Rowhammer Vulnerability Remotely Attacks Android Devices – Security Alert

Rowhammer Vulnerability Remotely Attacks Android Devices – Security Alert

rowhammer vulnerability android Since the first smartphones and tablets rolled off the assembly line, the Android operating system has been a popular alternative to Apple.

The Android operating system is known for its speed, stability and flexibility, making it an excellent choice for both business and personal use.

Unfortunately, the Android operating system is also known for a number of vulnerabilities, but some are more serious than others.

A new vulnerability, dubbed Rowhammer, has come to light, and it is one of the most frightening threats yet.

Unlike many other Android operating system vulnerabilities, which require direct access to the infected device, the Rowhammer exploit can be used to create remote attacks. Even if you have your smartphone or tablet in your hand, a hacker could still take control through this powerful exploit.

The details behind the Rowhammer exploit are highly technical in nature, and they can be difficult to understand, let alone deal with. For that reason, many IT security experts view this exploit as the latest in a long line of wakeup calls. The Rowhammer vulnerability may be a relatively new one, but it is the latest in a string of threats targeted at mobile devices.

As the number of mobile devices increases, hacker interest is sure to follow. This is particularly true in the business world, where market penetration of smartphones and tablets is growing rapidly. The trend toward a “bring your own device (BYOD)” approach has made threats more difficult to pin down and eradicate, which is one more reason businesses are adopting formal mobile device management plans.

By adopting a mobile device management (MDM) plan, businesses can protect their network, devices, employees, and their data. If you have not yet created such a plan, the inherent dangers of the Rowhammer vulnerability should serve as a wake-up call.

Here are the basics you need to know about the Rowhammer vulnerability – and what can you do to prevent an attack from infiltrating your business.

What is a Rowhammer Attack?

While the details are highly technical in nature, in short, the Rowhammer attack manipulates the memory of an affected device, potentially allowing a hacker to take control of the smartphone or tablet remotely.

In technical jargon, the Rowhammer issue is known as a DRAM vulnerability. Like other DRAM vulnerabilities, Rowhammer cannot be addressed with either operating system updates or security software.

If you think your devices might be vulnerable, the best thing to do is call your mobile device carrier. Then can contact Ontech to address this serious issue and develop a mobile device management plan that works for your business. Call us today at 262-522-8560 to ensure your business is not susceptible to an attack the Rowhammer vulnerability.

What Does the Attack Do?

The scariest part of this vulnerability is that it could allow remote access to your mobile devices. If those devices are used in your business, either as part of a “bring your own device (BYOD)” policy or on their own, a single compromised smartphone or tablet could put your entire computer network at risk.

The remote exploit capabilities of the Rowhammer attack is by far its biggest threat, but it is not the only one. The Rowhammer vulnerability could also compromise the device itself, causing the loss of data which directly impacts productivity in your workforce.

How Can You Protect Your Business and Mobile Devices?

Protecting mobile devices from threats like the Rowhammer vulnerability is not easy. Since this attack relies on vulnerabilities in the memory of the device, simply updating the operating system and applying the latest security patches is not enough.

If you feel your devices are at risk, you need expert help to assess the situation and address the issue in your workplace. Ontech Systems is here to help, and we can design a mdm solution that makes sense for your business.

Whether the mobile devices used in your office are owned by the company or they are employee property, the best defense is a mobile device management plan to help you not only manage, but protect these devices from Rowhammer and other emerging threats.

Rowhammer may be intimidating and confusing, but you don’t have to face it alone.

Just call the experts at Ontech Systems advice and guidance at 262-522-8560. We’ll show you the path to using mobile devices in your workplace – without putting your network or data at risk.

5 Ways to Get Rid of Spam Once and For All: Declare Your Independence from Spam

stop spam

July is the time of the year we celebrate freedom and independence with barbecues, picnics, and family gatherings. It’s one of the few months we actually try to work a little less, get some rest, kick back and enjoy the beautiful weather.

