Thursday, January 18, 2018
Home Tags Nokia

Tag: Nokia

From ransomware to adware, mobile devices are seeing more attacks, even though far fewer users are affected than on typical personal computer platforms. Security researchers have long predicted that malware will arrive on mobile platforms, threatening the owner's sensitive information and using the devices to carry out a variety of scams, from stealing bank funds to racking up premium texting charges.In some regions, where third-party application stores are numerous and not well secured, malware rates have soared.
In North America, however, where applications are usually downloaded from Google's Play store or Apple's App Store, the security checks conducted by those companies have kept mobile devices mainly free of malware.In 2014, for example, only about 0.15 percent of devices that only installed applications from Google Play had a potentially harmful app installed, according to Google.Yet, that may start to change in 2016, according to researchers. One technique, known as overlays, may allow criminals to steal information in real time and foil the use of smartphones as a second security key used to augment Website login security ranging from Gmail to bank accounts, Limor Kessem, security researcher for IBM's X-Force research group, told eWEEK.
Such techniques may result in much higher infection rates on mobile devices, she said. "Mobile malware is finally doing what everyone thought it was going to do," Kessem said. IBM is not alone in its predictions.Security firm Webroot found that 52 percent of the 20 million apps that it scanned from app stores worldwide were either potentially unwanted or outright malicious. "When we look at those environments, the stores have a lot of malicious mobile apps—in some cases, upwards of 30 percent," Grayson Milbourne, Webroot's security intelligence director, told eWEEK.And 70 percent of enterprises believe that the company had lost data because of an insecure mobile device, according to a survey conducted by the Ponemon Institute for mobile-security firm Lookout.

Fifty-four percent of companies believed that malware had infected a corporate mobile device in theFrom several recently released reports, a fresh picture emerges of the current mobile malware threat.The relative danger of mobile malware infection, for the most part, continues to be overstated. PCs continue to account for the majority of malicious traffic seen on residential networks, according to data from Nokia's Application and Analytics group, which released a report on March 1 summarizing the threats the company saw on both mobile and residential networks in 2015.About 11 percent of computer systems were infected with malware or potentially unwanted software, such as adware, in the second half of 2015, down from 14 percent in the first half, the company found.
Smartphones, meanwhile, only had a 0.3 percent infection rate, the company found, which is in line with Google's data.However, the rate of PC infections is falling, while the rate of smartphone infections has begun to climb, according to Nokia.
Smartphones now account for the majority of malicious traffic seen on mobile networks, according to Nokia's Applications and Analytics group.In the past, a great deal of malware seen on mobile networks could be tracked back to Windows PCs or laptops tethered to mobile phones, but in 2015 that changed with smartphones accounting for about 60 percent of malicious traffic.
The former head of Israel's version of the National Security Agency pushes forward with cyber-security accelerator effort. There are companies that build technologies, and then there are the organizations that actually build companies.

Team8 belongs to...
As Mobile World Congress approaches, oneM2M’s Dr. Omar Elloumi urges vendors to look at bigger picture to avoid industry fragmentationBarcelona, Spain, 18 February 2016: Vendors rushing to be the first to release Internet of Things (IoT) gadgets and ecosystems need to urgently increase collaboration and treat the IoT race as a marathon, rather than a sprint, the Chair of oneM2M Technical Plenary warned today. Speaking ahead of Mobile World Congress – which will showcase the latest in mobile technology – Dr. Omar Elloumi (Nokia corporate CTO group) said the full potential of IoT could only be realised if service providers and vendors alike look at it as a customer-centric opportunity while remaining focused on the bigger picture. Without this, according to Dr.

Elloumi, IoT growth will be stunted and the market will become heavily fragmented, leading to security issues and vendor lock-in. “According to the 2015 McKinsey report ‘Unlocking the potential of the Internet of Things’, interoperability will unlock 40 per cent of IoT revenue – that alone shows just how damaging launching products could be without carefully considering interoperability,” said Dr.

Elloumi. “The time required to create globally harmonized standards can create frustration for many of us, but this is nothing compared to the frustration consumers and industries will experience if their newly installed IoT system requires multiple controls for multiple devices and actually complicates their lifestyle or operations rather than simplifying them.” Security is another major obstacle that detailed and well-documented specifications can overcome, continued Dr.

Elloumi, with security functions covering identification, authentication, authorisation, security association, sensitive data handling and administration.

