Will Stagefright kill Android?

stagefright
I’ve been a big fan of Android phones since day one. I went from using a Blackberry to an Android and never looked back. Of course with features and versatility comes risk. Over 950 million Android phones are out there being used every day. We store our phone numbers, e-mails, calendars, private notes and all kinds of other important data on our phones.

A security vulnerability that could hack, steal or even erase your data is a serious problem

So when a security vulnerability is found in the Android operating system that could hack, steal or even erase that data…that’s a serious problem. It’s called the Stagefright vulnerability (aka Heartbleed for Android).

It was found by Joshua Drake, a security researcher, back on April 9th. He reported it to Google and they released a fix shortly afterward to our wireless carriers. What can happen is a hacker sends you a multimedia message, or MMS, with a malicious code in it. Your phone automatically receives the message and interprets it without your permission. Bam you’re infected. What happens after that depends on what the hacker tells the code to do.

The question is, why haven’t we gotten this very important security fix yet? We haven’t received it, because our carriers are dragging their feet. The way the updates for Android work is like this; Google releases the update to the carriers, then they put the update into their own code and then release it to the public. Verizon, Sprint, T-mobile and all the other service providers from great to small have gotten this fix from Google, but as of today, not one has released it.

You would think that the security of 950 million customers would be a top priority
to these companies, but apparently not.

Maybe after few thousand angry letters they might listen. In the mean time, there are two options: Root your phone or simply change a setting.

Rooting your phone isn’t exactly easy and it comes with a risk. You are basically replacing the operating system of your phone. If you mess it up, you can ruin your phone. It voids your warranty to even try it. It’s definitely not for the non-tech savvy or the faint of heart, so for now, changing the setting is probably your best answer. Here’s how (UPDATE: If your phone has received the update to fix Stagefright you don’t need this. Check HERE to see if your phone is on the update list or install the Stagefright Detector app mentioned below to make sure):

How to turn off auto-receive for MMS:
1) Open your text messaging app on your Android phone.
2) Go to settings and find auto-receive MMS.
3) Turn it off.
4) Hit back to return to the app.

Here’s a quick tutorial if you need it:
http://www.greenbot.com/article/2954235/android/how-to-protect-yourself-from-the-stagefright-security-flaw.html

You can also try this one:
https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html

There is a minor inconvenience with turning this off. That is you will have to click a button to receive any attachment (pic, etc.) from a text. It will stop auto-receiving these attachments thus foiling any attempt to insert any malicious code to your phone without your knowledge. It is still possible to get infected if you click on an infected attachment, so be careful who you open attachments from. If you don’t know who they are, don’t open it. It’s basically the same rule for unrecognized e-mail attachments. When in doubt, leave it out!

If you have any questions regarding this or any other computer issue feel free to contact me via the Contact Us page or by e-mail. Safe (mobile) computing!

UPDATE: If you want to know if your specific phone is vulnerable there is a Stagefright detection app by Zimperium INC. Just go to the Play Store on your phone and search for “Stagefright detector app” or click the below link for more info.

https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector

Please note that the app DOES NOT fix Stagefright. Its only purpose is to tell you if you are vulnerable. The only way to fix it is by applying the update from your carrier when they release it. You can still greatly reduce your chances of infection by changing the MMS settings mentioned above. Cheers!

UPDATE 2: It looks like a few Android devices have been finally updated! Here’s a short list:

* T-Mobile Galaxy Note 4
* T-Mobile Galaxy S5
* AT&T Galaxy S6 & S6 Edge
* Verizon Note Edge and Note 4

If your device is on the list make sure you go to Settings>About device>Software update to get the update if you haven’t already.

UPDATE 3 : Here is a more up-to-date list of phones that have received the Stagefright fix so far:
http://www.androidcentral.com/list-devices-stagefright-patches

Is your cell phone safe?

7 tips on downloading mobile apps and increasing your phone’s security.cell phone security

It seems that almost everyone owns a smart phone. You can access the internet, e-mail, share files, play games and even print. All that information can be stored on your phone; does this mean we should be concerned about security? You bet.

Here are some ways to keep them out:

  1. You get what you don’t pay for.
    Most free apps you can download in the app store are sponsored in order to help pay for the app and its updates. Some use simple ads, while others gather information from your phone and sell it to marketers to pay the bills. Apps that you pay for are less likely to do this.
  2. Just say no to 3rd party apps.
    Some people have found ways around paying for apps by downloading them from websites. Stay away from this. Google and Apple both have security requirements in order to post an app in their stores. Websites don’t have these restrictions and the apps they offer may have been modified to include malicious code.
  3. Check the rating. Read the reviews.
    See what people are saying about the app. A good rating is not enough. Somebody may have noticed a problem with an app’s behavior and is trying to warn others.
  4. The less permissions, the better.
    You may notice when you are about to install an app that there are certain permissions that appear (iPhone users should check under Details before installing). Some apps need to access your phone’s account information, call history or the internet. Sometimes this is necessary for the app itself to function and other times it is not. Ask yourself if these permissions correspond with what the app is meant to do. The less permissions the app requires, the safer it is.
  5. Be careful when you update.
    Apps don’t always get better as they go. Sometimes the developer will release an update with bugs or the newer version may now have ads. Again, refer to the reviews to see who is unhappy about the newer version and why, before you decide to update.
  6. Install a mobile security app.
    If you are worried about the current state of your mobile device you can try installing a security app. ESET Mobile Security, 360 Mobile Security and BitDefender are among the best apps right now. They will allow you to scan for malicious apps, do a security check and some even help you recover a lost phone.
  7. Backup your data.
    Like the data on your computer, you should never keep it in only one place. Make sure you have a copy of your files, pics and music on your computer or a backup drive. If you’re not sure you can live without those files, back them up. Try Google Drive or Dropbox.

