Archive for Apps

Research Indicates Zoom Is Being Targeted By Cybercriminals

With many people working from home due to coronavirus, research by Check Point indicates that cyber-criminals may be targeting the video conferencing app ‘Zoom’.

Domains

Cybersecurity company ‘Check Point’ reports witnessing a major increase in new domain registrations in the last few weeks where the domain name includes the word ‘Zoom’.  According to a recent report on Check Point’s blog, more than 1700 new domains have been registered since the beginning of the year with 25 per cent of them being registered over the past week. Check Point’s research indicates that 4 per cent of these recently registered domains have “suspicious characteristics”, such as the word ‘Zoom’.

Concern In The U.S.

The huge rise in Zoom’s user numbers, particularly in the U.S. has also led New York’s Attorney General, Letitia James, to ask Zoom whether it has reviewed its security measures recently, and to suggest to Zoom that it may have been relatively slow at addressing issues in the past.

Not Just Zoom

Check Point has warned that Zoom is not the only app that’s being targeted at the moment as new phishing websites have been launched to pass themselves off as every leading communications application.  For example, the official classroom.google.com website has been impersonated by googloclassroom.com and googieclassroom.com.

Malicious Files Too

Check Point also reports detecting malicious files with names related to the popular apps and platforms being used by remote workers during the coronavirus lockdown.  For example, malicious file names observed include zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe” (# is used here to represent digits). Once these files are run, InstallCore PUA is loaded onto the victim’s computer.  InstallCore PUA is a program that can be used by cyber-criminals to install other malicious programs on a victim’s computer.

Suggestions

Some ways that users can protect their computers/devices, networks and businesses from these types of threats, as suggested by Check Point, include being extra cautious with emails and files from unfamiliar senders, not opening attachments or clicking on links in emails (phishing scams), and by paying close attention to the spelling of domains, email addresses and spelling errors in emails/on websites.  Check Point also suggests Googling the company you’re looking for to find their official website rather than just clicking on a link in an email, which could redirect to a fake (phishing) site.

What Does This Mean For Your Business?

This research highlights how cyber-criminals are always quick to capitalise on situations where people have been adversely affected by unusual events and where they know people are in unfamiliar territory.  In this case, people are also divided geographically and are trying to cope with many situations at the same time, may be a little distracted, and may be less vigilant than normal.

The message to businesses is that the evidence from security companies that are tracking the behaviour of cyber-criminals is that extra vigilance is now needed and that all employees need to be very careful, particularly in how they deal with emails from unknown sources, or from apparently known sources offering convincing reasons and incentives to click on links or download files.

Featured Article – Microsoft Teams User Numbers Up By 12 Million In A Week

Microsoft’s collaborative working platform ‘Teams’ is reported to have seen a massive 12 million user boost in one week as a result of remote-working through the coronavirus outbreak, and through Microsoft making the platform generally available through Office 365 from March 14.

What Is Teams?

Teams, announced in November 2016 and launched by Microsoft in 2017, is a platform designed to help collaborative working and combines features such as workplace chat, meetings, notes, and attachments. Described by Microsoft as a “complete chat and online meetings solution”, it normally integrates with the company’s Office 365 subscription office productivity suite. In July 2018, Microsoft introduced a free, basic features version of Teams which did not require an Office 365 account, in order to increase user numbers and tempt users away from competitor ‘Slack’.

Microsoft Teams is also the replacement for Skype for Business Online, the support for which will end on 31 July 2021, and all-new Microsoft 365 customers have been getting Microsoft Teams by default from 1 September 2019.

March 14

Microsoft Corp. announced on March 14 that Microsoft Teams would be generally available in Office 365 for business customers in 181 markets and 19 languages.

Increased To 44 Million Users

The move to make Teams generally available to businesses with Office 365, coupled with a mass move to remote working as a result of COVID-19 has resulted in 12 million new users joining the platform in a week, bringing users up from 32 million on 11 March to 44 million users a week later.  The number is likely to have increased significantly again since 18 March.

What Does Teams Offer?

