Showing posts with label Bruce Schneier. Show all posts
Showing posts with label Bruce Schneier. Show all posts

Friday, December 16, 2011

Spyware Android Carrier IQ

Author: Originative | Posted at: 5:22 AM | Filed Under: , , |
Spyware on many smart phones monitors your every action, including collecting individual keystrokes. The company that makes and runs this software on behalf of different carriers, Carrier IQ, freaked when a security researcher outed them. It initially claimed it didn't monitor keystrokes -- an easily refuted lie -- and threatened to sue the researcher. It took EFF getting involved to get the company to back down.

Carrier IQ is reacting really badly here. Threatening the researcher was a panic reaction, but I think it's still clinging to the notion that it can keep the details of what it does secret, or hide behind marketing statements and hair-splitting denials.

Several things matter here:

  1. what data the Carrier IQ app collects on the handset 
  2. what data the Carrier IQ app routinely transmits to the carriers 
  3. what data can the Carrier IQ app transmit to the carrier if asked.

Can the carrier enable the logging of everything in response to a request from the FBI? We have no idea.

Expect this story to unfold considerably in the coming weeks. Everyone is pointing fingers of blame at everyone else, and Sen. Franken has asked the various companies involved for details.

One more detail is worth mentioning. Apple announced it no longer uses Carrier IQ in iOS5. I'm sure this means that they have their own surveillance software running, not that they're no longer conducting surveillance on their users.


By Bruce Schneier
Continue Reading...

Thursday, December 15, 2011

Smartphone Malware Threats

Author: Originative | Posted at: 10:51 AM | Filed Under: , , |
Two articles of note here. The first is about the prevalence of malware on Android phones. I'm not surprised by this at all. The Android platform is where the malware action is. I believe that smart phones are going to become the primary platform of attack for cybercriminals in the coming years. As the phones become more integrated into people's lives -- smart phone banking, electronic wallets -- they're simply going to become the most valuable device for criminals to go after. And I don't believe the iPhone will be more secure because of Apple's rigid policies for the app store.

The second article is a good debunking of the first article. The author is right. Malware on portable devices isn't going to look or act the same way as malware on traditional computers. It isn't going to spread from phone to phone. I'm more worried about Trojans, either on legitimate or illegitimate apps, malware embedded in webpages, fake updates, and so on. A lot of this will involve social engineering the user, but I don't see that as much of a problem.

But I do see mobile devices as the new target of choice. And I worry much more about privacy violations. Your phone knows your location. Your phone knows who you talk to and -- with a recorder -- what you say. And when your phone becomes your digital wallet, your phone is going to know a lot more intimate things about you. All of this will be useful to both criminals and marketers, and we're going to see all sorts of illegal and quasi-legal ways both of those groups will go after that information.

And securing those devices is going to be hard, because we don't have the same low-level access to these devices we have with computers.
Anti-virus companies are using FUD to sell their products, but there are real risks here. And the time to start figuring out how to solve them is now.

Article 1
Article 2

By Bruce Schneier
Continue Reading...
Subscribe to: Posts (Atom)
 

Blog Info

A Pakistani Website by Originative Systems

Total Pageviews

Tutorial Jinni Copyright © 2015 WoodMag is Modified by Originative Systems