HOW TO prevent your Android phone from being compromised
In a recent Google Security Blog post titled "Tizi: Detecting and blocking socially engineered spyware on Android", chilling details of how a spyware on Android phones was identified and contained, were candidly disclosed. While the Security team's efforts are to be appreciated, to me it highlighted how constantly vulnerable the info on our phones is.
Excerpts from that article (emphasis mine) -
Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications. The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities. The team used this app to find more applications in the Tizi family, the oldest of which is from October 2015. The Tizi app developer also created a website and used social media to encourage more app installs from Google Play and third-party websites.
After gaining root, Tizi steals sensitive data from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram. It usually first contacts its command-and-control servers by sending an SMS with the device's GPS coordinates to a specific number. Subsequent command-and-control communications are normally performed over regular HTTPS, though in some specific versions, Tizi uses the MQTT messaging protocol with a custom server. The backdoor contains various capabilities common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps. Tizi apps can also record ambient audio and take pictures without displaying the image on the device's screen.
To reduce the chance of your device being affected by PHAs (Potentially Harmful Apps) and other threats, Google recommends these 5 basic steps:
* Check permissions: Be cautious with apps that request unreasonable permissions. For example, a flashlight app shouldn't need access to send SMS messages.
The onus is on the user to know about all phone permissions! An Android permission called “Activity Recognition” makes it much easier for developers to work out what you’re doing at any one time. Shazam and SoundHound request the permission, but it isn’t completely clear why.
* Enable a secure lock screen: Pick a PIN, pattern, or password that is easy for you to remember and hard for others to guess.
* Update your device: Keep your device up-to-date with the latest security patches. Tizi exploited older and publicly known security vulnerabilities, so devices that have up-to-date security patches are less exposed to this kind of attack.
* Google Play Protect: Ensure Google Play Protect is enabled.
* Locate your device: Practice finding your device, because you are far more likely to lose your device than install a PHA.
On the same day that I read the Google Security Blog post, I ran into a HBR.org article Hackers Are Targeting Your Mobile Phone. Here Are 15 Ways to Slow Them Down which suggests 15 "simple" steps that will make you a harder target. Couple of the options involve some cost -
* Consider installing security software on your phone — but only approved and well-known software (which usually is not free).
* Install privacy screens for your devices. (These are tinted screen protectors that prevent bystanders from seeing what’s on your screen.)
Talk about simple!
Excerpts from that article (emphasis mine) -
Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications. The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities. The team used this app to find more applications in the Tizi family, the oldest of which is from October 2015. The Tizi app developer also created a website and used social media to encourage more app installs from Google Play and third-party websites.
After gaining root, Tizi steals sensitive data from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram. It usually first contacts its command-and-control servers by sending an SMS with the device's GPS coordinates to a specific number. Subsequent command-and-control communications are normally performed over regular HTTPS, though in some specific versions, Tizi uses the MQTT messaging protocol with a custom server. The backdoor contains various capabilities common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps. Tizi apps can also record ambient audio and take pictures without displaying the image on the device's screen.
To reduce the chance of your device being affected by PHAs (Potentially Harmful Apps) and other threats, Google recommends these 5 basic steps:
* Check permissions: Be cautious with apps that request unreasonable permissions. For example, a flashlight app shouldn't need access to send SMS messages.
The onus is on the user to know about all phone permissions! An Android permission called “Activity Recognition” makes it much easier for developers to work out what you’re doing at any one time. Shazam and SoundHound request the permission, but it isn’t completely clear why.
* Enable a secure lock screen: Pick a PIN, pattern, or password that is easy for you to remember and hard for others to guess.
* Update your device: Keep your device up-to-date with the latest security patches. Tizi exploited older and publicly known security vulnerabilities, so devices that have up-to-date security patches are less exposed to this kind of attack.
* Google Play Protect: Ensure Google Play Protect is enabled.
* Locate your device: Practice finding your device, because you are far more likely to lose your device than install a PHA.
On the same day that I read the Google Security Blog post, I ran into a HBR.org article Hackers Are Targeting Your Mobile Phone. Here Are 15 Ways to Slow Them Down which suggests 15 "simple" steps that will make you a harder target. Couple of the options involve some cost -
* Consider installing security software on your phone — but only approved and well-known software (which usually is not free).
* Install privacy screens for your devices. (These are tinted screen protectors that prevent bystanders from seeing what’s on your screen.)
Talk about simple!
Comments
Post a Comment