Research Shows Mobile Malware Up 2,180%

According to ABI Research between Q1 2011 and Q2 2012 the number of unique malware variants grew by 2,180 percent reaching a total of 17,439.

This number is not going to decrease either, it will only increase as everyone moves to more mobile lifestyles. And as the number of smartphone and tablet users continue to grow, the number of attacks on the vulnerabilities these devices have will continue to grow.

“With the increasing popularity of smartphones, mobile threats are on the rise. This has implications for security at the corporate level as well as for individual privacy,” says Michela Menting, senior cyber security analyst.

ABI estimates that the global market for mobile application security will be worth $398 million by the end of 2012 (This includes revenues for paid apps, partnerships with manufacturers and operators, white label deals, and dataset sales).

The amount of mobile malware will grow also because games, social networking, productivity apps and financial tools are all flocking to the mobile platform.

“The mobile application security market is rife with vendors offering their wares. The priority now for end-users is understanding the issue at hand and finding the right offering that best suits their needs,” said Menting. To date, ABI calculates that there have been over 130 billion downloads of mobile security apps.

According to ABI, some of the mobile security vendors that are standing out among the dozens are AVG Technologies, Lookout, and Avast Software offer software that address malware, privacy and anti-theft concerns.

With regards to innovation Lookout, Dr.Web, and TrustGo stand-out among other vendors, says ABI.

As for implementation, McAfee, Kaspersky Lab, and Ikarus have excelled in deploying viable long-term strategies.

Source: Network World

HP Teams Up with T-Mobile to Offer Free 200 MB/Month Data Plan for Notebook Customers

Hewlett-Packard is working with T-Mobile USA to offer 200 MB of free HSPA+ data per month for two years to anyone who buys an HP notebook. More specifically the 11-inch Pavilion dm1 which HP is currently selling online for $400.

HP said that starting Oct. 26, anyone who buys the 11-inch Pavilion dm1 will get 200 MB of free data per month for 2 years. And customers do not need to sign a contract with T-Mobile for the data service. As well as the customers will get a free 25 GB account with Box, a cloud storage company.

This is similar to what Verizon Wireless did in 2010 by offering a free 100 MB per month for two years to those purchasing a notebook running Google’s Chrome OS.

HP’s offer is also similar in some respects to the one Amazon is making for its new Kindle Fire HD with LTE. For $50 per year, Amazon is offering users 250 MB of data per month from AT&T Mobility.

Spanish University to be First University to Implement NFC Technology Across Entire Campus

The Universidad Católica San Antonio de Murcia (UCAM), is to be the first university in the world to implement NFC technology across its entire campus.

According to director of multimedia, Samuel Mendoza, and director of the computing service, Sergio Leon, the University will use NFC for a number of different things on the campus like access control, canteen payments, transportation ticketing and more. This has been told to members of the Higher Education Smart Card Association (HESCA) at a meeting in London this month.

The NFC technology being implemented at UCAM was developed by the university in conjunction with Banco Santander, Vodafone, Gemalto, and the Public Transport Authority of the Region of Murcia (EPTRM).

There is a video demonstration produced by UCAM that shows how the NFC implementation will be used around the campus. Watch the Video Here.

Source: NFC World

US Army Looks at 4G Communication System to Better Help Wounded Soldiers

In war medics tend to be thrown into situations where wounded soldiers require urgent and immediate attention where a trained surgeon would be most helpful, and said surgeon would be able to better do his job once he has gotten the background information on the injury and the subsequent medical details in order to dispense with the proper care.

With that said the US Army wants to develop a system which is capable of managing patient data from injury site to recovery, where it will include delivering live audio/video communication for medics in the field. This will help the medics in the field also determine who needs to ride the medevac first depending on the wounded soldiers condition and need for medical attention.

This is where the Army says the system will definitely need to fall back on a range of devices as well as 4G cellular networking in order to send vitals to communicate with the doctor, with everything being said recorded for further review. There are no further details on the 4G communication system the Army will be using.

French Central Bank Experienced Security Breach, Password Actually Was 123456

Apparently a French citizen breached the security of the French Central Bank (Banque de France) unintentionally over the phone.

