Tag: online security

Void Android?

More than one billion Android devices around the world are vulnerable to attack by hackers because they are no longer supported by security updates and built-in protection, new research by Which? has found.

The consumer champion crunched Google data, which shows a staggering two in five (40%) Android users worldwide are no longer receiving vital security updates from Google, potentially putting them at risk of data theft, ransom demands and a range of other malware attacks that could leave them facing bills for hundreds of pounds.

The findings come as Which? adds warnings to its reviews of potentially affected smartphones – which are not necessarily old models and are still available to buy through online marketplaces – so consumers are aware of the risk.

Which? experts took a selection of affected phones and tablets into its labs, including handsets still available to buy from online marketplaces such as Amazon, and found they could easily be hit by a range of malware and other threats.

Researchers tested a range of phones including models from Motorola, Samsung, Sony and LG/Google and found vulnerability to hacks including enabling personal information to be stolen, a hacker to take complete control over the phone or large bills for services that the phone owner hasn’t used themselves.

Recently out-of-support devices won’t immediately have problems, but without security updates, the risk to the user of being hacked goes up exponentially. Generally speaking, the older the phone, the greater the risk.

Anyone using an Android phone released around 2012 or earlier – including popular models like the Samsung Galaxy S3 and Sony Xperia S, should be especially concerned, since it’s likely they will be running a version of Android that does not include various security enhancements Google has been rolling out since.

Google declined to respond when Which? asked for data on how many UK users are likely to be affected. But the consumer champion estimates there could potentially be millions of old unsupported Android devices still in use in the UK.

Which? shared its findings with Google but the tech giant’s response failed to provide reassurance that it has plans in place to help users whose devices are no longer supported.

Which? is calling for far more transparency around how long updates for smart devices will be provided so consumers can make informed buying decisions. The industry must also do a better job of giving support and guidance to customers about their options once security updates are no longer available.

Proposed legislation for mandatory security requirements – putting the onus on manufacturers to provide clear information about how long security updates will be provided for – and strong enforcement for manufacturers, retailers and online marketplaces that fall short are essential to tackle the growing problem of digital obsolescence.

Which? believes Google and other manufacturers also have questions to answer about the environmental impact of phones that can only be supported for three years or less – meaning consumers frequently need to fork out hundreds of pounds to replace them, while old phones end up piled up in landfill.

Kate Bevan, Which? Computing editor, said: “It’s very concerning that expensive Android devices have such a short shelf life before they lose security support – leaving millions of users at risk of serious consequences if they fall victim to hackers.

“Google and phone manufacturers need to be upfront about security updates – with clear information about how long they will last and what customers should do when they run out.

“The government must also push ahead with planned legislation to ensure manufacturers are far more transparent about security updates for smart devices – and their impact on consumers.”

Which? Tips

My Android phone is working fine, so why should I ditch it?

If your Android device is more than two years old, check if it can be updated to a newer version of Android. Open your phone or tablet Settings app, then tap System > Advanced > System update. You can then see your Android version.

If you are on a version before Android 7.0 Nougat, try to update your system. Still in the System update section, follow the instructions to run the update.

If you can’t update to a newer version, you’ll need to consider that there will be an increased risk of using your device going forwards – especially if you are running a version of Android 4 or lower.

What should I do if my mobile phone is no longer updated?

The older the phone, the greater the risk. Anyone with a smartphone that runs Android 4 or earlier should seriously consider whether it’s worth the risk to their data and privacy to continue using the device. However, there is an increased risk to any device that is no longer being supported by security updates. If you are still using such a phone, carefully consider the following advice until you upgrade.

1. Be careful what you download: The majority of threats come from downloading apps from outside the Google Play store, so be very wary of that. If you do sideload an app, check carefully that it is official and always manually re-enable the ‘unknown sources’ block in your Android settings after you’re finished. This is done automatically in newer Android versions.

2. Watch what you click on: As well as traditional phishing threats that might arrive via email, variations on these threats can be sent to a phone via SMS or MMS messages to take advantage of vulnerabilities found on some older versions of Android. Be very wary of clicking on any links that look suspicious, especially if they are from senders you’re not familiar with.

3. Back up your data: Make sure all your data is backed up in at least two places (a hard drive and a cloud service). If something goes wrong and you do get infected, this will help to ensure you won’t lose access to anything vital.

4. Get mobile antivirus: There are a range of additional apps that can provide some protection for your older Android device against security threats. Bear in mind, though, that the choice might be limited for really old Android builds. We could barely find any reputable services for the Sony Xperia Z2 running Android 4.4.

