Cloudflare 1.1.1.1 with Warp+: Should you use it? - The Android Soul

Cloudflare 1.1.1.1 with Warp+: Should you use it? - The Android Soul

Cloudflare 1.1.1.1 with Warp+: Should you use it? - The Android Soul

Posted: 26 Nov 2019 01:17 PM PST

Contrary to how you've come to know it works when you are on your phone, everything you do on the internet is done using numbers. DNS servers translate these numbers to addresses and you can think of it as the phonebook that kets you browse through the internet.

You might be able to access any site from your smartphone or PC, but DNS records are spread across several servers around the globe. What you might not know is that as you type, several machines are checking and converting the information into numbers and connect you to the internet.

One such nameserver is Cloudflare and it's recent 1.1.1.1 with WARP+ service helps re-route your internet traffic, faster than your original internet connection, something even VPN services haven't achieved yet.

RelatedAndroid VPN: All you need to know

What is Cloudflare 1.1.1.1 Warp+

Cloudflare's 1.1.1.1 with WARP+ replaces the connection between your phone and the Internet with a new protocol that encrypts the data leaving your phone. Warp originates from Cloudflare's 1.1.1.1 application which when released was an alternative DNS service instead of the one assigned by your ISP. WARP and WARP+ is a functionality inside the 1.1.1.1 app which acts as a VPN but is not like any other VPN service available till now.

While WARP doesn't mask your IP address as a VPN would, it encrypts the data sent out from your smartphone. WARP+ does everything WARP does but with an added feature – Argo Smart Routing. This technology reroutes your internet traffic through Cloudflare's network in order to reduce network congestion. To understand this better, you need to have a background of what exactly DNS and VPN do.

What is DNS

DNS or Domain Name System translates domain names to IP addresses which allow browsers to load web pages and content. Essentially, DNS is the phonebook to the internet and converts a hostname into an IP address. If you typed a web address and waited for the page to load, the time that you're waiting for the page to load up is for the systems to process through the many DNS records.

What is a VPN

A VPN or a Virtual Private Network sends or receives data between two points in an encrypted way. It's a service where devices can reroute the internet through another computer or server that's located on a part of the world. When enabled, the VPN will prevent attackers from snooping into networks and access your internet traffic.

Warp+ is thus a VPN for non-technical people which provides an encrypted DNS, encrypted tunnel, which connects you to the Cloudflare servers that are closest to the website you're accessing.

Related11 Best VPN apps for Android

Why should you use Warp+

  • Cheaper than a paid VPN service: The paid version of WARP costs users $4.99 or less, depending on the region you're from. Cloudflare says the price of its WARP Plus has been made to match that of a Big Mac in the region. In India, WARP Plus costs Rs 69 for a month's subscription. In contrast, the average cost for a month's service from a major VPN provider in the US is $10-$12.
  • Prevents your ISP from monitoring your traffic: Like any traditional VPN service, Cloudflare's WARP, and WARP+ services make sure your traffic goes undetected by your internet service provider.
  • Adds an extra layer of security when using public Wi-Fi: Warp is a simple way to ensure that users secure their device while outside of their homes. When using public WiFi networks, Warp creates a VPN-like encrypted tunnel between the user and Cloudflare using its open-source WireGuard protocol. This helps the device stay protected from man-in-the-middle attacks using Cloudflare's DNS resolution servers.
  • Faster browsing speeds than without a VPN app: It's a known fact that using any VPN service will directly affect the speed of your internet, bringing it down by a considerable margin. Cloudflare's WARP Plus is designed to improve your mobile broadband connection speeds because your traffic is sent through the company's servers instead of public networks. In our testing, WARP+ offered an improvement in speed when using the phone for browsing and social media, which is what people actually do with their phones.

RelatedBest VPN for Netflix

How is WARP+ different from its free version

Prior to launching its much-awaited WARP service, Cloudflare only offered its 1.1.1.1 app for free to provide encrypted DNS on Android (as well as iOS) phones. With WARP, the company can offer encrypted DNS and an encrypted tunnel that connects you to Cloudflare servers nearest to you.

The paid version of WARP+ is everything WARP is and a little more. In addition to offering an encrypted DNS, Cloudflare's WARP+ provides an encrypted tunnel that directs all the network traffic between your device and Cloudflare servers closest to the website you're accessing.

This means, instead of connecting your device to its servers near to you, the paid version of Cloudflare's service establishes a connection to its servers that are closer to the sites you want to connect to. WARP+ thus makes sure that the encrypted data sent by the device remains encrypted for a longer duration and all of it is done through the company's Argo Smart Routing technology.

RelatedHow to set up VPN on Netflix

Can you replace your VPN Service with Warp+

No. Cloudflare itself claims that Warp is a VPN-like service for the non-technical people. Stress on the word "like" as it doesn't provide all the perks that are available with a VPN app. Unlike a traditional VPN service, WARP+ doesn't offer the kind of privacy you'd expect from a full VPN neither does it allow you to choose your endpoint region. Many paid (or even free) VPN apps allow you to change your IP address to a region of choice.

