security

A few days ago, questions were raised over Skype's security in that Microsoft is reconfiguring the Skype network to allow Law Enforcement Agencies can have access to intercept calls. Mark Gillett, Skype's Chief Development and Operations Officer, responded to these concerns today.

With regards to the claims Skype has made changes in its architecture to provide Law Enforcement Agencies have greater access to Skype communications, Gillett says that this is false:

"The move was made in order to improve the Skype experience, primarily to improve the reliability of the platform and to increase the speed with which we can react to problems. The move also provides us with the ability to quickly introduce cool new features that allow for a fuller, richer communications experience in the future."

More →
1
loading...
4
loading...
28
loading...
0
loading...

Our audience is smart enough to know that no electronic system of communication is impervious to eavesdropping and there’s very little out there that’s near 100% secure. So it should come as no surprise that Skype is getting some publicity of its internal network restructuring that started occurring once Microsoft acquired the company last year.

The charge: Microsoft is reconfiguring the Skype network so that it Law Enforcement Agencies (LEA) can have access to intercept calls over the network to aid in investigations.

The reality is of course convoluted with no concrete evidence but it’s worth mentioning what exactly is going on here. So head past the break to get the scoop.

More →
5
loading...
12
loading...
38
loading...
0
loading...

There’s been a lot of news today—both for Microsoft and Nokia—so we’re going to just touch on a bit of that and also mention some other Microsoft stories that you may have missed. So here’s your roundup:

  • Microsoft wants you take your Xbox security seriously and posts tips on how to do that
  • Mark Penn, former advisor to President Clinton, will be a VP at Microsoft where he hopes to make Bing cool
  • Microsoft may have lost money this quarter but their consumer division is actually doing well

So head on past the break for today’s wrap up...

More →
0
loading...
1
loading...
14
loading...
0
loading...

MVP and frequent conference speaker David Rook, better known as SecurityNinja, gave an interesting presentation on security at Bsides London 2012. The chosen platform for discussion? Windows Phone. Rook goes into detail (it's an hour long presentation) about app and platform security. The talk covers Visual Studio, compiling code and how apps are ran within the OS.

While it's a fairly lengthy video, the talk is well worth checking out if you're interested in Windows Phone app development and security, or are wanting to know how everything works behind the doors.

Source: YouTube

More →
1
loading...
5
loading...
21
loading...
0
loading...

As we reported earlier this morning, Good Technologies was prepping to release their enterprise messaging app for Windows Phone, a big win for those who need security and a strong feature set for their device.

That app has now gone live in the Marketplace ready for download. We must emphasize: you need Good's back-end technology to run this as it is not standalone (think Exchange). From the app description:

"Good for Enterprise™ delivers secure mobile collaboration and device management for Windows Phone devices.  With Good for Enterprise, employees securely access corporate email, contacts, and calendar.  Good for Enterprise provides a unique, secure container that separates personal from business while respecting employees’ privacy – ideal for BYOD devices.  Unlike other solutions, only Good for Enterprise prevents data loss by providing security at the application layer (in addition to device security)."

We listed the full feature set earlier and needless to say, it's fairly comprehensive for a v1.0 release and what's more, Good promises more features in coming updates.

As noted in comments on our previous article, the main benefit for Good users is encryption of messaging, sandboxing of data and better security than Windows Phone or Exchange alone can offer (for now). Plus, with clients on the iPhone, iPad and Android it's nice to see Windows Phone on par with the competition.

Pick up Good for Enterprise™ for Windows Phone here in the Marketplace. Thanks, Munsey S., for the tip

More →
2
loading...
4
loading...
70
loading...
0
loading...

We don't recall seeing this at the insanity that was Mobile World Congress, but evidently on February 27th, Good Technology, who focuses on enterprise and security (and who used to be owned by Motorola) announced a partnership with Nokia to bring their "FIPS-certified 192 bit AES encryption and end-to-end mobile messaging" service to Lumia Windows Phones.

