Social Icons

Showing posts with label android application. Show all posts
Showing posts with label android application. Show all posts

Tuesday, August 27, 2013

After What's APP : Now WeChat threat!!!!

1.  Few backs earlier I wrote a post about Security Issues in Whatsapp here. Now exactly on the same lines there is a proven issue on Wechat....

2.  WeChat gained an immediate success the moment it was launched few months back in India.Every one was so happy to adopt it in their respective androids but it seems that the application is not so secure as hackers have been able to bypass the security mechanism to decrypt the messages sent using the app and China could be potentially spying on Indian citizens...
 
3.   Rest ditto from Parity news at http://www.paritynews.com/2013/08/26/2487/wechat-is-a-threat-to-national-security-claim-researchers/

According to a couple of young researchers, Jiten Jain and Abhay Agarwal, the free messaging app doesn’t employ the best of encryption and security technologies, which leaves personal information of its users vulnerable to theft. To prove their point the researchers went onto demonstrate the ease with which the messages sent using WeChat can be decrypted, indirectly indicating that foreign governments could be doing the same thing for spying and surveillance purposes.

The researchers were discussing the potential risks to privacy of users because of surveillance techniques employed by service provides across the globe at The Hackers Conference in New Delhi India on August 25. The researcher duo claimed that app from Chinese Internet Giant Tencent is threat to national security.

Jain and Agarwal claimed that not only can the Chinese government access the chat logs, but they can also access each and every detail about users stored in their smartphones – ranging from contact lists, messages, calls, geographic locations, etc.

One of other points raised at the conference was that the Indian Government is not able to successfully utilize the vast potential of security researchers in India. The Government has failed to secure its websites never mind the security of the whole nation. Researchers present at the conference stressed for the need of raising awareness about security within government establishments and masses in general.

Researches urged the government to strengthen the security of its websites as well as digital data by grooming in-house security experts as well as by availing help from industry experts present in India.

4.   In fact the duo did not hold back to say that it is a severe national threat...and I agree to their view...but who cares!!!!elections are coming...we are not even bothered about so many internal threats...external is out of purview!!!!!SAD.

Sunday, August 04, 2013

Your ANDROID APPLICATIONS : Mining your profile

1.    It is common for us to hear a company promoting its phone or tablet showcasing that lakhs of android applications are available for free...and the poor(???) customer generally falls for it...so he buys the device and immediately starts exploiting the world of millions of applications on the net and the Google play store...now off course Google just does not upload a application for download once the up loader does his part of the formalities and registration...it checks under its set of QRs if the application is ok from the point of being malicious in nature or not but that does not always works....so many times android applications even in the Google play-store have been found to be suspected...now lets keep suspected apart...does the typical user even checks the terms and conditions of any application before installing?...the blind rule is JUST ACCEPT IT!!!and this goes against the user...this allows invasion to privacy...why should a company ask to access your phone contacts..your location..your system settings...your configuration settings before it allows to install it application on your device...BUT NO ONE THINKS ABOUT THIS!!!!

Back in February of this year, Google announced it was hardening its stance on Android security, unveiling an app-scanner (codenamed Bouncer) to weed out malware uploaded to Android Market (now Google Play) through automatic scanning. Since then, Google has taken more steps to protect Android users: it acquired VirusTotal back in September and in Android 4.2 Jelly Bean introduced an optional app verification feature that enables users to identify dangerous and potentially-dangerous apps on their devices, even if they downloaded them from the Web or got them from an app store other than Google Play.
How have Google’s efforts to combat Android malware been working out? Perhaps not so well. Security researchers were quickly able to analyze how Bouncer operated and find easy ways to circumvent Google Play’s automated scanning — techniques publicly available now to malware authors if they hadn’t managed to think of them on their own. Further, Xuxian Jiang of North Carolina State University has published an assessment of Jelly Bean’s app verification capability. The results? Google’s app verification service identified just over 15 percent of malware samples thrown at it from the Android Malware Genome Project


2.     Mobile malware is lately becoming a organised crime with complex sophistication in terms of tracking back....and this makes the attack surface for the hacker and the black hats more big and the user more vulnerable at the same time....The most common victim is the one who looks for free applications in various heads of education...technology and not to forget the games section which is a big hit among-st all...the users love the games for which he has to pay nothing and the attacker gets a lot of attack surface to play around...and then the DO IT YOUR SELF TOOLS again add to the attack surface.

WHAT CAN YOU DO TO AVOID THIS?

- Keep your android updated: Now in this case most of the devices till 4.2.1 may not support upgrades..but then you have to keep your fingers crossed!!!

- Refrain from android applications other then google play store.STill you have to be careful...wherever possible read the Terms and Conditions before installing

-  Avoid public open wifi connections

-  Limit your greed to free applications.You may google about the application on google before you install it on your device.

Saturday, July 06, 2013

Spying your friend at WhatsApp : Cause of concern

1.   In my last post here,I discussed about the growing lure of using WhatsApp and the basic security concerns that comes with it from point of a naive user.Now will take you one step higher to the level of a script kiddie....

2.  How does WhatApp identify you in billions?The answer is the unique MAC address that each digital device on this earth holds. If any one changes his/her device,then automatically the MAC address also changes and the user is requested to re-verify their WhatsApp account. Means he/she cannot access same WhatsApp account from two devices. But is MACSPOOFING not existing ?So,if the Mac is spoofed,then who stops from seeing your friends traffic that includes his/her chats,downloads etc!!!although for a naive user this may be look of some technical nature but for the young gen which has lots of techno enthusiasts there should be no stopping....that would include rooting your phone and installing Busybox. How to get your friends MAC address,here it goes :

For Android phone users simply go to settings—> About phone—> Status—> Wi-Fi MAC address.