When using Warp+, your IP address remains the same, meaning you cannot connect to a website anonymously while your traffic is still hidden from your ISP. Unlike a VPN service, Warp+ cannot be used to get around site bans.

While some VPNs can be used for watching overseas streaming services, Cloudflare's WARP+ doesn't claim to do so. The company itself says "WARP is not designed to allow you to access geo-restricted content when you're traveling. It will not hide your IP address from the websites you visit".

Speed test comparison

We managed to run some tests with different networks on our Xiaomi Pocophone F1 running the latest firmware – Android 9 Pie and MIUI 11. The results listed below have been matched to the average speed that the device achieved on different networks.

When connected to a WiFi (broadband) network

The first round of tests has been done when the device was connected to a fiber broadband network.

Left: Without WARP; Center: With WARP; Right: With WARP Plus

As the picture clearly shows, the device when connected to a regular broadband network managed to achieve the lowest download speeds when WARP or WARP+ isn't enabled. However, without WARP, the connection was able to attain the highest upload speed of the three scenarios and the best ping (111ms) with no packet loss. Caused by errors in data transmission, Packet loss happens when one or more packets of data traveling across a network fail to reach their destination.

With WARP (not the paid version), the device was able to get slightly higher speeds (up to 15 percent) when downloading while uploads suffered a setback from 90Mbps to 38.2Mbps. The latency of the connection remained almost the same as a ping difference of 3ms is negligible.

When WARP Plus was enabled, download speeds improved over two-folds than that without a WARP connection. This is evident from the fact that the test was able to download around 79MB of data when during the same test period, the device could only download over 38MB data without WARP enabled. The paid service was also able to achieve higher upload speeds than free WARP (around 69Mbps) but at the cost of a higher ping (128 ms). This was the first instance where we noticed some packet loss, albeit on a tiny margin.

When connected to an LTE network

Our second round of tests involved being connected to a standard 4G mobile network. Similar to the tests above, we've devised the results for when the device was connected without WARP enabled, with WARP, and with WARP Plus activated.

Left: Without WARP; Center: With WARP; Right: With WARP Plus

Upon connecting to a mobile network, the results justified that of the WiFi score. When the device was running without WARP, to managed to achieve a download speed of 5.16Mbps with an upload speed of 8.28Mbps.

With Warp enabled, download speeds jumped to 6.13Mbps, thus offering a 15 percent boost in downloads similar to that of WiFi. Likewise, upload speeds suffered as it bumped down to 2.65Mbps, although ping was more or less the same.

As expected, WARP+ pushed the phone to reach a download speed of 6.74Mbps, registering a 23 percent improvement. Upload speeds also fared well and even managed to topple that of the non-Warp score by jumping from 8.28Mbps to 8.68Mbps. However, similar to the results of the WiFi connection, the server's response time reached a peak of 142ms compared to 14ms on a non-WARP LTE connection. There was no loss in data as packet loss remained at zero.

What we came to know

  • Download speeds registered through WARP and WARP+ were indeed higher than your default connection.
  • WARP+ gets you a faster download speed than the free version.
  • Upload speeds could suffer because of WARP.
  • WARP is dependent on the speed of your internet connection.
  • Cloudflare's 1.1.1.1 with WARP+ consumes a lot of resources, thus draining a significant amount of the battery. In our testing, the app's battery consumption was similar to that of a graphic-intensive game (Call of Duty, in this case) as it managed to total up to 9 percent. This meant that WARP could take a toll on the battery life of an older phone that's less efficient on resources.

  • Speed tests could be deceiving but you'll notice differences in user experience when browsing through the internet or social media.
  • There's no sign-in process, meaning Cloudflare doesn't ask for your personal information like name, phone number, or email address.
  • Sites you visit see the real IP address of the user.
  • WARP cannot be used for region-shifting or a confidential internet solution.
  • WARP and WARP+ might not work for some websites or apps. But the 1.1.1.1 app allows you to exclude those apps on an individual basis inside the "Manage blocked apps" section under the app settings. We tested to see if WARP+ and WARP work inside the Google Play Store without blocking it and we can verify that it does.
  • Basic WARP is free to use but you can also get WARP+ for free by referring the app to your friends. Every time a person you send the invite to registers for WARP, you and the person get 1GB of WARP+ access.

How to set up Cloudflare 1.1.1.1 with Warp+

  1. Open the Google Play Store on your Android phone.
  2. In the search bar at the top, type "1.1.1.1" and press enter.
  3. Open the result listed by developed named 'Cloudflare'.

  4. Tap on the result and install the app.
  5. When the app is installed, click on Open.

  6. Follow the instructions on the app to set up the VPN-like service on the phone.
  7. When the app is set up, toggle the switch on the main screen of the app to turn ON Warp.

  8. When switched ON, the app will read that "your Internet is private".
  9. Tap the hamburger menu on the top right to open the app's settings page.

