Twenty-Five New Malicious Apps on Android; 30,000 to 120,000 Users Affected

May 31, 2011

Criminal interest in Google’s Android platform appears to be increasing. In March Google had to remove more than 50 malicious mobile apps from their Android Market for exploiting as many as 250,000 consumers information and downloading malware known as Droid Dream (see my blog More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware for more on that outbreak).

Now security experts from Lookout Security, have identified 25 new malicious applications in the Android Market (since removed) that have potentially damaged somewhere between 30k-120k users. This is a variant on the original malware launched in March, and Lookout believes it has been launched by the same malware developers according to a news article in Forbes.

Droid users beware

This won’t be the last outbreak on Android Apps for two reasons; money, and ease of inclusion.

With Android enjoying 53% of the mobile market the revenue potential for criminals is huge.  Add to this the awareness that Google does less than other mobile platforms to test products offered through their market place, and you’ve got a scenario ripe for exploitation. Android users who aren’t careful about what they download now have a red target on their backs.

In this outbreak, legitimate applications were copied, had malware inserted, and then posted to the Android marketplace so it is critical that if you’ve downloaded one of the apps listed below that you check who is listed as the developer. According to the Forbes article, if the developer listed is Magic Photo Studio, Mango Studio, E.T. Tean, or BeeGoo you phone may be infected:

  • Sexy Girls: Hot Japanese
  • Sexy Legs
  • HOT Girls 4
  • Beauty Breasts
  • Sex Sound
  • Sex Sound: Japanese
  • HOT Girls 1
  • HOT Girls 2
  • HOT Girls 3
  • Floating Image Free
  • System Monitor
  • Super StopWatch and Timer
  • System Info Manager
  • Call End Vibrate
  • Quick Photo Grid
  • Delete Contacts
  • Quick Uninstaller
  • Contact Master
  • Brightness Settings
  • Volume Manager
  • Super Photo Enhance
  • Super Color Flashlight
  • Paint Master

Defend Your Phone!

Users need to stay vigilant by always checking to see who has developed an app and what their reputation is. Look at reviews they’ve received and only download apps from sources that have a strong history and trust rating.

Lookout Security also recommends that you check the permissions the app is requesting, be aware of any unusual behavior on your phone and install a mobile security app.

To see a listing of top mobile security products, and gain a deeper understanding of mobile malware risks, see my blog It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011.



Talking and Browsing on Phones is Blasé Users Spend More Time on Apps

March 18, 2011

One of the interesting news pieces coming out of last month’s Mobile World Congress was new data from mobile research firm Zokem that shows mobile phone users now spend far more time using applications on their phones than actually talking. When application use is looked at as a whole – combining messaging and other applications – the app usage is now two-and-a-half times greater than voice usage.

Average Minutes of Screen time by type – January 2011
Messaging (email, text, multimedia, and IM) 671 minutes
Apps (maps, gaming, entertainment, productivity, and social networking) 667 minutes
Voice 531 minutes
Browsing the Web 422 minutes

This finding provides further evidence that mobile users – particularly younger users – view of phones has shifted to the point that they now   consider the device in their pocket to be more of a computer than the single-purpose device.

How quickly technology and our expectations change.  It is just over 30 years ago that Bill Gates shared his vision of a computer on every desktop and in every home. My own first PC back in 1980 was a screamingly fast monster with 64K (yes, K) of memory that we didn’t think there would ever be enough data to fill.  I was thrilled with the freedom from typewriters and the new world where you could edit text, shift paragraphs and actually save documents.

And it’s just over 16 years ago that the first commercial phone with paging and voice capabilities were ready for mainstream consumers.  For any of you who had a phone back then, you’ll remember we had to pull out the antennae in order to get a signal, and while those phones were a generation better than the ‘brick’ phones, they were still huge and required a carrying case on your belt.  It wasn’t until 1999 that the mobile web was introduced on phones, and it took until 2000 to get rid of that darn external antenna.  Jump forward to 2003 when the first camera phones really hit the U.S. market (japan had them in 2001), browsing actually began to be interesting, and the U.S. finally realized the handiness of text messaging.  Another hop forward to 2007 brought the first iPhone, and since then applications have been sprouting like mushrooms after a rain.

What new mobile capabilities mean to you and your kids

First and foremost, the new phone functionality means a better mobile experience. It also means more power in your hand, more responsibility to use the device appropriately, and a greater need to protect the phone and the information on the phone.

How do you learn more about teaching kids to use mobile phones safely and in a socially responsible way? I’ve got just the information you need… Check out these blogs:


It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011

February 23, 2011

There’s a killing to be made. The battlefield is your phone, and you’re about to feel a sharp pain in your assets as credit card companies and crooks calculate ways to help relieve you of your cash.