Microsoft Teams offers threaded chat capabilities which Microsoft describes as “a modern conversations experience”, and built-in Office 365 apps like Word, Excel, PowerPoint, OneNote, SharePoint and Power BI.  Also, Teams offers users ad-hoc (and scheduled) voice and video meetings and has security and compliance capabilities built-in as it supports global standards, including SOC 1, SOC 2, EU Model Clauses, ISO27001 and HIPAA. Users are also able to benefit from the fact that workspaces can be customised for each team using tabs, connectors and bots from third-party partners and Microsoft tools e.g. Microsoft Planner and Visual Studio Team Services. Microsoft says that more than 150 integrations are available or coming soon to Teams.

New Features

Microsoft reports that it has added more than 100 new features to Teams since November 2019.  These include an enhanced meeting experience (with scheduling), mobile audio calling, video calling on Android (coming soon to iOS), and email integration.  Teams has also benefited from improvements to accessibility with support for screen readers, high contrast and keyboard-only navigation.

Walkie-Talkie Phone

In January, Microsoft announced that it was adding a “push-to-talk experience” to Teams that turns employee or company-owned smartphones and tablets into walkie-talkies.  The Walkie Talkie feature, which can be accessed in private preview in the first half of this year and will be available in the Teams mobile app, offers clear, instant and secure voice communication over the cloud.

Competition

There are, of course, other services in competition with Microsoft Teams. Slack, for example, is a cloud-based set of proprietary team collaboration tools and services.  Slack enables users (communities, groups, or teams) to join through a URL or invitation sent by a team admin or owner.  Although Slack was intended to be an organisational communication tool, it has morphed into a community platform i.e. it is a business technology that has crossed over into personal use.

That said, Slack reported in October last year that it had 12 million daily active users, which was a 2 million increase since January 2019.

Slack has stickiness and strong user engagement which help to attract businesses that want to get into using workstream collaboration software but, it faces challenges such as convincing big businesses that it is not just a chat app and that it is a worthy, paid-for alternative to its more well-known competitors like Microsoft’s Teams.

Like Teams, Slack has just introduced new features and has experienced a surge of growth in just over a month.

Another competitor to Microsoft’s Teams is Zoom, which is a platform for video and audio conferencing, chat, and webinars that is often used alongside Google’s G Suite and Slack.  It has been reported that Zoom is now top of the free downloaded apps in Apple’s app store, and Learnbonds.com reports that downloads for Zoom increased by 1,270 per cent between February 22 and March 22.

Real-Life Example – Teams

A real-life example from Microsoft of how Teams is being put to good use is by bicycle and cycling gear company Trek Bicycle.  Microsoft reports how Teams has become the project hub for the company where all staff know where to find the latest documents, notes, tasks relating to team conversations thereby making Teams a central part of the company’s “get-things-done-fast culture.”

Looking Forward

Many businesses are already using and gaining advantages from the speed and scope of communication, project context, and convenience of a cloud-based, accessible hub offered by collaborative working platforms like Teams.  The decision to make Teams generally available with Office 365 for business can only make the platform more popular and the need for companies to quickly set-up effective remote working has stimulated the market for these services and given users a crash-course in and a strong reminder of their strengths and benefits.

The hope by Microsoft and other collaborative working platform providers is that companies will go on using the platforms long after they technically need to in order to deal with COVID19 lockdown and that they will decide to use them going forward to keep improving the flexibility and productivity of their businesses, compete with other companies that are getting the best from them, and guard against excessive damage to the business from any future lockdown situations.

Google Indexing Makes WhatsApp Group Links Visible

A journalist has reported on Twitter that WhatsApp groups may not be as secure as users think because the “Invite to Group via Link” feature allows groups to be indexed by Google, thereby making them available across the Internet.

Links Visible

Chats conducted on the end-to-end encrypted WhatsApp can be joined by people who are given an invite URL link but until now it has not been thought that invite links could be indexed by Google (and other search engines) and found in simple searches. However, it appears that group links that have been shared outside of the secure, private messaging app could be found (and joined).

Exposed

The consequences of these 45,000+ invite links being found in searches is that they can be joined and details like the names and phone numbers of the participants can be accessed.  Targeted searches can reveal links to groups based around a number of sensitive subjects.