  10. Ensure that you select the "1.1.1.1 with WARP+" from the two options. This will enable WARP+ on your Android device.

  11. To use WARP+, you'll need to subscribe to the service through Google Play.
    • Click on Manage Subscription to head over to the app's subscription page.
    • Payment can be done through Google Play balance, credit/debit card or other methods.
  12. WARP+ can be triggered ON or OFF through Android's Quick Settings section.
  13. To exclude apps from using 1.1.1.1:
    • Open 1.1.1.1 app.
    • Head to the hamburger menu on the top right.
    • Click More Settings.
    • Tap on Connection options.
    • Hit Manage blocked apps.
    • Add the apps you want to block.

Use This Travel Privacy Router to Secures All of Your Sensitive Information - Gadget Flow

Posted: 27 Nov 2019 04:01 AM PST

The digital age is amazing. We have all of the information we could ever need right at our fingertips, any time we want it. Unfortunately, that means other people have all of the information they could ever need right at their fingertips. Including all of our personal and private information.

This travel privacy router secures all of your information
This compact travel privacy router is easy to carry

Public Wi-Fi is pretty much everywhere now. And it's a beautiful thing. Instead of eating up our data plans with our cell carrier or tethering our devices to our cell phones, we can simply log on to the coffee shop or hotel Wi-Fi. But public Wi-Fi comes with risks. It's unsecured and leaves you open to hackers. Now, you can have your own travel privacy router with the Mudi 4G LTE Privacy Router.

You'll be able to secure all of your private information while you're working in public. If you travel a lot or like to head down to visit your favorite local barista and work from the coffee shop, you won't have to worry about leaving yourself vulnerable and open to hackers.

Public internet leaves you vulnerable to cyber attacks

If you work at home, it can be a bit rough to stay in the house day in and day out. It's easy to get distracted by pets, household chores, or the TV. Sometimes, it's just better to get out of the house and let a change of scenery give you that boost of creativity you need to make it through the rest of the day.

But if you're dealing with personal information in your daily business dealings, every time you go to the coffee shop and connect to their free, public Wi-Fi, you're putting your client's information at risk to hackers. One of the most common security risks is malware distribution, and it can be injected onto your device without you even knowing it.

There are even things called malicious hotspots, and hackers can trick you into connecting to them by using clever names disguised as public Wi-Fi. Once you've connected, you've given the hacker the ability to see and steal all of your sensitive data and the ability to gain access to your device at any time.

Mudi is a portable 4G LTE privacy router, and it's easy to set up.

  1. Insert Cards and Power On
  2. Connect via Wi-Fi or Connect via LAN
  3. Set up router
A person is holding a personal router and sliding it into a backpack pocket.

You will always have internet security when you have Mudi

Once you're set up, you'll have four different methods to access the internet.

  1. 3G/4G Modem
  2. Repeater
  3. Cable
  4. Tethering

If you are looking for a quick and easy way to control your Mudi, all you have to do is download the mobile app. It lets you control your Mudi through your phone or tablet. From there, you can enter your credentials and connect your Mudi travel privacy router to different VPN services. And it makes it easy since your credentials are stored securely on the app.

Benefits of the Mudi travel privacy router

Mudi comes with a host of features to serve you and will keep your information secure and protected.

  1. 4G LTE Module
  2. High Speed
  3. Dual-band Wi-Fi
  4. 128 GB of External Storage
  5. Built-in Battery
  6. VPN Client/Server
  7. Tor Anonymity
  8. OpenWrt Pre-Installed
  9. Travel-friendly
  10. DNS Encryption
A person is holding a black privacy router.

Mudi is easy to set up and easy to use to secure all of your private information

When you buy your Mudi personal router, you'll receive everything you need to get started.

  • Mudi (GL-E750) 4G LTE Privacy Router (with North American modem or non-North American modem
  • USB-C to USB-C cable
  • USB-C to USB-A cable
  • USB-C port replicator
  • Ethernet cable
  • Power adapter (with US, UK, or AU plug)
  • User guide
  • Pouch bag

This privacy router comes with the best software for your security

There are four areas of software to look at with this privacy device that helps you keep your information secure from prying eyes looking to steal from you.

Open Source VPN Protocols

Mudi has state-of-the-art open-source cryptography protocols. These protocols include OpenVPN and WireGuard®. With these, you are guaranteed the maximum protection, and you'll have the best performance. What this does is allow Mudi to connect to existing VPN services providers.

A person typing on a laptop, and a travel privacy router on the table next to it.

Protect yourself from hackers and viruses

Tor Anonymity

Tor Anonymous Network Routing is back by world-class researchers, and Mudi has this service installed on their routers to give you extra protection.  When you activate the Tor service, Mudi will then be able to encrypt and bounce your communications randomly through a network for relays that are run by volunteers around the globe. Your identity will be concealed.

Repeater Manager

This will store your known SSIDs that way it is able to automatically connect to available SSIDs on the list when you're near to them.

