On Android threats Spyware:Android/SndApps.A and Trojan:Android/SmsSpy.D.

Posted by SmsMyCustomers FSecure on 15/Jul/2011 in Security Alert Log, Trojans | Comments Off

The following is an excellent writeup on a new Android spyware app and trojan (Spyware:Android/SndApps.A and Trojan:Android/SmsSpy.D) that are doing the rounds. The article comes from the fantastic guys and girls over at F-Secure.

Android malware seems to be all the rage at the moment. Here’s a few comments on a couple interesting side issues we’ve been discussing as we’ve seen them crop up during analyses.

First up: there was a recent report on suspicious applications found the official Android Market. The apps in question have since been taken off the Market, but our threat hunting team still come across them in forums and other such locations, usually promoted as ‘free apps’.

The applications themselves appear to be straightforward games. At some point however, it looks like additional services were added to the apps.

The earlier versions didn’t ask for anything other than Internet access

(more…)

SMS My Customers 2-way SMS Gateway Going Well

Posted by admin on 4/Apr/2011 in Advertising & Marketing, Application Watch | 0 comments

Last June we added a post about the upcoming launch of the SMS My Customers 2-way SMS Gateway. We have just spoken to the sites owners and they have told us that it is going gangbusters!

Nick Goritsas from SMS My Customers has told us that they have a  load of customers and to date their feedback is all positive. They have signed resellers and have added a whole pile of features to the SMS Gateway and have a lot more new features being rolled out in the next few months.

If you are currently a subscriber of any other Australian SMS Gateways you owe it to yourself to check this one out SMS My Customers. If you are currently a reseller of other SMS Gateways then it might be time for you to jump on board.

CellTrust Lands Deal With Malaysia’s Celcom

Posted by admin on 9/Feb/2011 in In The News | 0 comments

The Phoenix Business Journal has picked up on the CellTrust deal with Celcom Malaysia and written a nice article.

Phoenix Business Journal
Date: Monday, February 7, 2011

CellTrust Corp. has launched its secure mobile messaging system in Malaysia through that country’s largest 3G wireless firm, Celcom.

Scottsdale-based CellTrust has been developing secure mobile messaging for several years, and Celcom recently launched the CellTrust application for BlackBerrys.

The deal, for which financial information was not released, opens access to the application to about 11 million subscribers. It also allows CellTrust to be available to enterprise-level companies with opportunities to host the traffic on their own computer networks.

The secure system allows for texts to be encrypted so they cannot be intercepted along with a host of other features.

Read the article full article on the Phoenix Business Journal’s web site

Mobile Security Tips

Posted by admin on 4/Feb/2011 in Security Alert Log | 0 comments

I came across a very nice article while reading the F-Secure Weblog outlining some basic (yet totally pertinent) tips for staying secure while using your smartphone/tablet.

CES 2011 kicked off the year with a preview of what’s upcoming in mobile computing. Expect more releases of high-spec smartphones and tablets, possibly powered by a dual-core CPU such as NVIDIA Tegra 2. Some of us are wooed by the sneak peak of phones such as the LG Optimus 2X and Motorola Atrix 4G, and certainly are looking forward to their releases this quarter.

With data charges getting cheaper and technologies in mobile computing getting more powerful, mobile devices are becoming more like a small personal computer. Moreover, the availability of applications that aid users to easily perform banking transaction, online shopping, flight booking and just plain Web browsing further encourages users to rely on their smartphones.

(more…)

RSA 2011 Cybercrime Trends Report

Posted by admin on 1/Feb/2011 in Press Releases, Security Alert Log | 0 comments

This is a very important article/whitepaper that was published recently by RSA. It explicitly points to mobile phones being a security problem and makes specific mention of SMS and mobile banking being vulnerable.

The Current State of Cybercrime and What to Expect in 2011

Cybercrime continues to show no signs of slowing down. In fact, 2010 marked a year of several new threats and an increased level of sophistication in the attacks witnessed around the globe. As the new decade opens, cybercrime is diverging down a different path as cyber attacks move beyond the financial services industry and malware makes a shift from targeting consumer desktops to employees in the enterprise.

The RSA Anti-Fraud Command Center (AFCC ) has developed a list of the top cybercrime trends it expects to see evolve over the course of 2011.

The RSA Anti-Fraud Command Center is on the forefront of new threat detection and cybercrime intelligence, achieving several milestones including the shutdown of over 350,000 online attacks across 181 countries and launching the first commercial anti-phishing and anti-Trojan services in the industry.

In this white paper, RSA will review the current state of cybercrime based on what we witnessed in the last twelve months and provide a series of predictions on what to expect from cybercriminals in 2011.

Read the full article (PDF Format) as published by RSA on their web site (free registration required)

SMS Bank Tokens Vulnerable: RSA

Posted by admin on 26/Jan/2011 in Security Alert Log | 0 comments

I read a nice article today on zdnet.com.au. It is becoming clearer by the day that criminals are beginning to target the mobile device as an access point to user data.

The following in an excerpt from the article.

Mobile phone attacks will increase this year as criminals attempt to intercept SMS-based authentication tokens, according to security company RSA.

The tokens are designed to complement username and password log-in checks by requiring users to validate payments with unique numerical codes, in this instance sent by SMS.

It is becoming more popular, and the Commonwealth Bank of Australia claims to have 80 per cent of its customer base using tokens to validate third-party payments via SMS or through safer handheld token-number generators. The bank isn’t forcing customers to use it, but those who don’t will not be permitted to carry out high-risk transactions over NetBank.