The service is set to roll out in Q2 2012, which means we should see this very soon. The press release goes on to detail the features coming to the Windows Phone app, which by the sounds of it will be only available in the Nokia Collection through the Marketplace:

"Employees will be able to access corporate email, contacts, and calendars through the Good for Enterprise application on their Nokia Windows Phone smartphones—just as they access Microsoft Outlook® or Lotus Notes® on desktop computers at the office—using the intuitive user interface with panorama and pivot views with which they are already be familiar. IT managers will be able to protect corporate data with data encryption and easy-to-apply policies, such as requiring passwords and preventing 'cut/copy/paste' capabilities from the Good for Enterprise app. They will also be able to establish role-based policies using web-based management tools and perform remote wipe of enterprise information only, leaving music, photos, and other personal data present elsewhere on an employee's mobile device intact in the event the mobile device is compromised, lost or stolen."

A big gap in Windows Phone services is actually in enterprise, specifically the lack of encryption on the device or secure, non-Exchange based messaging. Unfortunately, while many in IT departments want more advanced features on current Windows Phones, there seems to be no plans for an "enterprise update" for Windows Phone 7. Instead, Microsoft is putting off a major refocusing on this area till Windows Phone 8, expected in late 2012 (rollout early 2013) including 128-bit native BitLocker data encryption.

While Windows Phone 8 looks promising, this partnership with Nokia for the Lumia 710, 800 and 900 devices will offer a nice stop-gap for mid 2012 and another reason to "go Nokia". Combined with AT&T's recent secure-messaging software for Windows Phones, Lumia 900 owners will have no less than three enterprise-focused messaging solutions: AT&T's, Good Technology and of course Exchange. We think that's a pretty killer combo for IT departments.

Read the full press release after the break...Thanks, bilzkh, for the tip!

More →
3
loading...
17
loading...
42
loading...
0
loading...

Security firm CrowdStrike has identified a vulnerability that could allow attackers to seize complete control over a smartphone.  The hole could allow an attacker to gain access via Webkit-based browsers, which makes up the bulk of mobile web browsers.  The good news for Windows Phone users is that they are in the clear because Microsoft designed Internet Explorer themselves, opting not to use the Webkit platform.

George Kurtz, CEO of CrowdStrike, has tested this theory and has confirmed that Windows Phone, unlike iOS, Android and Blackberry, is immune to this threat.  Kurtz has not revealed the details of the vulnerability, but will be holding a demonstration tomorrow at a TSA conference.  For the time being, there is little that users can do to protect themselves.  Any fixes must come from the OS developers first, and then get pushed out to consumers.

Source: Zunited

More →
16
loading...
0
loading...
146
loading...
0
loading...

Here's an interesting little gem: On February 1st, AT&T pushed out a new app to the Marketplace called "AT&T Secure Messaging". Part of their new service, the app looks to be an excellent addition for Windows Phone users on the all-powerful network. From the app's description:

"AT&T Secure Messaging enables the exchange of encrypted messages between businesses, enterprises and government agencies who are using AT&T's Global Smart Messaging Suite powered by Soprano. AT&T Secure Messaging ensures your sensitive personal data is protected -  for example, a one-time password from your bank/online payment broker or a healthcare appointment reminder. Your secure messages are encrypted, then sent to the AT&T Secure Messaging mobile application and decoded, ready for you to read."

Fascinating stuff, especially for Windows Phone users in those key industries. For perhaps obvious reasons, we have no experience with AT&T's Global Smart Messaging Suite, but a quick trip to their site gives a plethora of details on the service which even regular consumer can opt-into (for a hefty price):

"The AT&T Global Smart Messaging Suite is a powerful web-based application designed for large enterprise messaging and communication. The AT&T Global SMS service enables 2-way communication (via SMS or e-mail), and can reach employees and opted in consumer subscribers at most wireless carriers globally. AT&T can help organizations get started using domestic short codes for cross-carrier SMS messaging, and the AT&T platform can also be extended on a global scale for messaging to employees and consumers worldwide."

Think of it as an in-house messaging service akin to Exchange. This push by AT&T into secure message delivery seems to be relatively new. A quick glance on YouTube shows a recently uploaded video detailing how this service can benefit the healthcare industry like hospitals in protecting vital doctor-patient data. Of course in the demonstration Android and RIM are shown using the service but it's now clear that AT&T also intend for Windows Phone to be there too as the app and service are both ready to use. That's good news as this could be a big area for AT&T to be entering especially as institutions look to support the many different devices of their end users.