Which? advice guide for people who are using phones that no longer receive security updates: https://www.which.co.uk/reviews/mobile-phones/article/mobile-phone-security-is-it-safe-to-use-an-old-phone

Cyber Scotland Week

More than sixty events are taking place this Cyber Scotland Week (17 – 23 February) to encourage people from all walks of life to consider a career in data security.

Organised by the Scottish Government and ScotlandIS, Cyber Scotland Week showcases innovation in the sector and the many economic opportunities in combatting the global cyber threat.

Scotland’s cyber company base has grown considerably in response to Scottish, UK and international demand, from around 50 companies in 2017 to just over 90 companies today.

Deputy First Minister John Swinney said: “Cyber Scotland Week gives people of all ages the chance to come together to understand and learn about the threat and to hear about the wealth of cyber security careers opportunities.

“With over 60 events across the country, this Cyber Scotland Week builds on last year’s success and contribute to our ambition for Scotland to be a world leading cyber resilient nation.”

Cyber Scotland Week events are available at www.cyberscotlandweek.scot.

How secure is your password?

  • National Cyber Security Centre’s (CSC’s) first ‘UK Cyber Survey’ shows 42% of Brits expect to lose money to online fraud
  • Breach analysis finds 23.2 million victim accounts worldwide used 123456 as password
  • Global password risk list published to disclose passwords already known to hackers
  • NCSC urges using 3 random words as passwords on the eve of CYBERUK 2019 event

Continue reading How secure is your password?

Strengthening cyber resilience

New action plan puts cyber-skills at the heart of learning and development

Widening awareness of cyber resilience and developing a strong pool of talent skilled in cyber security will be at heart of improving resilience to online and digital threats.

The Cyber Resilience Learning and Skills Action Plan includes key actions for education, business and the public sector to strengthen and further embed understanding of the need for cyber-security.

The aims of the action plan are to:

  • Increase cyber resilience through awareness raising and engagement
  • Explicitly embed cyber resilience throughout education and lifelong learning system
  • Increase cyber resilience at work
  • Develop the cyber security workforce to ensure that skills supply meets demand and professionals can find rewarding employment in Scotland.

The action plan was launched by Economy Secretary Keith Brown while meeting BT apprentices in Edinburgh as part of Scottish Apprenticeship Week 2018. He said: “This plan is a blueprint for the Scottish Government and all its partners across the public and private sectors to work together to enhance our wider understanding of cyber security.

“We want to see people across Scotland, whether in early years, school, college or the workplace, get greater opportunities to develop the skills needed to be safe and resilient in their online lives.

“The plan also sets out how we can ensure we have a strong pool of professionals able to secure our businesses, charities and public services against current and future threats, and who can develop innovative goods and services for the rest of the world.

“Supporting the development of these specialist skills will be vital to the success of other activity on cyber resilience as well as our forthcoming plan to help us to take advantage of the economic opportunities presented by our work on cyber security.”

Brendan Dick, BT Scotland director, said: “As one of the biggest dedicated cyber security practices in the world we’re pleased to host the launch of this action plan which will help to bolster the cyber security profession in Scotland. We’re proud to be one of the first employers of cyber security apprentices in Scotland, with around 20 in Edinburgh, and more broadly we have 320 apprentices across Scotland.

“Apprentices are important to our business in providing new talent and fresh ideas. Last year we became the first-ever employer in Scotland to be awarded the highest possible marks in a review of our Modern Apprenticeship scheme by HM Inspectors.

“We’re supporting the development of digital skills for young people through our partnerships with Young Engineers and Science Clubs and Digital Xtra Fund, as well as the Barefoot Computing initiative to boost tech literacy. We urge young people to consider careers in the fast growing cyber security sector.”

SDS Director of Industry and Enterprise Networks, Gordon McGuinness, said: “We welcome the launch of the Cyber Resilience Learning and Skills Action Plan and fully support raising the awareness of cyber resilience in our schools, workplaces and beyond.

“Cyber skills are a key focus for Skills Development Scotland. We launched our Cyber Skills Programme in 2017 which is an initiative encouraging school pupils to choose fighting cybercrime as a career choice.

“Through a series of collaborative events with industry, school pupils have been able to learn more about cyber security and the many exciting career opportunities that are available in this industry.”

cyber plan

 

 

Cyber Academy joins forces with Satisnet to fight security threats

A NEW cyber security project will allow companies to train staff to combat attacks like the one which saw NHS systems infected with malicious software last year. The SOCLAB training infrastructure at Edinburgh Napier’s Cyber Academy will let workers get to grips with ransomware and other threats in a safe and isolated environment. Continue reading Cyber Academy joins forces with Satisnet to fight security threats