Meet The Interns: Jin

Here at Trustlook, our team is small and close. We love working together and even more, we love to have fun together. Every Friday on the Trustlook blog, we will have features on our passionate team members. Our special summer edition will feature our newest interns! Each intern brings something special to the table and enhances the Trustlook experience.


 

Jin, First Year Masters Student at NYU for Computer Science and Engineering Intern

  1.       What got you interested in mobile security?

I began programming as an undergrad while studying abroad. It is my true calling because the intricacies of coding are fascinating to me. Security is a big issue within the tech industry and it was a natural progression for me. There is a readily available app that I discovered in my undergrad years that enables criminal activity via an open source Wi-Fi. Through a public Wi-Fi network a hacker is able to obtain information such as passwords and credit card information remotely. The app is based in the West, where the market for innovative technology is thriving every day. This worries me as there are so many benefits and users with possible unknown vulnerabilities, but I hope to provide key protection and security with different developments and stopgaps.

 

  1.       What do you feel is the biggest threat to consumers?

While pursuing my undergrad, I noticed the frequency in which people will turn to third party apps. Often times in rural areas or countries with various censorship laws, popular apps can be hard to obtain.  People will begin to turn to underground app markets or more illicit ways to obtain the hottest new game.  Through different methods, many cybercriminals are able to personally email consumers, posing as a legitimate company or LLC.  These personalized emails will have customized bait and switches in order to lure potential victims to click on links that create an open portal to a personal computer or phone. The malicious APKs are very difficult to detect within any operating system, even with a trustworthy scan, because malware are programmed to evade detection.

Wi-Fi security is also a looming threat to enterprises and consumers. Companies and users can be hacked by criminals over Wi-Fi and all their data can be drained in an instant. All your apps can be from secure and reliable sources but over Wi-Fi, anything can go. Two types of Wi-Fi crime can happen. One type is a form of public Wi-Fi, such as a public connection provided by a library or business. This open public connection serves as the perfect portal into another’s device because it is difficult to detect any malicious viruses on these open connections and there seems to be generally very little monitoring on these open air connections as well. The second way to use a Wi-Fi connection is a fake Wi-Fi connection. A hacker will choose to name an open Wi-Fi network something that feels secure or trustworthy, such as setting up an open connection near a city building. By naming that Wi-Fi after a public building or business, many consumers will believe it is operating as a safe network for the public when it’s truly a hacker hoping to hit pay dirt.

 

  1.       What is your Summer Project at Trustlook?

I am currently building a static fly engine that will hopefully use machine learning to identify malware. First it must be trained onto our Trustlook servers and then it will be implemented onto our app for our users. It should eventually be able to detect malware and viruses offline and save our users cellular data usage on their personal devices.

 

  1.       Do you know anyone whow has had their data or identity stolen?

Yes, of course. Even with just legal businesses and companies. Private information such as location and billing information are accessible in many different apps and personal device platforms. Many different apps are locking onto this information because it helps their business. Tracking GPS and location for a user helps to enable better ads or commerce, such as having a promotion pop up as one drives by a coffee shop or receiving an email containing a coupon for a store that one regularly drives by.  Encryption is also very common on phones and computers, but it’s very easy to break. Some websites just show passwords and private information as plain text and not as encryption. There are many small details within tech security that can prove to be bigger problems in the future.

 

  1.       What next steps do you hope to take in your career?

Mobile security is my big passion so I hope to pursue that after I complete my master’s. I enjoy the company mission at Trustlook because the goals here are to help mobile users. The best offense is a good defense. Building apps that aid in ransomware detection is the best kind of defense for mobile security as ransomware can prove to be costly. Wi-Fi protection is also something that we can provide a good defense for and hopefully educating consumers on nternet security can help raise awareness on what is safe and what is dangerous.

Meet The Interns: Mike

Here at Trustlook, our team is small and close. We love working together and even more, we love to have fun together. Every Friday on the Trustlook blog, we will have features on our passionate team members. Our special summer edition will feature our newest interns! Each intern brings something special to the table and enhances the Trustlook experience.


Mike, Engineering Intern

What interested you in mobile security?

Security is awesome because while it might not be a hot button topic, it’s vital for almost all companies and consumers. Big or small, security will always be a pillar in the internet community.  Many consumers unknowingly download viruses or malware and are forced to wipe their devices. This rings especially true for the Android community because the structure of the platform lends itself well to a variety of apps and customization, but in turn has different issues in security.

What is your summer project about for the Trustlook Team?

I am developing a monitor for the team that uses a MySQL database. The monitor keeps track of running EC2 instances and compares their names to a list of all names that should be running. Running instances are a bulk of cost for many security companies and many times, a person can open an instance and simply forget to close it, causing for extra unneeded cost. It will run every two hours and send an email to our backend team about progress. The server also has other neat features like showing what names are not running, what instance names are not recorded, how long every instance has been running etc, thus allowing the backend team to better manage what they opened and what they need to close.

This will help keep the Trustlook database clear and running efficiently.

Biggest threats to consumers?

