Strong and stable: The iOS security guide

Apple’s smartphones are highly secure, but if your private or enterprise data matters to you, it’s essential to ensure your iPhone (or iPad) is as secure as possible.

Why security matters

Just because almost all mobile malware targets Android doesn’t mean iPhone users can be complacent.

Quite the reverse:

We need to be even more alert in case attackers use complacency against us. What follows are a few simple tips to help you secure your iPhone (and iPad).

There’s no way to deny that iPhones are in the ascendant, particularly in enterprise IT. Beyond business, you’ll see them used by educators, doctors, police and politicians and in each one of those cases the information on those smartphones is confidential and must not be abused.

To read this article in full, please click here

Computerworld Mobile

Automatic protections in Android: Q&A with a security expert

Editor’s note: The Android security team works to keep more than two billion users safe, and with the release of Android Oreo, they’ve rolled out some new security protections. We sat down with Adrian Ludwig, Director of Android Security to learn about his team, their approach to security, and what Oreo’s new protections mean for people who use and love Android.

Keyword: Talk to us a bit about what your team does.

Adrian: We build security features for Android that help keep the whole ecosystem safe. Our software engineers write code that encrypts user data, helps find security bugs faster, prevents bugs from becoming security exploits, and finds applications that are trying to harm users or their information.  

How do you build these protections?

It starts with research. Because security is constantly evolving, our teams have to understand today’s issues, in Android and elsewhere, so we can provide better security now and in the future. Researchers in and out of Google are like detectives: they find new stuff, work to understand it deeply, and share it with the broader security community.

We then use those findings to make our protections stronger. We’re focused on tools like Google Play Protect and efforts like “platform hardening,” incremental protections to the Android platform itself. We’re also starting to apply machine learning to security threats, an early stage effort that we’re really excited about.

The final step is enabling all Android users to benefit from the protections. I’m really proud of the work our team has done with Google Play Protect, for example. Every day, it monitors more than 50 billion apps in Play, other app marketplaces, and across the web for potentially unsafe apps. If it finds any, we’ll prevent people from installing them and sometimes remove them from users’ phones directly. Users don’t need to do anything—this just works, automatically.

What are the challenges to protecting Android?

In security, we often talk about the trade-off between usability and protection. Sometimes, you can protect a device more effectively if there are certain things users can’t do on your device. And security is always much easier when things are predictable: for instance when all of the devices you are protecting are built the same way and can basically do the same thing.

But, Android security is different because the ecosystem is so diverse. The variety of use cases, form factors, and users forces us to be open-minded about how we should secure without limiting Android’s flexibility. We can’t possibly protect Android users with a single safeguard—our diversity of protections reflects the diversity in the Android ecosystem.

What are some of the new ways you’re protecting users in Android Oreo (not in robo- speak, please)?

Hang on, I gotta turn on Google Translate.

There are a … 0101100110 … sorry … a bunch! We’ve invested significantly in making it easier to update devices with security “patches,” fixes for potential safety problems, more commonly known as vulnerabilities. As a sidenote, you may have heard about “exploits.” If a vulnerability is a window, an exploit is a way to climb through it. The vast majority of the time, we’ll patch a vulnerability before anyone can exploit it. We have a project called Treble that makes it easier for us to work with partners and deliver updates to users. We want to close the window (and add some shutters) as quickly as possible.

We’ve also worked to improve verified boot, which confirms the device is in a known good state when it starts up, further hardened the Android kernel, which makes sure that hackers can’t change the way that code executes on a device, and evolved Seccomp which limits the amount of code that is visible to hackers.  Basically, we’re moving all the windows higher so any open ones are harder to climb through.

You announced Google Play Protect earlier this year. Tell us a bit about that and why it’s important for Android users?

For several years, we’ve been building “security services” which periodically check devices for potential security issues, allow Google and/or the user to review the status, and then use that information to protect the device. These services interact with Google Play in real-time to help secure it, hence the name “Google Play Protect.”

Our goal with Google Play Protect is to make sure that every user and every device has constant access to the best protections that Google can provide. Those protections are easy to use (ironically, for many people, Google Play Protect is so easy to use that they didn’t even know it was turned on!) and they benefit from everything Google knows about the security of Android devices.

Google Play Protect isn’t available just for users with Oreo — it guards any device with Google Play Services, running Android Gingerbread, or later.

Updates are a challenge with Android, especially in regard to security. Why is that so hard? What are you doing to improve it?

What makes Android so cool and unique—its flexibility and openness—also presents a really big security challenge. There is a broad and diverse range of devices running Android, operated by a complex collection of partners and device manufacturers around the world. It’s our responsibility to make it easy for the entire ecosystem to receive and deploy updates, but the ecosystem has to work together in order to make it happen. One approach to the problem is to make updates easier through technical changes, such as Project Treble. Another is to work with partners to better understand how updates are produced, tested, and delivered to users.  

What’s the toughest part of your job?

Prioritization. Often we need to balance researching super cool, extremely rare issues with more incremental maintenance of our existing systems. It’s really important that we are laser-focused on both; it’s the only way we can protect the entire ecosystem now and longer-term.

What’s your favorite part?