There is a large variety of deployment scenarios to take into account, involving any type of device, meaning multiple modular authentication and provisioning options and cost-optimized security according to operational requirements. This is one area which oneM2M has addressed by developing globally recognized technical specifications which tackle the need for a common IoT Service Layer that can be readily embedded within various hardware. Seamless interworking with multiple protocols, such as OMA LWM2M, OIC and AllSeen is another area where oneM2M provides a significant value proposition to resolve the interoperability issue. Dr.

Elloumi concluded: “The IoT is still a nascent market.

The ability to spin up a new solution can be quite daunting; there is a lot of effort involved in integrating a complete solution especially if you have to deal with legacy systems; this is the case for smart cities in particular. Standards-based solutions give you an eco-system of multiple solution providers which is the only way to ensure multi-vendor interoperability and supplier choice and, therefore, deliver on the actual promise of IoT.” ENDS About oneM2MoneM2M is the global standards initiative that covers requirements, architecture, API specifications, security solutions and interoperability for Machine-to-Machine and IoT technologies. oneM2M was formed in 2012 and consists of eight of the world's preeminent standards development organizations: ARIB (Japan), ATIS (North America), CCSA (China), ETSI (Europe), TIA (North America), TSDSI (India), TTA (Korea), and TTC (Japan), together with six industry fora or consortia (Broadband Forum, Continua Alliance, GlobalPlatform, HGI, Next Generation M2M Consortium, OMA) and over 200 member organizations. oneM2M specifications provide a framework to support applications and services such as the smart grid, connected car, home automation, public safety, and health. oneM2M actively encourages industry associations and forums with specific application requirements to participate in oneM2M, in order to ensure that the solutions developed support their specific needs.

