CheckPoint
Latest
The switch to remote learning has made schools even bigger cyber targets
As homeschooling increased, so did attacks against educational institutions.
'SimBad' Android adware was downloaded nearly 150 million times
As much as Google has done to keep malware out of the Play Store, some notable examples still get through. Google has pulled 210 apps from the store after Check Point researchers discovered that they were infected with the same strain of adware. Nicknamed "SimBad" based on the abundance of infected simulator games, the code hid in a bogus ad-serving platform and created a back door that could install rogue apps, direct users to scam websites and show other apps in stores. Check Point believes the apps' developers were tricked into using the platform.
A 'Fortnite' security flaw could have exposed players' accounts
Fortnite fans who are able to log in and play without any issues (other than being eliminated before so much as building a ramp) might thank their lucky stars Epic Games has resolved a security issue. Check Point security researchers found vulnerabilities on Epic's site that could have let hackers access accounts.
Android exploit targeted apps' shoddy use of external storage
Many mobile security flaws revolve around obvious avenues like websites or deep, operating system-level exploits. The security team at Check Point, however, has discovered another path: apps that make poor use of external storage like SD cards. While apps would ideally stick to internal storage (which Google sandboxes against outside influence) as much as possible, some apps have relied unnecessarily on unprotected external storage and didn't bother to validate the data coming from that space. An intruder could take advantage of that poor security policy to manipulate the data and cause havoc -- Check Point called it a "man-in-the-disk" attack.
63 games and apps on Google Play served porn ads
If you still haven't made it a habit to inspect Google Play applications before installing them, then maybe this will make you rethink your ways. Security firm Check Point has discovered a new malicious code hiding inside 63 games and apps on Google Play -- a malicious code the company dubbed "AdultSwine" that served porn ads, to be exact. Check Point said the rogue applications were targeted towards kids, but a Google spokesperson told Engadget that they were more for the general audience. Google also clarified that they weren't part of its vetted list under the Designed for Families Program, but it's not that hard to imagine children downloading random games they find on the Play store.
Android malware skews Google Play ratings by installing apps
Malware writers haven't stopped trying to game app rankings through bogus app installs. Researchers at Check Point have identified a new strain of the longstanding Ghost Push malware, Gooligan, that has infected over 1 million Android devices to date and continues to grow (about 13,000 new infections per day). As with earlier code, attackers trick you into installing a Gooligan-based app through either a third-party app store or a phishing scam. Once it's on your phone, the software takes advantage of Linux kernel exploits to access your Google authorization token and install fraudulent apps, whether to boost their Google Play rankings or to generate money through ads.
Android malware from Chinese ad firm infects 10 million devices
The Android malware Hummingbad has infected 10 million devices so far, but what's most interesting is where it comes from. First discovered by the security firm Check Point in February, the researchers have tied it to Yingmob, a highly organized Chinese advertising and analytics company that looks like your typical hum-drum ad firm. Once it successfully infects and sets up a rootkit on Android devices (giving it full administrative control), Hummingbad generates as much as $300,000 a month through fraudulent app installs and ad clicks. As Check Point describes it, Hummingbad is an example of how malware companies can support themselves independently.
Researchers can take complete control of Android phones
The wave of security issues with devices, cars and even skateboards continues as Check Point researchers presented a vulnerability at the Black Hat conference that could potentially open millions of Android up to hackers. Dubbed Certifi-gate, the researchers say that vulnerabilities in the OEM (manufacturers of Android devices like Samsung, LG and Sony) implementation of Remote Support allows a third party app's plugins to access a device's screens and actions using an OEMs own signed certificates.
Exploit uses firewalls to hijack smartphones, turns friends into foes
Normally, firewalls at cellular carriers are your best friends, screening out malware before it ever touches your phone. University of Michigan computer science researchers have found that those first lines of defense could be your enemy through a new exploit. As long as a small piece of malware sits on a device, that handset can infer TCP data packet sequence numbers coming from the firewall and hijack a phone's internet traffic with phishing sites, fake messages or other rogue code. The trick works on at least 48 carriers that use firewalls from Check Point, Cisco, Juniper and other networking heavy hitters -- AT&T being one of those providers. Carriers can turn the sequences off, although there are consequences to that as well. The only surefire solution is to either run antivirus apps if you're on a mobile OS like Android or else to run a platform that doesn't allow running unsigned apps at all, like iOS or Windows Phone. Whether or not the exploit is a serious threat is still far from certain, but we'll get a better sense of the risk on May 22nd, when Z. Morley Mao and Zhiyun Qian step up to the podium at an IEEE security symposium and deliver their findings.