If you're on AT&T you can find the app here in the Marketplace. QR code and video demonstration of the service can be found after the break. Thanks, Ben H., for the find!

More →
2
loading...
2
loading...
28
loading...
0
loading...

Tango, the cross-platform video calling application, appears to following in the footsteps of iPhone's Path application when it comes to the poor management of private account data. (Not to be confused with the Windows Phone update, codenamed Tango.) Today, a reader wrote in detailing how the PC client (version 1.6.14117 at time of writing) allows one armed with simply a mobile number access to any Tango user's contact data -- and account -- by simply using the application in a specific manner. While we won't share exact details, we must admit it's not hard to figure out. And just a few months ago, Tango was discovered to be downloading contact details without permission.

Using the steps provided, we were able to download a colleague's Tango contact data, make Tango calls, and manage account details with ease. This possibly indicates that Tango's security code-based account validation is simply an arbitrary client-side check -- a big no-no.

Update: Tango let us know the issue has been fixed and an update has been pushed out to users. Kudos to the Tango team for the quick response.

More →
0
loading...
0
loading...
26
loading...
0
loading...

Microsoft Store India has come under attack by hackers raiding under the banner of 'Evil Shadow Team', WPSauce has reported. The website was defaced yesterday with the above image replacing access, which was achieved by redirecting visitors to a file the team uploaded -- evil.html. The message is clear from the attack: "Unsafe system will be baptized."

For now the website is offline, presumably while Microsoft investigates what exactly went wrong and suggesting the software giant has regained control.

"The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologise for any inconvenience this may have caused."

Customers of the online store have been strongly urged to change their passwords once the site comes back online as Quasar Media, the online marketing agency that maintains the website, decided it would be a great idea to store user credentials and personal information in plain text - an obvious insecure practice.

While one could argue that it's in the interest of the customers to know that their details are not being stored securely, another could counter with stating that the attack, which has no known motive, was not required. 

Source: WPSauce, Hackteach, thanks for all the tips that were sent in!

More →
0
loading...
4
loading...
21
loading...
0
loading...

Security Toolkit (our review) is an app that enables the user to turn their Windows Phone into a mobile security system. From motion sensor capabilities to an intrusion alarm, Security Toolkit certainly is a neat app to play with. The app has recently been updated to 1.6. A brief list of a hundful of improvements implemented in the latest version:

  • WebCam Viewer - view a PC (live) connected webcam over local WIFI (auto discovered Cam Broadcaster is available as a separate app.)
  • Voice Recorder - voice recorder with silence detection and skip, start/stop/pause/resume recording using phone camera button, remote listen/record from PC console via local WIFI
  • Image quality improved for Cam Broadcaster

You can download Security Toolkit from the Marketplace for $3.99.

More →
0
loading...
1
loading...
7
loading...
0
loading...

Just a few hours ago we just posted on the 810x builds of Windows Phone and now Italian site Plaffo is noting that their LG Optimus 7 just received the very same update: OS build 8107. More exciting is the news that it came with a list of changes, most of which will make most folks very happy:

  • It solves a problem of the keyboard on the screen, preventing the keyboard to disappear while typing
  • Resolves an issue with syncing Gmail
  • It solves a problem of access to the location. After the upgrade, the function IO hub sends to Microsoft anonymous information contact the Wi-Fi access points and antennas for mobile phones in the vicinity, only if you have allowed access to and use of location information from part of the "I'm here."
  • Revocation of certificates issued by DigiCert Sdn Bhd to solve a problem of encryption
  • Fixes a problem with the e-mail related to Microsoft Exchange Server 2003. When you reply to or forward an email, the original message is now included in the response.
  • Fixes an issue of notification of voicemail

As you can see, this is a maintenance build, addressing many ongoing bugs and issues including the troublesome "disappearing keyboard" which plagues all Windows Phone Mango devices. That keyboard problem occurs when the on-screen keyboard will suddenly disappear when typing, due to certain background tasks "stealing" the focus, resulting in much user frustration. What is not clear, however, is what are the plans for Microsoft and the carriers for rolling this out. This looks to augment the 7740 OS package with even more fixes (if users don't have 7740, this new OS update will add those changes). Since US carriers skipped the 7740 build, they would seem obligated to roll this out to their customers.

