WhatsApp bug opened door to hacking

Fixed: A flaw in the Web version of WhatsApp made it possible for hackers to hide malicious code in seemingly innocent “vCards” containing contact information. — AFP

Fixed: A flaw in the Web version of WhatsApp made it possible for hackers to hide malicious code in seemingly innocent “vCards” containing contact information. — AFP

SAN FRANCISCO: WhatsApp recently patched a flaw that left 200 million users vulnerable to being hacked using booby-trapped digital cards for contact details, according to a US computer security firm.

Facebook-owned messaging application WhatsApp boasts more than 900 million users, some 200 million of them who access the service on computer browser software that mirrors activity from mobile devices.

A flaw in the Web version of WhatsApp made it possible for hackers to hide malicious code in seemingly innocent “vCards” containing contact information.

Opening tainted cards allowed viruses to infect computers, potentially allowing hackers to steal control or information, according to an online post by Check Point computer security firm.

Hackers would only need a target’s smartphone number and for the person to open the “vCard.”

Check Point said that it disclosed the vulnerability to WhatsApp last month and that an updated version of the application was released. — AFP

Source: The Star Online

Apple launches new iPhone 6s models, iPad Pro and Apple TV

Every Apple event is always preceded by intense speculation on what the company is about to release.

For this year’s event, the Internet rumour mill ground into overtime with a number of obvious and not-so-obvious predictions.

These ranged from the inevitable iPhone 6s and iPhone 6s Plus devices to a new Apple TV and and a larger screen tablet called the iPad Pro.

Also, there were a few sure things which had already been announced, namely iOS 9, watchOS 2 and the next Mac OS X El Capitan.

So now that the event is over and all has been revealed, what did we get?

Same design, new stuff: While the iPhone 6s and 6s Plus share the same design as the iPhone 6, there are a lot of changes under the hood.

Same design, new stuff: While the iPhone 6s and 6s Plus share the same design as the iPhone 6, there are a lot of changes under the hood.

iPhone 6s and iPhone 6s Plus
Based on past experience, the iPhone model following a major new redesign differed little in looks, but got a speed bump and some hardware tweaks.

So after the iPhone 3G you got the iPhone 3GS, after the iPhone 4 you got the iPhone 4S and after the iPhone 5 was the iPhone 5S.

For the iPhone 6s and iPhone 6s Plus, the Internet predicted that it will have the same design, but will be slightly thicker (to prevent any more “bendgate” incidents) and, most interesting of all, feature a new Force Touch capable screen.

So what did we get?

The Apple event indeed revealed the iPhone 6s and 6s Plus – while they look the same as the current models, CEO Tim Cook says they are very different on the inside.

Chief amongst these changes is the 3D Touch feature (looks like that’s what Apple is calling Force Touch now) and while we expected it, Apple’s implementation will completely change how you interact with iOS.

Using the same feature first seen in the Apple Watch, the iPhone 6s and 6s Plus take the whole “press harder” idea to a whole new level by adding new functions.

At its most basic, you can press down an app and bring up a context menu that shows your most-used actions relating to that app.

However, what 3D Touch really enables is a right-click paradigm in iOS – press harder in your summary of email messages and you’ll get to peek at the entire email, while pressing harder you’ll open the email proper.

See a link in iMessages? 3D Touch on it and you can pop-up a quick browser window to see the webpage – lift your finger to go back to your message.

In fact, instead of double-clicking on the Home button to bring up the multitasking menu, on the iPhone 6s and 6s Plus you can do this by pressing down harder while in an app and swiping to switch between open apps.

On the hardware front, the iPhone 6s and 6s Plus share the same resolution as before, but internally, many of the hardware features have been upgraded.

The processor is, as expected, a new A9 processor with an M9 motion co-processor, while the Touch ID sensor is now claimed to be even faster than before.

What’s an iPhone without a class-leading camera? The iPhone 6s and 6s Plus don’t disappoint – both come with an upgraded 12-megapixel image sensor which Apple claims not only captures more detail than before, but does this without compromising on detail and colour accuracy.

Apple is also introducing a feature called Live Photos with the iPhone 6s and 6s Plus which captures a short video clip before and after your still photo so you can see your photos in motion when you press down on a photo.

Yes, we’ve seen this feature in another smartphone before.

More importantly, the new sensor also allows for 4K video recording and according to Apple’s Phil Schiller, senior vice president of worldwide marketing, the iPhone 6s and 6s Plus can edit 4K video directly in iMovie on the device itself.

The front-facing camera has also been upgraded to a 5-megapixel FaceTime camera and taking a trick from an old iMac, the LCD screen can be used as a makeshift flash to help illuminate your face when taking a selfie.

Oh yes, the rumours were also correct in that both new models are built on a stronger 7000 series aircraft grade aluminium alloy and cover glass.