He was freed by French authorities after being accused of hacking the central bank. And triggering a 48-hours shut down of that computer system which handles the consumer indebtedness files.

The man was trying to avoid using the telephone support system for the bank. From an internet forum he thought he found a direct-line to the central bank employees. He dialed the number and was asked for a code by an automated system, he entered 123456 and it worked.

According to the man’s attorney, 654321 would have worked as well.

Apple “Shake to Charge” Patent May One Day Power iPhones and iPods

Apple has revealed the Cupertino company’s plans to use electromagnetic induction technology in their products in the future. Electromagnetic Induction is basically a production of an electric current in a conductive element as it moves through a magnetic field, which in turn is used to generate power.

Apple will be introducing this technology somehow in their products in the future but unlike the more traditional method of electromagnetic induction, Apple’s version will use printed coils with moveable magnets, while the typical version is the opposite where a coil will move around a stationary magnet. Seen below.

According to the patent, it can be mounted onto a portable device with Apple’s iPod and iPhone used as examples.

Tsys Adds North American Support for it’s NFC Payment Solution

Tsys, payment supplier has added North American support for its Tsys NFC Payment Solution.

This has been done in preparation for Canadian bank CIBC’s planned launch of commercial NFC services. Tsys’s technology works with any TSM, enables mobile account creation and mobile device identification.

Tsys’s technology has support for generating the EMV data necessary for provisioning a mobile device. It also supports lifecycle management scenarios, such as dealing with lost or stolen devices and the re-provisioning of card data for reissue and product changes.

Source: NFC World

World’s First NFC Supermarket to Open in Paris

In the world of NFC technology there are constantly exciting new innovative ways for consumers to use their smartphones to more easily accomplish tasks.

There is now a major grocery store chain in France that is set to launch what is being called the world’s first fully NFC-compatible supermarket. Shoppers will tap their NFC-enabled phone next to the items they choose to buy and put them into their cart as they go along. At the check out the shopper will tap their phone to the register to pay for all of their items.

Shoppers will download and use a special app designed for the store on their smartphone and next to every item in the store are special NFC tags that transmit information about the product to the user’s phone. This not only allows users to see clear pricing details on the products but also gives the user the opportunity to check nutritional information and other data before they decide to add it to their cart.

Other advantages beside the convenience of using NFC technology for grocery shopping include being able to link the customer’s loyalty card to the app making it easier to receive discounts. And this also allows the user to more easily track their total grocery bill while shopping.

Here’s a short Youtube Video with a demonstration of a woman grocery shopping and doing other average day activities using a BlackBerry Bold 9900 and the NFC capabilities.

BMW Cars Vulnerable To Blank Key Attack

Most modern vehicles, like the BMW, have an on-board computer hidden in them. This computer basically controls the engine and makes sure everything is working correctly.

One of the functions this computer controls is the car’s electronic key that all BMWs have had since 2006. This electronic key communicates with the computer via radio signal and that allows you to start the vehicle. The electronic key has been made to allow a new key to be programed, should the old one be lost.

Someone has cracked BMW’s technology for programming the keys and managed to simplify the process. This process used to take 40 minutes and required specialist equipment.

Now there is a device that exists which allows anyone to access the on-board computer and program a blank key. It’s very easy to use and the process only takes little more than three minutes to complete. This device was actually designed and marketed for garages and recovery agents among other things.

With this key criminals are able to reuse them and make different keys for different vehicles. And as it works on many models of BMW and as it can be used repeatedly, although the price is high the criminals are happy to pay.

Video Breaking into BMW.

A BMW spokesperson response:

Criminal activity of all kinds is becoming increasingly sophisticated and particularly in this electronic age evolves with incredible speed. For highly complex, valuable and desirable products like cars, this has been a constant battle for manufacturers, legislators, the police and of course the owners of these cars. Organised crime has turned its attention to profits which can be made when stealing premium cars to order and selling them under false identities or, more often, breaking them up for parts and selling them piecemeal.

