Alert for malware installed on Asus computer owners, software companies need to be ready to handle security warnings and research on junk apps on new Android phones

Welcome to Cyber Security Today. It’s Wednesday March 27th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast, click on the arrow below:

Cyber Security Today on Amazon AlexaCyber Security Today on Google PodcastsSubscribe to Cyber Security Today on Apple Podcasts

Owners of Asus computers are being warned to scan their machines for a serious infection. The infection may have come through the Asus Live Update utility that comes with computers and laptops made by the company. It updates certain pieces of software. Normally the computer recognizes an update as safe because it comes with a piece of code called a digital certificate recognized by the utility. That’s how, for example, Windows Update recognizes that patches from Microsoft are safe. But security vendor Kaspersky said this week it uncovered evidence that last year Asus Live Update was infected by attackers so it would spread malware to people who bought Asus computers. Kaspersky thinks more than a million devices may have been infected. That’s not the big worry. The big worry is that the malware isn’t after all Asus computer owners; it includes a list of 600 specific address of network adapters of computers. In other works, 600 targets.

Three other Asian manufacturers were also infected, Kaspersky said, although it didn’t identify them. Some anti-virus or anti-malware solutions you use may detect infections. As word spreads about this their solutions will likely be updated. Asus has fixed the hole in its system.

Meanwhile, to find out if your computer is on the hit list, there’s a link to the Kaspersky blog in the text version of this podcast on ITWorldCanada.com. That includes a link to a tool that can check to see if your computer is on the list of targets.

For some people creating a smartphone app is a good way to easy money — no factory to build, no stores to staff, just sit in front of a computer for a few hours, write code and watch the money roll in. However, there’s more to a software business than that. In the Internet era, make a mistake and your reputation can be seriously damaged. So you’ve got to have a way people can report mistakes so they can be quickly corrected. Here’s an example: According to TechCrunch, an Australian developer called React Apps makes an app called Family Locator. It lets you track the devices of family members so you know where children or parents are any time. But a security reseacher this month found the company database — with usernames, email addresses and passwords — had been left open on the Internet. So anyone could have found out where users, like children, are. The researcher notified TechCrunch, which tried to warn the developer. But its website had no contact information. There was no reply to messages sent through the company’s feedback form. TechCrunch had to ask Microsoft, which hosted the company’s database on its cloud servers, to contact the developer. Within hours the open database had been shut.

Publicity like this is not what a company needs. If you want to make it big you’ve got to think big. That means being ready to field customer complaints, and warnings.

Speaking of apps, makers of Android devices have the freedom to install lot of third party software on smartphones they sell. These can be games or utilities. It helps differentiate one company’s phone from another’s. However, a detailed study by university researchers suggests some manufacturers are careless, or lazy, in what they install. Briefly, there’s a lot of junk that comes with some phones you buy right out of the store. Some of these apps may send personal information to Facebook, Twitter, or companies you’ve never heard of. Some are potentially dangerous, others are flat-out malware that will allow an attacker to take over your device. What can you do? First, right after you buy an Android device, see what apps it has. Do they show privacy policies? Are the privacy policies clear, or so general they’re useless? Do you need the apps? If not, delete them. Unfortunately some can’t be removed. So, before you buy an Android device, ask the store what apps come with it and if they can be removed. Then make a choice. It would be nice if Google cracked down on its partners.

Finally, those of you with Apple devices should make sure the latest iOS version is installed. Version 12.2 was released Monday to patch 51 security vulnerabilities.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon



Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now