In addition, since the Nokia Lumia 710 and 800 are running that update too, users of those devices should expect to see an update as well.

Once again, we expect more info about this OS build next week at CES but perhaps Microsoft will chime in on their blog before then with more details.

Update (6:08PM MST): Microsoft has sent us a statement:

Our engineering team has developed a service release which has been delivered to our carrier partners for their assessment. Details on specific improvements contained in these releases are available via the Windows Phone Update History page.

We're told the history page is lagging behind a bit but should reflect changes soon.

Update II: No shocker here, but the update doesn't fix the "SMS bug" according to Tom Warren who tested it. That's expected as it is not listed in the changelog.

Source: Plaffo

More →
1
loading...
0
loading...
89
loading...
0
loading...

We previously covered the "Windows Phone SMS bug" that would disable the messaging hub on the victim's handset, which was discovered (and reported) by Khaled Salameh. Just two days after the bug was made public by WinRumors, we learnt that Microsoft was looking into the issue. Today we have further news surrounding the bug, Salameh has been contacted by the Microsoft Security Team and informed that they've located the root cause and a fix is currently being tested.

While it's highly unlikely to affect users, it's good to know Microsoft is on top of potential security issues. Now we just need the disappearing keyboard to be looked at. We're getting there.

Source: Twitter (@KSalameh)

More →
2
loading...
0
loading...
35
loading...
0
loading...

We previously covered the Windows Phone Lock Screen wallpapers by AJ Troxell, which provided owners with an extra layer of protection should they misplace their phone. The wallpapers are customizable with editable files included in the pack so personal information can be added including name, email, number, etc.

As AJ is being non-secret Santa this year with 12 days of freebies, and because the lock screen wallpapers proved to be popular, he's released version 2 today. What's new? 4 styles, 43 backgrounds, 4 variations of complete icon sets, and comes in Photoshop and Illustrator formats. Head on over to AJ's site (link below) to download version 2 of this truly useful pack.

Source: AJ Troxell, thanks AJ!

More →
2
loading...
2
loading...
14
loading...
0
loading...
9

Windows Phone App Review: Security Toolkit

While it has practical applications, Security Toolkit for your Windows Phone is just a neat app to play with. It turns your Windows Phone into a mobile security system with alarms and surveillance abilities.  To do so, Security Toolkit makes use of your Windows Phone camera, microphone and Wifi.

Security Toolkit does go beyond the coolness factor by offering you a discreet, mobile security system.  While I can see Security Toolkit being featured on Hawaii Five-O to help McGarrett solve the next big case it can easily be used in every day adventures.  The motion camera can be used to see who's been sneaking into the break room refrigerator or while traveling to help keep an eye on your hotel room. The remote camera can be used to monitor your children playing in another room or for use as a baby monitor.  The motion alarm can be used to keep your Windows Phone safe from curious hands.  

More →
5
loading...
4
loading...
18
loading...
0
loading...

Should you lose your Windows Phone, there is a possibility that should a person come across it they'll return it. But what if there's a lock on the handset? They can't rummage around your Twitter, Live, email and Facebook accounts in attempt to contact you. This is where WP7 Lock Screen comes into play.

Waking up the screen will present whoever has picked up your phone with a wallpaper that's customised with your contact details so they can easily get in touch, whether it be via Twitter, Facebook or a landline number. An optional add on is a "cash reward" message at the bottom of the wallpaper, providing a small incentive to return the lost valuable.

Think of it also as a portable, digital business card that you don't have to keep in your wallet. It's a neat little idea. The pack, by AJ Troxell, is freely available at the source below and includes a .PSD file for customisation.

Source: AJ Troxell  Thanks AJ!

More →
1
loading...
0
loading...
26
loading...
0
loading...

An interesting thing happened yesterday which we chose to not cover in detail. In short, someone published an app to the Windows Phone Marketplace that was pirated. Specifically it was a popular GPS navigation app which cost a good amount of money.  The person responsible presumably ripped the original XAP from the Marketplace and simply re-submitted it, pawning it off as their own.