AOptix e-Gate could improve global airport security, replace ID checks with iris scans
You're certainly not alone if you think that the current airport security process is far from ideal. AOptix hopes to streamline and speed up security procedures by replacing manual boarding pass and ID checks with a biometric kiosk called e-Gate. The new system, which verifies passenger identities by matching an iris scan with a boarding pass, just received (IATA) approval, and is currently being tested in three airports around the world. It's not as slick as a similar concept we saw earlier this summer, but e-Gate could be implemented with a trusted traveler program, creating special lanes for pre-approved frequent fliers -- similar to the US Customs Global Entry system in place today. We don't see it replacing X-ray machines and check-in interviews, but it could remove human error from the equation -- at least when it comes to verifying your identity. Jump past the break for the full scoop from AOptix, or you can check out the system for yourself at the Future Travel Experience in Vancouver. Update: e-Gate is in fact a potential component of Checkpoint of the Future, which we saw conceptualized in June.%Gallery-133007%
IATA's Checkpoint of the Future uses biometric IDs to separate do-gooders from terrorists (video)
This, ladies and gentlemen, could be your Checkpoint of the Future -- a new airport security prototype that promises to move away "from a system that looks for bad objects, to one that can find bad people." Unveiled at the IATA's annual conference in Singapore yesterday, the setup is comprised of three, 20-foot long detectors -- one for "known travelers," one for high-risk flyers, and one for everyone else. Instead of funneling passengers through the same checkpoint, then, the prototype would use eye scanners and biometric chips to verify their identities and analyze their personal history, before dividing them into groups. People who complete and pass government background checks would waltz through the fast pass lane with their carry-on luggage in tow, whereas those deemed particularly risky would have to undergo a more intensive, full-body scan within the "Enhanced" security lane. The rest of us, meanwhile, would be directed to the "Normal" detector, which would automatically scan us for liquids, metals and everything that is evil. The IATA says this risk-based approach would reduce security lines and lower airport costs, but it would still require governments to share data on their own citizens, which could pose a major hurdle to widespread adoption. For now, the IATA and governmental agencies are still hammering away at the details and have yet to announce a pilot program, but you can check out an audio-less demo video of the prototype, after the break.
Clear security lanes reopen in Orlando, coming soon to Denver
There's just nothing quite like a promised kept, you know? Back in May, we heard that the financially troubled Clear would be making a comeback this fall, and lo and behold, the first Clear security lanes in quite some time have opened up in Orlando International Airport (MCO). Just as before, customers angels who fork out $179 per year and pass a litany of personality tests (we kid, we kid... sort of) will be able to breeze right through a dedicated security lane, enabling them to show up just moments prior to takeoff, claim their seat and simultaneously draw the ire of every other nearby passenger. In the next few months, Clear will roll out a family plan that enables the $179er to add members at $50 a pop, and during the introduction period, all members will receive a free month. Best of all, those who used Clear before can have their cards reactivated once it returns to their home airport. The company intends to open lanes in Denver later this month, but expansion plans beyond that remain a mystery. Feel free to get amped by watching the video just past the break.
Clear security lanes storming back to airports, principled travelers high five one another
Don't call it a comeback. Or do, because that's precisely what this is. After Clear shuffled its final incorruptible passenger through a speedy security lane in June of last year, the company closed up shop and forced even the nicest of travelers to re-join the herds. Thankfully for us all, Alclear has decided that life's simply no good without a hasty security option at airports, and it has plopped down $6 million in order to acquire the assets of Verified Identity Pass out of bankruptcy protection. According to our hombres at Gadling, that purchase price doesn't include individual airport contracts, so it'll be an uphill battle getting these lanes back into the places in which they're needed. If all goes well, we could see the first Clear avenues reopen this fall, with pricing set at $179 per year for unlimited individual use or $229 per year for unlimited family use. Head on past the break for more details on reactivating old subscriptions and the full presser.
