Every tech device you use is vulnerable
Forget mandatory data retention. A more insidious threat to privacy lurks in our smartphones or PCs.
The technology we rely on every day is far less secure than we think, if recent security risks and operating system vulnerabilities are anything to go by.
In the last month, both Android and iOS smartphone operating systems, which comprise more than 95 per cent per cent of all smartphones used in the world, were compromised by malicious software, placing user data and devices at risk of theft and misuse.
Up to one billion Android users faced serious threat from an operating system vulnerability that allows malware to infiltrate the phone after the user is tricked into visiting a website with malicious files, ultimately giving hackers power to take over the device.
While the international cyber security world has always levelled a healthy amount of concern at Google’s Android OS, their gaze is now turning to iPhone users as well.
Apple recently, and surreptitiously, removed dozens of apps from the App Store, which had been created using a compromised software development kit. Developers were unaware the innocent apps they were building actually contained backdoors for hackers to intercept user data.
Shortly after this yet another iOS threat was exposed; this time a piece of malware called YiSpector. Once it infiltrates your iPhone the malware can download and install other malicious apps, even ones that pose as legitimate applications, as well as modify browser settings to direct traffic to a dubious destination.
What makes these events so concerning is that the malware in question was either accidentally installed onto the smartphone during normal web browsing or instant messaging, or built into seemingly innocent apps without the developers knowledge.
In all cases, no suspicion was raised until it was too late to do anything except delete the offending apps from the App Store or develop an operating system patch to close the vulnerability. Put simply, every exploitation and attack was successful.
The risk to these devices is unfortunately one of many recently discovered. The reality is, this is also a regular event. Sadly, the intent of hackers isn’t focussed purely on smartphones.
No system is safe
Last year, over 9,200 flaws were discovered in various systems – Windows, OS X, Linux, you name it — including more than 1000 Android apps, IBM reported in March.
The report also indicated that threats from malware and data intrusions are growing – by 9.8 percent in 2014 alone.
Be it a home computer, Wi-Fi router, game console, internet nanny cam, car, retail cash register, international flight or smartwatch: any digitally integrated or internet-connected system is at risk from black hat hackers – those who use their skills and expertise to illegally gain access to a secure network, machine or device for purely malicious reasons or personal gain.
The reality is that the only totally secure system is one completely isolated from the outside world. Digital encryption, operating systems and human beings — the biggest wild factor in cyber security — are only as secure as the amount of time it takes to exploit them.
Stagefright Bug. POODLE. Zeus. Stuxnet. YiSpecter. Storm. Geinimi. XcodeGhost. Heartbleed. Shellshock. FREAK. Ghost Push. Flame. Melissa. TapSnake. Flashback.
Perhaps you’ve heard these names before? These are malware, exploits or compromised developer software that have made it successfully into the wild and infected various operating systems around the world, executing their nefarious binary orders with ruthless efficiency.
Some malware is designed simply to monitor and report on user activity. Other malware, like Stuxnet, is designed to take down one target (in this case, uranium enrichment facilities), but ends up going rogue and affecting any device it migrates to, such as a laptop on board the International Space Station. There is even malware that successfully poses as security or anti-virus software!
Some of these attacks are so perfect they are literally invisible; no evidence of their presence is ever detected. The only way to remove them is to erase the entire device completely.
How to protect yourself
The best way to safeguard against intrusions and attacks such as these is to treat your devices with respect.
• Always update your devices’ operating system when a new version is available
• Never click on strange links in emails or text messages from an unknown source
• Do not click pop-ups that appear in your browser that ask you to download software
• Never share USB drives – malware like to hitchhike on them
• Do not open attachments on suspicious emails
• Do not offer information about your computer to anyone who calls and identifies themselves as ‘technical support’
• Do not use public Wi-Fi
• Download apps strictly from legitimate sources, like the Mac App Store or Google Play
• Ensure your chosen web browser is the latest version available
• Turn off Java in your web browser
Thankfully, it’s not all doom and gloom. There are also vigilante hackers: white hat hackers who infiltrate systems to expose their vulnerabilities and make them safer by alerting the manufacturer or user. Think of them as the Luke Skywalkers to all the Boba Fetts out there.
A white hat hacker recently released software that targeted vulnerable Wi-Fi routers and made the owners change their password and turn off a known hacking port — an access point used to enter a network.
So far, around 10,000 routers have been hit and, ironically, made more secure, after the benevolent software alerted their users to change settings or risk a possible attack.
As always, events like this still need to be treated with suspicion. The router hack in question could actually accomplish more than simply raising a red flag, but the possible actions, which might normally be deigned malicious, instead remained dormant. The question now is: was this a test of the manufacturer’s equipment in preparation for a wider attack?