For more information, including how to join and participate in oneM2M, see: PR ContactMichelle (0) 1636 812 152
Microsoft announced its Q2 2016 results yesterday, reporting strong performance for its cloud business and leading to a stock bump in the wake of the news. Its Surface tablet hardware business also performed well. However it’s an entirely different story for the unloved phone-making business — that albatross around Steve Ballmer Satya Nadella’s neck. Buried low down in the earnings report, Redmond notes phone revenue “declined 49% in constant currency” — couching this as a reflection of “our strategy change announced in July 2015”. Microsoft can couch away all it wants, but the truth is its phone business is dead. And no amount of ‘strategic fiddling‘ around the edges will change that. Indeed, the platform has been walking dead for multiple years now. To underline how much the Windows (née Windows Phone) smartphone project has collapsed here are the year over year sales figures… Total Windows Phones sold in Microsoft’s Q2 quarter: 4.5 million vs selling 10.5 million in the year ago quarter A spot of comparative context: just this week Apple announced it sold 75 million iPhones in its Q1. (And that in a quarter without significant iPhone sales growth for Cupertino.) #WIndows smartphone Market share 2007 12%, 2008 11%, 2009 9%, 2010 5%, 2011 3%, 2012 3%, 2013 3%, 2014 3% and now 2015 down to 2% #Lumia — Tomi Ahonen (@tomiahonen) January 29, 2016 Of course we’ve known that Windows Phone has been walking dead for years now, given its failure to achieve significant traction outside a handful of European markets. In the U.S. the platform never took off. And even in European markets like Italy where it saw some small gains Microsoft has been unable to turn regional glimmers of growth into anything vaguely resembling sustained momentum. To paraphrase Monty Python, Windows Phone is an ex-platform. Sure, Microsoft might say the platform is just resting. But consumers know the truth: it’s a dead parrot. The question now is whether Microsoft will keep making smartphones as a showcase/vanity project. Or just kill off the division entirely. Opinion is divided on that front, although given how many phone-related staff Microsoft has given the chop to already it is already pretty far down that path of ‘total focus’… Either way, one thing is absolutely clear: consumers aren’t going to be buying smartphones running Windows. Because people know a dead parrot when they see one.
1: The Nokia 1100 may not be as famous as the 3310, but it's the best-selling mobile phone the world has ever known, shifting more than 250 million. It went on sale in 2003, and has since been sadly discontinued. Nokia's one billionth phone sold was ...
Background When mass-produced electronic spying programs became widely known by the public, many email providers, businesses, and individuals started to use data encryption. Some of them have implemented forced encryption solutions to server connections, while others went further and implemented end-to-end encryption for data transmission as well as server storage. Unfortunately, albeit important, said measures did not solve the core problem. Well, the original architectural design used in emails allows for metadata to be read as plain text on both sent and received messages. Said metadata includes recipient, sender, sent/receipt date, subject, message size, whether there are attachments, and the email client used to send out the message, among other data. This information is enough for someone behind targeted campaigns attacks to reconstruct a time line for conversations, learn when people communicate with one another, what they talk about, and how often they communicate. Using this information to fill in the gaps, threat actors are able to learn enough about their targets. In addition to the above, technologies are evolving, so something that is encrypted today may be easily decrypted a few years later, sometimes only months later, depending on how strong the encryption key is and how fast technologies are developing. Said scenario has made people move away from email exchanges when it comes to confidential conversations. Instead, they started using secure mobile messaging applications with end-to-end encryption, no server storage and timed deletion. On the one hand, these applications manage strong data and connection encryptions. On the other hand, they manage auto deletion on cell phones and provider servers. Finally, they practically have no metadata or are impersonal, thus not allowing identifiers about targets or data correlation. This way, conversations are truly kept confidential, safe, and practical. Naturally, this scenario has made threat actors develop implants for mobile devices since, from a hacking perspective, they address all the aforementioned technical limitations―that is, the inability to intercept conversations between users who have migrated to these secure mobile messaging applications. What is an implant? This is an interesting terminology invented by the very same threat actors behind targeted attacks. We saw it for the first time during the Careto campaign we announced a few years ago. Now we will analyze some implants developed by HackingTeam to infect mobile devices running on iOS (Apple), Android, Blackberry, and Windows Mobile. HackingTeam isn’t the only group developing mobile implants. There are several campaigns with different roots, which have been investing in the development of mobile malware and used it in targeted attacks at the regional and international level. Implants for Androids Android-based phones are more affordable and, consequently, more popular worldwide. That is why threat actors responsible for targeted attacks have Android phones as their #1 priority and have developed implants for this operating system in particular. Let’s analyze what one of these implants is capable of. HEUR:Trojan-Spy.AndroidOS.Mekir.a It is well known that the encryption algorithm used in text messages is weak. It is safe to assume that practically all text messages sent are susceptible to interception. That is precisely why many users have been using instant messaging programs. In the coding fragment above, we can see how threat actors are able to obtain access to the messaging database used by WeChat, a mobile application for text message exchange. Let’s assume that the messaging application being used by the victim is really secure and has applied a strong end-to-end encryption, but all messages sent and received are stored locally. In said case, threat actors would still have the ability to decode these messages. Well, when they steal a database along with the encryption key that is stored within the victim’s device, threat actors behind these attacks can decrypt all contents. This includes all database elements, not only the text information, but also geographic locations shared, pictures, files, and other data. Besides, threat actors have the ability to manipulate the camera on the device. They can even take pictures of the victim for identity confirmation. This also correlates with other data, such as the wireless network provider that the phone is connected to. Actually, it doesn’t matter what application the victim is using. Once the mobile end point is infected, threat actors are able to read all messages sent and received by the victim. In