Did they try to make money from it? Nope, they did something possibly worse--they offered it for free.

More →
0
loading...
5
loading...
47
loading...
0
loading...

Computer and mobile device security is a tough business. There's hype and then there are real threats and so far most in mobile have been hype (but see AVG-gate). Still, Android is either an OS with a lot of security vulnerabilities or everyone just likes to pick on it. Either way, between Carrier IQ earlier this week and now this paper from North Carolina State University, the little robot is having a tough time.

Computer scientists at NCSU created an app called 'Woodpecker' that would search for app vulnerabilities in Androids's permission-based security model. In short, when you install an app in Android, it tells you what that app can access e.g. user info, data, geolocation, recording sound, etc. Basically if you don't think a wallpaper app should have access to say, recording sounds, you prevent the app from installing. The problem is this: apps can unknowingly grant permissions to other apps, allowing a seemingly innocuous program to gain access to functions not agreed to by the user.

More →
6
loading...
34
loading...
68
loading...
0
loading...

If you haven't been following the Carrier IQ saga, let us try to re-cap it for you. Going back to October, it was reported that software on HTC Android phones was recording data and as Android Central lightly put it, "storing it sloppily". Information that was collected included phone numbers, geolocation and account names. It doesn't identify you per se with your name, but rather your device ID. Still, people rightly raised a storm. Turns out that software had a name: Carrier IQ.

Fast forward to last week when Trevor Eckhart -- aka TrevE -- wrote in detail what Carrier IQ was actually doing on the phone. The company Carrier IQ did not like this, made some legal threats against him, prompting the Electronic Frontier Foundation to step in. Carrier IQ (or just CIQ) quickly backed down and things looked to be at a stand off. CIQ then put out a press-release stating that their software

  • Does not record your keystrokes.
  • Does not provide tracking tools.
  • Does not inspect or report on the content of your communications, such as the content of emails and SMSs.
  • Does not provide real-time data reporting to any customer.
  • Finally, we do not sell Carrier IQ data to third parties.

Now, Eckhart has just published a second video (after the break) in response to CIQ's press release which seemingly contradicts just about all of the above. In the 17 minute long video (it gets good at about 8 minutes), Eckhart goes through and in real-time shows how keystrokes are recorded including phones numbers dialed, HTTPS data is sent unencrypted, text message data is accessed and of course that you really don't know that this app is running. All of this is performed on a stock Sprint EVO 3D and EVO 4G. What makes all of this troubling is the fact that (a) you aren't told about it (b) can't uninstall the software. You need to root the phone and load on a new, custom OS to get rid of it...

More →
8
loading...
124
loading...
64
loading...
0
loading...

To fight off the inevitable, RIM is looking to expand into security services to other mobile platforms which they hope will add some much needed cash to their dwindling reserves. The service, called Mobile Fusion, is expected to launch in Q1 on iOS and Android. Citing security concerns and their robust history of delivering device management via their NOC servers, RIM is looking for a new angle in the mobile industry. The new service will allow "...corporate IT staff to set and monitor rules for passwords, apps and software on a range of devices" and will also add remote find, lock and erase features.

"We will take full advantage of whatever security capabilities are provided by the core operating system. We're not going to hold that back in any way, shape or form."

Windows Phone is currently not on their plans for support, but they do note that if there is enough demand, they will certainly consider adding Windows Phone. That's fine for RIM and we're glad they're moving beyond smartphones, which is clearly not their forte anymore. But do we really need their services? We suppose from an IT perspective, if they can control iPhones, Androids and Windows Phone with all the same "switch" that my be a good sell, but obviously Windows Phone has a lot of this already built in via the Find My Phone feature. private Marketplace for app distribution and Exchange support.

So RIM, thanks but no thanks for reinventing the wheel. Still, Windows Phones does need beefier security (device encryption, etc.) which RIM can't fix as it's too deep in the OS. So Microsoft, we're looking at you.

Source: Reuters

More →
0
loading...
1
loading...
23
loading...
0
loading...

Pages