Happy 101st Birthday to Hedy Lamar

The woman who proved that you can really have it all:

- Beauty (she was called the "most beautiful woman in Europe")
- Movie Career with a Star on the Hollywood walk of fame
- Developed an improved traffic stoplight
- Patents for spread spectrum and frequency hopping technology to thwart the Nazis that make our modern communications possible U.S. Patent 2,292,387 (but the US Navy did not use it until the patent had expired).

and she is today's Google Doodle

Replacing Flappybird with Premium Number Fruad

Much to the dismay of millions of players, the creator of the Flappybird mobile game took it down from Google Play and Apple iTunes app stores.

Now there has been many speculations as to why someone would take down a game that was earning him $50,000 a day in advertising revenue. The various reasons have been stated as:

• Too Stressful
• Threatened legal action by Nintendo (which they deny)
• It was too addictive

But regardless of what the real reason is people have come in to fill your Flappybird addiction with replacements or by selling phones with it installed on e-bay (which you can not do anymore).

But you should be wary of FlappyBird replacements -According to a report by Trend Microsystems

All of the fake versions we’ve seen so far are Premium Service Abusers — apps that send messages to premium numbers, thus causing unwanted charges to victims’ phone billing statements.

As the TrendMicro article advises:

We advise Android users (especially those who are keen to download the now “extinct” Flappy Bird app) to be careful when installing apps. Cybercriminals are constantly cashing in on popular games (like Candy Crush, Angry Birds Space, Temple Run 2; Bad Piggies) to unleash mobile threats. Our past entry, Checking the Legitimacy of Android Apps, enumerates some tips on how to do avoid suspicious or malicious apps. Users may also opt to install a security app (such as Trend Micro Mobile Security) to be able to check apps even before installation.         

Always remember in cases like this TANSTAAFL so be careful there are those who are out there to take advantage of you.

Holiday Hacks are upon us again

Today I found a very nice article on the CSO Security News site called The 12 Cons of Christmas by Joan Goodchild (CSO (US)).

In this article she points out that this is the time of the year when the fraudsters and phishers are out in force.  Or as Joan put it:

While the risk of being hacked, conned or having sensitive information stolen is possible all through the year, most security experts agree that the holiday season brings a spike in fraudulent activity, both online and off.

Hot Holiday items are lures

With the increased use of Facebook and Twitter they can get more information about what you want and can use that to better target you. To make it worse, the scammers have learned not to be so obvious, and "the signs that made scams so obvious before are no longer always present as more sophisticated techniques employed by criminals on Twitter and Facebook make it harder than ever to know what's legit."

Take a look at the article for some good hints on how to detect these scams and protect yourself.  
Full article: http://www.cso.com.au/article/440664/12_cons_christmas/

Bit9: The Dirty Dozen of security-vulnerable smartphones

Android has brought a variety of phones, with different hardware and software features to the market. This has enabled more people to get the phone that they want. Bit9 says that unfortunately this has led to “an estimated 56% of Android phones in the marketplace today are running out-of-date and insecure versions of the Android.”

It seems that when phones are released they can be running versions of Android that can be up to 18 months out of date, and thus lacking all the latest security updates.

"All operating systems have vulnerabilities," Harry Svedlove, Bit9's chief technology officer, points out, but it's how quickly and effectively software gets fixed that matters. Bit9's analysis of the most vulnerable smartphones is based on criteria that includes looking at smartphones with the highest market share that were running out-of-date and insecure software and had the slowest update cycles.

The Bit9 "Dirty Dozen" not-so-smart smartphone list includes:

1. Samsung Galaxy Mini

2. 2 HTC Desire

3. Sony Ericsson Xperia X10

Telecom Fraud from Smartphone malware apps

About 2 weeks ago I wrote about a phony NetFlicks app for the Android, today the BBC has an article titled Smartphone scams: Owners warned over malware apps which talks about how these apps are made and how they can be used to commit phone fraud.

Criminals are typically creating Trojan copies of reputable apps and tricking users into installing them.
Once on the phone, the app can secretly generate cash for criminals through premium rate text messages. 

Get Safe Online, a joint initiative between the government, police and industry, said it was concerned that users of smartphones, such as Android devices, were not taking steps to protect their devices.
Get Safe Online said fraudsters are designing apps which generate cash secretly in the background without the owner realising until their monthly bill.A typical scam involves an app designed to send texts to premium rate services without the user knowing. 

As with all telecom fraud the solution is a combination of setting the right controls and proactive monitoring.

To prevent a large, unexpected phone bill you should:

• Confirm that the app you are installing is certified and is from the company that it claims to be from.
• Install a malware protection app just like you have anti-virus on your laptop - and make sure it updates regularly. I wrote about some of these in the Netflix post.  
• Pay attention to performance. If your  battery seem to be running out too fast, if apps (and games)are running slowly, if calls or web sites take longer to connect you could have a malware app running on your system. If you do not have any protection install one and run a full system check.
• Occasionally look at your call and SMS (Text) logs to see if you have items that you did not make.
• Actually review your phone bill, you usually only have a month to challenge mistakes or fraud so this is your last line of defense.

Term Tuesdays - Telecom Fraud Explained

Each Tuesday I will be attempting to explain a different Telecom Fraud related term or concept. 


Where possible, I will include real world examples. For some cases I may not be allowed to release the specific information about the customer and then will provide the cases in general terms.

Topics will include

• Calls to Known Fraudulent Numbers or Destinations
• Hacking
• Internal Misconduct
• Malware
• Off Hour Call
• PBX Dial-Through
• Phishing
• Proactive Monitoring
• Service & Application Level Fraud
• Subscription Fraud

As this is intended to be educational I will try to include links to original articles or sources where the information originated, where they exist. Many of these will be related to white papers I, or my coworkers publish on the Humbug Telecom Labs site.

Where they are applicable to a specific market segment or product type, I will identify them.

When ever possible I will give tips or suggestions on how to prevent this type of fraud.

New Phishing Technique - Mobile Apps

Symantec has a nice blog post about a new type of phishing scam that has emerged in the mobile world.

Apparently the fragmentation of the Android operating system has enabled a window of opportunity for people who wish Phish mobile users. As the Symantec blog explains:

The official app, which was initially released in the early part of the year, was only recently published to the Android Market with support for multiple devices. A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit.

In the images below you can see the subtle differences between the real and fake versions.

Once a user has clicked on the “Sign in” button, they are presented with a screen indicating incompatibility with the current hardware and a recommendation to install another version of the app in order to resolve the issue. There is no attempt to automatically download the recommended solution. Upon hitting the “Cancel” button, the app attempts to uninstall itself. Any attempt to prevent the uninstall process results in the user being returned to the previous screen with the incompatibility message.

In spite of the list of permissions that is requested, it is unclear what  Android.Fakeneflic will collect from your phone or what it can do. But if past experience with PC based malware is any indication then it could be used to capture your passwords or credit card information, and could even be used to hijack your voice or data connection to enable them to use them for fraudulent calls from your phone. Calls for which you would be required to pay.

To protect yourself make sure you have a proper mobile security management product installed. There are several out there: Symantec,  Mcafee, Lookout , and Webroot all offer good products. In fact PC Magazine recently named Webroot Editor's Choice.

Do your research and protect yourself::

• AV-Comparatives weblog Mobile Security Review 2011
• Top Ten Reviews Mobile Security Software Review  (nice comparison table and ranking)