Last week the cell phone industry held its Mobile World Congress in Barcelona, and companies looking to provide mobile spending solutions were very present. Perhaps most notably was Visa, who announced they will roll out their PayWave solution in phones this year by providing users with a microSD (for iPhones this will be via a unique ‘skin’) to transform their phones into a credit card/debit cards instead of waiting for Near Field Communication (NFC) to be built into the handsets. (See explanation of NCF at the end of the article)

The revenue potential of turning phones into payment tools for financial institutions is enormous. And the convenience factor for consumers is clear cut – the need for carrying cash or credit cards disappears, and whole new application scenarios are enabled. So what does this have to do with mobile crime?

Follow the money. The same factors that make a favorable climate for great strides in legitimate mobile commerce make a favorable climate for crime.

As the popularity of smartphones skyrockets, smartphone functionality increases, the number of mobile banking, ecommerce, and transaction platforms expand, the number of mobile access points explodes, and the sophistication of criminals grows, we are approaching perfect storm conditions. Here’s how both the good guys and the bad guys look at the landscape:

  1. Size of opportunity: The number of Cell phones worldwide hit 4.6 Billion this month according to the U.N. telecommunications agency. Today 500 million of these phones are smartphones that enable the rich features companies and crooks need, and this number is expected to exceed 1 billion smartphones by 2013 according to the latest forecasts from Informa Telecoms & Media.  As a point of comparison, there are about 2 Billion computers out there, most running the Windows OS.
  2. Cost of investment drops: As industry pressures condense the number of mobile platforms, like RIM, Android and iPhone, developers and hackers alike can better leverage their code to target millions/billions of users with the same services (and exploits) setting the stage for a high return on investment.
  3. Risk:
    1. From financial corporations view: Credit card companies and other financial institutions believe they have mitigated the risks inherent in contactless payment systems. Indeed, Visa claims their PayWave system will in fact be safer than using traditional credit cards because their chip creates a unique authentication code for each transaction while never providing retailers with your credit card number. Challenging that claim, security expert and uber white hat hacker Karsten Nohl told CNET that NFC payments still have their security weaknesses and that the technology may need a bit more time to be completely safe.Whatever the case, these companies have long experience earning plenty of money even when crime takes a bite out of their revenues. But they only have to cover one piece of the pain; consumers have to pick up the time and cost of cleaning up their accounts and financial reputations.
    2. From organized crime’s view: With their successful tactics in phishing, farming, scamming and spamming constantly being honed, consumers using insecure WiFi networks,  security gaps in both service’s and in platform’s code to exploit, antiquated or non-existent laws, police forces woefully understaffed, and careless consumers hell-bent on convenience, what’s not to like? Now add into the mix that phones are essentially wallets and everyone wants to be a pickpocket. The business case for investing mobile malware has finally been made.  Learn more in my blog McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks, that looks at the historically fragile cellular infrastructure and slow strides toward encryption. McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

What this means for Consumers – Defend Your Phone!

Security companies have scrambled to provide mobile security software solutions, and if you have a smart phone, it’s time to purchase a mobile security suite.

TopTenReviews has created an excellent mobile security software comparison chart for consumers that I recommend.

Key features in these programs include antivirus protection, a firewall preventing unauthorized electronic access, antispam, and quarantine protection in real time.

Based on your phone usage patterns, the type of content you store on your phone, or if you’re helping protect a minor’s phone, some additional features may be of interest:

  • Remote block and remote wipe to protect your information if your phone is lost or stolen.
  • Protection of internal memory and contents stored on memory cards
  • Ability to place phone numbers on either a black or white list – the ability to block people from calling is of keen interest to teens, and a key tool in blocking cyberbullies.
  • Parental control monitoring
  • SIM Card notice so that if your phone is stolen and the thief puts in a new SIM card, the phone will send you a notice of the new phone number to help track down the thief.

There are still far too few consumers that adequately protect their computers – news out this week from Panda Security found 50% of computers worldwide are infected with some form of malware– and this is a real safety, security and privacy issue. (If your computer is not protected

Now, add your cell phone to the must protect list, or you’ll find that if it isn’t protected…. it will be infected.  Get security software and install it today.

Welcome to another year of living dangerously. For more information about other mobile phone risks and tips, see my blog Using Mobile Phones Safely.


