Category: Blog

New Apple Update Available for Character Bug Solution

Recently, another “exotic character” bug was found in iOS.  If someone sends this particular character (a special character that’s part of the Indian language pack) to your phone via any messaging app, it will not only crash your phone, but cause a variety of messaging apps to stop functioning.

When the bug was initially reported, Apple treated it as a somewhat low priority item and announced their plan to fix it with the release of iOS 11.3 later this spring.  The company’s loyal user base, however, had other ideas.  Faced with a growing chorus of demands for a more immediate fix, Apple has incorporated it into the 11.2.6 release which is now available.

If you’re set up to automatically receive OS updates, there’s nothing for you to do, and if you haven’t already encountered this issue, you never will.  If, on the other hand, you are in the habit of manually applying OS updates, this is one you won’t want to miss.  While the chances of someone sending this exotic character to you are quite low, there’s nothing to be gained by exposing yourself to needless risk.

Long time users of Apple’s products will recognize a trend here.  This is hardly the first time an exotic character or other unusual event has caused iOS to crash.  Just last month, there was a similar (though less serious) issue with another special character.  Last year, it was discovered that a properly formatted URL could crash any system running iOS.  Not long after that discovery was made, a five second video went viral that, if watched on a device running iOS, would crash it.

In any case, the user base spoke and Apple listened.  Grab the latest update and you won’t have anything to worry about.  At least until the next unusual crash bug is discovered.

Sim Cards Can Now Be Built Into Processors

SIM cards have long been a source of frustration for equipment manufacturers.  With the relentless drive to produce smaller and smaller devices, the SIM card is a hurdle to be overcome.  It’s relatively large, and when you account for the necessary housing, it becomes quite the design challenge.

That challenge seems to have been met, however.  ARM, a prominent chip design firm, has recently announced the development of the iSIM.  The iSIM is built into the processor, and according to the company, only takes up a fraction of a millimeter squared.  To put that figure into context, today’s SIM cards measure 12.3 x 8.8mm, so ARM’s new design represents significant space savings indeed.

There’s a catch, though.  Although the new design is ready, and is already in the hands of ARM’s business partners for evaluation, there’s no guarantee that cell phone providers will accept the new technology and incorporate them into the next generation of phones.

ARM doesn’t think this will be an issue, although phones weren’t at the forefront of the company’s mind when they developed the iSIM.  Their main goal was to build the integrated SIMs to help power the next generation of tiny IoT devices, but this, ARM contends, is the very reason why phone carriers will welcome the new technology with open arms.  After all, more devices connected to their respective networks means more opportunities to profit.

In any case, time will tell the tale.  ARM is expecting that their business partners will readily embrace the new technology, and we should begin seeing products on the market utilizing the iSIM by the end of this year.  This will be a fascinating innovation to watch. If it succeeds the way ARM hopes,, it will lead to the creation of a whole new generation of even smaller devices.

Android Ransomware Infections Declined in 2017

Android users have a reason to cheer.  According to the latest report by ESET, the number of ransomware attacks targeting Android devices declined in 2017.  The decline represents a bit of an anomaly, given that in 2017, the most common type of malware attack (by a wide margin) was ransomware.  Given that security researchers can’t name a particular reason for the decline, it’s important not to read too much into the data.  Whether there are declining figures or not, ransomware attacks still played a prominent role in last year’s threat landscape across a whole spectrum of devices.  This year is shaping up to be no different.

Where Android-based ransomware attacks were concerned, several old standbys were still seeing frequent use, including both Charger and SimpleLocker. The most prominent new player in 2017 was DoubleLocker, which was first seen in the wild last October.  It is unique in that it was the first Android malware to take advantage of a vulnerability in the Accessibility service to gain admin rights and infect users.

Interestingly, Android-based banking Trojans have been abusing the Accessibility service for literally years.  It’s not immediately clear why hackers didn’t begin using it as an attack vector where ransomware was concerned until the appearance of DoubleLocker.  Now that it’s on the scene, we can expect to see an increasing number of similar attacks.

