Trust still needed in security, cheap phones may mean cheap privacy, dump these Android apps.

Welcome to Cyber Security Today. It’s Monday September 23rd, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.

Cyb er Security Today on Amazon AlexaCyber Security Today on Google PodcastsSubscribe to Cyber Security Today on Apple Podcasts

 

Trust is an important word, especially in cyber security. We trust the companies whose products we buy will protect our personal information. This is especially true for cellphone companies. So it’s disheartening to hear how the head of an American cryptocurrency exchange and his company were victimized. According to the ZDNet news service, court documents say in 2017 a con bought stolen personal details about the chief executive of the exchange, including his cellphone number. Then somehow he got the cellphone company to add call forwarding service to the victim’s account. That meant incoming calls would be silently forwarded to the crooks. It also meant they could bypass the two-factor authentication the executive had to protect his phone, Ultimately the crooks were able to use the entry into the cellphone to get into the exchange’s systems, change passwords and steal cryptocurrency. The two hackers now face criminal charges. I advise people a lot about using two-factor authentication as much as they can. So do experts. But security also means companies have to do their part, too. That means having tough procedures when someone calls or emails and asks to change passwords or features.

For security reasons travelers going to some countries don’t want to take their own smartphones. Instead they buy a cheap phone they can throw away after the trip. Or, they make break their phone while away and have to buy a new one. But a report from Privacy International warns that cheap phones may come with cheap privacy. For example, one staffer had to buy a phone in the Philippines. It had a number of problem apps, but the biggest problem was the operating system: It ran Android 6. For those who don’t know the latest version is 10, which is only just starting to be released. The older the operating system the more likely there will be security and privacy problems. By the way, those of you who have a four-year-old Android phone that’s not running version 8 or 9, think about getting a new phone.

Speaking of Android, two more strange apps that you should avoid have been found in the Google Play store. One is called Sun Pro Beauty Camera, the other is Funny Sweet Beauty Camera. Combined they have been downloaded 1.5 million times. What’s wrong? According to a security firm called Wandera, these apps force a lot of ads on users’ phones. And they ask for suspicious permissions when installed. According to the news site Bleeping Computer, they have been removed from the Google Play store. My feeling is a smartphone is not a place to play or experiment with apps. Just because an app is on the Play store doesn’t mean it’s safe. Read reviews and check the history of the developer.

Finally, firms that run the Forcepoint VPN virtual private network should make sure they’ve got the latest version. There’s a serious bug in the desktop client that has to be patched.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon



Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now