, , ,

ANDROID WALLPAPER – A MEDIUM OF MALWARE

By Atul Periwal.

You might be thinking of how a wallpaper can be a medium of malware? There might be an error but no, a wallpaper on android phone can be used as a medium of malware to crash your android mobile phone.

The image above, which can be directly downloaded from Google images, causes certain android phones to crash.

What is malware?

Before I explain to you about wallpaper as a medium of malware, I will explain about malware first. So basically malware is a paragliding word for malware that includes viruses, Trojan, ransomware, keyloggers, spyware, adware, worms, and so on. The exact motive can differ depending on the specific malware. The mutual interest among all of them is that they are all created with the goal of d and destruction.

Malware Wallpaper: What is it?

A member of Twitter i.e. Ice universe issued a warning on Twitter which states, “Never set this picture as wallpaper, especially for Samsung mobile phone users! It will cause your phone to crash! Don’t try it! If someone sends you this picture, please ignore it.”

When you download this image and set is as a wallpaper, an android phones tend to crash that make us to assume the maker of an image can have malicious intent. While some mobile phones after the crash can be rebooted and used in safe mode, some mobile phones can’t be recover. In such a scenario, it is natural to think that the picture has inserted some code that has caused the phone to crash.

To create this, the attacker has used the method called steganography. Using steganography, an attacker can insert malicious code in image and can send the image through different forms. Once the image is downloaded and opened, malicious code will automatically run on the device and perform its actions.

Malware Wallpaper: Causes

The investigation took place for this image and it was found that the image color changed when it was uploaded to Weibo. After the further investigation, they looked into the metadata of the image and discovered that Google Skia has a peculiar ICC colour profile-E3CADAB7BD3DE5E3436874D2A9DEE126. The investigation lead to the following:-

            Dimension: 1440 * 2560

            Colour space: RGB

            Colour profile: Google/Skia/ E3CADAB7BD3DE5E3436874D2A9DEE126

The colour profile for some Android devices tend to trip Google Skia’s graphics engine forcing them to reboot.

Technically while attempting to load the wallpaper with the embedded color profile, com.android.systemui.glwallpaper. ImageProcessHelper crashes from an ArrayIndexOutOfBoundsException.

When Android UI loads, the wallpaper loads which triggers another reboot. Due to that, the smartphone get stuck in a boot loop – which keep on rebooting when the wallpaper start loading.

Malware Wallpaper: Solutions

We can use a photo editor (like Photoshop) to remove the ICC color profile from the image and save the image without embedded color profile. It won’t trigger the malware, when we take a screenshot of the image and set it as a wallpaper. Another way is to use an EXIF software or app to remove the metadata from it which will also remove the colour profile. The only problem if we remove the colour profile is that it will make the image look less vivid.  

Conclusion

This wallpaper looks aesthetically beautiful but is it really important to download a wallpaper from an unknown sites or get it from a known or an unknown person? You might have a question as to what the problem is in transferring a picture from a known person. How would you know about the main source from where the wallpaper has been downloaded?

Don’t just get attracted to such wallpapers and download it from an unknown source. If you like to download it and set it as a wallpaper, download it from credible source like your phone company’s official Website/App. Please be safe and alert from the different methods that are used by attackers which causes harm to your digital systems as well as from Coronavirus that can harm your body system.

/by
, ,

Passwords and Paranoia

By Anton Scott.

The issue with universal passwords

We have all been there, midway through creating a new account for a streaming site, subscription service, or online store and have been met with the daunting “Choose a Password” screen, with an endless list of criteria to follow to ensure a strong password.  But you haven’t got time for this, so like 65% of all other people, you choose to reuse your universal password that has served you well for the last few years. Piece of cake you think. You know this password is ingrained in your mind because you use it all the time, you won’t forget it. You know it’s slightly risky to indulge in these lazy password practices, but you disregard your inner critic, after all, who would care enough to hack you anyway? You’re just being paranoid right? So you log in with ease and go about with your day.

The next week you wake to find that you cannot log in to your email, that’s odd you think. You retry your universal password numerous times with no avail. You send a reset link to your backup email; after all, you never bothered to set up 2 Factor Authentication (2FA), who needs that anyway? Attempting to login to this other email, you are met with the same message: “Incorrect Password”.

Now here is where you begin to get worried, you begin to put the pieces together and arrive at the conclusion that you may have a security breach. Hopefully, it is just your email accounts. But unfortunately, this is only the tip of the iceberg, for your online banking, online shopping, insurance and all other essential sites that you have used this favoured universal password for have been swiftly compromised. Your payment info has been swiped; your personal details have been extorted and are now in the hands of a cybercriminal who wishes to use these credentials for personal gain. But I suppose you were just being paranoid.

As unlikely as it seems, this is a very real threat that many of us face in the digital age and not enough of us are doing enough to ensure that our passwords are truly impenetrable. According to the NSA, there are 300 million hacking attempts per day, at this rate, it is sheer luck if you have not yet been targeted. With the threat on the rise, it is essential that we begin to implement more robust password practices.

Vulnerabilities & How to protect against them

A weak password falls vulnerable to brute force crackers where multiple combinations of characters are tested repeatedly until the password is cracked. The shorter and less complex the password, the faster the software cracks the credentials. A longer password can & will deter a hacker from using this type of attack as it will take an immense amount of time to crack. Lengthen your password.

A dictionary attack involves the program sifting through a preset list of common words frequently used in passwords. The more standardized the word ie. “ballistic” the more likely it is to appear in the wordlist and result in a crack. Therefore, diversify your use of characters: “Ba11i$tiC” would be a much more secure choice due to its blend of capitals, numbers & symbols.

Phishing attacks are common but easy to spot if you know what to look for. They often attempt to set a narrative such as “You are eligible for [Insert offer here]” or “There is an issue with your personal info that needs updating” or “You have won a [Insert valuable object]”. All with the intention of luring you in to enter your personal information. Steer clear of emails, texts or even letters like these; the only thing you will be eligible for is identity theft. Ensure you verify that your received communications are from a trusted & legitimate source and sever any correspondence with suspicious ones.

Here are some general principles that you can follow to ensure the security of your credentials:

  • Use a lengthy password with a diversity of characters, capitalization, symbols and numbers.
  • Do not include your names, birthdays, addresses or phone numbers in your passwords.
  • Use abbreviations for phrases e.g “I Would Not Like To Be Hacked” = “IWNL2BH”
  • Change your passwords regularly, every 30-90 days is good practice.
  • Do not share your passwords. Sharing creates more liabilities.
  • Educate yourself on what phishing looks like, and know how to avoid/deal with it.
  • Always use 2 Factor Authentication, this provides an additional layer of security in the event of a breach.
  • Use trusted password manager programs that store your passwords securely and auto-generate random & complex ones every time you create a new account. Examples include LastPass, DashLane & 1Password. Make sure your master password is the Fort Knox of passwords and follows all the above criteria or there is no point in using these types of software.

I hope that you have been able to draw some valuable knowledge out of this article and can work towards securing your online identity. Remember, if you ever doubt your credentials, that feeling alone is enough to constitute a reason for fortification. A little paranoia is good in the long run, your digital profile will thank you for it.

/by
, ,

IOT – Progress or Cyber Madness?

We are constantly talking about reducing the attack surface and providing less opportunity for the bad guys to get in. IOT changes things…

Read more
/by
, , , ,

Trusted Security

How do u know that you are your mother’s child?

How can you be sure that the chef in that restaurant did not spit in your lasagne after you complained that the service was too slow?

Read more
/by