach. Secure Spaces creates separate Spaces on your device, like rooms in your house, to store apps and data separately. The apps and data in one Space cannot be accessed by the apps and data in another Space. The mother in this story could have created an Open Space on her device and placed the children's games into that Space and nothing else. The games would not have access to her Google account, her credit card information, or any other contacts, phone numbers, apps, passwords, or data that she maintains in another Space.
Recently a mother in California sued Google over the in-app purchases made by her child while playing a game on her mobile device. Read more here: http://www.androidpolice.com/2014/03/11/mother-sues-google-after-child-buys-66-worth-of-in-app-purchases-in-marvel-running-game/ . Now, it appears that at some point the mother had changed her phone settings to avoid being prompted all the time for her password, likely due to the inconvenience. What she didn't realize was that this made available her Google account information and stored credit card details for use with in-app purchases, or the ability to purchase items like "Smurfberries", or "level-ups" in downloaded games. Her child likely didn't know that they were doing anything wrong but in a short period of time they had racked up a significant amount of extras that the mother had never intended or been given the opportunity to decline.
This all comes back to the ongoing trade-off between security and convenience that has plagued the online world for years. The mobile industry has done very little to change the security/privacy paradigm, in fact, they have replicated all of the challenges that have been faced by desktop and server computers for decades.
Secure Spaces takes a different approach. Secure Spaces creates separate Spaces on your device, like rooms in your house, to store apps and data separately. The apps and data in one Space cannot be accessed by the apps and data in another Space. The mother in this story could have created an Open Space on her device and placed the children's games into that Space and nothing else. The games would not have access to her Google account, her credit card information, or any other contacts, phone numbers, apps, passwords, or data that she maintains in another Space.
Thursday 20 February 2014
More, more, Facebook wants more of your data!
The following article: http://www.theregister.co.uk/2014/02/20/facebook_whatsapp_19bn_buy_also_45_for_your_phonebook/ explains the likely reason that Facebook has paid $19B to acquire WhatsApp (a contacts/chat app). Wait, Facebook already has a chat feature why spend so much on something that they already have. Or do they? Apparently, Facebook does not yet have all of your phone numbers or those of all your contacts and they want them. WhatsApp will give this to them by rifling through your address book.
Beneath the covers Facebook will replace their chat service, they'll post yet another policy update that few of us will read or try to understand, we'll simply press "ok" and continue to use Facebook. No they won't you say. Yeah, they already did change their policy last July making it acceptable to siphon your phone number off of your mobile device. This change will let them go through your entire address book.
Why do we mention this? Well, Secure Spaces is the ideal solution to this blatant affront to your privacy. With Secure Spaces you can place the nosey Facebook app into a "personal" Space that has nothing else in it, except maybe some other nosey apps. It will run perfectly well with access to an empty address book in that Space. Take back control of your personal data!
http://www.securespaces.com
Beneath the covers Facebook will replace their chat service, they'll post yet another policy update that few of us will read or try to understand, we'll simply press "ok" and continue to use Facebook. No they won't you say. Yeah, they already did change their policy last July making it acceptable to siphon your phone number off of your mobile device. This change will let them go through your entire address book.
Why do we mention this? Well, Secure Spaces is the ideal solution to this blatant affront to your privacy. With Secure Spaces you can place the nosey Facebook app into a "personal" Space that has nothing else in it, except maybe some other nosey apps. It will run perfectly well with access to an empty address book in that Space. Take back control of your personal data!
http://www.securespaces.com
Subscribe to:
Posts (Atom)