First Look: NMobile for iPhone
If you find yourself running into police speed traps often, then you might want to give a new iPhone app a try. NMobile [iTunes link] allows you to locate speed traps, red light cameras, and radar locations. All of these speed detection devices are mapped out on a Microsoft Live map -- this is one of the first native uses of Microsoft Live Maps on the iPhone. If you are using this application with the iPhone 3G, then you will have the ability to use your GPS location in conjunction with the tracking service from Njection. In "Browse Mode," you can check your area for speed traps, red light cameras, and radar devices. The speed trap locations are submitted by users, and can be submitted through the application (or on Njection's website). Red light cameras and radar locations are also submitted by users, and verified for accuracy by the developers. Speed trap locations are only verified by users. In addition to browsing for speed traps, you can also be alerted audibly of upcoming traps -- you can find this under "Alert Mode." In this mode, NMobile will tell you when you are approaching a trap, you will also see how many miles ahead the trap is. Bottom line: this application is solid, but I would like to see a couple features added. For one, you can't get directions in this application like you can in the default Maps app on the iPhone. It would be nice if you could plan a route, and see the speed traps along the way. If you're using this application on a first generation iPhone, you might not get the best experience; however, this can't really be blamed on NMobile; the location data on the GPS-less phones isn't specific enough. You should exercise care and caution while using this application on the road. This application is just a little pricey at $9.99, and is now available on the iTunes App Store. %Gallery-36948%
Tom Bihn's Checkpoint Flyer laptop bag in the wild, reviewed
We could tell from the press shot that this here laptop bag was far and away the most beautiful of the TSA-approved bunch, and a recent review over at Gadling confirms it. Put simply, the Tom Bihn Checkpoint Flyer is "fantastic," and even the reviewer found himself startled at just how much he dug it. The build quality was remarkable, the ease of use was commendable and the design itself was obviously worthy of praise. The only real rub is the bloated sticker; the price of admission is a stiff $220, and that's before you add in any useful straps or extra packing cubes. 'Course, you're probably wondering how this thing fared in real-world use, and we're happy to report that no cavity searches were required when passing through security on a flight from Chicago to Amsterdam. Check the full writeup and a hands-on gallery in the read link.
Heavy Rain on checkpoints, please don't use them
Before reading further, you might want to take advantage of that save point over there. You know, just in case it doesn't turn out the way you like. Or don't, if you're of the same mind as David Cage, founder of Heavy Rain developer Quantic Dreams, who believes that when it comes to his company's story-heavy offspring it's best just to play along and not look back on what might have been. Cage told CVG that while Heavy Rain will sport a typical checkpoint system, the devs would rather players "continue to play with one story bearing with the consequences of their actions." Explained the exec, "Why would you want to do everything perfect and change what you've done." It's certainly a novel concept, if naive, though we're more than a little curious if the apparent ability to continue on even after the hero croaks will be enough to fight our natural urge to reload.
Tom Bihn's Checkpoint Flyer: a TSA-approved bag worth owning
Now that the TSA has doled out the official verbiage about what it considers a checkpoint-friendly laptop bag, expect to see the usual players toss in an option or two for frequent fliers. Thus far, all we've seen are cases that get the job done while throwing style to the wind in the nearest dumpster; now, however, we've a better option to choose from. Tom Bihn's stylish Checkpoint Flyer meets all of the TSA's requirements while still looking like a briefcase we wouldn't be embarrassed to be seen with. The 2.6-pound bag is crafted from US 1050 denier ballistic nylon and 500 denier Cordura and includes a trio of pouches on the outside, splash-proof zippers and ten smaller pockets for stashing those increasingly rare bags of peanuts / pretzels. It's available now in three colors for $220 (yeah, we know, but it's made in the US of A).[Via Electronista]
Targus introduces checkpoint-friendly Zip-Thru laptop case
As we surmised earlier this month with the formal introduction of Mobile Edge's trio of TSA-approved laptop bags, the flood of competitors are now rushing out. One of the first out of the gate is Targus, delivering its Zip-Thru 15.4-inch Corporate Traveler Laptop Case. Just the first in the outfit's sure-to-be-long line of checkpoint-friendly bags, this one measures in at 16.93- x 6.5- x 13.98-inches, weighs 3.74-pounds, is constructed from durable black ballistic 1680 denier nylon and can -- of course -- slip under those airport scanning machines with your precious machine still tucked inside. Unfortunately, it won't be available for summertime travel (look for it to land in October), but you can go ahead and budget in $99.99 well before Q3 gets sticky.[Via CrunchGear]
Check Point intros ZoneAlarm Z100G wireless router
The security-minded folks at ZoneAlarm are branching out from their cozy nook in the software space into the wild world of hardware, with parent company Check Point announcing its first ZoneAlarm-branded wireless router. While it sure ain't pretty, the Z100G should keep you relatively safe behind its variety of security measures, including firewall, antivirus, and intrusion prevention, in addition to remote access VPN and secure remote desktop features. The router itself is a Super G number, promising speeds up to 108 Mpbs while still, of course, remaining compatible with regular 802.11b and 802.11g-based options, with a promised range of 984 feet indoors (right). Not surprisingly, you'll have to pay a bit of a premium over your run-of-the-mill router to get this one to watch your back, with the Z100G coming in at the $199 price point, although Check Point's knocked that down to $149 'till the end of December. Or you could, you know, buy a dd-wrt or OpenWRT compatible router and save yourself a bundle. Something tells us you're gonna be every bit as safe.[Via eHomeUpgrade]