Multiple Internet and Failover

When you are traveling, Mudi will be connected to your carrier network. This will supply secure internet to your devices. And when you get back home or to your hotel, Mudi connects to the corresponding Wi-Fi to protect your data. And if your Wi-Fi happens to fail, Mudi will automatically switch to any other connected sources such as WAN or LTE.

DNS protection by verified services providers

You'll have DNS encryption via Cloudflare or other DNS HTTPS proxies.

What we ❤️

Having a personal privacy router that is easily portable and easy to set up is something a lot of people need. Especially since every time you turn on the news, more and more people's information is being compromised. Sure, we can't control who gets onto big business servers, but at least we can control who is getting onto our personal devices and accessing our private information.

A guy is sitting at a table and holding at a personal router his is holding.

Mudi gives you access to Tor Anonymous Network Routing

What we would ❤️ to see in future designs

This device is fantastic, and we'd love to see more 4G LTE modules available if possible. And we're always a fan of color options other than black for those who like to stand out in a crowd or color coordinate all of their devices.

Where you can get your Mudi 4G LTE Privacy Router

For only $153.18, you can have the peace of mind of absolute security. When you visit Kickstarter to buy the Mudi privacy router, you'll be able to sleep better knowing that whenever you're in public, all of your information and that of your clients is safe. That's well worth the cost of your monthly cable bill.

Product Stories

Meet Tera Cuskaden

Tera has worked in the publishing industry since 2004 and considers the written word her first love. When she's not writing or editing, she's usually traveling, knitting, or binge-watching Netflix.

Hidden Cam Above Bluetooth Pump Skimmer - Krebs on Security

Posted: 25 Nov 2019 03:55 PM PST

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I'd never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices.

Apparently, I'm not alone.

"I believe this is the first time I've seen a camera on a gas pump with a Bluetooth card skimmer," said Detective Matt Jogodka of the Las Vegas Police Department, referring to the compromised fuel pump pictured below.

The fake panel (horizontal) above the "This Sale" display obscures a tiny hidden camera angled toward the gas pump's PIN pad.

It may be difficult to tell from the angle of the photograph above, but the horizontal bar across the top of the machine (just above the "This Sale $" indicator) contains a hidden pinhole camera angled so as to record debit card users entering their PIN.

Here's a look at the fake panel removed from the compromised pump:

A front view of the hidden camera panel.

Jogodka said although this pump's PIN pad is encrypted, the hidden camera sidesteps that security feature.

"The PIN pad is encrypted, so this is a NEW way to capture the PIN," Jogodka wrote in a message to a mailing list about skimming devices found on Arizona fuel pumps. "The camera was set on Motion, [to] save memory space and battery life. Sad for the suspect, it was recovered 2 hours after it was installed."

Whoever hacked this fuel pump was able to get inside the machine and install a Bluetooth-based circuit board that connects to the power and can transmit stolen card data wirelessly. This allows the thieves to drive by at any time and download the card data remotely from a mobile device or laptop.

The unauthorized Bluetooth circuit board can be seen at bottom left attached to the pump's power and card reader.

This kind of fuel pump skimmer, while rare, serves as a reminder that it's a good idea to choose credit over debit when buying fuel. For starters, there are different legal protections for fraudulent transactions on debit vs. credit cards.

With a credit card, your maximum loss on any transactions you report as fraud is $50; with a debit card, that protection only extends for within two days of the unauthorized transaction. After that, the maximum consumer liability can increase to $500 within 60 days, and to an unlimited amount after 60 days.

In practice, your bank or debit card issuer may still waive additional liabilities, and many do. But even then, having your checking account emptied of cash while your bank sorts out the situation can still be a huge hassle and create secondary problems (bounced checks, for instance).

Interestingly, this advice against using debit cards at the pump often runs counter to the messaging pushed by fuel station owners themselves, many of whom offer lower prices for cash or debit card transactions. That's because credit card transactions typically are more expensive to process.

Anyone curious how to tell the difference between filling stations that prioritize card security versus those that haven't should check out How to Avoid Card Skimmers at the Pump.

The compromised pump with the hidden camera bar still attached. Newer, more secure pumps have a horizontal card reader and a raised metallic keypad.

Tags: ,

This entry was posted on Monday, November 25th, 2019 at 11:40 am and is filed under All About Skimmers. You can follow any comments to this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.

The Role of Evil Downloaders in the Android Mobile Malware Kill Chain - Security Intelligence

Posted: 27 Nov 2019 03:10 AM PST

The spread of malware from user PCs to handheld devices such as smartphones has been a gradual process that started gaining momentum about a decade ago. At first, relatively basic Trojans would focus on stealing SMS messages to compromise two-factor authentication (2FA) sent to users by their banks. Then, increasingly sophisticated malware started emerging in the wild with features that can take over the device, harvest data, control communications and even lock the user out, to name a few.

But while mobile malware used by financially motivated threat actors is indeed a lot more elaborate nowadays, infecting devices remains somewhat of a challenge. Embedded security controls typically prevent Android devices from running apps from third-party sources, and without the user activating side-loading, or worse yet, jailbreaking the device, infecting users at scale can be rather slow even for motivated attackers.