In any case, given the fact that ransomware is poised to dominate the threat landscape in 2018, all users would do well to stay on their guard.  The slight decline in ransomware attacks against Android users, (while a welcome sight), is probably going to be short-lived.  If there’s one thing you can be sure of, it is that 2018 will be another record-breaking year where hacking attacks are concerned.

5G Cellular Service Is Beginning To Roll Out

AT&T has big plans for their future and yours.  If they’re your carrier of choice, and if you live in the cities of Dallas, Atlanta, or Waco, then you stand to be on the cutting edge of the changes the company has in store. Those locations have been selected to be the first to receive AT&T’s 5G network upgrade.

Often, whenever a new technology is touted, you hear the phrase “this changes everything” associated with it. However, after listening to an AT&T spokesman talk at length about the capabilities of the new 5G network, the phrase is much more than just hot air and wishful thinking.  From the sounds of it, it really does change everything.

Here’s what a company official had to say on the matter:

“We are working with our vendors on an aggressive schedule to help ensure customers can enjoy 5G when we launch the network this year.  We will add more 5G-capable mobile devices and smartphones in early 2019 and beyond.

After significantly contributing to the first phase of 5G standards, conducting multi-city trials, and literally transforming our network for the future, we’re planning to be the first carrier to deliver standards-based mobile 5G–and do it much sooner than most people thought possible.

What this means for our customers in these cities is that they will be the very first to access this next generation of wireless services.  The experience we’ve gained by leading the industry transformation to network virtualization and software control will help our customers to get the most out of 5G.  Ultimately, this means new experiences with augmented reality and virtual reality (AR/VR), future autonomous cars and delivery drones.

In order for these new experiences to become reality, you need mobile 5G powered by SDN and edge computing.  We’re making the cloud smarter, faster, and local.”

By all accounts, there are exciting times ahead.  If you’ve been thinking about switching to AT&T, this might be a good reason to do so.

Google Calls Out Microsoft For Security Issue

Depending on who you ask, Google’s Project Zero is either the thing that’s going to singlehandedly save the internet, or the bane of many companies’ existence.  It’s easy to see both sides of the argument.

On one hand, by uncovering previously undiscovered bugs in all manner of software and handing that information over to the authors, Google is undeniably performing a valued public service.  The problem has never been with the “carrot” side of the equation, always with the stick.

The stick is this:  Google gives each company 90 days in which to address the bug.  If they take no action during that time, then Google will announce the existence of the bug to the world, which of course, means that hackers everywhere immediately have access to a new exploit.

This approach often accomplishes what contacting the vendor privately does not.  Once the bug becomes common knowledge, the company in question is essentially forced to fix the problem, thus making the internet safer.

It should be noted that Google does allow exemptions to the 90-day rule.  If a company is hard at work on a fix and needs more time, Google has been known to delay their announcement.  In a similar vein, if a bug is simply catastrophic in scope and scale, the company has been known to make the announcement to help deploy resources of multiple companies toward addressing the issue.

More than 90 days ago, the Project Zero team discovered a pair of security flaws in Microsoft products.  One in their Edge browser, and the other in the Windows 10 OS.  One of the two got fixed.  The other did not, and Google called them out for it.

Needless to say, Microsoft is not pleased, and they have hit Google back for such behavior in the past. They scored a PR victory last year when Microsoft engineers discovered a flaw in Google’s Chrome browser, and contacted the company privately so they could fix the issue and then bragged about their more responsible approach after the fact.

It will be interesting to see what Microsoft does in this instance.

RottenSys Malware Has Infected 5M Android Devices Since 2016

There’s a new threat on the horizon, according to security researchers from Check Point.  A group of hackers in China are busy building a massive botnet that so far, totals almost five million Android smartphones.  The hackers are quietly taking control of these devices using a strain of malware known as “RottenSys.”

