Monday, March 13, 2017

Mobile Marfia

Mobile Mafia
A lot has to be done to get rid of CIA, FBI and KGB from snoozing.
American election was the case in point.
I warned about this Security Flow when Google came into existence (long before Google Phone).
Reason being it was based on Linux core without security features!

It is not the fault of Linux but the OEM infrastructure which was not time tested.

I am afraid even Linux Magazine ignored this flaw.

That is the very reason I never use (even Apple iPhone) a smartphone for mission critical work.

Only a Linux desktop like Debian has 95% (mark not 100%) security features and only 1% use Linux and from that also minority uses Debian and the majority use other derivatives of Linux not dedicated for mission critical work BUT for Fun.

Even Peppermit Linux (one I use for daily routines) has Flaws.

The latest vicim was my son's Android Game Player cum cellphone and camera (Chinese make).
I was trying to upload some Google Application's.
The end result it damaged the battery and the operating system.
It get stuck half way without booting.

 Reproduction

Over 30 different Android smartphones and tablets have been found to have had malware preinstalled on them before users even switched them on, according to a cyber security firm.
Check Point detected a “severe infection” on 38 handsets being used by two of its corporate clients, a telecommunications firm and a multinational technology company that have not been named.
The issue affects smartphones from a number of big-name brands, including Samsung, LG and Google. Those named by Check Point are:
  • Samsung Galaxy Note 2
  • LG G4
  • Samsung Galaxy S7
  • Samsung Galaxy S4
  • Samsung Galaxy Note 4
  • Samsung Galaxy Note 5
  • Samsung Galaxy Note 8
  • Xiaomi Mi 4i
  • Galaxy A5
  • ZTE x500
  • Samsung Galaxy Note 3
  • Samsung Galaxy Note Edge
  • Samsung Galaxy Tab S2
  • Samsung Galaxy Tab 2
  • Oppo N3
  • Vivo X6 plus
  • Nexus 5
  • Nexus 5X
  • Asus Zenfone 2
  • Lenovo S90
  • Oppo R7 plus
  • Xiaomi Redmi
  • Lenovo A850
It must be made clear, however, that not all models of the devices named above are affected.
“According to the findings, the malware were already present on the devices even before the users received them,” reads the Check Point blog post announcing the discovery.
“The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain.”
Most of the malware discovered by Check Point were info-stealers, but one of the phones had been pre-loaded with ransomware called Slocker.
Ransomware allows a hackers to lock a user out of their device, only restoring proper functionality in exchange for money.
“Pre-installed malware compromise the security even of the most careful users,” continues the report. “In addition, a user who receives a device already containing malware will not be able to notice any change in the device’s activity which often occur once a malware is installed.”
However, users can protect themselves by downloading and running a malware scanner as soon as they first fire up their new device.
WikiLeaks’ recent Vault 7 data dump raised serious alarm bells in the technology community, with allegations that the CIA and MI5 developed techniques for hacking into phones, TVs and computers.
The agency hasn't commented on the documents, but a number of major technology firms have detailed ways for users to stay safe online.