Posts

5 things you should learn from the Samsung Galaxy security risk report

The emergence of a new security flaw affecting up to 600 million Samsung Galaxy smartphones, has made the latest news on the topic of security risks. On the account of a report published by security research firm NowSecure, the company that identified and reported the security flaw, hackers can gain considerable access to phones and can read text messages, tap phone calls and voice-mail, and view private photos and documents.

The vulnerability lies within the predictive-text application, Swiftkey, which comes pre-installed in many of the Samsung Galaxy models. As a result of the application, users can get updates in plain text which allows hackers to exploit the Swiftkey update program by covertly placing malicious software. Users could think they are receiving an update, when in fact, they are downloading viruses and other malware to their mobile device.

Samsung has responded to the vulnerabilities in its phone by issuing the following statement:

“Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days. In addition to the security policy update, we are also working with Swiftkey to address potential risks going forward.”

This is not the first time Samsung users have witnessed a security flaw in their phones. Last year, a vulnerability in Samsung Galaxy’s S4 and other devices in the Knox security software exposed the users to immense threat of hackers accessing e-mails and other data.

Users, therefore, once again find themselves disappointed with their favorite smartphone brand as the threat of data hacks looms over their heads. Here, we present the top things you need to know, straight from the security risk report.

Your phone may be at risk

It is essential for users to know if their phone is one of the 600 million phones under risk of phone hacking. NowSecure has released a list of phones which it considers to be impacted by the vulnerability. The phones include the Samsung Galaxy S4 mini, S4, S5, and the recently launched S6. The Samsung flagship models since the S4, on the other hand, are unaffected owing to the KNOX security platform protection.

The report also highlights many of the mobile networks as well for being possible sources of risk; these include: Verizon, AT&T, T-Mobile, and Sprint.  NowSecure cannot confirm whether more Samsung Galaxy models will be affected in the future, but as of June 16, 2015, this is the list.

Swiftkey cannot be uninstalled

The security flaw in Swiftkey presents many opportunities for hackers to gain access to your personal files and folders in your phone. They could gain access to pictures and videos, and also the phone’s camera, GPS, and microphone.

Many would assume that the end to all the worries simply lies in uninstalling the application – not so! The report released from NowSecure highlights that the problematic keyboard app cannot be removed from the phone.

Avoid unsecured Wi-Fi networks

While it may seem that there is nothing that can be done to avert the risk of phone hacking, there are many steps that users can take to prevent it. One of these is avoiding unsecured Wi-Fi networks.

It is true that using Wi-Fi whilst outdoors or travelling is fun and convenient. However, unsecured networks could pose the greatest risk of data hacking. Password-protected Wi-Fi networks or networks that do not require logging in via a browser, on the other hand, are relatively safer. Although, it is still better and advised to avoid Wi-Fi use altogether.

Change your phone

The simplest way to avoid any threat of data breach is to change your phone. If you feel that you cannot stop using Wi-Fi due to travelling needs or other reasons, then keeping another smartphone is better.

Contact your carrier for patch information

Users who have the aforementioned Samsung Galaxy phones need to be on the lookout for the latest security patch. They need to contact their network and request how soon they will release a patch to fix the problem. Samsung has already announced that it will begin rolling its security policy updates in the coming days.

How Cloud Computing Makes Application-Layer Security More Important Than Ever

For the past couple of decades, workplace computer users have been doubly protected, both through anti-malware and firewalls on the PC and server level. But that dual-layer protection is dissolving as workers discard desktops for mobile devices, accessing applications through equipment that may or may not have adequate spyware protection installed.

Device Safety

With the growing popularity of Bring Your Own Device (BYOD) in organizations, businesses are understandably concerned about the risks. Once a device is connected to an organization’s network, one infiltration can have disastrous repercussions. Customer data could be compromised or malware could take the network down for a time, costing the business customers and possibly damaging its reputation.

For that reason, it’s more important than ever that businesses ensure application-layer security is in place to protect them. Cloud providers are working hard to put measures in place to put Distributed Denial of Service (DDoS) and password brute-force detection measures in place for each of its accounts. These extra measures will ensure only those who are authorized to access your business’s accounts are able to get in, further safeguarding your infrastructure.

Encryption and Protection

There are several ways application-layer security can protect a business. One is to put measures in place that authenticate each access of that application on a designated network, no matter which device is accessing it. This Identification and Authentication process is used by many cloud providers. Encryption is also a popular tool for cloud service providers who employ application-layer security for their clients.

As more businesses migrate to the cloud, it’s important that they have professionals in place who can evaluate each of these required security layers in order to protect all aspects of operations. Cloud services professionals specialize in answering these questions to help put a business’s minds at ease.