Monday, January 5, 2015

Letter to the Three Wise Men: More security, more privacy and less cybercrime

Retrieve personal and sensitive data.
To trace location via GPS.
To access photos and other files stored on accessible devices (eg. SD card).
To read, write and delete files.
To send and read emails or texts.
To make phone calls.
To turn on your camera or microphone.
Automatic updates of code and apps.
To run commands.

Although it could look like this, this is not a letter to the Three Wise Men, who are the ones who bring gifts to people in Christmas time, according to the Spanish traditionThe truth is that it is simply a list of actions that an attacker can perform via a free app. In fact, any app free of malware could represent a potential threat if it uses a compromised ad network. Such advertising acquires all permissions previously given to the application, and it can jump from app to app inheriting permissions to perform sophisticated and dangerous attacks.

Tomorrow is January 6th, the Epiphany, and the Three Wise Men Day, which is a very exciting time for Spanish kids indeed. But the digital world does not rest, and the fight against cybercrime will remain active as any other day. In Saudi Arabia, ethical hackers are the new police tool. They focus on obtaining information from twitter accounts publishing pornography in order to shut them up. In some cases, they even lead police to arrest the users of such accounts. In order to do so, they do not hesitate to perform phishing or spyware campaigns.

You may not have noticed it but internet has become the field for a very sophisticated battle. While some people try to apply the greatest control possible over the network, others choose to go completely unnoticed. The second ones have the so-called "wall of air", which is one strategy used by Snowden to communicate with his confidants based on using newly purchased devices, not previously used on the Internet, with only the necessary software to perform the first and last communication with a third party.

However those are security and privacy extreme measures that you may not need. For most people, being aware of what lies ahead in 2015 is enough: a significant increase in complexity in terms of mobile malware. Its goal will be to steal login credentials to your accounts and fraudulent use of mobile payment systems. A usual protection for this is to distrust of apparent bargains, shortened links that downloads content and excessive permissions requests.

With all this, you ensure a quiet Three Wise Men Day. One of those days you enjoy spending with family. And who knows, maybe one in which our dreams come true :)


Post a Comment