Leaked personal information is becoming a larger issue. Popular apps, such as Pokemon Go, request access and permission to one’s Google account or location. Most consumers just get excited to play a new app or toy with a new feature and rush to allow the apps full permission onto their device.

What is one thing that is unknown to the general public about security?

The power struggle between security and hackers.  Staying constant with security measures and having hackers outside your front door makes for an intense dynamic. It’s a game of cat and mouse, honestly.

Do you know anyone that has had their data or identity stolen?

Yes, quite a few people actually. The biggest risks are truly not knowing whether you’ve been a victim or not. By regularly cleaning your phone and being on alert, you can prevent so many data breaches and preserve your privacy.

Fallout from the Android Stagefright OTA Update: Trustlook Mobile Security Memory Boost Stays alive while other Task Management Apps are Left Disabled

Google addressed the Stagefright bug by solving and rapidly releasing the Android 5.1.1 Stagefright fix. However the fix broke the widely used “recent activity” log access for the developer community. As a result, the Stagefright “fix” disabled many popular task management, parental control and app-locker android applications. The Trustlook team moved quickly with a timely update of the Trustlook Mobile Security application. “Memory Boost”, our task management feature continued to work as normal for millions of our users while others’ remain disabled.

The Nexus 6 Phone screenshot below shows all is A-OK. Users can continue to keep their Android devices running in tip-top shape.

The story started from the Black-Hat 2015 (08/01-08/06), when an exploit called Stage-fright was revealed to the public as a threat to over 95% Android devices. The Stage-fright exploit utilizes the media-play library of Android operating system and executes malicious code embedded in multi-media files. Later on 08/12/2015, Google released the OTA for the stage-fright bug to fix Stage-fright.

Immediately after the users updated their Nexus 6 phones, they found:

review

As shown in the red box of the right-bottom part of the screenshot, the user of a famous Task Killer app with 50 Million to 100 Million download counts stated : “Latest update for Android 5.1.1 killed this app. …”

To further investigate the Android OTA update, we researched the top 10 Task Killer apps in Google Play and were shocked that ( as late as 08/14/2015 ) all apps which are supposed to kill other unauthorized processes were actually ‘disabled’ by the OTA update.

Here are a few examples of the most popular ones:

The aforementioned Advanced Task Killer App , which has more than 50 Million downloads:

Screenshot_2015-08-17-17-20-32

Exactly as described by the review, the app failed to access any of the processes in the memory:

Screenshot_2015-08-17-15-29-48

 

Here is another example:

Screenshot_2015-08-17-17-14-18

Zapper Task Killer & Manager with more than 1 Million downloads was developed by a renowned mobile antivirus vendor. The process killer feature was blocked after the Android OTA update. Therefore, no process other than Zapper itself was recognized while several apps and games were still running in the operating system, which means that Zapper failed to access any recently apps, not to say forces them destroy.

Screenshot_2015-08-17-15-37-10

The root cause of the problem is the new permission requirement of the ActivityManager.getRunningAppProcesses() method in Android 5.1.1 version. In the Android OTA update, the PERMISSION.REAL_GET_TASKS needs to be proposed and granted by user in order to get the full list of tasks and processes.

CONCLUSION

From this series of stories with Stagefright, OTA and Task Killer, we can see that : due to the open-sourced nature of the Android Open Source Project (AOSP), vulnerabilities and exploits were discovered only a few days ahead of the real zero-day attacks. Thus, the community is patching the Android operating system at a much faster speed and might require subsequent patches from the third party developers and antivirus vendors. In this evolving environment, the best strategy of Android users is:

1. to keep an keen eye on safety updates of both Android OS and Antivirus apps,

2. to always use the most updated versions to protect the devices and the data.

 

Please contact support@trustlook.com for comments.

Authors: Jinjian Zhai, Tianfang Guo, Weimin Ding, Wilson Ye

 

 

 

The 1st and Only Deep Audit Feature in Mobile Security Industry – APK Insider

 

 

AppInsider_blog_instruction2

 

What is “APK Insider”?

APK Insider is the first and only real time sandbox analysis in mobile security industry. Instead of simply doing the static analysis, it provides deep dynamic analysis to any apps in the device and discover potential 0-day threats.

 

In what scenario should I use APK Insider?

If you highly suspect if an app will do bad things on your phone – such as send SMS to generate fees, or steal your contacts, you can upload it to APK Insider, and we will run it before you do. Our sandbox will simulate a virtual Android system, and expose potential questionable behaviors upon running the app. Afterwards, a behavior report will be generated, with a conclusion if the app is safe or not.

 

Where is it?

Click the Menu button at the upright corner, you will see the beta version. Try it and let us know what you think so that we can improve!

 

How to use?

Choose the apps you want to check, click “Submit” and “Ok, sure” button to start analyzing.

Since we are doing the real-time analysis on our platform, please allow some time to process.

The apps will be categorized automatically into “Analyzed APKs” and be marked as safe or dangerous.

Simply click the dangerous app or the “Uninstall” button to eliminate potential risks.

 

 

Currently this feature is in its beta test stage and only open to selected customers.

Cannot see it in your app? Don’t worry, the official version is coming soon!

Let us know what you think if you tried it!