While no local prices have been announced, a quick check on the US Apple Store reveals that the contract-free iPhone 6s will go for US$649 (RM2,800) for the 16GB version, US$749 (RM3,200) for 64GB and US$849 (RM3,650) for 128GB.

Meanwhile, the iPhone 6s Plus is priced at US$749 (RM3,200) for 16GB, US$849 (RM3,650) for 64GB and US$949 (RM4,100) for 128GB.

The US pricing is actually the same as before, but at our current exchange rate, the devices are going to be quite hard on the wallet unless Apple decides to charge a bit lower locally.

The new iPhones are slated for launch in the United States and some countries on Sept 12, while countries like Hong Kong and Singapore will get them by Sept 25.

As usual, Malaysia is not specifically listed in any of those launch dates, and we will probably have to wait till the end of the year before we can purchase one.

More TV: The redesigned Apple TV is bigger but offers more storage, an App Store and a new remote control. It ships in late October in the United States.

More TV: The redesigned Apple TV is bigger but offers more storage, an App Store and a new remote control. It ships in late October in the United States.

Revamped Apple TV
Having been left alone and unloved since the last update in 2013, the Apple TV was rumoured for a big update at this Sept 9 event.

Most of the rumours seem to agree that the new Apple TV would be larger, feature a touch-based remote control and a host of new services including an App Store, TV streaming service, Siri integration and more on-board storage than the meagre 1GB on current models.

However, the most exciting rumour was that the App Store would support games that could be played on the TV with a wireless controller.

Indeed, as it turns out, all the rumours were right and a new Apple TV was announced with more powerful hardware and an App Store.

It is physically larger than its predecessor but that’s because it’s sporting new powerful hardware and a lot of cool features.

For one thing, the remote is now touch- and Siri-enabled so you can swipe across the surface of the remote to access the menu options.

The real magic is in Siri – you can specifically ask for particular shows or genres as you’d expect but what makes it powerful is that you can ask specific questions like, “Show me the Modern Family episode with Edward Norton” and get Siri to find it for you.

Even more interesting is that if you missed a bit of conversation in the show, you can ask Siri something like, “What did she say?” and Siri will rewind the show back 15-seconds and temporarily turn on captions to help you catch what you missed.

Of course, with the appearance of the App Store, the new Apple TV can install not just entertainment apps but also games while the remote can be used as the game controller.

Music gaming company Harmonix, showed a very cool music-themed game called Beat Sports which takes advantage of the motion sensor in the Apple TV remote to offer gameplay similar to the Nintendo Wii games of yesteryear.

Also, games can be started on the iPhone or iPad and continued seamlessly on the Apple TV later.

Instead of simply being “based on iOS”, Apple is calling the iOS-based operating system on the Apple TV the tvOS.

The Apple TV is slated to be available in October in 80 countries.

There will be two versions – a 32GB version for US$149 (RM650) and 64GB for US$199 (RM850).

Bigger is better: The iPad Pro's 12.9in screen and more powerful processor allows for easy typing and a more notebook-like experience

Bigger is better: The iPad Pro’s 12.9in screen and more powerful processor allows for easy typing and a more notebook-like experience

iPad goes Pro
The iPad Pro rumour has been floating around for a while now and many agree that Apple has indeed been working on a tablet with a screen of 12in or 13in in size.

Apart from the screen size, the ability to run apps side-by-side and a rumoured stylus, however, very little information was leaked about this new device.

So did we get the iPad Pro? Yes, indeed, and it even has a stylus!

The iPad Pro comes with a 12.9in oxide TFT LCD screen with a 2,732 x 2,048-pixel screen – that’s  a whopping 5.6 megapixels with a pixels-per-inch density of 264 for anyone who’s counting!

The device runs on the new A9X processor which Apple’s Phil Schiller claims is 1.8x faster than the A8X processor it replaces with double the performance when it comes to graphics.

Schiller also showed off how the iPad Pro is actually powerful enough to edit three streams of 4K video simultaneously – that’s impressive considering that many PCs today still struggle with editing 4K video.

For the first time, the iPad Pro comes with a four-speaker system which automatically changes the stereo left and right channels depending on the orientation.

Apparently, all four speakers are used to subtly enhance the stereo soundstaging as well.

The iPad Pro also comes with a new magnetic connector which connects to an optional Smart Cover, a magnetic cover with an integrated keyboard – yes, we’ve seen a similar accessory for Microsoft’s Surface Pro tablet already.

Lightning charge: The back of the Apple Pencil pops open to reveal a Lightning connector which can be plugged right into an iPad Pro to charge the stylus

Lightning charge: The back of the Apple Pencil pops open to reveal a Lightning connector which can be plugged right into an iPad Pro to charge the stylus

Finally, there’s the Apple Pencil – again, it’s similar to powered styli we’ve seen with other tablets and it recognises pressure as well.

