Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
Android is the new problem child of the IT world, replacing Microsoft Windows. Android has become such a popular platform that the bugs are infuriating users and the users are attracting hackers. Most of the blame for the seemingly inherent vulnerability of Android falls on the popularity of poorly-written applications for Android. The solution to these open source dilemmas is using an Android VPN.
Android applications have increasingly been used by hackers as bait. The identified weakness of Android mobile applications is the open environment. Any developer can create and share an Android app without Google’s approval. This is contrary to Apple apps which go through a testing and approval phase before they are released. Of course, one can do a jailbreak on an iPhone and have similar access to a slew of unsecure mobile applications. But still there is a wider range and greater number Android apps that can be downloaded and installed from outside the safety of the Google Play app store. This lack of security checks makes Android the new favorite of hackers launching attacks via mobile devices. The good news is that the attacks can be prevented by securing the device with an Android VPN.
A recent TrendMicro study revealed that Google Play Apps are as much in danger of being infected with malware as third party apps. The report states that about 24% of the apps confirmed to be malicious were from Google Play. The Google Play store has previously been considered the only safe place to source Android apps. It is now clearly established that even Google Play apps for Android are potentially infected with dangerous malware.
Android App Infects Entire Conference
There is evidence in the frequent cyber attacks allegedly launched by the Chinese government against Tibetan and Uyghur activists, according to Kaspersky Labs. Researchers Kurt Baumgartner, Costin Raiu and Denis Maslennikov called the app data-stealing malware. During the World Uyghur Conference held in Geneva, Switzerland, the app spread like wildfire. It was disguised as an Android app for use during the discussions. The APK file was sent by email and downloaded by many of the participants. The Android app then scraped phone information, call logs, contacts, messages, and location information. Using an Android VPN would have alerted the users to a threat, blocked it, and the spread could have been averted.
The origin of the conference bug was traced to another participant. The email of this Tibetan activist had been compromised beforehand and set up to launch the virus at the appropriate time. The mass infection could have been nipped in the bud if this individual had additional security features in place. This is the first deployment of a targeted attack on mobile devices that used purely social engineering. It has long been known that hacker groups have been playing around with using mobile phone apps as bait. The mobile app weakness of Android has made it the best choice. But this is the first massive attack that has been successfully recorded and analyzed. Attacks of this nature are likely to continue, and an Android VPN together with proper antivirus software is the best preventive solution.
Highly Exploitable Apps
ViaForensics has recently completed its own analysis on Android apps. The study revealed highly exploitable security holes in Any.DO. The results reveal a serious threat as there are already over one million downloads of the Android scheduling and task management app from Google Play alone. Specific weaknesses include a susceptibility of any user with the app installed to “man in the middle” attacks. This is because the app does not process SSL authentication correctly, according to the researchers. The app also did not encrypt data before storing it. The app saves data like emails, user names, passwords, time logs and tasks. This is a major security breach that puts users at great risk for follow-up attacks. The data that can be stolen through the holes in the app is more than enough to launch targeted social engineering attacks to get into users’ financial accounts. In addition to providing security warnings on possible breaches, an Android VPN can block malware from slipping through these holes.
With the prevalent use of free, unsecured WiFi, ViaForensics CEO Andrew Hoog warned against probable threats to companies as well. Infected devices brought in and connected to office networks put company data as risk. An Android VPN can protect such devices from infection at WiFi hotspots. Most users of this type of scheduling and task management app are not tech-savvy, Hoog explained. In combination with the nature of “man in the middle” attacks, it is a deadly combination.
Hope in Android VPN
One solution to currently inherent Android app vulnerabilities is the use of a VPN for Android. VPN services have long been known for their ability to encrypt data and secure it further through private VPN tunneling. With the development of VPN technology, Android VPN providers have made available very user-friendly VPN apps that allow even the least technical consumers to effectively secure their online traffic and activities. With the proliferation of Android apps through adoption exposes billions of users to the growing threat of online theft. Free apps do not come with security guarantees, and it is here that the real threat lies.