So how is it that we keep seeing mobile malware infection numbers rise and even skyrocket, with numbers breaking previous records almost every year? These numbers can be attributed in large part to infection campaigns that take place directly on the official app store, such as Google Play.

The first thought on anyone's mind would be that official stores should be a trusted source and protected by controls to prevent the entry of malware, and that is true. What cybercriminals have been doing is using a workaround in the shape of mobile malware downloaders.

These are benign-looking apps that can very often be found on the official Google Play store. The loader app could seem like something useful users would want to get, or something enticing, offering some free videos or games, but it naturally has ulterior motives: After it is downloaded, it will usher in malware to the device by fetching and running it from the attacker's server.

Fake Apps Downloaded Millions of Times

While campaigns do vary widely, fake app downloads reportedly can reach millions of users. The trust users have in official stores can push the download rate and amplify campaigns. For attackers, planting these fake apps in stores means exposure to a huge user base daily and a very cost-effective way to bank on the traffic that comes through the store.

A recent report indicates that just one malicious app on the Play store, a fake emoji keyboard app called ai.type, was installed by 40 million users. Worst of all, even though it was removed from the store, it's still present on user devices, stealing information and making money for its operators via click-fraud and ad-related income. This sort of scale justifies taking a longer look at the cybercrime strategy that enables malicious content to get to official stores in the first place.

Early Stage in the Kill Chain

In the mobile malware kill chain, the role of malware downloaders begins in the early stage of the infection flow. They do not typically contain malware capabilities and are designed to "blend in" and look like legitimate apps in the Google Play store. They often entice relevant users to download them by looking like banking apps, foreign exchange calculators, free translation apps or other trending apps. Malware authors remain up to date regarding popular trends, they can fixate on region-specific trends, or aim to infect as many users as possible with malware that spreads persistent ads or click-fraud.

To appear like legitimate apps, these downloaders just prompt installation from the Play store app, and do not require any special permissions, like the request_install_packages permission. This permission is not very common but not considered to be alarming since legitimate apps also use it, making downloaders harder to detect as potentially malicious.

Figure 1: The typical mobile malware downloader infection flow (Source: X-Force Research)

Post-installation, evil downloaders in disguise will examine the device's characteristics, then download and install malware from untrusted sources, thereby having a better chance of bypassing the security measures enforced both on the Play store and on the device.

In some cases, downloaders can be masked as a known popular app, and then ask the user to enable an "Update" download post-installation. This is when the user will unknowingly install two apps: a malicious app and the original app they intended to get — a scheme planned by the malware's distributor to keep users from suspecting that something went wrong if they look for the real app later on.

Fetch and Deploy

Most downloaders do not feature a lot of functionality as they are used during the first stage of infection. Their purpose is to evade the detection of anything suspicious, so their feature list is kept to a bare minimum.

A common scenario is that apps that download and install a secondary APK from the internet fetch them from a server controlled by the attacker. This allows the malware's developers the agility to version the malicious APK, modify or replace files, and infect users with different files all the time. This can also help them evade detection by static controls and antivirus or file blacklists.

A less common scenario is the Trojanized app technique. These types of downloaders have the malware embedded into their own APK, usually as an encrypted/packed blob to keep it concealed. Malware developers may choose this route to do some operational security because, this way, the downloader does not need to communicate with a command-and-control (C&C) server over the internet, requires fewer permissions and can still launch the malicious app without any connectivity. While not as agile as fetching files from the internet, this technique has its merits.

Downloader Campaigns

Downloaders can be very similar in terms of their inner workings. In the wild, we prefer to classify them by campaign. We define a campaign as a set of malware samples that target entities in a certain region or vertical, such as banks in the U.S., and use the same tactics, techniques and procedures (TTPs), including social engineering methods, C&C servers, codebases, etc.

Attributing samples to a wider campaign can help contribute to a broader understanding of the TTPs used by the perpetrators of the campaign and can also help hunt for new, present or future samples to be used by the same attackers.

While some downloaders are a commercial offering on the dark web and underground fraud-themed forums, others are private codebases that are not offered for sale to other actors in the mobile malware sphere. In the past, X-Force researchers looked into commercial campaigns that featured the Anubis malware infecting users via the Play store. But the ExoBot Trojan, which is a private distribution of Marcher, is used exclusively by its developers and their cybercrime faction.

Next, after fetching the malicious application that they were created to deliver, downloaders need to install it.

Common Malicious Install Pathways

Different malware developers may opt to use their own preferred tactics. According to X-Force research analysis, the most common installation tactics use the Android PackageManager API that can launch an install prompt.

Figure 2: The most common ways that malware apps get installed on Android devices (Source: X-Force Research)

Each method has its own merits and faults, and each is affected by Android security controls that are part of the user's operating system version.

Using Android Package Manager APIs to Install Malware Apps

Using the PackageManager API to install applications is subject to the way that API works, to applicable permissions and to user consent. One of the factors that affects the ability to use the API is its version and the OS version of the target device.

