Mobile Apps Failing Security Tests

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

6WYou may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

  • Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
  • Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
  • Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
  • Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

5 ways to Protect Privacy on Mobile Devices

Privacy advocates are working to prevent the worst and most extreme outcomes of personal data collection. They know that without checks and balances—without consumers knowing their rights and actively protecting their own privacy and personal data—that data could be used unethically.

Privacy is your right. But in our digital, interconnected world, privacy only really consists of what you say and do within your own home, legally, with the shades pulled down. It’s that part of life that is shared between you and your loved ones and which is not communicated, recorded, broadcast or reproduced on the internet or any public forum in any way. Beyond that, especially when taking advantage of various online resources, be sure that you know what it is you’re agreeing to and take precautions to protect yourself.

In addition to reading “terms and conditions” and the privacy policies of apps and websites, now is a good time to check your privacy settings on social networking sites and other sites you already use. Don’t share by default; share by choice. Ensure you have a strong password and be aware of where and with whom you are sharing your personal data.

In addition, turn off features on your device that expose your device and may share information about you, such as location, GPS and Bluetooth. When you want to use these features, you can always turn them on temporarily.

  1. Install the latest antivirus software on your devices. Antivirus software is a must-have utility to protect your computer from viruses, spyware, Trojans and worms. These malicious programs are designed to invade your privacy and steal your personal data. As such, it’s critical for you to protect your devices with the latest antivirus program(s).
  2. Use a personal virtual private network (VPN). While antivirus programs do a good job of protecting your computer, it doesn’t secure your browsing session or your internet communications. A VPN is a perfect complement to an antivirus program. VPN services such as Hotspot Shield VPN protect your privacy online and secure your web sessions by creating a secure “tunnel” on the internet between the VPN server and your device. Hotspot Shield is available for iPhone/iPad and Android devices
  3. Use strong passwords. Most people tend to use their names, birthdates, driver’s license numbers or phone numbers to create passwords. The most common password, believe it or not, is the word “password.”
  4. Be careful what you share on social networking sites. Social networking sites such as Facebook have very vague and complicated privacy policies. In fact, their business models are based on trading, sharing or selling your private data to advertisers and marketers.
  5. Delete or clear the tracking cookies. Tracking cookies are small pieces of code that websites attach to your computer to store information about your online activities.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

How the Proliferation of Mobile Devices is Impacting Consumer Security

Mobile technology is the new frontier for fraudsters.

Most of us don’t protect our smartphones or tablets—and the private information they contain—anywhere near as well as we do our wallets and PCs (even though most us would rather lose our wallets vs. our smartphones). Even the simple safeguard of a four-digit password is too much work for 62% of smartphone users, and 32% of users save their login information on their device.* It’s a simple formula for crime: no password + instant access to online accounts = fraud, identity theft and privacy loss. Maybe that’s why mobile phones were targeted in more than 40% of all robberies in New York City and 38% of all robberies in Washington, D.C. last year.**

Even without getting their hands on your device, hackers can get into and remotely control almost any mobile device, and it is frighteningly easy. Malicious software can be disguised as a picture or audio clip. When you click a link or open an attachment, malware installs on your device. Unlike early PC malware, it doesn’t ask your permission, and your device is figuratively in their hands.

How are mobile devices changing the game?

Criminals know that your mobile device is an indispensable extension of your life. Your smartphone or tablet stores some of your most private conversations and confidential information. It is your phonebook, email account, family photo album, social media connection and even your wallet, all rolled into one device. Chances are, if you own a smartphone, it is connected to your money or financial accounts in some way. For many, it’s like your right hand (or, in my case, left hand).

That smartphone is always on and always with you—connecting you to, creating, and storing important and often confidential information. That information has value to other people. Just like on your PC, software can track and record social network activities, online search behavior, chats, instant messages, emails, websites, keystrokes and program usage. It can also record bank account numbers, passwords, answers to security questions, text messages, GPS locations and more.

While it builds on the experiences of the PC, the mobile game is different. It’s more sophisticated because there is more information, and it is more fast-paced and dynamic. Things change, and they aren’t what they appear to be. You need to get out some new tools and learn some new tricks to win this one.

Protecting your devices is essential to protecting your identity. But no longer is it enough to just protect your PC with antivirus; you need to protect all your devices. Invest in a comprehensive security solution like McAfee LiveSafe™ service that includes antivirus but also protects the identity and data of you and your kids on ALL your devices.

* Javelin Strategy and Research, “Identity Fraud Rose 13 Percent in 2011 According to New Javelin Strategy & Research Report”


Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Securing Your Mobile in Public Places

What would cause you more grief: your wallet being lost or stolen, or your mobile phone? I’ve read studies that showed that more people would be at a loss without their mobile device. This makes sense for a number of reasons. Your wallet itself might cost 20 bucks and the cards and IDs are free to under $50 to replace. If you have cash, well, that’s a direct loss.