But do you know who doesn’t rest? Spammers. That’s right. Spammers don’t take a holiday.

In reality, Anti-Spam Engine states that 88% of spam is actually sent from networks made up of PCs or virtual networks. After all, it’s not like cyber-criminals are tirelessly sitting behind a computer pressing send 50,000 times a day. They have better things to do – like write malware and ransomware, right!?

You might be wondering, why do they do it? What’s the payoff? Brad Taylor, Gmail spam czar says it best, “It costs $3,000 to rent a botnet and send out 100 million messages. It takes only 30 Viagra orders to pay for that.”

Spam is not only frustrating, but it presents a huge security risk for your workplace and every device it touches. And doesn’t it seem like no matter what you do, spam STILL has a way of finding its way into your inbox? If so, you’re not alone.

It’s time to declare independence and free yourself from spam in 5 simple steps:

1) Realize there’s No Silver Bullet

The truth is, because of the sheer volume of spam and the rate at which spammers adapt messages and approaches to get past filters, there is no single solution, no easy button you can press to suddenly make all spam disappear – and ensure that legitimate emails get through. It’s often a matter of training your spam filter and finding the right solution that works for you.

2) Prevent Spam in the First Place

Don’t list your email address anywhere on the web. Not your website, not your social media profile, and not your Craigslist listing. If you miss this important step, spam bots will find you.

Also, never open, click or respond to a spam message. As tempting as it might be to unsubscribe or email the sender to tell them to stop spamming you, this could result in even MORE spam since doing this verifies there is a real person behind the email address.

3) Move to Office 365

Spam filters are very specific to your email server, your internet service provider (ISP), or your email client (such as Outlook). Chances are, you already have a spam filter in place, so as a first step, you’ll want to either:

– Confirm that your email service, ISP or email client spam filter is enabled.
(If it is and you’re still getting spam, consider adjusting the level of protection or moving to a third party solution.)

– Integrate a third party spam filter for additional spam protection.

There’s often a very fine line between a filter that is too robust, blocking legitimate emails and a filter that obviously misses spam messages. At Ontech, many of our customers have seen success in reducing or eliminating spam by simply moving to Office 365.

Aside from the built-in spam protection it offers, Office 365 users also enjoy a drastic improvement in email access and collaboration. The ability to leave off and pick up in the same place, no matter what device you’re working from makes this solution definitely worth looking into.

If you’re already an Office 365 user or you’re interested in an alternative spam protection solution, connect with us online or call us at (262) 522-8560 and one of our IT consultants can make a recommendation or adjust your existing Office 365 settings as needed.

4) Get a Free Disposable Email Address

A popular approach is to have multiple email addresses. One email address serves as your “private” email account – like an unlisted phone number – and the other is your “throw-away” account, used for product offers, website registrations and other public offerings.

The problem with this approach, however, is that it might work for your personal life, but in business, its best to avoid sending work emails from your Yahoo account, particularly if your organization needs to maintain HIPAA or any other type of regulatory compliance.

If junk mail starts to pile up in your disposable email account, you can use a service like that allows you to see all your subscription emails at once and instantly unsubscribe from those you once signed up for, but no longer want to receive.

5) Watch out for Text Spam

Have you ever received a random text message out of the blue from an unknown sender? If so, hopefully you didn’t respond. Text spam, like email spam, involves unwanted solicitations in the form of a text message.

Unfortunately, it’s now commonplace for unwanted messages to invade our lives in every way. What started as junk mail in our mailboxes, evolved to phone call solicitations and scams, email spam and now text spam. It’s everywhere.

Since text spam isn’t as prevalent as email spam (at the moment), it is more successful at luring people in, due to the sense of urgency these messages create for unsuspecting victims. Text spam might include messages related to a contest, lottery, or just an ambiguous message enticing you to respond.