Links

Even though WhatsApp group admins can invalidate existing links, WhatsApp generates a new link meaning that the original link isn’t totally disabled.

Only Share Links With Trusted Contacts

Users of WhatsApp are warned to share the link only with trusted contacts, and the links that were shown in Google searches appeared because the URLs were publicly listed i.e. shared outside of the app.

Changed

Although Google already offers tools for sites to block content from being listed in search results, since the discovery (and subsequently publicity) of the WhatsApp Invite links being indexed, some commentators have reported that this no longer happens in Google.  It has also been reported, however, that publicly posted WhatsApp Invite links can still be found using other popular search engines.

Recent Security Incident

One other high profile incident reported recently, which may cause some users to question the level of security of WhatsApp was the story about Amazon CEO Jeff Bezo’s phone allegedly being hacked by unknown parties thought to be acting for Saudi Arabia after a mysterious video was sent to Mr Bezo’s phone.

Also, last May there were reports of an attack on WhatsApp which was thought to be a ‘zero-day’ exploit that was used to load spyware onto the victim’s phone.  Once the victim’s WhatsApp had been hijacked and the spyware loaded onto the phone, for example, access may have been given to encrypted chats, photos, contacts and other information.  That kind of attack may also have allowed eavesdropping on calls and turning on the microphone and camera, as well as enabling attackers to alter the call logs and hide the method of infection.  At the time, it was reported that the attack may have originated from a private Israeli company, The NSO Group.

What Does This Mean For Your Business?

In this case, although it’s alarming that the details of many group members may have been exposed, it is likely to be because links for those groups were posted publicly and not shared privately with trusted members as the app recommends.  That said, it’s of little comfort for those who believed that their WhatsApp group membership and personal details are always totally private.  It’s good news, therefore, that Google appears to have taken some action to prevent it from happening in future. Hopefully, other search engines will now do the same.

WhatsApp has end-to-end encryption, which should mean that it is secure, and considering that it has at least 1.5 billion users worldwide, surprisingly few stories have emerged that have brought the general security of the app into question.

Tech Tip – Weather App In Windows 10

For this week’s topical tech tip, with weather conditions causing so much disruption and damage in the UK, Windows 10 provides personalised weather content to you via a desktop app:

– Type ‘weather’ in the search box (bottom left) and select ‘MSN Weather’.

– Select whether you want the temperature in Celsius or Fahrenheit and allow the app to find your exact location.

– Click ‘Start’ to see a 10-day forecast for your area or use the search box for a forecast in other areas.

Featured Article – Combatting Fake News

The spread of misinformation/disinformation/fake news by a variety of media including digital and printed stories and deepfake videos is a growing threat in what has been described as out ‘post-truth era’, and many people, organisations and governments are looking for effective ways to weed out fake news, and to help people to make informed judgements about what they hear and see.

The exposure of fake news and its part in recent election scandals, the common and frequent use of the term by prominent figures and publishers, and the need for the use of fact-checking services have all contributed to an erosion of public trust in the news they consume. For example, YouGov research used to produce annual Digital News Report (2019) from the Reuters Institute for the Study of Journalism at the University of Oxford showed that public concern about misinformation remains extremely high, reaching a 55 per cent average across 38 countries with less than half (49 per cent) of people trusting the news media they use themselves.

The spread of fake news online, particularly at election times, is of real concern and with the UK election just passed, the UK Brexit referendum, the 2017 UK general election, and the last U.S. presidential election all being found to have suffered interference in the form of so-called ‘fake news’ (and with the 59th US presidential election scheduled for Tuesday, November 3, 2020) the subject is high on the world agenda.

Challenges

Those trying to combat the spread of fake news face a common set of challenges, such as those identified by CEO of OurNews, Richard Zack, which include:

– There are people (and state-sponsored actors) worldwide who are making it harder for people to know what to believe e.g. through spreading fake news and misinformation, and distorting stories).

– Many people don’t trust the media or don’t trust fact-checkers.

– Simply presenting facts doesn’t change peoples’ minds.

– People prefer/find it easier to accept stories that reinforce their existing beliefs.

