Fake WannaCry ‘Protectors’ Emerge on Google Play

Are Android devices affected by the self-propagating ransomware WannaCry? No—because this threat exploits a vulnerability in Microsoft Windows. This malware cannot harm mobile systems. Nonetheless, some developers are taking advantage of the uproar and possible confusion to promote apps that promise to protect Android devices.

While searching for “WannaCry” on GooglePlay we found several new apps. Most are guides—web views, images, or text reminding us to patch Windows, as well as jokes and wallpapers. However, a few apps claim to “protect” Android devices against this Windows-only threat.

One case is the package wannacry.ransomware.protection.antivirus, which we classified as a potentially unwanted program because we see no value in an app that offers fake features and tricks unwary users into downloading an app loaded with ads.

Once the program executes it displays ads and requests that you install more sponsored apps:

All the “features” offered by WannaCry Ransomware Protection are fake; the only function in this app is a repacked scanner that can detect the presence of a few ad libraries. For that reason and in spite of the preceding warning message, it is clear the developers put little time into this development. We rate the app as Medium Risk (SHA256 hash f9dabc8edee3ce16d5688757ae18e44bafe6de5368a82032a416c8c866686897).

On Google Play we observed another fake security solution offering similar fraudulent features: com.neufapps.antiviruswannacry (SHA256 hash f9dabc8edee3ce16d5688757ae18e44bafe6de5368a82032a416c8c866686897):

Some of these apps even have very good reviews, which tells us something about the value of online reviews:

We did not find any malware in these apps offering fake protection against WannaCry, but cybercriminals often seize the opportunity of trending topics like this—as we have seen with Flash Player for Android, Pokémon Go, Mario Run, Minecraft, etc.—to distribute malicious payloads even on official apps markets.

The McAfee Labs Mobile Malware Research team has contacted Google about removing these apps. Meanwhile users must remain aware of these kinds of fake solutions that only increase your risk.


The post Fake WannaCry ‘Protectors’ Emerge on Google Play appeared first on McAfee Blogs.

President Trump’s Budget Requests $1.5B For Homeland Security Cyber Unit

President Trump’s new budget includes a request to increase cybersecurity personnel and funding across several federal departments, including $1.5 billion for the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD). The NPPD is a DHS unit responsible for protecting US infrastructure from cyber threats. The DHS is responsible for protecting critical infrastructure and federal networks from cyber intrusions.

The budget document, released by the Office of Management and Budget earlier this morning, states: “The Budget supports the President’s focus on cybersecurity to ensure strong programs and technology to defend the Federal networks that serve the American people, and continues efforts to share information, standards, and best practices with critical infrastructure and American businesses to keep them secure[.]” The budget document also proposes to increase law enforcement and cyber personnel at DHS, the FBI and Department of Defense.

The President’s budget comes on the heels of his recent Executive Order aimed at strengthening cybersecurity across federal networks, critical infrastructure, and the nation writ large. It also comes in the wake of federal departments and agencies, such as DHS, Health and Human Services, and the Securities and Exchange Commission, focusing their efforts on cybersecurity in medical devicesmobile devices, financial services, and the Internet of Things (IoT).


How ‘smart cities’ push IoT cybersecurity for state and local IT

In the last installment of this column, we talked about cyber hygiene as a way to reduce security vulnerability. Now let’s turn our focus to cybersecurity, particularly as government gears up for the coming rush of the internet of things (IoT).

The threat recently became more real for state and local leaders. This past April, the emergency alert system in Dallas was hacked, with hurricane warnings starting just before midnight, activating 156 emergency sirens at once – 15 times over nearly two hours.

For that and other reasons, the state and local governments are becoming more proactive in their approach to IT and cybersecurity, together spending more than the federal government. According to the research company e.Republic, state and local governments will spend some $101.3 billion on IT, with both counties and states each increasing their budget by about 1.5 percent. (By comparison, the federal government has budgeted about $90 billion.)

So cybersecurity is a top IT priority among CIOs at the state, county and city level. In general we can say that the priority has been triggered by a push toward IoT in the so-called “smart cities” development vision to integrate IoT with communications technology to better manage municipal assets.

To that extent, IoT is at a much more mature place at the state and local level than it is in the federal government or even private industry. State IT executives are more aware of IoT cybersecurity implications, because they’re dealing with industrial systems, facilities HVAC, appliances and the power grid, all of which are managed at the municipal level. To complicate matters, many connected municipal services, from public transportation to water purification are both used and in some cases managed by private companies, so potential cybersecurity threats can come from many different intrusion points at once.