Certain criminal threats, like the one you have highlighted, simply do not exist when cars are designed and developed. This does not mean the car companies have done anything wrong, neither are they legally obliged to take any action.
However, BMW has always taken security extremely seriously and has worked closely with police forces around the country (and the world), with Thatcham and with the industry body, the SMMT (The Society of Motor Manufacturers and Traders) to understand and mitigate against car crime wherever possible. Therefore, when we were made aware of this new form of attack, we took it very seriously and immediately launched an investigation.

A vital point to acknowledge here is that there is no such thing as the ‘unstealable’ car, as Ron Cliff knows well. If a criminal decides they want your car, they will find a way to take it. Our job is to make it as difficult as possible.

Can BMW confirm it is aware of the issues raised above?
We are aware of this new type of high-tech car crime, which is certainly not restricted to BMW, but is an industry wide issue. Manufacturers and police forces are in a constant battle against the increasing sophistication of organised car criminals.

When did BMW become aware of the security issues outlined above?
We have a close working relationship with the Metropolitan Police and with Thatcham and first became aware of this new type of car crime in autumn 2011. We immediately started an investigation, which was a complex process to establish the exact method of attack and the technical implications.

What is BMW doing to rectify the security problems?
There is no specific BMW security issue here, this is something which affects many brands, however organised criminals have targeted particularly desirable cars, with higher value parts and that is why BMW is amongst the brands affected.

BMW prides itself on its vehicle security systems and all BMWs meet all UK and global security standards. Our engineers and technicians review all aspects of our vehicles constantly, including security systems, and after extensive research we are clear that none of our latest models – new 3 Series, 5 Series, 6 Series and 7 Series – nor any other BMW built after September 2011 can be stolen using the method you have highlighted.

For cars built before this date our investigations, jointly with the police, have identified late model BMW X5 and X6 as cars which have been focused on by organised criminals. We are now taking steps to mitigate against this type of theft for these two models and are contacting customers accordingly. For obvious security reasons we cannot say what these measures are.

Other models, including earlier M cars, as featured in your programme, are also being looked at to see if similar measures might be applied.

What advice can you offer your customers?
We agree with the general advice to customers given by the Police:

When using remote locking, ensure the car has actually locked by checking a door.
Be careful with your keys and who you give them too keys (e.g. valet parking). There is a risk that they could be cloned.
Where ever possible park your car out of sight, in a locked garage or under the cover of CCTV cameras

In addition: We recommend servicing your BMW at dealerships capable of providing software updates (e.g. authorised BMW Dealerships) on a regular basis to give the opportunity of further enhancing theft protection.

I am pleased to say that we have now had further information from our technical team which means that we will be able to offer the same mitigating measures mentioned in relation to X5 and X6, to any concerned BMW owners, starting within the next eight weeks. This will mean that the car cannot be taken using the piece of equipment you highlight. Of course this will not render the car unstealable, but it will address this particular form of attack.

Any customer who is concerned about this issue can contact our customer service department on 0800 083 4397 or their dealer, either of which will happy to advise.

Microsoft Disrupts Nitol Botnet and Takes Control of Malware Hosting Domain

Microsoft has claimed, through an operation code named b70, that it has managed to disrupt more than 500 different strains of malware in a bid to slow down the threats posed by the Nitol botnet.

Microsoft has discovered that Chinese retailers have been involved in selling computers with pirated version of Windows loaded with malware. Microsoft believes that the malware could have entered the supply chain at any point seeing as how the computer travels among companies that transport and resell the computer it is hard to pin-point the time and location.

Microsoft’s official blog says this, “…cybercriminals infiltrate unsecure supply chains to introduce counterfeit software embedded with malware for the purpose of secretly infecting people’s computers”

One thing that was noticed was that the malware was capable of spreading itself through common file transfers like USB based flash drives making it possible to spread malware to family members and friends.

A study done by Microsoft which was focused on the Nitol botnet found that nearly 20 per cent of the all the PCs that were purchased through unsecure Chinese supply chain were infected with malware. In this study Microsoft also found that in addition to hosting the Nitol botnet, the domain 3322.org contained 500 different strains of malware which were hosted using 70,000 sub domains. Microsoft also played crucial roles in disrupting the Kelihos and Zeus botnets while closely working with US officials.