Security

Most popular mobile apps request system permissions that aren't necessary for their stated functions, according to a new study. In some cases, an app requested more unnecessary functions than necessary ones. The figures come from NordVPN, which ... examined the five most popular apps in 18 common categories. They repeated the exercise for both Android and iOS, making a combined total of 103 different apps. (Source: nordvpn.com ) Both mobile operating systems now use a permissions system that means apps must request specific permission for different types of access to a phone's data and components ... (view more)

The average ransomware attack now takes less than a day from first breaching a system. It's the first time average attacks can be measured in hours, though ironically it may be a sign of better defenses. The figures comes from researchers at ... Secureworks, who analyze ransomware attacks. They measure dwell time, which is the period between an attacker first gaining access to a system and deploying the ransomware. That's malware which encrypts files, letting the attackers demand a fee to restore access. The average dwell time being under a day is a dramatic development as last year the average ... (view more)

Artificial Intelligence tools aren't as useful for writing malware as it first seemed. However, they may be useful for phishing scams and other social engineering. Two recent security company reports covered by The Register explored how malware ... scammers are particularly interested in AI tools that generate material. The theory goes that such tools could write code designed to exploit vulnerabilities in software and websites. (Source: theregister.com ) It's not a completely outlandish theory as some users have found such tools can efficiently write code for a particular task. It can take ... (view more)

Google says malware creators are using a simple workaround to bypass security on the official Play Store for Android apps. The problem is that the simplest fix would undermine one of the key differences between Android and closed systems such as ... Apple. In theory, all apps in the Play Store are vetted for security, including malware checks. That's one of the reasons Google recommends only using the Play Store, while still giving users the choice to get and install Android software from other sources. The problem is that scammers are using an extremely simply workaround called "versioning". ... (view more)

Researchers say they can accurately figure out what somebody is typing from the sound of their keyboard. The "technique" has some significant practical flaws but is a useful reminder of good password practice. The researchers looked into a theory ... that seems to get tested every few years: that different keys make different sounds. That's partly because they are differing distances from the device recording the audio and partly because the gaps between pressing different letters may vary depending on the typing style. The main difference with this latest test was using deep learning, which aims ... (view more)

The number of 0-day bugs, which give hackers a dangerous advantage, fell in 2022 according to Google. However, the company warns this may risk misleading complacency that forgets other factors. The figures come from Google's Threat Analysis Group, ... which aims to track, identify and report security bugs, regardless of the software or hardware concerned. The logic is that the better Internet security is overall, the better it is for an Internet-dependent business such as Google. For the past nine years, it's put together an annual tally of 0-day bugs. While definitions vary, Google classes them ... (view more)

Google will stop some of its employees accessing the Internet. It's a bold experiment to see if it can reduce security threats without affecting performance. The idea is reduce the risk of hackers getting access to employee machines, either to get ... hold of data on those machines or to use them as an entry point into Google's network. Perhaps unsurprisingly, Google's internal data is particularly attractive to attackers, whether they are seeking financial gain, political or commercial advantage, or plain old mischief making. For example, attackers being able to find out how Google ranks ... (view more)

Google is to give users of its VPN service more control over the location they want their traffic to appear to come from, rather than just selecting a country. It should overcome a problem with localized webpage information. A virtual private ... network (VPN) is designed to overcome problems with an inherent aspect of the Internet: that both Internet data and its origin are readily accessible by default. One analogy likens it to vehicles passing through a giant glass tube. Even when the data itself is encrypted, the origin and destination can still be discovered. In the analogy, a VPN is like ... (view more)

An app for spying on a partner or employee has been hacked. It means victims of the spying could face further data security threats. LetMeSpy is what the makers call a "parental control" and "employee control" and what critics call "stalkerware" or ... "spouseware". Once installed on a phone, it lets the person who installed it remotely access text messages, call logs and precise location. (Source: techcrunch.com ) The marketing is somewhat inconsistent with what the company says its intended use is for, suggesting people might put it on their own phone so that they can find the phone when lost, ... (view more)

More than 60,000 Android apps contained a nasty piece of malware designed to steal banking information. The scam doesn't target the official Google Play store, but rather third-party sources. The rogue apps fall into two main categories. Some are ... designed to closely resemble real, popular apps. Others are promoted as "modded" versions of genuine apps that are supposedly identical but with an alteration that supposedly removes ads or a requirement to pay a subscription. In reality, the scammers have taken the genuine apps, copied them, and made one modification. Unfortunately that modification ... (view more)