For iPhone users go to Settings—> General—> About—> Wi-Fi address.

For Windows Phone users go to Settings—> About—> More info—> MAC address.

and for BlackBerry users go to options—> Device—> Device and Status info—> WLAN MAC.


3.   And the best part is that your Andorid can be anyone starting from 1.6 on wards till date.

Thursday, July 04, 2013

Security Issues : Whats App !!!!

1.   WhatsApp had set a new record with 27 billion messages in a day on 13th Jun 2013...now that's hell of a lot!!!!!a huge success by any means in terms of revenue generation and collection of info...as I really wonder if all these naive users most of them who are actually not aware of the kind of critical information they have allowed to be passed on...such applications are currently enjoying huge success banking on the naive users....who don't actually realize the repercussions owing to this valuable personal info loss.....just read these few eye raising conditions before any one installs this app :

- Prevent Phone from sleeping

- Change Wifi state

- write sync settings

- Modify/delete SD card contents

- read phone state

- Read contact data

- Write contact data

- Record audio

- Read my location

- Read my other accounts credentials

2.  If one goes through the deeper insights of all these aspects that the user has to invariably accept for enjoying the application thinking its free(when he has given invaluable personal info to a stranger) from point of view of security...it starts getting scary...!!!!going through the above terms it is invariably understood that all your contacts info is already gone....now how much is that info depends on how much have you stored...if you have stored the residential address,his email,his other phone numbers etc...that's all gone the moment you install!!!!..and add to this location and hardware details....from a hacker point of view the attack surface is already prepared vide one shot of installation only.....



3.  If Whatsapp says that they respect user privacy and would not submit all the info to any advertising agency or any third party...then y are they collecting all this ?Whats their security architecture?How reliable is that?Do they guarantee a NO-HACK situation?......

Thursday, December 20, 2012

TrueCaller : Is it Stealing your Info?

1.    TrueCaller is one famous application doing the rounds on Twitter Google+ Facebook Android Phones.The claim by the application goes like you login from either of the applications and you would be able to know the name of the mobile phone number owner by name.The claim actually stands right in over 90 % of the cases that I tried.This made me wonder how?...i thought like all those free forms that we keep regularly filling on the internet or some grocery shop for some free bundles or if TrueCaller has tied up with the mobile phone service providers?But then something happened that made me a little suspicious about this app.It so happened that I tried my mom's number on the application and so came the answer like "TIWARI MAM"....this made me think of how would the application know that my mom is a teacher...

2.   So I wondered if the application after installation on your mobile device actually makes all the contacts phone number available on the site with the name that I have typed against that number!!!So I tried mine which was not available, by the name "anupam CCCSP"



3.  Though it did not show promptly but after a day after I typed my phone number it came to be seen as "anupam CCCSP".So this actually means that the application is actually stealing and making my contacts info on my phone public!!!!...but then I also realized that it was me only who agreed to the terms and conditions while installing the app on my phone which most of us including me never read.

4.   So it comes actually to the naiveness of the common user who invariably without reading any of the terms and conditions agrees to install.....:-) 

Thursday, August 23, 2012

Bulk SMS Ban : Carry on India

1.    The government has recently banned bulk SMS and MMS messages for 15 days in view of the exodus of people from the northeast from cities like Bangalore, Pune and Hyderabad, following rumours that they would be attacked.

2.    Now how do u feel about this ban?...do u think it is going to be effective?.....certainly not if it were actually the bulk sms that did the damage.Does'nt the govt know about various sites offering these services of bulk sms for free on a simple registration? or do they not know about various smart phones applications that can still send bulk sms via a different mode.Is it not known to them that this ban is going to be effective for pre paid owners only?....and not for post paid owners.

3.    These orders come like axing the problem instead of putting in efforts to manage it. Read the following paragraph@http://www.hindustantimes.com

"The five-SMS-per-day cap is adversely affecting a group of unsuspecting victims, the hearing impaired.A deaf individual sends up to 250 messages per day on an average as it is their only mode of conversation. "The five SMS cap is a real pain for us. It is the only way I can stay in touch with my family or friends when I go to college. If I want to have a proper conversation with someone, I have to send at least 50 messages. It is easy for people who can call and stay in touch. For us, this is the only mode that boosts our mobility. It is insensitive of the government to discount the deaf community when they take these decisions," said Mahesh P, a hearing impaired Delhi University student."

4.   Everi one knows that it is wrong...it is not effective...but hey come on ...carry on INDIA....it is just another passe...


Monday, October 31, 2011

RED PHONE : ENCRYPTED VOICE FOR ANDROID!!!

Here is something every android user would lov to use....AIM IS TO LISTEN AND SPEAK ON YOUR ANDROID HANDSET WITH INBUILT ENCRYPTION OF RED PHONE APPLICATION.......isn't it gr888888!!!

" RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in. It's easy to use, and functions just like the normal dialer you're accustomed to. RedPhone uses your normal mobile number for addressing, so there's no need to have yet another identifier or account name; if you know someone's mobile number you know how to call them using RedPhone. And when you receive a RedPhone call your phone will ring just like normal, even if it is asleep. "

Powered By Blogger