For example, a minor change that separates API 23 and lower, and API level 24 and above: An update to the access level of files was introduced in version 24, forcing applications to use a file provider for accessing files rather than providing the absolute path.

These variations influence whether, and how, malicious apps can install the malware they fetch into the device.

Installing Apps

Described below are the two main code sequences for installing an application. The code regarding the APK installed from the external SD card uses the newer API, which requires a file provider and is already enforced for applications on the Google Play store.

Prompt installation from device path (API 24 and above):

Remember the update to the access level of files that was introduced in version 24 of the API? That update is a security layer that's meant to offer a secure way to handle files between apps. It requires that apps use a component called the Android FileProvider to access world-readable files instead of providing an absolute path. Before this change, it was possible to send a file object and trigger the install intent; but starting with Android 7 (Nougat), the FileProvider requirement came into the picture.

A Redirect to Google Play

The second scenario we see quite often is when a malicious link that can't install an app does not attempt to fetch malware from the internet; instead, it redirects the user to the Google Play store where they will be sent to the downloader app page.

Prompt Google Play installation:

Figure 3: Post-installation warning that redirects users to yet another suspicious app on Google Play (Source: X-Force Research)

The on-screen prompt in Turkish above translates to: "ERROR! Failed to install application! You're being redirected to Google Play."

Typical Downloader App Permissions

While app permissions are asked for and granted differently across mobile devices, Android-based operating systems will ask the user to grant permissions on installation. When it comes to downloaders, these apps ask for some repeated permission sets to enable them to later fetch and run malware.

One of the must-haves is the permission to install other applications:

  • android.permission.REQUEST_INSTALL_PACKAGES

Other, very common permissions asked for are those that will enable the app to create persistence in case the user turns their device off and on again, to access the internet, or to save the APK:

  • android.permission.INTERNET — Necessary for accessing external websites and for downloading a file from the internet
  • android.permission.RECEIVE_BOOT_COMPLETED
  • android.permission.WRITE_EXTERNAL_STORAGE — For saving the downloaded APK to the device's SD card

REQUEST_INSTALL_PACKAGES

The permission REQUEST_INSTALL_PACKAGES is available from API Level 23 (Android 6.0 Marshmallow) and required from Level 26 (8.0.0 Oreo). Currently, applications published to the store must target Android 9, API version 28. It is therefore safe to say that all downloaders on the store will have this permission.

Please note that android.permission.INSTALL_PACKAGES is a permission that allows installing an APK without any interaction with the user, but this permission can only be used by system apps, and as such, it is out of the scope of threats described in this document.

WRITE_EXTERNAL_STORAGE & INTERNET

Per X-Force research observations of malware in the wild, downloaders will connect to the attacker's server and download the malicious APK from there, then automatically save it to the Downloads folder on the SD card.

How to Mitigate Risk From Downloader Apps

Mitigating the potential installation of an app that might end up being a malicious intruder can be challenging because that initial app can look benign. There are still some ways to avoid these apps with some vigilance and app permission awareness, outlined here:

  • Start by only downloading apps from official stores that vet the apps and check them before they are offered to the user base.
  • Fake apps may look useful, but they are usually from unknown sources, feature low-grade design, faulty syntax and are likely smaller in size than other apps.
  • Multiple apps that look alike are likely from the same campaign and should be avoided.
  • There are millions of fake apps that try to impersonate reputable ones. If you are looking for a specific app, make sure it's the correct one. You can usually get the right URL from a vendor's/service provider's official website.

Taking a closer look at the app's developers can reveal if they are a legitimate source. If they have other apps, they are more likely to be real. If they don't, and do not have a reputable website with scarce and generic user reviews, it could be wiser to look for another, better-vetted app.

Figures 4 and 5: Recently found downloader apps detected on Google Play (Source: X-Force Research)

Organizations can mitigate the risk to bring-your-own-device (BYOD) and work-issued devices by configuring app download parameters. A mobile device management (MDM) solution can also help with that task. To detect apps that have already been downloaded, organizations can look at blacklisted malicious apps or get help from a service provider to detect suspicious and malware-laden apps on user devices.

Educating users can be another useful layer of security against any cyberthreat, and malicious apps are no exception. Explain potentially malicious apps to your user base and enable them to understand app permissions that could be indicative of excessive access rights. Lastly, ask your users to never jailbreak or root their devices, whether they own the device or have a company-issued device.

Information Security: Corporate-Owned Devices Vs Employee-Owned Devices - Security Boulevard

Posted: 25 Nov 2019 11:52 PM PST

Information Security for Mobile Devices
Information security: Corporate Owned Vs Employee Owned Devices

In an era of enterprise mobility, employee flexibility and convenience in terms of working from remote locations and device usage has become a new norm. Although this definitely adds to their productivity and efficiency, but at the same time, companies cannot ignore the threats and risks they pose to corporate information security. The influx of mobile devices and the plethora of platforms in the workplace is making things more complex for companies. Conditions get trickier when employees are allowed to use their own devices at work, whether in office premises or a remote location. This blog will discuss why a company needs to make an informed decision about implementing a specific device ownership model. Let's dive into a comparative analysis between corporate-owned devices and employee-owned devices from the viewpoint of information security.