Also, some research (Stanford’s Graduate School of Education) has shown that young people may be more susceptible to seeing and believing fake news.

Combatting Fake News

So, who’s doing what online to meet these challenges and combat the fake news problem?  Here are some examples of those organisations and services leading the fightback, and what methods they are using.

Browser-Based Tools

Recent YouGov research showed that 26% per cent of people say they have started relying on more ‘reputable’ sources of news, but as well as simply choosing what they regard to be trustworthy sources, people can now choose to use services which give them shorthand information on which to make judgements about the reliability of news and its sources.

Since people consume online news via a browser, browser extensions (and app-based services) have become more popular.  These include:

– Our.News.  This service uses a combination of objective facts (about an article) with subjective views that incorporate user ratings to create labels (like nutrition labels on food) next to new articles that a reader can use to make a judgement.  Our.News labels use publisher descriptions from Freedom Forum, bias ratings from AllSides, information about an article’s sources author and editor.  It also uses fact-checking information from sources including PolitiFact, Snopes and FactCheck.org, and labels such as “clickbait” or “satire” along with and user ratings and reviews.  The Our.News browser extension is available for Firefox and Chrome, and there is an iOS app. For more information go to https://our.news/.

– NewsGuard. This service, for personal use or for NewsGuard’s library and school system partners, offers a reliability rating score of 0-100 for each site based on its performance on nine key criteria, ratings icons (green-red ratings) next to links on all of the top search engines, social media platforms, and news aggregation websites.  Also, NewsGuard gives summaries showing who owns each site, its political leaning (if any), as well as warnings about hoaxes, political propaganda, conspiracy theories, advertising influences and more.  For more information, go to https://www.newsguardtech.com/.

Platforms

Another approach to combatting fake news is to create a news platform that collects and publishes news that has been checked and is given a clear visual rating for users of that platform.

One such example is Credder, a news review platform which allows journalists and the public to review articles, and to create credibility ratings for every article, author, and outlet.  Credder focuses on credibility, not clicks, and uses a Gold Cheese (yellow) symbol next to articles, authors, and outlets with a rating of 60% or higher, and a Mouldy Cheese (green) symbol next to articles, authors, and outlets with a rating of 59% or less. Readers can, therefore, make a quick choice about what they choose to read based on these symbols and the trust-value that they create.

Credder also displays a ‘Leaderboard’ which is based on rankings determined by the credibility and quantity of reviewed articles. Currently, Credder ranks nationalgeographic.com, gizmodo.com and cjr.org as top sources with 100% ratings.  For more information see https://credder.com/.

Automation and AI

Many people now consider automation and AI to be an approach and a technology that is ‘intelligent’, fast, and scalable enough to start to tackle the vast amount of fake news that is being produced and circulated.  For example, Google and Microsoft have been using AI to automatically assess the truth of articles.  Also, initiatives like the Fake News Challenge (http://www.fakenewschallenge.org/) seeks to explore how AI technologies, particularly machine learning and natural language processing, can be employed to combat fake news and supports the idea that AI technologies hold promise for significantly automating parts of the procedure human fact-checkers use to determine if a story is real or a hoax.

However, the human-written rules underpinning AI, and how AI is ‘trained’ can also lead to bias.

Government

Governments clearly have an important role to play in the combatting of fake news, especially since fake news/misinformation has been shown to have been spread via different channels e.g. social media to influence aspects of democracy and electoral decision making.

For example, in February 2019, the Digital, Culture, Media and Sport Committee published a report on disinformation and ‘fake news’ highlighting how “Democracy is at risk from the malicious and relentless targeting of citizens with disinformation and personalised ‘dark adverts’ from unidentifiable sources, delivered through the major social media platforms”.  The UK government called for a shift in the balance of power between “platforms and people” and for tech companies to adhere to a code of conduct written into law by Parliament and overseen by an independent regulator.

Also, in the US, Facebook’s Mark Zuckerberg has been made to appear before the U.S. Congress to discuss how Facebook tackles false reports.