But a mobile phone can cost as much as of $800 and has all your contacts and, in many cases, personal information and access to all your critical accounts such as banking and social media.

Bad guys are everywhere, and they are targeting your mobile devices to turn the information on them into cash and resell the hardware to the highest bidder.

Keep your device close

Criminals look for devices sitting on counters and tables in coffee shops, on park benches, on car consoles, sticking out of a pocket or purse, and they even steal them right from your hands as the phone is to your ear. Keep your mobile as discreet as possible and use an earbud when talking.

Lock it down with a password

Its simply irresponsible for anyone to not password protect his or her mobile devices. Thousands of devices are lost or stolen every day, and if the device isn’t password protected, then all the contacts, information and open apps can be taken over.

Use lock/locate/wipe software

Some operating systems come with software that, when the device is lost or stolen, the user can remotely lock the device, locate it with GPS and even wipe the data. There are also third-party programs that do the same thing and are often bundled with antivirus.

Install mobile security software

There was a day when PCs didn’t need antivirus; now there are millions of viruses targeting PCs. Mobile devices didn’t need antivirus either, but today there are thousands of viruses targeting mobiles.

Use a private VPN

Logging into public WiFi without any encryption puts all your information at risk. Install a wireless VPN such as Hotspot Shield. Hotspot Shield VPN is a great option that protects your entire web surfing session, securing your connection on both your home internet network and on public internet networks (both wired and wireless). Hotspot Shield’s internet security solution protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS—the protected internet protocol.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

How do I protect mobile devices while traveling?

Traveling for business or pleasure can be hectic, unnerving, and often draining. It’s not uncommon to hear somebody say, “I need a vacation”, after returning from their vacation. When traveling, the last thing you need to worry about is having your critical possessions ripped off.  So here are some things to consider:

Airplanes: Always keep your mobile device with you when you go to the bathroom or stretch your legs. Clip it to your belt or slip it into a pocket when you are napping. Never put it in the overhead compartment!

Rental Cars: My wife traveled to Spain, got off the plane, rented a car, and drove off the lot. At the first stop sign, a man knocked on her passenger window and pointed, saying, “tire, tire.” She put the car in park and walked over to the passenger side. The tire was fine and the man was gone. When she got back in the car, she discovered her purse had disappeared from the front seat. Her mobile phone, driver’s license, passport, cash, and credit cards were all gone. Keep your eyes open for scams and keep your device clipped to you at all times!

Hotel Rooms: Hotel rooms are never secure. I was recently traveling and entered my hotel room to find somebody else’s stuff, including their mobile, laid out on the dresser and bed. This has happened to me dozens of times. Sometimes the clerk assigns the same room to two people, or the keys work in multiple rooms.And ,of course, everyone on the staff has access.  It’s important to never, ever leave anything of value in your room, always engage the security lock on the door when inside, and take your mobile into the bathroom with you. If you go to the fitness center or restaurant, take your mobile with you or put it with other valuables in the safe (and don’t use a combination that’s easy to guess, like “1234”)!

Public Wi-Fi: Mobile devices are more secure on your carrier’s network than a Wi-Fi connection. But if you have to use Wi-Fi, consider using a personal VPN to tunnel through the public Wi-Fi and encrypt your connection. Cover all your bases by installing Hotspot Shield VPN. A free, ad-supported program, Hotspot Shield protects your entire web surfing session by securing your connection, no matter what kind of wireless you are using—whether you’re at home or in public, using wired or wireless Internet. Hotspot Shield does this by ensuring that all web transactions are secured through HTTPS. It also offers an iPhone and Android version.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What are My Risks with My Mobile Device?

Mobile technology is the new frontier for fraudsters. Today, there are more wireless devices than American people. Mobile devices connect to the Internet and have much of the same information and capability as a personal computer.

Your device and the private data it holds are very, very attractive to thieves. Yet, most of us don’t protect our smartphones or tablets—and the private information they contain—anywhere near as well as we do our wallets and PCs.

We make life easy for them. The places and ways that we use smartphones and tablets offer new chances for criminals to catch us off our guards—in the coffee shop, on the train, while shopping. When we are using our mobile devices, we usually have other things happening around us as well as on the device. We are easily distracted. And we want what we want now. Click to download. Click to view. Click to get a free app. Few of us take the time to “think before we click.”

We store passwords, bank account information, photos, and all our contacts on these devices so we can be even more fast and efficient as we live our mobile lives. That’s why 51% of us would rather lose our wallets than our mobile phones.

Some of the things you can expose yourself to if you don’t protect your mobile device include:

Financial fraud: Someone takes over your bank account, extracts money, or sets up a premium text scam where you pay for messages you don’t want.