What is Information security?

Information security

Information, which can exist in any form – physical, tangible, electronic or non-tangible, is a valuable asset to a company. As the term suggests, Information Security is a set of defined and organized tools and processes that are designed to protect sensitive corporate information from getting disrupted, stolen, modified, compromised, disclosed, corrupted or destructed.

A part of information risk management and popularly known as InfoSec, it secures crucial information from unauthorized access, use, sharing, disclosure or deletion. In case any unfortunate security incident takes place, InfoSec professionals are responsible to mitigate the impact of the threat or the risk involved. The three famous pillars of InfoSec are Confidentiality, Integrity, and Availability. Apart from these 3 aspects, there are 3 more pillars that offer further strength to the InfoSec program, these are Accountability, Authenticity, and Non-Repudiation.

 The simple fundamental that underlines the InfoSec program is that sensitive corporate information must be kept intact – it cannot be accessed, transferred or modified without authorized permission. The major types of lnfoSec are Application Security, Cloud Security, Cryptography, Infrastructure Security, Incident Response and Vulnerability Management.

Also Read: How your knowledge workers can benefit from corporate-owned devices

Why companies should care?

Information can be worth a trillion dollars to a company and losing it can cause irreparable damage to enterprises. Unmanaged and unorganized information lying in silos can be vulnerable to different kinds of threats like computer/server malfunction, natural disasters or physical theft. InfoSec is a crucial consideration for IT security specialists who monitor and prevent risks to application security, data security, network security, physical security, and computer security.

As a matter of fact, modern companies mostly rely on corporate e-information stored within computers, information and software systems, mobile devices, smartphones, tablets and other handheld devices used by employees, stakeholders, and business leaders. As companies shifted their interest from the physical assets to the digital landscape, threats to information took a shape of cyber-threats. The increasing cyber-security attacks can cause major damage to sensitive and critical information assets.

On top of that, the growing risks of data breaches have brought the importance of having a sophisticated data protection plan to the forefront.

Also Read: How your IT team can effectively drive a corporate-owned device policy

Stated below are a few of the reasons why companies should start caring about Information Security:

  • As per Juniper Research1, cybercrimes have led companies to lose an amount of $2 trillion in 2019.
  • The same report states that cybercriminals will steal 33 billion records in 2023 alone, resulting in a cumulative loss of around 146 billion records.
  • As mentioned by Cybercrime Magazine2 and Gartner's forecast, organizations are going to increase their spend on InfoSec awareness computer-based training by 13%.
  • As per the same reports3, the global expenditure on cybersecurity will touch a staggering $10 billion by 2027.
  • As per Symantec report4, there is a 25% growth in the number of attack groups using destructive malware.
  • The same report states that the average number of organizations targeted by each attack group is 55.
  • There is a 1000% increase in malicious powershell scripts and a 78% increase in supply chain attacks, according to this Symantec report.

How the device ownership model influences information security?

As maximum corporate information, which is sensitive and critical in nature, lies within the smartphones, tablets and other handheld devices used for enterprise purposes, it is crucial to understand who owns and uses these devices, how they use these devices and who owns the information. It also invites the question about how much control should the company have over the information stored in these devices, which are intended to be used from office premises as well as from remote locations.

Also, what kind of security and usage policies are introduced to protect company information from unauthorized access and data abuse, and how are they implemented. Let's look at the risks posed by employee-owned devices and how having a corporate-owned device policy with a robust MDM solution in place can be a better idea for organizations.

Information Security Risks with Employee-Owned Devices

With the growing need for flexibility, convenience, and agility, employees are demanding to use their own devices at work. Although employee-owned devices are doing the rounds, companies must not ignore the costs it might pay for allowing the employees to use their own devices to carry on their daily works. The security risks are doubled when employees use their own mobile devices from remote locations or while telecommuting. Check out the following risks that employee-owned devices can pose to information security:

Data loss or abuse due to lost or stolen device: When an employee uses his/her own device at work without any backend control from the company IT team, it simply means that the devices are on their own, and so are the company data lying within them. Now imagine a scenario where an employee misplaces his/her device and it falls into the wrong hands. It wouldn't only jeopardize the entire work process but can also expose sensitive and critical company data to be compromised by hackers, who have gained expertise in decoding encrypted data and device-locking passwords.

Data misuse during sudden/immediate employee departure: When an employee leaves the company, it is mandatory to follow certain regulations to ensure a healthy and organized departure. However, in case where an employee just decides to abruptly walk out of the company without any prior notice, he/she invites a scope of data misuse. Companies rarely exercise any control on employee-owned devices, and this makes it difficult to wipe off or erase corporate data stored in those devices, which might attract unauthorized and unsafe access to corporate data and software in the future.