What is NFC? You’ll come to hear the term Near Field Communication (NFC) often in the coming year as ‘swipe’ technology becomes more pervasive. It’s a set of short-range wireless technologies that allow either one- or two-way exchanges of information (think RFID on steroids).  The demand for this functionality is high; both iPhone5 and new Android models will include NCF, and 70 million NCF enabled smartphones are expected to be sold this year.

Cell Phone ‘Bill Shock’ Remedy; To Little? Too Much? To Early to Tell.

October 23, 2010

Consumer’s are complaining about their cell phone bills to the Federal Communications Commission (FCC) in record numbers, and the agency has decided to take action. This week the FCC will release their proposal to require carriers to notify users of overage charges or sharp increases on their phone bills.

The FCC received 5,130 inquiries related to wireless charges In the first three months this year, representing a 28% increase over the same period in 2009. Furthermore, an FCC survey conducted earlier this year discovered that 30% of respondents claimed to have experienced “bill shock,” over unexpected charges related to data overcharges and other services that they only learned about when they received their bills.

According to the FCC, the most common issue for consumers are small charges and fees that consumers can’t figure out what they are for, according to Validas, a Texas-based company that audits telecom bills for corporations and individuals.

Edward J. Finegold, Validas’s chief analytics officer, said another key problem involves billing by third parties, such as a text-messaging service or ringtone provider, that piggyback on the carrier’s billing system and therefore land on user’s phone bills. For example, a user may send a text message to an outside service through an offer in, say, a videogame, expecting a one-time charge, but had the user read the fine print, they would have seen they actually authorized the service to automatically trigger a monthly subscription fee. “None of this is illegal, but most people would expect that if you have a trusted relationship with your carrier, it would have strict standards on third parties who add charges to its bills. But that is not happening.”

Advocacy groups don’t think the awaited proposal will go far enough, saying that with all the bundling of services, and the number of applications available for consumers to download, the ability for consumers to decipher the multi-page bills has become even more difficult.

The Wireless Association (CTIA) on the other hand, points to the fact that customers already have many ways to track their minutes and data usage. They have also advised against the legislation of billing practices proposed by Sen. Tom Udall (D-N.M.), that aims to require cell phone carriers to notify customers by e-mail or text message – free of charge – when they have used 80 percent of their monthly limits. CTIA said in a statement about Udall’s bill: “We are concerned that this bill has the potential to cause customer confusion and frustration.”

It will be interesting to see the actual FCC proposal later this week to see if it finds the balance between informing consumers and reasonable carrier actions.


Getting hung up on cell phone insurance

August 30, 2010

Linda Criddle, president of LOOKBOTHWAYS Inc., and the Safe Internet Alliance was interviewed for today’s Chicago Tribune article Getting hung up on cell phone insurance

Excerpt from article:

“For most consumers, it’s not worth the money,” said David Kolata, executive director of the nonprofit Citizens Utility Board. “It only potentially makes sense if you have a very, very expensive phone, but if you’re like most consumers, it’s not really a great deal.”

Why? Well, for one thing, it’s not cheap. In a review of thousands of consumers’ cell phone bills, Kolata’s agency found that roughly half of the customers purchased cell phone insurance, at an average cost of $5.64 a month.

Over the course of a year, that adds up. In some cases, you’ll be required to sign a two-year deal. By the time you’re done, you’ve paid more than $130 in insurance premiums. Most phones don’t cost that much new.

Even if you purchase a more expensive phone, there are other considerations. Linda Criddle, president of the Safe Internet Alliance, says consumers should check their phones’ warranties. If damages are covered for the first year, why buy insurance?

“It’s risk versus actuality and the cost of replacement, but make sure you know what the insurance would cover and what your warranty covers,” Criddle said. “Look at the delta between those two.”

If you decide to buy an insurance plan, read the description carefully. In most cases, cell phone insurers will not cover damage caused by water or other types of accidents, such as dropping the phone. “An alarming number of phones end up in toilets,” Criddle said.

Click here to read the full article.


6 Tips to Determine Whether To Insure Your Cell Phone

July 23, 2010

Whether or not you should purchase phone insurance is a question many consumers struggle over, and for good reason. Though in most cases the answer is no, it isn’t clear cut. Here are points to consider as you decide what might be right for you.