The risk and expense is high. At a recent seminar by the Center for Digital Government, Oakland County CIO Phil Berolini noted that the cost of a breach can be as much as $240 per record. Multiply that by the number of breaches in a typical attack, and the costs mount rapidly. LA County recently dealt with a 750,000 records breach, Berolini noted.

James Collins, Delaware’s CIO, explained that these actual and potential threats have put cybersecurity on legislative and executive radars. Because cyber is no longer relegated to being an “IT thing,” it actually opens the door for more practical solutions, Collins said.

Across the board, the real door opener for these and other CIOs is any discussion with the IT community on “baking in” cybersecurity into technology solutions. When cybersecurity maintenance costs are rolled into the tools that are actually included in IT budgeting, there’s more bang for the buck on infrastructure spending, with a higher level of security resilience. Because state and local IT leaders are still getting their arms around on-premise and off-premise cybersecurity, baked in defensive tools are especially valuable in IT purchases.

Some advice for the IT vendor community: slow down

The accelerated interest in IoT in state and local government has led to something of a gold rush among technology companies, who are often guilty of prospecting in that market in all the wrong ways. Many times overzealous technology salespeople make calls without enough research, or promise things that are of no importance.

Wanda Gibson, CTO for Fairfax County, urged the vendor community to pay better attention to published information regarding government IT priorities and budget. “Do your research,” she said, and talk to the other county departments to know what matters most.

The all-too-common sales strategy of blanket emails requesting a first meeting out of the blue are just plain “creepy” for Travis County CIO Tanya Acevedo. Calls like that do nothing to help Acevedo sell technology up the ladder in the county. A softer approach is better, with roundtables or symposiums providing good information without feeling like salespeople are trying to shoot ducks in a barrel.

The slow, measured approach seems to be the right way to get traction in the state and local technology community. As Oakland’s Berolini explains, leading with the gold-plated solution is a “turn-off” for any future discussions. Berolini, like most IT leaders, advocates a consultative approach where vendors work to understand problems, rather than trying to force fit a solution blindly.

It’s a balancing act, clearly, between government leaders working to implement IoT technology to better serve citizens quickly while ensuring that this rapid pace doesn’t introduce more security problems than it’s worth. While the vendor community is a valuable resource to address potential problems, they’re doing no one any favors by pushing their way into the process. CIOs have enough on their hands without having to fend off the advances of an under-informed partner.

With enough shared background and experience, the IoT phenomenon will take off for state and local government – and will provide valuable insight all the way up to the federal level.


This article was written by Lloyd McCoy Jr. From CSO Magazine and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to [email protected].

The post How ‘smart cities’ push IoT cybersecurity for state and local IT appeared first on McAfee Blogs.

Breaking the iris scanner locking Samsung’s Galaxy S8 is laughably easy

Enlarge (credit: Chaos Computer Club)

Hackers have broken the iris-based authentication in Samsung's Galaxy S8 smartphone in an easy-to-execute attack that's at odds with the manufacturer's claim that the mechanism is "one of the safest ways to keep your phone locked."

The cost of the hack is less than the $725 price for an unlocked Galaxy S8 phone, hackers with the Chaos Computer Club in Germany said Tuesday. All that was required was a digital camera, a laser printer (ironically, models made by Samsung provided the best results), and a contact lens. The hack required taking a picture of the subject's face, printing it on paper, superimposing the contact lens, and holding the image in front of the locked Galaxy S8. The photo need not be a close up, although using night-shot mode or removing the infrared filter helps. The hackers provided a video demonstration of the bypass.

Starbug, the moniker used by one of the principal researchers behind the hack, told Ars he singled out the Samsung Galaxy S8 because it's among the first flagship phones to offer iris recognition as an alternative to passwords and PINs. He said he suspects future mobile devices that offer iris recognition may be equally easy to hack. Despite the ease, both Samsung and Princeton Identity, the manufacturer of the iris-recognition technology used in the Galaxy S8, say iris recognition provides "airtight security" that allows consumers to "finally trust that their phones are protected." Princeton Identity also said the Samsung partnership "brings us one step closer to making iris recognition the standard for user authentication."

Read 4 remaining paragraphs | Comments