Finland – Tackling Fake News Early

One example of a government taking a different approach to tackling fake news is that of Finland, a country that has recently been rated Europe’s most resistant nation to fake news.  In Finland, evaluation of news and fact-checking behaviour in the school curriculum was introduced in a government strategy after 2014, when Finland was targeted with fake news stories from its Russian neighbour.  The changes to the school curriculum across core areas in all subjects are, therefore, designed to make Finnish people, from a very young age, able to detect and do their part to fight false information.

Social Media

The use of Facebook to spread fake news that is likely to have influenced voters in the UK Brexit referendum, the 2017 UK general election and the last U.S. presidential election put social media and its responsibilities very much in the spotlight.  Also, the Cambridge Analytica scandal and the illegal harvesting of 50 million Facebook profiles in early 2014 for apparent electoral profiling purposes damaged trust in the social media giant.

Since then, Facebook has tried to be seen to be actively tackling the spread of fake news via its platform.  Its efforts include:

– Hiring the London-based, registered charity ‘Full Fact’, who review stories, images and videos, in an attempt to tackle misinformation that could “damage people’s health or safety or undermine democratic processes”.  Facebook is also reported to be working with fact-checkers in more than 20 countries, and to have had a working relationship with Full Fact since 2016.

– In October 2018, Facebook also announced that a new rule for the UK now means that anyone who wishes to place an advert relating to a live political issue or promoting a UK political candidate, referencing political figures, political parties, elections, legislation before Parliament and past referenda that are the subject of national debate, will need to prove their identity, and prove that they are based in the UK. The adverts they post will also have to carry a “Paid for by” disclaimer to enable Facebook users to see who they are engaging with when viewing the ad.

– In October 2019, Facebook launched its own ‘News’ tab on its mobile app which directs users to unbiased, curated articles from credible sources in a bid to publicly combat fake news and help restore trust in its own brand.

– In January this year, Monika Bickert, Vice President of Facebook’s Global Policy Management announced that Facebook is banning deepfakes and “all types of manipulated media”.

Other Platforms & Political Adverts

Political advertising has become mixed up with the spread of misinformation in the public perception in recent times.  With this in mind, some of the big tech and social media players have been very public about making new rules for political advertising.

For example, in November 2019, Twitter Inc banned political ads, including ads referencing a political candidate, party, election or legislation.  Also, at the end of 2019, Google took a stand against political advertising by saying that it would limit audience targeting for election adverts to age, gender and the general location at a postal code level.

Going Forward

With a U.S. election this year, and with the sheer number of sources, and with the scale and resources that some (state-sponsored) actors have, the spread of fake news is something that is likely to remain a serious problem for some time yet.  From the Finnish example of creating citizens who have a better chance than most of spotting fake news to browser-based extensions, moderated news platforms, the use of AI, government and other scrutiny and interventions, we are all now aware of the problem, the fight-back is underway, and we are getting more access to ways in which we can make our own more informed decisions about what we read and watch and how credible and genuine it is.

Featured Article – Innovations/Gamechangers to Expect in 2020

This is the time of year for looking ahead to how technology could be affecting and hopefully, enhancing our lives over the coming year and here is a selection of just some of the possible game-changing technological innovations that could be making an impact in 2020.

5G Technologies

Technology and communications commentators are saying that 5G’s increased bandwidth and speed, along with other benefits could start to improve file sharing and other communication capabilities for businesses this year (in the geographical areas where it’s deployed).

Quantum Technologies

Back in October, we heard about the paper, published in the journal Nature, that told how scientists may have reached quantum supremacy, whereby a quantum computer can now to do something significant that a classical computer can’t.  With Google’s Sycamore chip (54-qubit processor), an algorithm output that would take 10,000 years using a classical computer only took 200 seconds, and heralded greater potentially game-changing developments this year and beyond. With results from computing power of this kind, many hitherto extremely challenging problems could be solved quickly across a range of industries, and this is likely to attract much more investment in Quantum technologies in 2020.

AI and Health

The possibilities for AI are still being explored, but thanks to start-ups like Imagen which builds AI software for the medical field e.g. OsteoDetect which uses algorithms to scan X-ray images for common wrist bone fractures, and AI software developed by Good Health researchers (in conjunction with other key partners) which has proven to be more accurate at detecting and diagnosing breast cancer than expert human radiologists, AI could be finding more positive ways to impact upon healthcare in 2020 and beyond.

