The Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), recently released a report on the latest versions of mobile malware to affect Android smartphones.
Two versions of the most recently discovered malware are called Loozfon and FinFisher. Loozfon has been seen in the form of a link in an email about work-at-home opportunities, promising compensation for sending the email. The link in the advertisement allows the malicious application to steal contact information from the user’s phone and address book.
FinFisher is spyware that can be remotely contolled and monitored after installed on the mobile device. Users that click on a certain link or open a text message that appears to be a system update can be exposed to FinFisher.
IC3.gov offers smartphone safety tips:
- Turn off any features or default settings that aren’t needed and may minimize the attack surface of the device.
- Check to see if your phone’s operating system has encryption available to protect personal data.
- Check reviews of applications before downloading to ensure they’re legit. Also carefully read the permissions you’re allowing the application when you download them.
- In addition to applying a passcode, use the screen lock feature to secure it after a few minutes of inactivity.
- Don’t connect to unknown wireless networks.
- Wipe your device before selling or trading it in.
- Update your smartphone frequently to protect against known security vulnerabilities.
- Don’t click on or download software or links from unknown sources.
One of the best tips may be to limit risk by storing sensitive data on a secure network, and not directly on a device. If your organization needs to meet compliance requirements, find out what a PCI compliant data center or HIPAA compliant data center should entail.
Read the following mobile security blog posts for more information technology tips:
Recommendations for Mobile Health IT Advancement
In June, the FCC (Federal Communications Commission) created a mHealth Task Force from a group of the nation’s leading mobile healthcare IT industry, including government and academic experts, according to a recent press release. This group generated a report with … Continue reading →
Online Tech Exhibits at 2012 mHealth Summit in Washington, D.C.
Online Tech will be attending and exhibiting at the 2012 mHealth Summit held in Washington, DC from December 3-5. Hosted at the Gaylord National Resort and Convention Center, the conference will (from mHealthSummit.org): Provide networking opportunities with leading-edge and c-level … Continue reading →
PCI Mobile Payment Security Recommendations Released by PCI SSC
The PCI SSC (Payment Card Industry Security Standards Council) just released a document addressing mobile device (smartphone, tablet or PDA) payments, PCI Mobile Payment Acceptance Security Guidelines, version 1.0. Three major risks associated with mobile payment transactions include: Account data … Continue reading →
The Latest IT Security Stats: Are You At Risk?
Symantec’s now infamous 2011 Internet Security Threat Report is packed full of who, why, where and how when it comes to online attacks in the past year. Published in April 2012, the document highlights the latest trends in Internet security. …Continue reading →