I’m amazed and humbled by how many people use Android as their primary (or only) way to connect to the internet and to the broader world. We’ve still got a ton of work to do, but I’m incredibly proud of the role my team has played in making those connections safe and secure.  

Ok, last question: How do you eat your Oreos?

In one bite. (But I can’t handle the Double Stufs).

Android

T-Mobile Samsung Galaxy Note 8 update brings security patches and bug fixes

  UPDATE: T-Mobile’s support page for the Note 8 says that this update includes “October/November Google security updates”, but users that’ve received the update say it only includes the October patches.   ORIGINAL: Samsung Galaxy Note 8 owners, it’s time to update. T-Mobile has released a software update for the Samsung Galaxy Note 8. Weighing in at 383MB, it includes the October and November Android security patches as well as some bug fixes and software improvements, including … [read full article]

The post T-Mobile Samsung Galaxy Note 8 update brings security patches and bug fixes appeared first on TmoNews.

TmoNews

T-Mobile Galaxy S7 and Galaxy S7 edge receiving November 2017 security patches

Days after the Samsung Galaxy Note 8 got a new update, some other Samsung handsets have started getting updates of their own. T-Mobile is now pushing updates to its versions of the Samsung Galaxy S7 and Galaxy S7 edge. The GS7 update is version G930TUVS4BQJ2 and is 121.99MB in size, while the GS7 edge update is version G935TUVS4BQJ2 and weighs in at 122.55MB. T-Mo hasn’t updated its Galaxy S7 and Galaxy S7 edge support … [read full article]

The post T-Mobile Galaxy S7 and Galaxy S7 edge receiving November 2017 security patches appeared first on TmoNews.

TmoNews

Internet of Warnings: How Smart Technology Can Threaten Your Business’s Security

security is a concern with iot

Science fiction technology may not be as far off as we believe. The Internet of Things (IoT) uses the powerful combination of Wi-Fi and cloud technology to send information and perform actions through devices with Internet capabilities. This advance stems from the use of telemetry, decades-old machine-to-machine communication via wired sensors and transmitters. Now the wires have been replaced by radio waves that transfer a nearly infinite amount of data.

IoT technology ranges from entire smart cities that streamline traffic to fridges that detect when you’re low on milk and order it for you, among many other products and services. Devices such as Fitbit and Nest are growing in popularity due to their low price, practicality, and variety of automatic functions. Nearly any object you use regularly can be exchanged for a “smart” version that logs usage, performs tasks for you, or learns your schedule and changes the environment accordingly—rapidly making the ubiquitous dream of a “smart house” a present reality.

How can the Internet of Things be utilized in business?

The Internet of Things is becoming more prevalent, so it’s likely your business has considered a switch to some form of IoT device. Self-driving delivery trucks and self-monitoring security systems are industry-specific, but every business benefits from smart lighting and thermostats that reduce energy costs. Retail markets can use IoT to keep an accurate and immediate inventory, while devices like Square can turn your smartphone or tablet into a hassle-free cash register.

Though IoT technology is still relatively new, the potential economic impact looms on the horizon. Constant updates on the status and stock of households and workplaces means the average consumer is likely to purchase more products than they would buy on their own. All industries have the potential to use this technology to increase sales and efficiency wherever needed. IoT devices may eventually replace human counterparts who once performed the same function.

How can you secure your Internet of Things technology?

Security is the biggest risk factor when incorporating IoT technology into your business. Some factors you should take into consideration before committing to an IoT upgrade:

  • Hacking: The most widespread IoT fear also happens to be the most rampant. If there’s a security loophole in a device that stores your credit card number or other personal information, hackers will try to exploit this vulnerability, often without encountering firewalls or other obstacles. Your safety could be compromised further by hackers who take over the entire system and hold your devices at ransom or even use your hardware to launch attacks against others without your knowledge. Understanding how your data is stored and accessed is something you must be aware of when considering an IoT device for your business.
  • Surveillance: Any device with a microphone or camera can potentially be activated by a remote user with the right knowledge. That’s why sites that seek out the IP addresses of webcams with unprotected open ports stream millions of private video feeds to viewers willing to pay. Familiarize yourself with the terms and conditions of your device and the permissions its software may have to be sure no one can eavesdrop on you. Read the fine print!
  • Company Security Policies: How does the manufacturer manage the security of their devices? Device security is the responsibility of the individual company, and since there aren’t yet any laws protecting IoT security, most companies depend on self-regulation and self-reporting. What safeguards has the company put in place to protect you, the consumer? What happens to your device if the company goes out of business?
  • Education and Caution: People can become reliant on smart technology, so it’s important to know the hidden downfalls of using these devices in your business. Employees who come in contact with a company IoT device should be aware of the possible threats and security breaches they can cause.

Most of the security concerns with IoT technology have to do with the engineering of the devices themselves. For this reason, knowledge and discretion are the most important safeguards to take when considering the switch to an interconnected network of smart devices. Though it may be fun to imagine your work computer booting up when it senses your car pulling into the parking lot, the vulnerabilities of this technology cast a long shadow on its practicality.

This article is brought to you by Mark Anderson, CEO of Anderson Technologies, an IT Consulting firm in St. Louis.

The post Internet of Warnings: How Smart Technology Can Threaten Your Business’s Security appeared first on ReadWrite.

ReadWrite