Tech news

Mobile networks call for 5G security inspector

The mobile network industry has called for a new European security testing scheme to check the safety of 5G equipment before it is deployed.

Several countries have stopped individual companies supplying equipment for their next-generation networks, citing security concerns.

Chinese giants Huawei and ZTE have both faced intense scrutiny.

The GSMA, which represents 800 network operators, said a testing scheme would reduce the need to ban suppliers.

Australia, New Zealand, and the United States have already barred Huawei from supplying equipment for their future 5G networks.

Meanwhile, Canada is carrying out a security review of Huawei’s products and UK service provider BT is removing Huawei kit from the core of its 5G network.

Many countries fear that the Chinese government is using Huawei as a proxy so it can spy on rival nations and scoop up useful information.

Huawei has said it is independent and gives nothing to the country’s government, apart from relevant taxes. But critics question how free any major Chinese business can be from Beijing’s influence.

The GSMA is concerned that banning suppliers will cause delays to 5G rollout and increase costs.

“Such significant consequences, intended or not, are entirely avoidable,” it said in a statement.

It intends to put together a task force of European mobile networks to identify ways that equipment testing could be enhanced.

The UK’s communications agency GCHQ already has a task force dedicated to inspecting Huawei equipment.

The last report GCHQ produced said it found “shortcomings” in products that meant it could only give “limited assurance” that the firm posed no threat.

The GSMA said governments should work with mobile operators to agree on a standardised testing scheme across Europe to “ensure confidence in network security”.

Huawei said it was “committed to working globally with everyone involved in network security”.

Deutsche Telekom said it welcomed the move. Spain’s Telefonica, which owns the UK network O2, said it agreed with the GSMA’s stance.

Huawei is itself an associate member of the GSMA and is typically one of the biggest exhibitors at the GSMA’s Mobile World Congress show in Barcelona.

This story was originally published on BBC Technology News

Tilly Lockey: 'I can paint with my bionic arms'

Tilly Lockey, 13, has bionic arms that are so sophisticated she can now paint and apply make-up.

She lost both of her hands after contracting meningitis as a baby and is now at the forefront of testing the technology.

Her latest set, complete with pressure sensors and fine motor control, are not yet available on the NHS – but it is hoped they will be soon.

Watch the Victoria Derbyshire programme on BBC Two and BBC News Channel, 10:00 to 11:00 GMT – and see more of our stories here.

This story was originally published on BBC Technology News

Facebook facing record fine from US regulator

Facebook is negotiating a record fine with the US Federal Trade Commission over violations of user’s privacy, it has been reported.

The fine could reach billions of dollars, according to The Washington Post, with the newspaper adding the exact amount is yet to be settled.

Facebook recently posted strong financial numbers for the fourth quarter of 2018, with its profits climbing to $6.9bn (£5.3bn) – an all-time record.

This is despite the social media giant having been plagued by a series of scandals throughout the year.

Cambridge Analytica

Cambridge Analytica

What links a Cambridge professor, Facebook, an ex-hedge fund boss, a red haired techie, and Donald Trump’s former right hand man?

Primarily, the FTC fine would regard the Cambridge Analytica scandal – in which Facebook gave 87 million users’ data to an elections consultancy.

The regulator has been investigating the case.

In 2011, the FTC made an agreement with Facebook regarding the social media giant’s obligation to safeguard users’ privacy.

More from Facebook

In a statement to Sky News, a company spokesperson declined to comment specifically on the Washington Post report, but they said: “We are cooperating with officials in the US, UK, and beyond.

“We’ve provided public testimony, answered questions, and pledged to continue our assistance as their work continues.”

Financial expert wins fight against Facebook over scam adverts

In September last year, Facebook said 50 million users were affected by a security breach, which potentially enabled hackers to take over people’s accounts.

Earlier this month, Martin Lewis, the founder of MoneySavingExpert.com, dropped his lawsuit against the platform for running scam advertisements featuring his name and image.

The platform also removed 364 pages and accounts linked to employees of Russian news agency Sputnik from its platform this month, as part of investigations into networks of Facebook accounts created to “mislead others”.

It also emerged that Facebook paid children as young as 13 to install software on their phones, which allowed the company to collect data on how they used its competitors’ apps.

This story was originally published on Sky News Technology

Navigating the murky waters of Android banking malware

An interview with ESET malware researcher Lukáš Štefanko about Android banking malware, the topic of his latest white paper

Banking malware continued to plague the Android platform throughout 2018, with cybercrooks relentlessly targeting users with banking Trojans and fake banking apps, but also experimenting with new money-stealing techniques.

To help users navigate the tricky and expanding landscape of Android threats, Lukáš Štefanko, a malware researcher at ESET, sheds light on the most prevalent types, tactics and techniques of today’s Android banking malware in his white paper, “Android banking malware: Sophisticated Trojans vs. Fake banking apps”.

We sat down with Lukáš and asked him a few questions about his latest publication.

What made you focus on this topic in such detail?

I deal with malicious apps going after Android users’ banking credentials almost daily. They use many different tricks, techniques and distribution methods, but can ultimately be divided into two broad groups – as the title of the white paper suggests. The distinction might not be so clear to regular Android users, so I wanted to address that.