Although AI has promise in so many areas, including health, one of the predicted downsides of AI developments for workers is that the automation that it brings could really start to replace many more human jobs in 2020.

Neural Interfaces

There are many predictions of how commercial applications of neural interfaces may bridge the gap between humans and computers, perhaps allowing people to think instructions to computers.  One of the key challenges is, of course, that neural communications are both chemical and electrical, but this didn’t stop head of SpaceX and Tesla, Elon Musk, announcing in July last year that brain implants (‘Neuralink’) that can link directly to devices could be a reality within a year i.e. by the end of 2020.  It remains to be seen, however, how much progress is made this year, but the idea that a near-instantaneous, wireless communication between brain and computer via an implant is that human brains could be offered a kind of ‘upgrade’ to enable them to keep up with and compete with AI.

Electric Vehicle Explosion

The many technologies (and government subsidies in some countries) that have led to a commitment by big car manufacturers to the production of electric vehicles mean that sales are predicted to rise 35 per cent in the first nine months of 2020.  More electric cars being produced and purchased in developed countries could herald game-changing results e.g. lessening the negative environmental impact of cars.

One other innovation that could help boost the growth of electric cars is a breakthrough in battery technology, such as that announced by Tesla’s head of battery research and university academic Jeff Danh, who has published a paper about a battery that could last a million miles without losing capacity.

Display Screen Technology

Advances in technologies used for display-screen e.g. for phones are likely to prove game-changers in their industries. With new screens becoming ultra-thin LEDs and, therefore, able to be added as computational surfaces to many different surfaces and objects e.g. walls and mirrors, and with advances like foldable screens e.g. Microsoft’s Surface Neo, our environment and communications tools could see some real changes in 2020.

Translation

Technology for mobile devices, AI, and language have converged to create translation apps such as Google’s interpreter mode real-time translator that’s just been rolled out for Assistant-enabled Android and iOS phones worldwide.  Having a reliable tool to hand that enables back and forth conversation with someone speaking a foreign language (and is loaded with 44 languages) could be a game-changer for business and personal travel in 2020.

Augmented Reality

Several tech commentators are predicting (perhaps optimistically) that 2020 could be the year that reliable Augmented Reality glasses find their way onto the market e.g. perhaps from Apple and could see large-scale adoption.

Looking Ahead

2020, therefore, holds a great deal of promise in terms of how different existing and some new technologies and developments combined in new products and services could become game-changers that drive positive benefits for businesses and individual users alike.

New Google ‘Interpreter’: Real-Time Translator For Your Mobile

Google has announced the rollout of its “interpreter mode” real-time translator on Assistant-enabled Android and iOS phones worldwide.

A Back and Forth Conversation

Google says that interpreter mode means that you can now use your mobile phone to have a “back and forth conversation with someone speaking a foreign language”. In fact, interpreter mode comes loaded with 44 languages, and since it’s integrated with the Assistant it’s already on your Android phone. Those with iOS can also use interpreter by downloading the latest Google Assistant app.

How To Use It

To operate interpreter mode Google says that all you have to do is say e.g. “Hey Google, be my German translator” or “Hey Google, help me speak Spanish”, after which you’ll be able to see and hear the translated conversation on your phone. Interpreter has some built-in ways to make your foreign language conversations faster and smoother, such as, after each translation, the Assistant presenting Smart Replies, and giving you suggestions that let you quickly respond without speaking.

Interpreter mode offers different ways to communicate which you can use according to your situation e.g. type using a keyboard for quiet environments, or manually select what language to speak.

Other Translation Tools Are Available

Google’s offering is not the only translation tool available for use on mobile devices. There are a number of different apps and services including iTranslate Voice, SayHi, TextGrabber (for reading foreign text), Microsoft Translator, WayGo, and more.

What Does This Mean For Your Business?

A recent EU survey showed that, sadly, only 38% of British people can speak more than one language and this statistic highlights a real need for this kind of service among UK people travelling abroad.