But no matter what, if you don’t know the sender and you’re not expecting the text, ignore it (even if it looks legitimate). If the text does appear legit, go ahead and call the organization to confirm – NEVER click. Don’t be tempted to reply like this guy.

Consult an Expert

Aside from taking the “nuclear option” and scrapping your email address, there are a number of other solutions that might work for you, regardless of how much spam you’re receiving right now. If you are going to change your email address, this resource can provide some good tips on maintaining your contacts.

FREE No-Obligation Network Discovery

If spam has become so prevalent in your workplace that it’s hindering your workplace productivity, it is also presenting a huge security risk for your business. Phishing emails are one of the most common ways business networks become infected with viruses, malware and ransomware.

Request a Free Network Discovery where our Network Consultant will conduct a full audit of your network and discuss with you – minus technical jargon – ways your business can fill in any gaps and resolve any vulnerabilities or loopholes that might compromise your business and potentially cost you thousands of dollars down the road.

Request a free Network Discovery today or call us at (262) 522-8560 to learn more.

3 Hot IT Trends in 2017 that Will Change the Way You Do Business

IT trends

The New Year offers a blank slate for businesses to grow, reduce costs and boost productivity. By utilizing today’s technology, you can maintain a lean, agile, dynamic business that quickly adapts as your business needs change. Now more than ever, even small businesses can access the same enterprise-level technology that larger companies have been utilizing for years.

If you’re ready to get your business out of the “digital stone age”, take advantage of these top 3 2017 trends to get a jump on the future, minimize security risks and enjoy the most productive year yet!

1) Cyber Security

Technology has paved the way for the mobile workforce, which is predicted to grow more than ever in 2017. Employees want to work when they want, where they want, but this technology doesn’t come without drawbacks. The rise of smartphones and integrated technology makes a mobile workforce possible, but it also presents security risks.

People often think of cyber security as they do car, health and life insurance – they know it’s necessary, but with cyber security in particular, since it’s not mandatory, this aspect of IT often falls to the back burner – particularly for small businesses.

Don’t Make this Mistake

If there is one mistake you need to avoid this year, it assuming your business is “immune” to cyber threats because of your size. The truth is, small businesses are at even greater risk than large organizations, simply because they are not as prepared for an attack.

Many cyber security experts believe it is not a matter of IF your business will fall victim to cybercrime, but WHEN. In fact, Ontech Systems was recently interviewed by Fox 6 News about a cyber-attack on Milwaukee’s own Bradley Foundation. Cybercrime is a massive risk to all organizations and this time it hit home. Fortunately, technology exists to minimize these risks and give businesses greater control over who has access to sensitive company data.

In 2017, there’s no doubt about it – you’re going to hear a lot more about cyber security, so use this cyber security checklist to evaluate your risk level and secure your network before it’s too late.

2) Managed Services

  • Mobile Device Management (MDM): We’ve touched on mobile device management (MDM) extensively on our blog as a managed service solution that secures a network and minimizes security risks in bring your own device (BYOD) friendly environments. But did you know MDM is actually one of several managed services that can offer your organization a worry-free approach to IT support?Additional managed service solutions include:
  • Worry-Free IT: Through remote technology, experienced IT technicians can resolve your technical problems from another location. Your network can be monitored by an entire company of professionals who have experience in a wide variety of issues, all for a nominal monthly amount.
  • 24/7 Server Monitoring: A server is the heart of your IT infrastructure and when this critical piece of equipment goes town, it translates into lost revenue and a massive loss of productivity for your business. Server care, a managed service solution, helps minimize this risk as it quietly monitors your server – 24/7 – in order to prevent downtime. In the event that a problem does arise, we’ll fix it remotely and respond as necessary.
  • Secure Business-Grade File Sharing: We’ve covered the risk of consumer grade file sharing at length on our blog, but many Milwaukee area businesses still continue to allow consumer grade file sharing solutions in the workplace. Not only do these solutions pose significant compliance issues, but consumer file sharing services don’t provide business owners and managers with the much needed control to prevent sensitive company data from ending up in the wrong hands. Oncloud file sync and share, another popular managed service solution, solves this problem by:
    • Providing businesses with the control to limit which devices are permitted to sync
    • Auditing file syncs and changes
    • Remotely wiping data from lost or stolen devices
  • Desktop PC Monitoring: One of the biggest vulnerabilities in a business network is outdated PC software. Through our Desktop Care managed service, you can rest easy knowing patches, spyware issues, and preventative computer maintenance are taken care of. There’s no need to let time-sucking computer problems hinder productivity this year when Desktop Care can quietly monitor and repair common computer problems, allowing your staff to focus on their job, not frustrating IT issues.