Still have questions or need help? Feel free to let me know at service@gocomputerace.com.

“Russian hackers steal over a billion passwords”

hacker

Recently in the news we heard about a group of Russian hackers who managed to steal 1.2 billion usernames and passwords. While we still don’t know what the hackers were planning to do with these passwords, there is one thing we can safely assume, it won’t be good.

What can we do?
Change your passwords right away. We should not give them time to use any of the information they have taken. Keep in mind there are some important guidelines to maintaining your security. Here are some tips on how to do so:

1)      Do not use old passwords. If you have used the password online in the past, chances are they already have it. Come up with a completely new password.

2)      Do not use common knowledge passwords. Using your son’s name and his birth date may sound like a great idea but it’s not. It’s commonly used and hackers may already have that information. Also avoid passwords that use your address or phone number.

3)      Add special characters to your password. Using an exclamation mark (!) or an asterisk (*) will make your password more difficult to hack or steal. You may also consider changing letters for numbers or special characters. For example; “P4$$w0Rd” would be a lot more secure than just “password”.

4)      Keep your new passwords in a safe place. Everyone’s biggest complaint about passwords is being able to keep track of them. Write your passwords down on a notepad and keep it hidden or locked away. You can also create an unshared (or offline) document on your phone. For example Notes on the iPhone or S Memo on Samsung phones. You can also try a password app on your phone. I recommend sticking with off-line apps that don’t talk to the internet or backup online. Try aWallet Password Manager for Droid phones.

Still have questions or need help? Feel free to let me know at service@gocomputerace.com. I also welcome any feedback about this blog.

Leaving XP

Leaving XPHello XP users,
I’m sure you’ve heard that Windows XP support has come to an end. As a result, your old XP system is more at risk with each passing day. You may still be very happy with XP or may feel like you have no choice but to stick with it due to some old software or a printer you have that only works with DOS or XP, so here are your options.

1)  Stay with XP:
This is definitely the riskiest option.  If you have to stick with your old software or hardware in order to keep working, it may be your only option. If that’s the case you should consider taking the computer off the internet to prevent any outside threats from getting in, or at the very least, limit your internet activity to a few, safe websites. By safe I mean websites you are familiar with and have decent security. No social, file download or email sites. The fewer the websites, the better.
Remember, this is not the best option. You should take immediate steps to transition away from whatever is keeping you on XP. Disaster may not strike right away, but it can and probably will.

2)  Try to upgrade to Windows 7:
This is something I don’t usually recommend for older PCs. It can cost several hundred dollars and in the end, doesn’t usually perform as well as a machine that was designed for newer operating systems. For a little more, you can buy a new Windows 7 or 8 machine that will perform much better.

3)  Buy a new computer:
Buying a new computer is a good option and is not terribly expensive, especially if all your software runs on Windows 7 or 8. If your software doesn’t work with newer versions of Windows you still have options. Something you can try is compatibility mode which allows older software to work on a newer version of Windows.
More work does goes into purchasing a new computer because it takes time to transfer all your files and install your programs on the new machine. However, I think this is still the best option.

About Windows 8:
Don’t let Windows 8 keep you from buying a new machine. Yes, a lot of people don’t like the interface but it can be dealt with, even changed. There are ways to make Windows 8 look and function just like Windows 7 or even XP. You can also special order a computer with Windows 7. Contact me if you have questions about this.

How do I know what version of Windows I’m using?
Simply right-click on my computer and select Properties from the menu. Under the General tab you should see info about your computer including what version of Windows you are using.

If you feel like you are stuck with XP, don’t worry. You do have options. Give me a call and we can take a closer look at your options.

Keys to Protecting Your Network From Cyber-Attacks

More than half of businesses across the world lack the ability to detect security breaches to their networks within a short period of time. Just think about how much valuable information can be lost, tampered with or stolen in just a matter of minutes? With current technology, there is no need to take the risk of a cyber attack. Data center monitoring is quickly becoming the top priority for businesses all over the world. But what does it take to achieve 100% visibility for ultimate data center security? APCON explores this topic in the following infographic.

[Click image for full size version]

Keys to Protecting Your Network From Cyber-Attacks

Java Updates

Today I would like to talk about the importance of Java updates.

What is Java?

Java is a programming language commonly used in webpages and certain applications that add advanced functionality. More on Java here: http://www.java.com/en/download/faq/whatis_java.xml

Why is updating Java important?

In a word; security. Any program that adds online functionality to a website can pose a security threat. Spyware programmers can deploy these functions in malicious ways to gain control over your computer, lock you out or gain access to valuable information.
A recent article released by CNET talks more about it:
http://news.cnet.com/8301-1009_3-57563951-83/homeland-security-still-advises-disabling-java-even-after-update/
I personally don’t advise disabling Java. It can cause problems in applications. I do however support the idea of keeping it up to date.

How do I update Java?

Java should check for updates every so often on it’s own. The key word there is “should”. Sometimes the update feature stops working for some reason or because people don’t know what Java is, they will simply ignore the notices to update.
If you want to update Java manually you can follow the steps in the instructions linked below:
http://www.java.com/en/download/help/java_update.xml
Scroll down to the “Java Update Options” section.

I also update Java whenever I do regular maintenance on a computer, a part of every service. So if you’ve had service recently, you’re good. Just keep updating it whenever it prompts you.

NOTE!! Sometimes Java will offer to install additional software along with the update. This is entirely up to you but it will be selected by default so keep an eye out for the option. You may not want what is being offered.