The Interpreter mode could clearly be very useful for business (and personal) trips overseas in removing language barriers. As well as allowing you to hold basic conversations without any personal knowledge of a language, it may prove very useful for things such as researching and checking travel/flight information, finding local restaurants and landmarks, getting recommendations, and holding business conversations which can sometimes involve the use of more complex and specialised words and terms in foreign languages.

Google Or Samsung Android Cameras Could Be Spying On You

Researchers at Checkmarx say they have discovered vulnerabilities in Google and Samsung smartphone apps that could allow hackers to remotely spy on users using their phone’s camera and speakers.

Study

The proof-of-concept (PoC) study results, highlighted on the Checkmarx blog reveal how the Checkmarx Security Research Team cracked into the apps that control android phone cameras (firstly using a Google Pixel 2 XL and Pixel 3) in order to identify potential abuse scenarios.

The team reported finding “multiple concerning vulnerabilities” (CVE-2019-2234) which stemmed from “permission bypass issues”.  The team later found that camera apps from other vendors i.e. Samsung are also affected by the same vulnerabilities.

The Checkmarx team have since shared a technical report of their findings with Google, Samsung, and other Android-based smartphone OEMs to enable those companies to find fixes.

What Could Happen?

According to Checkmarx, the vulnerabilities mean that a hacker could use a rogue application (that has no authorised permissions) to take control of another person’s Android phone camera app.  This could allow the attacker to take photos and/or record videos as well as to gain access stored videos and photos, GPS metadata embedded in photos, and even to locate the user by taking a photo or video and parsing the proper EXIF data.

The researchers also found a way to enable a rogue app to force camera apps to take photos and record video even when a phone was locked or the screen is turned off, or when a user was is in the middle of a voice call.

One particularly worrying aspect of the Checkmarx findings is that if the video can be initiated during a voice call the receiver and the caller’s voices can be recorded.  This could allow eavesdropping that could enable an attacker to discover potentially sensitive personal data or to gather information that could be used for extortion.

Google

According to Checkmarx, after they shared their findings with Google, the Checkmarx team were notified by Google that the vulnerabilities weren’t confined to the Google Pixel product line but also extended to products (Android) by other manufacturers.  For example, Samsung also reportedly acknowledged that the flaws impact their Camera apps and said that they had begun taking mitigating steps. Checkmarx reports that Google has said that the problem has now been addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. Also, a patch has been made available to all Google partners.

What Does This Mean For Your Business?

It is very worrying that hundreds-of-millions of smartphone users may have been facing a serious privacy and security risk without being aware of it.  For business users, this may have left them open to industrial espionage and security threats, although there is no evidence that real hackers have exploited the vulnerabilities prior to them coming to light.

When it comes to smartphone apps, the best practice is to ensure that all apps on your device are kept updated. Other defensive actions you can take regarding your phone apps include checking the publisher of an app, checking which permissions the app requests when you install it, and deleting any apps from your phone that you no longer use.  It’s also now important to be aware of the threat posed by fake apps, and you may wish to contact your phone’s service provider or visit the high street store if you think you’ve downloaded a fake malicious/suspect app.

Microsoft Announces New, Integrated ‘Office’ Suite App For Mobile Devices

Microsoft has announced that it is working towards the launch of its ‘Office’ mobile app (currently only available in public preview) which integrates Word, Excel, and PowerPoint mobile apps into a single app.

The ‘Office’ Vision

Microsoft says that the mobile app, called simply ‘Office’, represents their vision for what a productivity solution would look like if first built for mobile devices.

The idea is that users have all their Office documents together in one place, can reduce the need to switch between many different apps, and can reduce the amount of space that they use on their phone compared to multiple installed apps.

“Simple, Integrated Experience”

The ‘Office’ app is intended to provide users with what Microsoft describes as a “simple, integrated experience”.

The app combines Word, Excel, and PowerPoint, access to recent and recommended documents stored in the cloud or on a user’s device, the ability to search for documents across a user’s organisation if using a work account, and easy access to Sticky Notes e.g. for reminders and writing down ideas.

What Can You Do?