If you’re ready to start being proactive about IT this year and you’re serious about strengthening the security of your network, learn more about our managed services or contact our support team at (262) 522-8560.

3) Office 365

Once you start using Office 365, you’ll wonder why you went so long without it.

If you’re new to this popular Microsoft service, you might be wondering what all the buzz is about. Many Milwaukee area businesses are jumping on board this cloud-based subscription service from Microsoft not only because it’s invaluable from a mobile workplace standpoint, but because it includes the most recent versions of Office 2016 as well.

Through Office 365, you can send, receive and delete emails on your phone while you’re out of the office and once you begin working on your PC, you can pick up where you left off since Outlook syncs between multiple devices.

This means you can have the same email accounts on different computers, even if you’re running different versions of Windows. On any devices with Office 365, you’ll find that everything looks exactly as it did the last time you accessed your email. But it’s much more than email that is synchronized – Office 365 also syncs folders, contacts, tasks, read/unread status, categories, rules, groups and even your calendar, regardless of which device you made changes on.

Ready for Worry-Free IT in 2017?

If network and computer issues hurt productivity within your organization in 2016, there is no better time than now to take advantage of managed services. Productivity aside, managed services can strengthen the security of your network which, if you’ve ever experienced a data breach, is absolutely critical.

Best of all, you can mix and match managed services as your business needs grow so you have the latest technology working for you, regardless of your budget. If you’re ready to leave the break/fix approach to IT and replace it with a predictable IT budget for 2017, contact our support team online or call us at (262) 522-8560.

Is Pokémon GO a Security Risk?

By now you’ve likely heard of – or you’re at least familiar with, the concept of Pokémon GO – the most popular mobile game in U.S. history. But are you aware of the “dark side” of this cultural craze?

  • Within just 5 hours of its release, the game rose to the top of the app download charts.
  • It was installed on 7.5 million devices – in just one week.
  • This is the equivalent of 5% of all Android devices in the US.

pokemon go security risk

Not surprisingly, the game’s rise in popularity has many security experts concerned about the developer’s privacy policy and hidden vulnerabilities within the game.

Whether you’re a concerned parent or a business owner/manager worried about how this game might affect corporate security, here are the answers to your most pressing Pokémon GO questions.

1. What Is Pokémon GO’s Privacy Policy?

While most apps collect data about users, when Pokémon GO users first downloaded the app, they were required to sign in with a Google account and grant access for the app to use their data, camera and contacts. But that’s not all

According to their privacy policy, Niantic, (the company who developed the game for Nintendo’s Pokémon brand), may also collect your username, email address, IP address and web pages you used prior to logging into the game.

On July 11th, Niantic issued a statement that they had “recently discovered the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account.”

They assured users that although the mistake allowed them the ability to dive deep into personal data, the app only accesses a user’s ID and email address. The statement then read, “No other Google account information is or has been accessed or collected.”

Pokémon GO is not “Free” – Advertisers Want Your Location Data

pokemon security risks

Many people have concerns about Niantic’s “flexible” privacy policy, which provides the company the ability to hand personally identifiable information (PII) over to law enforcement, share it with third parties or even sell it to the highest bidder.