While the malware is flexible and can be adapted to any number of purposes, in its present incarnation, it’s being used to display copious numbers of advertisements. This generates a healthy revenue stream for the hackers, but that could be just the beginning.  The researchers have found evidence that the hackers are gearing up for a campaign that could be much more far-reaching and damaging.  According to Check Point: “This botnet will have extensive capabilities, including silently installing additional apps and UI automation.”

RottenSys is fairly new to the malware ecosystem, first appearing in September 2016. So far, the hackers have spent most of their time simply spreading their creation to more devices.  At current count, the number of infected Android phones stands at 4,964,460, and it grows by the day.

It wasn’t until last month that RottenSys got an update that gave its owners the ability to take direct control of all the devices.  Prior to that, they were happy to simply rake in ad revenue, which is estimated to exceed $350,000 a month.

Currently, the malware hasn’t spread beyond the confines of China, but that could easily change as the hackers seek to add an increasing number of devices to their already massive botnet.

What makes RottenSys notable is the fact that it has managed to spread to so many devices in such a short period of time.  As it turns out, the secret to the hackers’ success has to do with the code it’s built around, which includes both “Small”, (an open source virtualization framework) and “MarsDaemon”, which is a library that keeps apps “undead,” which ensures that the malware’s processes continue to operate even after users close them. This ensures that the ad-injection capacity cannot be disabled.

Only time will tell what the hackers have planned, but it can’t be anything good. They’ll have a formidable botnet to do damage with. Stay tuned.

Remote Desktop Flaw Affects Every Windows Version

Researchers at Preempt Security recently discovered a critical flaw in Microsoft’s Credential Security Support Provider protocol (CredSSP for short) that impacts every version of Windows in existence. It could allow a hacker to remotely exploit Windows Remote Desktop to execute malicious code and steal any data stored on the machine.

The flaw, logged as CVE-2018-0886 would allow a hacker to execute a man in the middle attack, (provided that they had Wi-Fi or physical access to the machine) and steal authentication data via a Remote Procedure Call attack.

Yaron Zinar, a lead researcher at Preempt, had this to say about the flaw:

“An attacker which has stolen a session from a user with sufficient privileges could run different commands with local admin privileges.  This is especially critical in case of domain controllers, where most Remote Procedure Calls (DCE/RPC) are enabled by default.  This could leave enterprises vulnerable to a variety of threats from attackers including lateral movement and infection on critical servers or domain controllers.”

This is a big deal because Windows Desktop is hands-down the most popular means of performing remote logins. In addition, business of all shapes and sizes make regular use of RDP for a variety of purposes, making them vulnerable until the flaw is patched.

Microsoft released a fix for the issue as part of their March 2018 Patch Tuesday, but security professionals close to the issue warned that simply applying the patch is not enough to provide protection.  You’ll also need to instruct your staff to make a few configuration changes (explained in the documentation surrounding the issue), including limiting your use of privileged accounts as much as possible and use non-privileged accounts whenever possible.

The March 2018 patch release was a hefty one, and included patches for a number of products including Core ChakraCore, PowerShell, Microsoft Office, Windows (OS), and both the Edge browser and Internet Explorer.

Another Google Service Is Going Away

If you are a fan of, and regularly use Goo.gl (the URL shortener service), brace for impact.  The company has announced that as of March 30, 2019, the service will be shut down for good.  Long before then, beginning April 18th of this year, only existing users will be able to shorten links via goo.gl.  No new signups will be allowed.

The company had this to say about the recent announcement:

“The URL Shortener has been a great tool that we’ve been proud to have built.  As we look towards the future, we’re excited about the possibilities of Firebase Dynamic Links, particularly when it comes to dynamic platform detection and links that survive the app installation process….FDLs are smart URLs that allow you to send existing and potential users to any location within an iOS, Android or web app.”