the following code segments, we can see the instructions used to interact with messaging applications Viber and WhatsApp. If a mobile devices is compromised with an implant, the rule becomes very simple – if you read a secure text message on your screen, the threat actor behind that implant, reads it too. Implants for iOS Undoubtedly, Apple mobile devices also enjoy a large market share. In some markets, they are certainly more popular than Android devices. Apple has managed the safety architecture of its devices very well. However, it doesn’t make them completely immune to malware attacks, especially when there are high-profile threat actors involved. There are several infection vectors for these devices. Likewise, when high-profile targets are selected, threat actors behind these targeted attacks may apply infection techniques that use exploits whose costs are higher―hundreds of thousands of dollars―but highly effective, as well. When targets are of an average profile, less sophisticated, but equally effective infection techniques are used. For example, we would point to malware installations from a previously infected computer when a mobile device is connected through a USB port. What technical abilities do iOS implants have? Let’s see the following implant example: Trojan.OSX.IOSInfector.a This Trojan infects iOS devices as they are being charged by the victim of the attack by using a previous Jailbreak made to the device. In other words, if targets usually charge their cell phones using a USB cable, the pre-infected computer may force a complete Jailbreak on the device and, once the process is complete, the aforementioned implant is installed. In this code, you can see that the attacker is able to infected the device and confirm the victim’s identity. This is a crucial step during targeted attacks, since threat actors behind this kind of attacks wouldn’t want to infect the wrong victim and―worse yet―lose control of their implant and spoil the entire operation, thus exposing their attack to the public. Consequently, one of the technical abilities of these implants is to verify the phone number of their victim, along with other data to make sure they’re not targeting the wrong person. Among other preliminary surveying actions, this implant also verifies the name of the mobile device and the exact model, battery status, Wi-Fi connection data, and the IMEI number, which is unique to each device. Why would they check the battery status? Well, there are several reasons for that, the main one of them being that data can be transferred through the internet to the hacker’s server as this information is extracted from an infected device. When phones are connected to the internet, be it through a data plan or Wi-Fi connection, the battery drains faster than normal. If threat actors extract data at an unsuitable moment, the victim could easily notice that there’s something wrong with the phone, since the battery would be hot and start draining faster than normal. That is the reason why threat actors would rather extract information from victims―especially heavy data like photos or videos―at a moment when their battery is being charged and the cell phone is connected to the Wi-Fi. A key part of spying techniques is to combine a victim’s real world with the digital world they live in. In other words, the objective is not only to steal information stored in the cell phone, but also to spy conventional conversations carried out off line. How do they do it? By enabling the front camera and microphone on hacked devices. The problem is that, if the cell phone isn’t in silent or vibrate mode, it will make a particular sound as a picture is taken with the camera. How to resolve it? Well, implants have a special setting that disables camera sounds. Once the victim is confirmed, the hacker once again starts to compile the information they are interested in. The coding below shows that threat actors are interested in the Skype conversations their victims are having. This way, threat actors have complete control over their victims’ conversations. In this example, Skype is the messaging application being used by threat actors, but it could actually be any application of their choice, including those considered very secure apps. As mentioned above, the weakest link is the mobile end point and, once it is compromised, there is no need to even crack any encryption algorithm, no matter how strong it may be. Implants for Blackberry Some targets may use Blackberry phones, which are known to be one of the most secure operating systems in the market. Even though they are safer, threat actors behind targeted attacks don’t lag behind and they have their arsenal ready. Trojan-Spy.BlackberryOS.Mekir.a This implant is characterized by a strong code obfuscation technique. Analyzing it is complex task. When we look at the code, we can clearly see that even though the implant comes from the same threat actor, the developer belongs to another developer group. It’s as if a specific group were in charge of developing implants for this operating system in particular. What actions may these implants develop in an infected Blackberry device? Well, there are several possible actions: Checking the Battery Status Tracking the victim’s geographic location Detecting when a SIM card is replaced Reading text messages stored within the device Compiling a list of calls made and received by the device. Once Blackberry phones start to use the Android operating system, threat actors will have a farther-reaching operation. Implants for Windows Mobile Windows Mobile aren’t necessarily the most popular operating system for mobile devices in the market, but it is the native OS used by Nokia devices, which are preferred by people looking for quality and a solid track history. There is a possibility that some targets may use this operating system, and that is why the development of implants for Windows Mobile devices is underway as well. Next, we will see the technical scope of implants for Windows Mobile devices. HEUR:Trojan-Spy.WinCE.Mekir.a When infecting a victim’s mobile device, this implant is hidden under a dynamic library file by the name bthclient.dll, which is supposedly a Bluetooth driver. The technical abilities of these implants are practically limitless. Threat actors may develop several actions, such as checking: A list of apps installed, The name of the Wi-Fi access point to which the victim is connected, Clipboard content that usually contains information of interest to the victim and, consequently, to the attacker. Threat actors may even be able to learn the name of the APN that victims connect to while using the data plan through their provider. Additionally, threat actors can actively monitor specific applications, such as the native email client and communications hub being used by a Windows Mobile device to process the victim’s communication data. Conclusions Considering the explanation in the introduction, it is probable that the most sensitive conversations take place in secure end-to-end mobile applications and not necessarily emails sent with PGP. Threat actors are aware of it, and that is why they have been actively working not only on developing implants for desktop computers, but also for mobile devices. We can say for sure that threat actors enjoy multiple benefits when they infect a mobile device, instead of a