What’s interesting, however, is how the Apple Pencil charges – the back of the stylus pops off to reveal a Lightning connector which plugs directly into the bottom of the iPad Pro to charge.

A number of apps compatible with the Apple Pencil were shown off, including one from Adobe called Photoshop Fix.

The iPad Pro starts at US$799 (RM3,450) for a 32GB WiFi-only version, US$949 (RM4,100) for a 128GB WiFi version and finally, a 128GB WiFi plus cellular version which will set you back US$1079 (RM4,650).

The iPad Pro ships in November in the United States, but there is no information yet on when it will be available here.

New storage plans:Apple also announced upgraded iCloud storage plans

New storage plans:Apple also announced upgraded iCloud storage plans

Well, there’s a lot more of “me-too” in this launch, with Apple adding many features to its devices which we’ve seen before in other rival models.

However, the 3D Touch features integrated into the new iPhones promise to be quite revolutionary. We can see many of these features actually being truly useful on a day-to-day basis.

The iPad Pro is an interesting device – again it’s sort of playing catch up to other large tablets out there, most notably the Microsoft Surface 3 Pro with its Type Keyboard and stylus, but it does take the iPad line into a new place.

Source: The Star Online

China shuts 50 websites and social media accounts

A picture illustration shows a WeChat app icon in Beijing, December 5, 2013. Credit: Reuters/Petar Kujundzic

A picture illustration shows a WeChat app icon in Beijing, December 5, 2013.
Credit: Reuters/Petar Kujundzic

China has closed 50 websites and social media accounts for violations ranging from pornography to “publishing political news without a permit”, Beijing’s cyberspace watchdog said on Tuesday.

The government is pursuing a crackdown on unwanted material online. Critics say the increasing restrictions further limit free speech in the one-party Communist state.

Authorities shut 17 public pages on the mobile social messaging app Weixin, also known as WeChat in English, as well as 24 websites and 9 channels or columns on websites, the Cyberspace Administration of China (CAC) said in a statement on its website (www.cac.gov.cn).

The Weixin accounts were shut down during the past two months, the state-run news agency Xinhua said.

Some of the other offences listed by CAC include publishing fake information under the guise of the government or media, and publishing information related to gambling or fraud.

Jiang Jun, a spokesman for the cyberspace watchdog, said the CAC would regularly publish a “black list” of violators, according to the statement.

Last fall, Xinhua said the cyberspace watchdog had closed nearly 1.8 million accounts on social networking and instant messaging services since launching an anti-pornography campaign earlier in the year.

In 2014, authorities received almost 11 million reports of what was described as harmful information online, Xinhua reported separately on Tuesday.

In November, Chinese officials called for controls on the Internet to preserve stability.

With a population of 1.4 billion and 632 million people online, China is a market no one wants to miss out on. But it also has the world’s most sophisticated online censorship system, known outside the country as the Great Firewall.

It blocks many social media services, such as Twitter, Facebook, YouTube, Instagram, Snapchat and Google, along with many rights groups sites and some foreign media agencies.

Source: Reuters


Google aiming to go straight into car with next Android

ANDROID IN YOUR AUTOMOBILE: Google will provide details for its long-term plan to put Android Auto directly into cars. — Reuters

ANDROID IN YOUR AUTOMOBILE: Google will provide details for its long-term plan to put Android Auto directly into cars. — Reuters

Google Inc is laying the groundwork for a version of Android that would be built directly into cars, sources said, allowing drivers to enjoy all the benefits of the Internet without even plugging in their smartphones.

The move is a major step up from Google’s current Android Auto software, which comes with the latest version of its smartphone operating system and requires a phone to be plugged into a compatible car with a built-in screen to access streaming music, maps and other apps. The first such vehicles will debut in 2015.

Google, however, has never provided details or a timeframe for its long-term plan to put Android Auto directly into cars. The company now plans to do so when it rolls out the next version of its operating system, dubbed Android M, expected in a year or so, two people with knowledge of the matter said.

The sources declined to be identified because they were not authorised to discuss the plans publicly.

“It provides a much stronger foothold for Google to really be part of the vehicle rather than being an add-on,” said Thilo Koslowski, vice president and Automotive Practice Leader of industry research firm Gartner, who noted that he was unaware of Google’s latest plans in this area.

If successful, Android would become the standard system powering a car’s entertainment and navigation features, solidifying Google’s position in a new market where it is competing with arch-rival Apple Inc. Google could also potentially access the valuable trove of data collected by a vehicle.

Direct integration into cars ensures that drivers will use Google’s services every time they turn on the ignition, without having to plug in the phone. It could allow Google to make more use of a car’s camera, sensors, fuel gauge, and Internet connections that come with some newer car models.