Microsoft’s Tech Community web pages say that users of ‘Office’ will be able to create content “in uniquely mobile ways” such as snapping a picture of a document and turning it into an editable Word file with just the press of a button or transforming a picture of a table into an Excel spreadsheet so that users can quickly work on the data. Also, a new Actions pane in the app will enable users to complete tasks such as creating PDFs with their camera and signing PDFs just by using their finger or scanning QR codes to open files and links.

Public Preview and Only On Phones

The Office app is currently available in public preview for Android and iOS, can be downloaded and used for free, and doesn’t require a sign-in to use it.  Those with work, school, or personal Microsoft Accounts can, however login and gain access to their files stored in the cloud via the app.

Microsoft has said that it will continue to support and invest in the existing Word, Excel, and PowerPoint mobile apps (‘Office’ isn’t replacing them), and that the new ‘Office’ app is currently only available for phones, although plans are afoot to extend this to tablets.

What Does This Mean For Your Business?

Back in February, Microsoft announced its new, free “Office” app for Windows 10 as an update to the former My Office app, and as a way for those who do have a 365 subscription and have Microsoft’s apps installed on their device to open Office from the Office app, and those who don’t have a subscription to be automatically directed to the online version.  This latest announcement of the preview stage, available to all, soon-to-be-launched ‘Office’ mobile app is a progression of Microsoft’s move to publicise, raise awareness about, and get more people using its (free) versions of Office.  This will also help Microsoft adapt and compete with rivals, such as Google, and appeal to business and other existing Microsoft Office users who are now used to being able to carry out most of their business on-the-go with mobile devices and apps.  Some of the features, such as taking a picture of a document and turning that into an editable file are likely to add value for many business users who are spending less time at the desktop.

The new app could mean time-savings (not switching between multiple apps), convenience and greater leverage of mobile capabilities for users, and for Microsoft, it offers them a way to keep existing users loyal to their OS and Office Suite, gain new users, and stay competitive in a rapidly evolving mobile working market.

“Stalkerware” Partner-Spying Software Use Rises By 35% In One Year

Kaspersky researchers have reported a 35 per cent rise in the number of people who have encountered the use of so-called ‘stalkerware’ or ‘spouseware’ software in the first 8 months of this year.

What is Stalkerware?

Stalkerware (or ‘spouseware’) is surveillance software that can be purchased online and loaded onto a person’s mobile device. From there, the software can record all of a person’s activity on that device, thereby allowing another person to read their messages, see screen activity, track the person through GPS location, access their social media, and even spy on the mobile user through the cameras on their device.

Covert, Without Knowledge or Consent

The difference between parental control apps and stalkerware is that stalkerware programs are promoted as software for spying on partners and they run covertly in the background without a person’s knowledge or consent.

Unlike legitimate parental control apps, such programs run hidden in the background, without a victim’s knowledge or consent. They are often promoted as software for spying on people’s partners.

Most Stalkerware needs to be installed manually on a victim’s phone which means that the person who intends to carry out the surveillance e.g. a partner, needs physical access to the mobile device.

Figures from Kaspersky show that there are now 380 variants of stalkerware ‘in the wild’ this year, which is 31% more than last year.

Most In Russia

Kaspersky’s figures show that this kind of surveillance software is most popular in Russia, with the UK in eighth place in Kaspersky’s study.

What Does This Mean For Your Business?

Unlike parental control apps which serve a practical purpose to help parents to protect their children from the many risks associated with Internet and mobile phone use, stalkerware appears to be more linked to abuse because of how it has been added to a device without a user’s consent to covertly and completely invade their privacy.  This kind of software could also be used for industrial espionage by a determined person who has access to a colleague’s mobile phone.

If you’d like to avoid being tracked by stalkerware or similar software, Kaspersky advises that you block the installation of programs from unknown sources in your smartphone’s settings, never disclose the passwords/passcode for your mobile device, and never store unfamiliar files or apps on your device.  Also, those leaving a relationship may wish to change the security settings on their mobile device.

Kaspersky also suggests that you should check the list of applications on your device to find out if suspicious programs have been installed without your consent.

If, for example, you find out that someone e.g. a partner/ex-partner has installed surveillance software on your devices, and/or does appear to be stalking you, the advice is, of course, to contact the police and any other relevant organisation.