Search This Blog

Friday, June 16, 2017

Samsung smartphones vulnerable to hacking

Millions of Samsung smartphones vulnerable to hacking, claims researcher: Company denies

NEW DELHI: Despite being among the world’s leading technology companies, it seems that Samsung hasn’t done enough to secure its smartphones against hackers.

According to a report by a security researcher, the company has failed to review the domain of an app that comes pre-installed on Samsung devices.

6 tips to protect yourself from becoming a ransomware victim.
    1. This weekend’s global online extortion attack reinforces the need for businesses and other large organizations to update their computer operating systems and security software, cybersecurity experts said. The attack largely infected networks that used out-of-date software, such as Windows XP, which Microsoft no longer offers technical support for. “There’s some truth to the idea that people are always going to hack themselves,” said Dan Wire, a spokesman for security firm FireEye. “You’ve got to keep your systems updated.” The attack that authorities say swept 150 countries this weekend is part of a growing problem of “ransomware” scams, in which people find themselves locked out of their files and presented with a demand to pay hackers to restore their access. Hackers bait users to click on infected email links, open infected attachments or take advantage of outdated and vulnerable systems.
      This weekend’s virus was particularly virulent, because it could spread to all other computers on a network even if just one user clicked a bad link or attachment. Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, says many organizations don’t install security upgrades because they’re worried about triggering bugs, or they can’t afford the downtime. Here are five tips to make yourself a less-likely victim.
    2. Once your files are encrypted, your options are limited. Recovery from backups is one of them. “Unfortunately, most people don’t have them,” Abrams says. Backups often are also out of date and missing critical information. With this attack, Abrams recommends trying to recover the “shadow volume” copies some versions of Windows have. Some ransomware does also sometimes targets backup files, though. You should make multiple backups — to cloud services and using physical disk drives, at regular and frequent intervals. It’s a good idea to back up files to a drive that remains entirely disconnected from your network.
    3. The latest ransomware was successful because of a confluence of factors. Those include a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and malware designed to spread quickly once inside university, business and government networks. Updating software will take care of some vulnerability. “Hopefully people are learning how important it is to apply these patches,” said Darien Huss, a senior security research engineer for cybersecurity firm Proofpoint, who helped stem the reach of the weekend attack. “I hope that if another attack occurs, the damage will be a lot less.” The virus targeted computers using Windows XP, as well as Windows 7 and 8, all of which Microsoft stopped servicing years ago. Yet in an unusual step, they released a patch for those older systems because of the magnitude of the outbreak. “There’s a lot of older Windows products out there that are ‘end of life’ and nobody’s bothered to take them out of service,” said Cynthia Larose, a cybersecurity expert at the law firm of Mintz Levin.
    4. Using antivirus software will at least protect you from the most basic, well-known viruses by scanning your system against the known fingerprints of these pests. Low-end criminals take advantage of less-savvy users with such known viruses, even though malware is constantly changing and antivirus is frequently days behind detecting it.
    5. Basic protocol such as stressing that workers shouldn’t click on questionable links or open suspicious attachments can save headaches. System administrators should ensure that employees don’t have unnecessary access to parts of the network that aren’t critical to their work. This helps limit the spread of ransomware if hackers do get into your system.
    6. Some organizations disconnect computers as a precautionary measure. Shutting down a network can prevent the continued encryption — and possible loss — of more files. Hackers will sometimes encourage you to keep your computer on and linked to the network, but don’t be fooled. If you’re facing a ransom demand and locked out of your files, law enforcement and cybersecurity experts discourage paying ransoms because it gives incentives to hackers and pays for their future attacks. There’s also no guarantee all files will be restored. Many organizations without updated backups may decide that regaining access to critical files, such as customer data, and avoiding public embarrassment is worth the cost. Ryan O’Leary, vice president of WhiteHat Security’s threat research center, points out that this weekend’s hackers weren’t asking for much, usually about $300. “If there is a silver lining to it, you’re not out a million dollars,” he said. Still, “My answer is, never pay the ransom,” Abrams said. “But at the same time, I also know that if you’re someone who’s been affected and you’ve lost all your children’s photographs or you’ve lost all your data or you lost your thesis, sometimes $300 is worth it, you know?”

According to a report by a security researcher, the company has failed to review the domain of an app that comes pre-installed on Samsung devices.


Chief technology officer at Anubis Labs, Joao Gouveia told Motherboard website in an interview that there a huge possibility for hackers to compromise millions of devices as Samsung has forgotten to renew the domain, which was used to control the stock app installed on its devices.

It’s worth mentioning that Samsung smartphones launched in 2014 came with a pre-installed app called S Suggest. The main task of the app was to suggest apps to the users on the basis of their pre-installed apps. However, the South Korean manufacturer discontinued the app in 2014 and left the domain to expire, not renewing it.

As the app’s domain expired, the security researcher was able to control it. This means that hackers can also use the domain to compromise millions of Samsung smartphones out there.
Gouveia told Motherboard website that in the time span of 24 hours, he discovered that there were 20 million connections from around 2.1 million devices, which attempted to revive the content from the domain. This entire scenario highlights that numerous millions of devices were left vulnerable to the hackers.

Nevertheless, Samsung has rejected all these claims and also released an official statement for the same. The company said, “The access to the domain does not allow you to install malicious apps, it does not allow you to take control of users’ phones.”

Back in April this year, Samsung faced a similar situation when a security researcher revealed that its Tizen operating system is not as secure as thought.

Speaking to Motherboard website, an Israeli researcher named Amihai Neiderman revealed that Samsung’s Tizen OS has the worst code he has ever seen.

Source:
Indirabali

Tech, Technology, tech, apple, windows, electronics, design, mobile, first, speed, up, nine, project, macbookair, sublime, bootstrap, html5, css3, javascript, responsive, design, branding, logo, brand, graphic, desain, illustration, typography, love, artwork, graphics, computer, indirabali