Data can be corrupted due to unprotected browsing: Without any company IT control, employee-owned devices do not come with any restrictions or limitations to browse unprotected websites and download malicious apps. However, this unhindered freedom might invite the risks posed by cyber-threats and attacks via unsafe websites and virus-laden apps. This undoubtedly brings in bigger risk factors wherein corporate data stand chances of corruption, deletion or destruction, resulting in tremendous financial and strategic loss for the company. Malware, spyware and ransomware attacks through infected emails, apps, and weblinks can cause irreparable damage to the organization's brand image.

Indifference towards security updates: People often do not pay heed to those OS security updates and notifications, which causes the phones to stay outdated and hence devoid of security upgradations. Now, this tendency of indifference towards security updates can come bearing doom for information security. When the employee-owned mobile phones are not enforced to update themselves with the latest security firewall and anti-virus systems, they become vulnerable to a myriad of cyber-attacks, which leave the corporate data lying vulnerable within these devices.

Access to unprotected Wi-Fi: Employee-owned devices are often used from multiple remote locations wherein the user/employee sometimes need to access the open Wi-Fi networks in case of data exhaustion or unavailability. Open Wi-Fi networks provided in the coffee shops, airports, retail stores, hospitals, restaurants, and hotels often act like an open and unsecured portal for the hackers to access company information stored in the devices. Accessing these unprotected Wi-Fi networks has become a norm with employees using personal devices but it can lead to dangerous InfoSec threats for organizations.

Corporate-owned devices are a better option to drive information security

It is true that several of these loopholes can be covered by implementing a well-planned BYOD policy, but companies are definitely treading that path at a slower-than-expected pace owing to the security complications and management ordeal. On top of that, as companies cannot own and regulate the usage of these employee-owned devices, the possibilities of malware and virus attacks are always present on the devices. The infection can be passed along to the company IT system when they access the devices.

Wherein employee-owned devices invariably drive productivity and flexibility, it cannot be achieved at the cost of important company information being jeopardized. Having a corporate-owned device ownership model pays off in multiple terms while fostering productivity, security, flexibility, efficiency, and precision – all at once! A corporate-owned device policy powered with a perfect MDM solution can be an ultimate answer to maintaining a flawless information security system across the organization at all levels.  

Read the blog to know: The 5 unfailing business benefits provided by corporate-owned device policy

When it comes to choosing an all-rounder Mobile Device Management Software that comes with all the relevant and unique security features and management capabilities, ensure to go for the best with Scalefusion MDM.

Sources
1.juniperresearch.com and
2.cpomagazine.com
3.cybersecurityventures.com
4. symantec.com

*** This is a Security Bloggers Network syndicated blog from Scalefusion Blog authored by Sonali Datta. Read the original post at: https://blog.scalefusion.com/information-security-corporate-owned-vs-employee-owned-devices/
-

Comments

Post a Comment

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Image
Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Posted: 19 Feb 2021 04:00 AM PST Brent Lewin/Bloomberg/Getty Images If your choice of encrypted messaging app is a toss-up between Signal , Telegram and WhatsApp , do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy . If that's what you're after, nothing beats Signal. By now you probably already know what happened. On Jan. 7, in a tweet heard 'round the world, tech mogul Elon Musk continued his feud with Facebook by advocating people drop its WhatsApp messenger and use Signal instead. Twitter CEO Jack Dorsey retweeted his call. Around the same time, right-wing social network Parler went dark following the Capito
Read more

VPN browser extensions: Why you shouldn't use then - Tech Advisor

VPN browser extensions: Why you shouldn't use then - Tech Advisor VPN browser extensions: Why you shouldn't use then - Tech Advisor Google Fi calls between Android subscribers will soon be end-to-end encrypted - 9to5Google How to encrypt your computer (and why you should) - Mashable How to encrypt and decrypt a folder on Android with SSE Universal Encryption - TechRepublic 4 ways to send encrypted messages on Android - TechRepublic WhatsApp “end-to-end encrypted” messages aren’t that private after all - Ars Technica ciphertext feedback (CFB) - TechTarget What Is the Windows Encrypting File System (EFS) and How Do You Enable or Disable It? - MUO - MakeUseOf Encrypting your online life is important - Telangana Today Keeper Password Manager Review – Forbes Advisor - Forbes [Update: Screenshot] Google Messages preparing end-to-end encryption for RCS messages - 9to5Google The iOS 15 priva
Read more

Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com

Image
Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Posted: 11 Mar 2021 12:00 AM PST Cybercrime , Encryption & Key Management , Endpoint Security Investigators Report Recently 'Unlocking' 170,000 Users' 3 Million Daily Messages Mathew J. Schwartz ( euroinfosec ) • March 11, 2021     Source: Sky ECC website Police say they have disrupted Sky ECC, a global encrypted communications network allegedly used by numerous criminals to plan their operations. See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce Law enforcement authorities say Sky's cryptophone service, which includes both infrastructure and apps, is run from the United States and Canada, using infrastructure and private servers based in Europe as well as the service's own SIM cards. Sky ECC devices are available via vari
Read more