Initial reports that stated Pokémon GO harvests detailed account information like the content of emails – were incorrect.

But that information doesn’t matter to the owners of this popular app. They’re after something bigger – they want to know your location at all times so they can sell that information to advertisers.

Brands like McDonald’s (whose logo has already been found in Pokémon GO’s code) can pay the developers a big fee to turn their stores into desirable locations in the Pokémon universe. They’ll draw players to their location and encourage them to buy things “IRL” – in real life. Advertisers will be charged on a “cost per visit” basis, rather than a traditional “cost per click” basis, as Google charges through Adwords.

2. Is Pokémon GO a Target for Cybercriminals?

The combination of a massive amount of users, and large database of user information makes this app the perfect target for criminals and hackers.

If Niantic’s servers were hacked, cyber criminals could potentially harvest all your personally identifiable information (PII). Though the company hasn’t mentioned how they plan to store the data, they promise they are taking appropriate measures to protect the data hackers are doing all they can to get their hands on right now.

3. What Are Other Major Security Concerns with Pokémon GO?

Pokémon GO has not only affected the cybersecurity of players, but it has jeopardized their safety in the real world.

Malware & Mirrored Websites

Since Pokémon GO was released in select countries only, cybercriminals jumped at the opportunity to create mirrored websites with fake versions of the app that contained malware and caused other harm to users’ smartphones. In just 4 days, they exploited this demand and assembled a repackaged download of Pokémon GO, complete with embedded malware.

When infected with this malware (specifically designed to target Android users), attackers could control the device’s camera, microphone, and they could even enable remote recording. In a bring your own device (BYOD work environment), clearly this creates a huge security risk for the organization the individual works for.

Physical Security

In one recent story, armed robbers lured unsuspecting players into a trap. The criminals attracted Pokémon GO players to a remote area and robbed them at gunpoint using the geolocation feature.

Although the Pokémon GO game has been well received, it is important that players make security a #1 priority no matter what.

4. Is Pokémon GO a Risk to the Bring Your Own Device (BYOD) Workplace?

Let’s be clear – Pokémon GO isn’t a unique BYOD threat. Any app installed on a personal device used for work is a potential risk, and the more popular the app, the larger the target. Since Pokémon GO is now the most popular mobile game in U.S. history, this app is a HUGE target for hackers right now.

This risk means there is a greater need for managed IT security and mobile device management (MDM). If employees are playing Pokémon GO on their personal phone they use for work, this presents the risk of exposing sensitive business data in the event of an attack – both in the cyber and physical world.

5. How Can I Stay Protected When Using Apps Like Pokémon GO?

  • Cybercriminals repackage popular apps with malware and deliver them through mirrored web pages designed to trick users. No matter what, never download an app from an “unofficial” market. If in doubt, search for “official [name of app] download page”.
  • Smartphones have never been so distracting. It’s more important now than ever to pay attention to your physical surroundings when engaged with your smartphone.
  • In a work environment, the best way to ensure sensitive business data doesn’t end up in the wrong hands is by taking BYOD seriously. This means establishing a BYOD policy, educating employees about the risks and leveraging a mobile device management system in the workplace.

With a MDM solution, business owners or managers have the ability to remotely wipe an individual’s data in the event the device is lost or stolen. This solution also allows for control over app management and restrictions on app purchases from non-approved markets.

7 Easy Ways to Keep Your Computer and Tech Safe

You know the basics of computer security.

Use strong passwords, keep your anti-virus up to date, do your online banking at home. But does that mean you’ve got all your bases covered?

In this day and age? Not likely.

So what can you do to keep your computer and mobile devices safe? Follow these simple tips to keep viruses, spam and hackers at bay.

1)  Stay Away from Suspicious Websites

cyber security milwaukeeWhen visiting a banking website, entering your credit card information or accessing webmail, look for a green lock in the address bar.