  1. How much would it cost to replace the phone? Even expensive phones may be ‘free’ as part of a contract deal, but instead of thinking about what you paid for the phone, think about what it would cost to replace. If your phone is inexpensive, forget insurance. If your phone very expensive, you may want to consider a few additional factors…
  2. What is covered by the manufacturers warranty? Do your research. Many potential issues are already covered in the first year by the phone manufacturer’ warranty. Understand what’s covered – and for how long – before making a decision to purchase additional insurance.  Some retailers also have a replacement policy. Check to see what, if anything, is covered by the retailer.
  3. Call your home, car, or renters insurance agent. Your phone may already be covered through an existing plan. If it is covered, ask about any exceptions that the insurance may not cover. Also ask whether filing a claim about a phone will impact your rates in any way.
  4. Find out about any known weaknesses with your particular phone model. Some phones are simply sturdier than others. Flip phones often break at the hinges, some are known to have issues. If the phone model that you want to purchase has a higher breakage rate than other phones, check the manufacturers warranty closely, then decide if this is the phone for you, and if so, if you want additional insurance.
  5. Understand exactly what the insurance does and, more importantly, doesn’t cover. This is one time where reading the FINE PRINT is critical. Compare the cost of the phone, to the cost of the insurance. Assume that you can get a new free/reduced cost phone after two years (the typical length of a phone contract) does the insurance cost more than the phone? Is there a deductible that you’ll have to cover?

    Learn whether any replacement phone will be new, or if they will have the option of sending you a different model or refurbished phone. You don’t want to pay for an old or used phone.

    Do some research to find out how difficult the insurance company’s claims process is. Some are so painful you’ll give up before getting a replacement.

  6. Are you, or the child you’re purchasing the phone for, clumsy or prone to losing things? If you aren’t likely to lose or drop your phone – or damage it in some other way – you probably don’t need insurance. On the other hand, if you’ve got a history of losing or breaking things, insurance may make more sense if the previous factors are also pointing in this direction.

There is one form of insurance that I always recommend – Backup! Backup! Backup your data!

If your phone was lost or destroyed, what information would you lose? If you break out in a cold sweat over the thought, the cost of the phone replacement may pale compared to the loss of the information it contains. If you have phone numbers, photos, texts, or other information stored on your phone that you don’t also have easily accessible somewhere else, it’s time to save this information.  Depending on your phone’s model, and your carrier, this may be automatically in place for you, it may take a simple backup, or it may be a very manual process. No matter the pain level, if it’s less than the pain you’d feel if you lost that information, back up the data today – and as frequently as you need to store any important information.

You should always have your phone password or pin protected so that someone finding or stealing your phone will not be able to use it. Additionally, if you have stored account information that allows you to automatically log into social network sites, conduct banking transactions, etc. Make a note of these so that if you lose your phone or it is stolen, you can immediately change passwords or close accounts to prevent others from accessing your sites.


Traveling This summer? Know What Cell Phone Laws Apply

July 21, 2010

Before crossing state or county lines on your summer road trip, take a moment to learn what the cell phone laws are for any area you plan on visiting.

According to the Insurance Institute for Highway Safety, talking on a cell phone while driving is now illegal in 8 states, the District of Columbia and many jurisdictions, and texting while driving is banned for all users in 30 states and the District of Columbia.

States that ban talking on cell phones when driving include California, Connecticut, Delaware, Maryland, New Jersey, New York, Oregon and Washington and the District of Columbia. In Utah, talking while driving is illegal only when the driver is also committing another moving violation other than speeding.

Even where states have not implemented bans, restrictions may apply by jurisdiction. Localities that have enacted restrictions on cell phone use include: Oahu, HI; Chicago, IL; Brookline, MA; Detroit, MI; Santa Fe, NM; Brooklyn, North Olmstead, and Walton Hills, OH; Conshohocken, Lebanon, and West Conshohocken, PA; Waupaca County, WI; and Cheyenne, WY.

States that ban texting when driving are highlighted in green on the map below, states shown in blue have restrictions for some driver segments, like young drivers and bus drivers. (For a full description of laws, see the Insurance Institute for Highway Safety‘s interactive maps)

Stay safe

Regardless of the legality of talking or texting while driving, numerous studies have made it clear that driving while talking on a cell phone (hand-held or hands-free), or texting significantly increases your accident risk. Consider the following stats:

  • Using a cell phone while driving, whether it’s hand-held or hands-free, delays a driver’s reactions as much as having a blood alcohol concentration at the legal limit of .08 percent. (Source: University of Utah)
  • Driving while using a cell phone reduces the amount of brain activity associated with driving by 37 percent. (Source: Carnegie Mellon)
  • Nearly 6,000 people died in 2008 in crashes involving a distracted driver, and more than half a million were injured. (Source: NHTSA)
  • Drivers who use hand-held devices are four times as likely to get into crashes serious enough to injure themselves. (Source: Insurance Institute for Highway Safety)
  • The annual cost of crashes caused by cell phone use is estimated at $43 billion (Source: Harvard Center for Risk Analysis).

This summer, may your trips be distraction free and your memories unencumbered by accidents.