News & Blog

Tilly Lockey: 'I can paint with my bionic arms'

Tilly Lockey, 13, has bionic arms that are so sophisticated she can now paint and apply make-up.

She lost both of her hands after contracting meningitis as a baby and is now at the forefront of testing the technology.

Her latest set, complete with pressure sensors and fine motor control, are not yet available on the NHS – but it is hoped they will be soon.

Watch the Victoria Derbyshire programme on BBC Two and BBC News Channel, 10:00 to 11:00 GMT – and see more of our stories here.

This story was originally published on BBC Technology News

Facebook facing record fine from US regulator

Facebook is negotiating a record fine with the US Federal Trade Commission over violations of user’s privacy, it has been reported.

The fine could reach billions of dollars, according to The Washington Post, with the newspaper adding the exact amount is yet to be settled.

Facebook recently posted strong financial numbers for the fourth quarter of 2018, with its profits climbing to $6.9bn (£5.3bn) – an all-time record.

This is despite the social media giant having been plagued by a series of scandals throughout the year.

Cambridge Analytica

Cambridge Analytica

What links a Cambridge professor, Facebook, an ex-hedge fund boss, a red haired techie, and Donald Trump’s former right hand man?

Primarily, the FTC fine would regard the Cambridge Analytica scandal – in which Facebook gave 87 million users’ data to an elections consultancy.

The regulator has been investigating the case.

In 2011, the FTC made an agreement with Facebook regarding the social media giant’s obligation to safeguard users’ privacy.

More from Facebook

In a statement to Sky News, a company spokesperson declined to comment specifically on the Washington Post report, but they said: “We are cooperating with officials in the US, UK, and beyond.

“We’ve provided public testimony, answered questions, and pledged to continue our assistance as their work continues.”

Financial expert wins fight against Facebook over scam adverts

In September last year, Facebook said 50 million users were affected by a security breach, which potentially enabled hackers to take over people’s accounts.

Earlier this month, Martin Lewis, the founder of MoneySavingExpert.com, dropped his lawsuit against the platform for running scam advertisements featuring his name and image.

The platform also removed 364 pages and accounts linked to employees of Russian news agency Sputnik from its platform this month, as part of investigations into networks of Facebook accounts created to “mislead others”.

It also emerged that Facebook paid children as young as 13 to install software on their phones, which allowed the company to collect data on how they used its competitors’ apps.

This story was originally published on Sky News Technology

Navigating the murky waters of Android banking malware

An interview with ESET malware researcher Lukáš Štefanko about Android banking malware, the topic of his latest white paper

Banking malware continued to plague the Android platform throughout 2018, with cybercrooks relentlessly targeting users with banking Trojans and fake banking apps, but also experimenting with new money-stealing techniques.

To help users navigate the tricky and expanding landscape of Android threats, Lukáš Štefanko, a malware researcher at ESET, sheds light on the most prevalent types, tactics and techniques of today’s Android banking malware in his white paper, “Android banking malware: Sophisticated Trojans vs. Fake banking apps”.

We sat down with Lukáš and asked him a few questions about his latest publication.

What made you focus on this topic in such detail?

I deal with malicious apps going after Android users’ banking credentials almost daily. They use many different tricks, techniques and distribution methods, but can ultimately be divided into two broad groups – as the title of the white paper suggests. The distinction might not be so clear to regular Android users, so I wanted to address that.

So, sophisticated banking Trojans and fake banking apps. Why is it important for a regular user to be familiar with the difference?

If users know what they’re up against, I believe they have a better chance of staying safe. The two categories might seek the same goal – stealing credentials for, or money from, their victims’ bank accounts – but their strategies for achieving that goal are very different. And that means that the ways to prevent or remove threats will also be different for each category.

Please explain the differing strategies to someone new to the topic?

Banking Trojans are devious – they try to make users install them by pretending they are something fun or useful, but definitely totally harmless. Think games, battery managers and power boosters, weather apps, video players, and so on. They try to keep users in the dark while they collect the rights and permissions needed for their grand finale. Then, when users least expect it, they slide a fake login screen over a legitimate banking app and steal the entered data. Victims might not be aware of anything happening until they find out that money has disappeared from their accounts.

Fake banking apps are much simpler – they go all in trying to convince users they are legitimate banking apps. Once installed and launched, they lead with a login form, just like a real banking app would. And, as you probably already guessed, the credentials submitted into the form are harvested. Victims usually realize immediately what happened as the app reveals itself by having no further banking app functionality.

What are the chances of users falling for a fake banking app?

I’d say the chances are lower than with banking Trojans, but nowadays some apps can look pretty trustworthy despite being fake. What’s maybe more important than how many users install malware is how many of them actually fall victim – and the odds are high with fake banking apps. This is because users install those apps believing they are installing an actual banking app, which makes them willing to enter their credentials upon seeing a login screen.

Is one of these categories considered more dangerous than the other?

From the technical point of view, yes – banking Trojans are more robust and increasingly hybrid-like. That means their capabilities go beyond just phishing for banking credentials, they could for example have some spying functions or ransomware-like capabilities. But if we’re talking about the danger of getting one’s banking credentials stolen, I think fake banking apps are just as dangerous.

What advice would you pick out of your white paper as most useful?

I see three main principles in steering clear of Android banking malware.

First, stay away from unofficial app stores, if possible, and always keep “installation of apps from unknown sources” disabled on your device.

Second, pay close attention to the app’s image on Google Play, and continue paying attention to its behavior after it’s installed. Negative reviews and permissions that aren’t connected to the app’s function are the biggest red flags.

And finally, only ever download banking and other finance apps if they are linked on the official website of the bank or financial service.

Actually, this approach – specifically looking for apps you need rather than installing apps you “happen to stumble upon” – may be the way to avoid malware altogether.

To learn more about Android malware and ways of countering it, please refer to the white paper.

15 Feb 2019 – 11:28AM

This story was originally published on We Live Security by Eset