Identity theft: By having information about you, someone can pretend to be you and sign up for credit cards, identity papers—even buy a car. It can take years to recover your good name.

Privacy loss: Someone gets information about you that you don’t want out there, including social network activities, GPS location, searches, texts, instant messages, downloads and app usage. This information could be just embarrassing—or it could cost you a friendship, a job, your credit rating or a chance for college.

Losing your device: In addition to having to buy a new device (unsubsidized by the operator), you can give a thief the information needed for the fraud, identity theft and privacy loss mentioned above.

To ensure that you protect your smartphone and tablet you should:

Don’t click on links in texts or emails, since these links may actually point toward malicious downloads

Keep your device with you, don’t let it out of your sight and don’t share it with others.

Make sure to have a pass code on your device and set it to auto-lock after a certain period of time

Before downloading any app, check other users’ reviews to see if it is safe, and read the app’s privacy policy to make sure that it is not sharing your personal information

Carefully review your mobile phone bills for any anomalies

Use comprehensive mobile security that include anti-theft, antivirus and web protection like McAfee Mobile Security or McAfee All Access

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Why are Cybercriminals Moving from PCs to Mobile Devices?

The number of households in the United States that rely solely on mobile phones continues to increase. As of July 2011, 31% of households had mobile phones and no landlines. Additionally, almost one in six households used mobile phones exclusively or almost exclusively, despite still having a landline.

This is the first time that adults (of any age range) have been more likely to go without landlines. Most likely, in one to two decades, the landline will be as obsolete as the rotary phone is today.

With almost half a billion smartphones shipped, sales of smartphones in 2011 outnumbered sales of all PCs. Tablets are counted as PCs, but they run Google Android and Apple iOS software just like smartphones do. If you add together smartphone and tablet sales, it’s clear the mobile device market is much larger than the traditional PC market.

The growth in sales volume of both smartphones and tablets creates a huge audience for mobile device software developers, both commercial and criminal. And since cybercriminals go where the numbers are, they are moving their attacks to mobile devices.

Whenever there’s a major transition in technology, the uncertainty and newness create a perfect opportunity for scammers to launch attacks. Hackers and other criminals are seizing the opportunity, creating swindles, malicious apps and viruses that suit their criminal purposes. And there’s no reason to expect them to stop before some other technology nudges aside mobile in popularity.

There are approximately 40,000 viruses targeting the Android operating system today. In Android’s young life, that’s astounding compared to a similar lifespan dating back to when Microsoft Windows was first launched.

So you need to make sure you protect yourself, because for most of us, our mobile devices are our most personal computers. Here are some things you should do to protect yourself:

Use a PIN to lock your device and set it to auto-lock after a certain period of time

Only download apps from reputable app stores, and review the app permissions to make sure you’re comfortable with what information on your device the app can access

Don’t store sensitive information on your phone like user names and passwords

If you use online banking and shopping sites, always log out and don’t select the “remember me” function and don’t access these site when using free Wi-Fi connections

Regularly review your mobile statements to check for any suspicious charges. If you do see charges you have not made, contact your service provider immediately.

Never respond to text or voicemail with personal information like credit card numbers or passwords

Never click on a link in an email, social networking site or message from someone you do not know

Use mobile devices security like McAfee Mobile Security, or McAfee All Access which protects all your devices

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

More Than 30% of People Don’t Password Protect Their Mobile Devices

Are you guilty as charged?

Whenever I bring this up in a group setting, it astonishes me how many people raise their hands. I wonder if they realize that they are putting all the personal information contained on their mobile device at risk. The unfortunate reality is that everyone loses things, and our devices can get stolen. And when that happens to your smartphone or tablet, it can be devastating.

Many of us use upwards of ten apps on our devices during a typical week. The majority of these apps are logged into our most critical accounts including email, text, banking, social media, payment apps and others that are linked to our credit cards. And because mobile app developers know that we are more apt to use their programs if they are easy to access and convenient to use, a lot of apps are programmed to automatically keep you logged in for days, weeks, months, or until you manually revoke access.

If your devices are not password protected and are then lost or stolen, your accounts are 100% accessible to whoever has control of your device. This is bad—and yet, 36% of us still do not use password protection!

According to a recent global survey by McAfee and One Poll, consumers seem largely unconcerned about keeping data on their mobile devices safe. For example, only one in five respondents have backed up the data on their smartphone and tablet, and more than one in ten (15%) save password information on their phone. This means that if their phone falls into the wrong hands, they risk opening up all sorts of personal information such as bank details and online logins to whoever finds the device.

Setting up a password or PIN is no guarantee that data will stay safe, and over half (55%) of all respondents admitted that they have shared these details with others, including their kids.

What’s particularly interesting is that men and women also behave differently with their mobile devices, not only in terms of how much risk they are willing to take, but also in terms of what they value.