Fortunately, we’re not actually losing a service as much as we’re seeing one swapped out for something better and arguably next generation.  It is worth mentioning that Google does not have any plans to auto-migrate goo.gl links to Firebase Dynamic Links.  If you opt to use the new system, you’ll have to export your short links and then import them manually into Firebase.

Given this, it’s expected that at least some percentage of goo.gl users will simply opt to shift to other URL shortening services such as Bit.ly or Ow.ly.

Although Google is not ending support for the service to make life more difficult for hackers and spammers, that’s one of the unintended consequences of the move. Both spammers and malware authors regularly make use of goo.gl.  Sadly, legions of Marketing departments and other legitimate users do too, and many aren’t thrilled that although Google is offering an ostensibly better and more robust alternative, they’re not offering any means of auto-migration to the new platform.

MyFitnessPal User Information Data Breach Affects 150 Million

Another week, another high-profile data breach.  This time, it’s Under Armour in the hot seat.  Under Armour acquired the MyFitnessPal app back in February 2015, and the company recently announced that their new acquisition was hacked in late February 2018.

So far, the company is taking all steps we’ve come to see as usual in these circumstances.  They’ve notified their user base about the scope and scale of the attack, which impacted a hefty 150 million users.  In conjunction with the announcement of the event itself, they assured their users that the theft of data was limited to user names, email addresses and encrypted passwords.

Although the stolen passwords are encrypted with bcrypt (which is a highly secure solution), the company is still recommending that all of the app’s users change their passwords immediately, just to be safe.  Under Armour also assures its MyFitnessPal users that no credit card information was exposed.

In a departure from the routine we’ve come to expect in situations like these, the company is also warning users to be aware that since their emails were stolen, they may be subject to phishing scams in an attempt to get more of their personal information.

That announcement, in part, reads as follows:

“Please note that the email from MyFitnessPal about this issue does not ask you to click on any links or contain attachments and does not request your personal data.  If the email you received about this issue prompts you to click on a link, suggests you download an attachment, or asks you for information, the email was not sent by MyFitnessPal and may be an attempt to steal your personal data.  Avoid clicking on links or downloading attachments from such suspicious emails.”

While Under Armour’s handling of the incident has been solid so far, one has to wonder how many more of these incidents we’ll see before companies start taking data security more seriously.

Huge Spike in Malware With Mining Capabilities

There’s a new type of hacking attack to be concerned with, and it’s growing by leaps and bounds.  Called “Crypto-Jacking,” it’s a process by which malicious code is placed on websites. When the sites are visited, the code secretly siphons off a portion of the affected user’s PC, laptop, or smartphone’s processing power and uses it to mine for various cryptocurrencies  so that the hackers can profit from it.

Kevin Haley, the Director of Symantec’s Security Response Team, had this to say about the issue:

“Cryptojacking just came out of nowhere.  I think what we’re going to learn in the year to come is when people see the opportunity to take money, they’re going to come up with some really wild ways to do that.”

Based on the statistics the company has been collecting, cryptojacking increased a whopping 8500 percent in the fourth quarter of 2017 alone. As the prices of various cryptocurrencies continue to rise, we can expect to see even more of this because it provides the hackers with a hands-free method of gaining tremendous profits with almost no risk or exposure.

Mike Fey, the President and COO of Symantec adds, “Cryptojacking is a rising threat to cyber and personal security.  The massive profit incentive puts people, devices and organizations at risk of unauthorized coin miners siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers.”

Perhaps the most insidious aspect of this new attack vector is how easy it is to pull off.  Even a low-skill hacker with a very limited toolset can manage to insert the handful of lines of code needed to begin siphoning resources.

Unlike most other forms of attack, however, no company data is directly at risk.  What you can expect to see though, are serious performance hit as more of your equipment becomes infected.  It’s not a happy situation given the importance of speed in today’s fast-paced business environment.