So, sophisticated banking Trojans and fake banking apps. Why is it important for a regular user to be familiar with the difference?

If users know what they’re up against, I believe they have a better chance of staying safe. The two categories might seek the same goal – stealing credentials for, or money from, their victims’ bank accounts – but their strategies for achieving that goal are very different. And that means that the ways to prevent or remove threats will also be different for each category.

Please explain the differing strategies to someone new to the topic?

Banking Trojans are devious – they try to make users install them by pretending they are something fun or useful, but definitely totally harmless. Think games, battery managers and power boosters, weather apps, video players, and so on. They try to keep users in the dark while they collect the rights and permissions needed for their grand finale. Then, when users least expect it, they slide a fake login screen over a legitimate banking app and steal the entered data. Victims might not be aware of anything happening until they find out that money has disappeared from their accounts.

Fake banking apps are much simpler – they go all in trying to convince users they are legitimate banking apps. Once installed and launched, they lead with a login form, just like a real banking app would. And, as you probably already guessed, the credentials submitted into the form are harvested. Victims usually realize immediately what happened as the app reveals itself by having no further banking app functionality.

What are the chances of users falling for a fake banking app?

I’d say the chances are lower than with banking Trojans, but nowadays some apps can look pretty trustworthy despite being fake. What’s maybe more important than how many users install malware is how many of them actually fall victim – and the odds are high with fake banking apps. This is because users install those apps believing they are installing an actual banking app, which makes them willing to enter their credentials upon seeing a login screen.

Is one of these categories considered more dangerous than the other?

From the technical point of view, yes – banking Trojans are more robust and increasingly hybrid-like. That means their capabilities go beyond just phishing for banking credentials, they could for example have some spying functions or ransomware-like capabilities. But if we’re talking about the danger of getting one’s banking credentials stolen, I think fake banking apps are just as dangerous.

What advice would you pick out of your white paper as most useful?

I see three main principles in steering clear of Android banking malware.

First, stay away from unofficial app stores, if possible, and always keep “installation of apps from unknown sources” disabled on your device.

Second, pay close attention to the app’s image on Google Play, and continue paying attention to its behavior after it’s installed. Negative reviews and permissions that aren’t connected to the app’s function are the biggest red flags.

And finally, only ever download banking and other finance apps if they are linked on the official website of the bank or financial service.

Actually, this approach – specifically looking for apps you need rather than installing apps you “happen to stumble upon” – may be the way to avoid malware altogether.

To learn more about Android malware and ways of countering it, please refer to the white paper.

15 Feb 2019 – 11:28AM

This story was originally published on We Live Security by Eset

Google 'satisfies' Russia over censorship demands

Google is reported to have “satisfied” the Russian communications regulator over demands it censor people’s web searches.

Roskomnadzor has sent repeated requests to Google requiring it to route Russian citizens’ web searches through a government filtering system.

However, the head of the regulator, Alexander Zharov, told state-owned news agency TASS on Friday: “At this stage, we are satisfied with the results of the dialogue with Google.”

Mr Zharov’s comments appear to mean Google is no longer facing punishment in Russia for refusing to comply with censorship regulation.

But, it is unclear whether this is because Google or the Russian regulator has backed down.

Although there have been suggestions Google would not connect to the Russian government’s blacklist and would refuse to automatically remove links, there is no public information on if this is still the case.

Google has declined to officially comment on the nature of its relationship and agreement with Roskomnadzor.

More from Google

The company stated: “We’re committed to enabling access to information for the benefit of our users in Russia and around the world.”

The legislation is expected to be passed in its entirety. File pic

Image: Russia’s domestic web services have complied with the law

It comes as the Kremlin prepares to introduce new laws offering the government tight control over web content.

If enacted, the law would force Russian web traffic to be routed through systems controlled by the government – prompting fears the Kremlin may use the surveillance and censorship capability to stifle criticism.

It follows another law passed last year requiring search engines to be connected to the federal state information system (FGIS), which allows the government to censor the websites its citizens can access.

Google was fined 500,000 rubles (£5,800) in December for failing to connect its search service to these filtering systems.

At the time, the company neither commented on nor appealed against the fine.

The Interfax news agency reported that Google faced a maximum fine of 700,000 rubles (£8,100) in the case of continued violation – effectively worth less than 0.00001% of the annual turnover for its parent company Alphabet.

Domestic web firms in Russia, including Yandex, Sputnik and Mail.ru, have complied with the requirement to connect to the FGIS.

According to Interfax, if Google was deemed to have conducted “malicious non-fulfilment” of its obligation to connect to the FGIS, the Kremlin may consider legislating to block the company in the most severe circumstances.

It has recently been reported that Google is planning to launch a censored version of its search engine in China, where it is currently banned.

Google effectively left China in 2010, when it criticised the censorship and surveillance activities of Beijing, and the company’s Soviet Union-born co-founder Sergey Brin decried the “forces of authoritarianism” in the country.

Although there is little sign of authoritarianism receding in either China or Russia, the company is content operating in those jurisdictions under current chief executive Sundar Pichai.

Mr Brin is now the president of Alphabet and has not spoken out regarding the censored search project in China, instead choosing to criticise leaks about the project during a reported meeting with employees.

This story was originally published on Sky News Technology