Here are a few steps to make sure you and your mobile devices stay protected:

Password protect all your devices (and don’t use easy ones like 1234 or 1111)

Never use the “remember me” function on your apps or mobile web browser, and take care to log out of your accounts

Consider not sharing your PIN/password—this might be a tough one, but in the long run it will save you from possible heartacheUse a mobile security product like McAfee Mobile Security (and also McAfee All Access), that has not only anti-malware, but web protection and app protection. With app protection, not only are you warned if your apps are accessing information on your mobile that they shouldn’t, but in the event that someone does unlock your device, you can ensure your personal information remains personal by locking some or all of your apps

Stay educated on the latest ways to protect your mobile device. For a fun quiz to help you learn about mobile security, visit the McAfee Facebook page. Play the Mobile Mythbusters quiz and get a chance to win a Galaxy Tablet or Kindle Fire!

And if you’re at Mobile World Congress, stop by and see McAfee in Hall 3, Stand C34. If you show our team in the red shirts that you’ve liked them on Facebook or followed them on Twitter, you’ll get a prize!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!Disclosures.

How BYOD is Driving Innovation

One fourth of all global information workers use their own devices at home and at work for work purposes. A recent survey report, commissioned by Unisys and conducted by Forrester Consulting, involved 2,600 IT workers and 590 business and their IT executives.

CIO Insight points out that these are the “mobile elite,” a class of professionals who overwhelmingly opt to use their own tools because they claim these devices and applications make them far more productive than products supported and distributed by their companies’ IT departments.

Mobile-elite professionals appear to maintain a decided edge when it comes to client service and innovation. And they are also likely to take the initiative when it comes to sparking organizational change and introducing new technologies.

A recent Deloitte study highlights many common business and technology innovations being explored:

  • Improving time to market, customer satisfaction levels and sales
  • Improving infrastructure and data security, and reducing risk of incident or loss
  • Potentially reducing costs associated with hardware, monthly service fees, provisioning and ongoing support

A recent IDG report disseminated by DronaMobile enumerates the benefits of permitting employees to use their own tools.

Employees allowed to choose their own devices are happier and more satisfied in their work. With the added flexibility of choosing the applications and cloud services to use, employees get the leeway to be innovative. As smartphones and tablets blur the line between personal and work hours, employees pursue ideas at their own pace, time and location. Without the pressure of conforming to office hours and working on office equipment alone, workers are observed to be more productive, efficient, creative and appreciative of this privilege.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

US Teens Are Up to No Good Online Compared to European Teens – McAfee Study Reveals

Teens are spending more and more time online these days and while the Internet offers a variety of benefits it can also serve as a dangerous space –and not just in America. According to McAfee’s Exploring the Digital Divide study that examines teen online behavior, teens oversees and in the US are continually finding ways to hide their online activity from their parents and are vulnerable to committing such acts as cheating and cyber bullying.

Specifically, the study has uncovered that US teens access inappropriate content online, cheat using their mobile devices, and know how to hide what they do from their parents online more than teens do in European countries including the UK, Spain, the Netherlands, Italy, Germany, and France.

Key Findings from the Study include:

Nude Images and Pornography:

32% of US teens admit to intentionally searching for nude images or pornography online when asked.

25% of UK teens, 29.5% of Spanish teens, 24.5% of Dutch teens, 23.5% of Italian teens, 27% of German teens and 11.5% of French teens confess that they actively seek out sexual content online.

Cheating on Mobile Devices:

16% of US teens admitted to cheating on a test using a mobile phone when asked.

3% of UK teens, 9.5% of Spanish and Dutch teens, 13% of Italian teens, 14.5% of German teens and 3.5% of French teens have also admitted to cheating using their mobile devices.

Knowing How to Hide Online Activity from their Parents:

33% of US teens strongly agree that they know how to hide their online activity from their parents.

27% of UK teens, 28.5% of Spanish teens, 24% of Dutch and Italian teens, 28.5% of German teens, and 21% of French teens also strongly agree that they are confident in hiding their online behavior from their parents.

Cyber Bullying:

Cyber bullying is more consistent both oversees and in the US.

Teens that have bulliedonline:

US: 9%

UK: 4.5%

Spain: 2.5%

Netherlands: 9.5%

Italy: 9%

Germany: 6%

France: 4%

Teens that witnessed cruel behavior online and joined in on the mean behavior:

US: 6%

UK: 10%

Spain: 3.8%

Netherlands: 7.4%

Italy: 3.4%

Germany: 6%

France: 2.3%

Much of this should come as no surprise, but some of it is alarming. Parents, you must stay in-the-know. Since your teens have grown up in an online world, they may be more online savvy than their parents, but you can’t give up. You must challenge yourselves to become familiar with the complexities of the teen online universe and stay educated on the various devices your teens are using to go online.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)