You should see https:// at the beginning of the URL. If you don’t, leave the website immediately – it is likely a fake.

Find a good deal online? If it’s too good to be true, it is. If you’re unsure about a website, search Google for the website name used in conjunction with the word “fake” or “scam”.

There are many blogs and discussion forums online where people post complaints about fraudulent websites and these will likely pop up when you run this search.

2)  Confirm your Computer has a Firewall

If you have an anti-virus program installed on your computer such as Norton or MacAfee, these programs take precedence over your built-in computer firewall.

If you don’t, on a Windows computer go to your control panel and type the word firewall in the search box. Your firewall should say it is on or connected. On a Mac, you’ll need to click the Apple icon on your toolbar, go to system preferences, then security and firewall.

If you don’t do any file sharing, you might want to disable file media and sharing completely to further enhance security on your PC.

3) Never Open Unknown Emails

One of the most common ways for a virus to enter a computer is through email. For this reason, it’s important to avoid opening suspicious emails, even if the email appears to be from someone you know.

When an email account is abandoned, particularly once it becomes overrun with spam, hackers often gain access to the account and send spam and phishing emails to all their contacts. If you suspect this has happened to someone you know, notify them that their account is compromised so they can shut it down and avoid putting their contacts at risk.

4) Back Up Your Data

If your computer crashes or falls victim to the newest type of ransomware, you’ll be thankful you backed up your data. If this has already happened to you in the past, you’re likely already backing up your data (unless you’re a glutton for punishment of course).

Backups can be done through a back-up service or by transferring documents to an external hard drive. If you are backing up sensitive business data, be sure to use a business grade backup system to avoid accidental data loss or theft.

5) Keep Your Operating System Updated

Updating your operating system on a regular basis helps to minimize your chances of getting a virus. Windows regularly releases security patches that fix known vulnerabilities and errors in the Windows system.

Each year, malware is responsible for millions of dollars of damage worldwide, primarily because users don’t install these critical Windows updates. This creates a loophole for malware to exploit and this is exactly what cyber criminals are searching for.

To turn on automatic updates in Windows, click the start button, type ‘update’ and in the list of results, click Windows update. On the left side of the reading pane, click the option you want. Under recommended updates, select the “Give me recommended updates the same way I receive important updates” check box and then click OK.

6) Watch out for Text Spam on Your Mobile Phone

text spamBy now, nearly everyone knows about email spam. But what about text spam? That’s right, spammers want to reach us where they can get our attention and for many, that’s on their phone through texts.

Often times, text spam is more successful at luring people in, due to the sense of urgency these messages create for unsuspecting victims. Avoid responding to lottery or contest messages with links encouraging you to click or respond.

As a rule of thumb, if you don’t know the sender and you’re not expecting the text, ignore it (even if it looks legitimate). If the text does appear legit and they identify themselves, pick up the phone and call the organization to confirm – don’t click.

7) Download with Caution

“Free” software is often loaded with spyware, adware or worse. Never install free software without fully understanding exactly what you are installing on your computer or smartphone – that goes for apps too.

We tend to think of our mobile phones as a phone and camera with internet access, but they are much more complex than that, storing tons of personal information.

There are many different apps you can install to keep your mobile phone safe from security threats. Research different apps and read reviews. You’ll want to be sure you install an app that will actually do what it says rather than become just another drain on your battery.

Don’t Wait Until It’s Too Late

These steps might seem overwhelming, but if you’ve ever lost all your data or mistakenly downloaded a virus, malware or spyware, you know these simple steps aren’t nearly as burdensome as the alternative.

The good news is, educating yourself about possible threats is more than half the battle.

If you follow just one of these tips, make sure you have a backup – it’s your silver bullet. You can replace your cell phone or computer, but those precious photos from your last vacation (that you didn’t back up or upload to Facebook) are irreplaceable.