RSA said in a 2011 predictions report that sending tokens via SMS will make phones a target.

“The use of out-of-band authentication SMS … as an additional layer of security adds to the vulnerabilities in the mobile channel,” the company said in its report.

“A criminal can … conduct a telephony denial-of-service attack which essentially renders a consumer’s mobile device unavailable.

“SMS forwarding services are also becoming mainstream in the fraud underground and enable the [token] sent by a bank via text to a user’s mobile phone to be intercepted and forwarded directly to the cyber criminal’s phone.”

Read the article in full on zdnet.com.au

Queensland University of Technology selects CellTrust Global SMS Gateway Platform for First of Kind Pilot for New Mothers

Posted by admin on 12/Oct/2010 in Application Watch, In The News, Press Releases | 0 comments

Queensland University of Technology’s “Mumbubconnect” Selects CellTrust’s Global SMS Platform Delivering Two-Way Text Messages to Breastfeeding Mothers across Australia.

SCOTTSDALE, ARIZONA, USA and SYDNEY, AUSTRALIA – October 12, 2010 – CellTrust Corporation, the world’s largest provider of SecureSMS™ (Secure SMS) for mobile phones (www.celltrust.com), announced today that its GlobalSMS platform solution has been selected by the Queensland University of Technology (QUT), for the world’s first text message pilot program to offer breastfeeding support for new mothers in Australia.

The “Mumbubconnect” trial, concepted and engineered by Andre La Porte, a Digital Media and Social Marketing Specialist in Brisbane, Australia, for a team from QUT’s School of Public Health and the School of Advertising, Marketing and Public Relations, is the first of its kind to use two-way SMS to provide support for breastfeeding mothers. The text messages provide a direct link with breastfeeding women and offer support, encouragement and advice when needed. For example if a mother responds to a text message indicating she is struggling with breastfeeding, she will be sent an encouraging response, along with hints on how to get through the difficult times. This pilot program aims to facilitate QUT’s research and ultimately to increase breastfeeding rates among new mothers.

“Our research found that text messages are an ideal way to communicate with new mothers, because they send and receive messages on their mobile devices throughout the day,” said Mr. La Porte. “CellTrust Australia had our system up and running in less than two hours and it’s easy to use. I was astonished to find that a particular vendor would have to build a specific SMS platform application from scratch, and that other vendors with existing technology had platforms that were complicated to program and manage.”

(more…)

SMS Harvesting Mobile Virus Targeting Banks

Posted by admin on 5/Oct/2010 in Security Alert Log, Trojans | 0 comments

I came across an interesting article this morning on the SC Magazine web site this morning so I thought I’d share a brief excerpt and a link to the full article.

Bank log-in details could be targeted, say security experts.

Security experts are warning of a variant of the Zeus banking trojan that attacks mobile phones and can bypass the two-stage verification system used by some banks.

Zeus Mitmo is previously unknown malware that is designed to intercept the confirmation SMS sent out by some banks as part of the online log-in process, according to Spanish security company S21sec.

Read the full article on the SC Magazine web site.

Trojan SMS Virus Found on Android Handsets

Posted by admin on 25/Sep/2010 in Security Alert Log, Trojans | 0 comments

Kaspersky Labs has found one of the first Trojan SMS viruses attacking Android handsets. Kaspersky Labs is a provider of leading antivirus products. Kaspersky has previously found viruses in Google adsense and many other places.

The trojan SMS virus prompts Android users to install a fake media player application with the standard Android extension *.apk – a fake player disguised as a media player is in fact a Trojan virus built for Android handsets.

Once you install this small Android app which is only about 13kb it immediately starts sending SMS text messages to premium numbers without the knowledge of the user. Unfortunately the users will not know about the existence of the virus until they check their mobile bill.

Android OS is one of the highest growing mobile operating system by Google. There were previous cases of spyware installed in Android OS based handsets.

CellTrust Prepares NFC Provisioning APIs Using SecureSMS for Carriers and Banks as NFC Technology Rollout Begins in 2011

Posted by admin on 25/Aug/2010 in Press Releases | 1 comment

CellTrust Removes Major Obstacle for Mobile Operators and Banks by Delivering OTA (Over-The-Air) NFC Configuration and Provisioning

SCOTTSDALE, ARIZONA, USA – August 25, 2010 – CellTrust Corporation, the world’s largest provider of SecureSMS for mobile phones (www.celltrust.com), announced today that it is preparing patent-pending, NFC-provisioning APIs using SecureSMS, in anticipation of NFC technology rollout beginning in early 2011.

NFC (Near Field Communication) is a short-range wireless communication standard that bundles a contactless chip with a contactless reader inside the mobile device. With NFC technology, consumers can simply wave or tap their phone within a few inches of a reader to transfer information to their mobile phone or to complete a mobile payment or transaction.

Designed to make life much easier for the end-user, provisioning NFC will require the carrier to send sensitive and confidential information to the mobile subscriber’s handset. While a few methods exist to provision NFC, CellTrust believes SMS is the optimal choice because it uses the mobile communications control channel, which is separate from voice and data and operates regardless of the voice or data being used. The control channel has high resiliency, low bandwidth requirements and was designed for carriers to send specific commands and instructions to the handset via SMS. It is important to note that standard SMS is not secure and can be spoofed. Provisioning NFC with CellTrust’s SecureSMS APIs addresses spoofing with a fully authenticated, government-grade, highly encrypted, tamper-proof process, which also enables message sizes up to 5,000 characters.

(more…)