traditional computer. Their victims are always carrying their cell phones with them, so these devices contain information that their work computers won’t. Besides, mobile devices are usually less protected from a technological point of view, and victims oftentimes don’t believe their cell phones could ever become infected. Despite a strong data encryption, a compromised mobile end point is completely exposed to spying, since threat actors have the same ability to read messages as users themselves. Threat actors don’t need to struggle with encryption algorithms, nor intercept data at the network layer level. They simply read this information the same way, as their victim would. Mobile implants don’t belong to the group of massive attacks launched by cybercriminals; they are actually targeted attacks in which victims are carefully selected before the attack. What Makes You A Target? There are several factors involved in being a target, including whether you are a politically exposed person, have contacts of interest to threat actors, are working on a secret or sensitive project that is also of interest, among others. One thing is certain: if you’re targeted by such an attack, the probability of infection is very high. Everything we’re seeing now is a battle for numbers. You cannot decide whether you’ll become a victim, but one thing you could do is elevate the cost of such an attack to the point that threat actors might give up and move on to a less expensive target who is more tangible in terms of time invested and risk of the exploit campaign being discovered. How Can Someone Elevate the Cost of an Attack? Here is a set of best practices and habits in general. Each case is unique, but the main idea is to make threat actors lack motivation once it becomes too laborious to carry out their operation, thus increasing their risk of failure. Among the basic recommendations to improve the security of our mobile devices, we could highlight the following: Always use a VPN connection to connect to the Internet. This will help making your network traffic not easily interceptable and susceptible to malware that could be directly injected into a legitimate application being downloaded from the internet. Do not charge your mobile devices using a USB port connected to a computer. The best thing you can do is to plug your phone directly into the AC power adapter. Install an anti-malware program. It has to be the best one. It seems that the future of these solutions lies precisely in the same technologies already implemented for desktop security: Default Deny and Whitelisting. Protect your devices with a password, not a PIN. If the PIN is found, threat actors may gain physical access to your mobile device and install the implant without your knowledge. Use encryption in the data storage memories implemented by your mobile devices. This advice is especially current for devices that allow for memory disks extraction. If threat actors extract your memory by connecting it to another device, they’ll also be able to easily manipulate your operating system and your data in general. Do NOT Jailbreak your device, especially if you’re not very sure what it implies. Don’t use second-hand cell phones that may already come with pre-installed implants. This piece of advice is especially important if your cell phone comes from someone you’re not very familiar with. Always keep the operating system in your mobile device updated and install the latest upgrade as soon as it becomes available. Review all processes being executed in your device memory. Review all authorized apps in your system and disable the automatic data submission function for logs and other service data, even if the communication is between your cell phone and your provider. Finally, keep in mind that, without a doubt, conventional conversations in a natural environment are always safer than those carried out electronically.
2016 looks like it could be a big year for Nokia. Joel W. Rogers/CORBIS Nokia is diving headfirst into 2016 with a move that will transform it into one of the world's biggest broadband equipment suppliers. The Finnish tech firm gained control of Fre...
Enlarge Image Nokia's professional-level Ozo camera is capable of capturing 360-degree video and spatial audio. Nokia Nokia is betting the technological wave of virtual reality will be big enough that companies will shell out $60,000 for a camera t...
Behold the power of cartoon icons. Finland unveils national emoji icons, hotels let you order room service by texting emojis, and a wireless emoji keyboard is a dream for power users. by Bridget Carey @BridgetCarey / November 5, 20152:15 PM PST
Will strong research divisions be enough to let Nokia compete with Huawei and Ericsson?
Microsoft plans to shut down two former Nokia device manufacturing plants in China, which means 9,000 jobs will be lost in the latest round of cuts since it acquired Nokia in April 2014. The closure of the plants, located in Beijing and the south-eastern city of Dongguan, were planned last year, according to Microsoft News. Microsoft also plans to send some of the plant equipment to its manufacturing facility in Vietnam. The closures and transfer of production capacity to Vietnam are expected to be completed by the end of March 2015. In July 2014, Microsoft announced plans to cut 18,000 jobs in 2015, most of them at Nokia, which added 25,000 staff to Microsoft's payroll through the acquisition. A Microsoft spokesman confirmed that the latest cuts are part of the restructuring announced last July. “The timing of actual departure was staggered due to local and legal requirements,” he told the Seattle Times. Microsoft said 12,500 professional and factory positions would be eliminated in the alignment of the Nokia business with Microsoft's main operations. Microsoft chief executive Satya Nadella said the job cuts were, in part, aimed at moving Microsoft away from its core software operations towards its cloud computing business. “We are not in hardware for hardware’s sake, and the first-party device portfolio will be aligned to our strategic direction as a productivity and platform company,” he said. Nadella said the job cuts were part of plans to reduce the layers of management and accelerate the flow of information and decision-making. “This includes flattening organisations and increasing the span of control of people managers,” he added. The plant closures in China will put most of Microsoft’s phone production in Vietnam, which is in line with the current trend among global manufacturers. Many are moving out of China, where economic growth has pushed wages higher, to countries in South-East Asia, such as Vietnam and Cambodia, where wages are lower. Former Nokia plants in Manaus, Brazil and Reynosa, Mexico, have been spared closure. The Manaus plant is manufacturing Microsoft products, and Reynosa will be converted into a repair facility. Email Alerts Register now to receive IT-related news, guides and more, delivered to your inbox. By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy. Read More Related content from RELATED CONTENT FROM THE TECHTARGET NETWORK
The new Lumia 530 Windows smartphone will be available to T-Mobile customers on Oct. 15 from Best Buy and Microsoft stores, or available directly through T-Mobile starting on Oct. 15. The price for the phones through T-Mobile is $79.20 each, the comp...