Analysts said Google’s plan could face various technical and business challenges, including convincing automakers to integrate its services so tightly into their vehicles.

Google declined to comment.

Technology companies are racing to design appliances, wristwatches and other gadgets that connect to the Internet. Automobiles are a particularly attractive prospect because Americans spend nearly 50 minutes per day on average on their commute, according to US Census data.

Apple unveiled its CarPlay software in March and Google has signed on dozens of companies, including Hyundai, General Motors Co and Nissan Motor Co , for its Open Automotive Alliance and its Android Auto product.

Android Auto and CarPlay both “project” their smartphone apps onto the car’s screen. Many of the first compatible cars are expected to be on display at the upcoming Consumer Electronics Show in Las Vegas next month.

By building Android into a car, Google’s services would not be at risk of switching off when a smartphone battery runs out of power, for example.

“With embedded it’s always on, always there,” said one of the sources, referring to the built-in version of Android Auto. “You don’t have to depend on your phone being there and on.”

By tapping into the car’s components, Google could also gain valuable information to feed its data-hungry advertising business model. “You can get access to GPS location, where you stop, where you travel everyday, your speed, your fuel level, where you stop for gas,” one of the sources said.

But the source noted that Android would need major improvements in performance and stability for carmakers to adopt it. In particular, Android Auto would need to power-up instantly when the driver turns the car on, instead of having to wait more than 30 seconds, as happens with many smartphones.

Automakers might also be wary of giving Google access to in-car components that could raise safety and liability concerns, and be reluctant to give Google such a prime spot in their vehicles.

“Automakers want to keep their brand appeal and keep their differentiation,” said Mark Boyadjis, an analyst with industry research firm IHS Automotive. “Automakers don’t want to have a state of the industry where you get in any vehicle and it’s just the same experience wherever you go.” — Reuters

Google revealed Android 5.0 ‘Lollipop’


Google has just revealed that the next major version of Android, 5.0, will be known as Lollipop. After months of teasing the OS, the search giant is finally taking what was previously known as Android “L” into the mainstream, with the first set of the devices expected to arrive early next month. Speaking of which, Android Lollipop will make its debut on the new Nexus 6, a big-screen smartphone from Motorola; the Nexus 9, an 8.9-inch tablet made by HTC; and the Nexus Player, a $99 media-streaming box with Android TV, the first one with Google’s novel home entertainment platform. What’s more, the company confirmed that Lollipop is coming to the Nexus 5, Nexus 7 and Nexus 10, as well as Google Play edition devices, in the coming weeks.

To make things better, Android 5.0 is also headed to a number of Motorola smartphones, such as both generations of the Moto X and Moto G (including the LTE model), Moto E, Droid Maxx, Droid Mini and Droid Ultra. Motorola didn’t say when exactly the upgrade would be available for those devices, but at least it has confirmed its plans to do so. Now that Google’s let the Lollipop out of the bag, we’re sure more manufacturers are due to start coming forward with their own announcement.

The Android 5.0 SDK is going to be available on Friday, October 17th, which means everything is slowly, and sweetly falling into place ahead of next month. In the meantime, stay tuned, because we’ll be updating this post if any additional details come in.

Source: Engadget

Banker Malware Targeting Malaysian Internet Banking User

MyCERT Alert

1.0 Introduction

MyCERT had received several reports regarding a malware that targets Malaysian Internet banking customers. Based on our initial analysis, we found this campaign uses the Zeus banking malware family as its Modus Operandi in this campaign.

Attacker will infect victim’s computers with Zeus banker malware which will inject modified fake contents or page while a user is browsing a legitimate online banking website.

2.0 Affected Systems

Based on our initial analysis of a sample incident, we found the below is the affected system:

2.1 Smartphone running on Android
2.2 Vulnerable and unpatched Windows Operating System

3.0 Impact

3.1 The malware will inject a modified fake contents that looks like a real online banking website when user is browsing a legitimate online banking website, in which the content will request victim’s smartphone operating system and mobile number.

3.2 The malware will SMS to the smartphone a malicious APK and infect the smart phone in order to establish callback with the attackers for further instructions.

4.0 Technical Details

Attacker will infect victim’s computers with Zeus banker malware which will inject modified contents when users is browsing a legitimate online banking website, as shown in the below sample image of the injected page.


The modified content will prompt user to choose their smartphone Operating System and provide their phone number as well. With the phone number information, attacker will send SMS containing link to a malicious APK known as Zitmo malware to the victim’s smartphone, purportedly to be a an online banking verification certificate.

Once the APK is installed in the smartphone, a popup message will appear and the Zitmo malware will attempt to make callback to attacker through SMS and wait for further instruction.

Few days later, attacker will login to victim’s online banking account using the stolen credentials and perform online transaction successfully by using intercepted TAC number.

The mobile malware has been discovered since late September 2010 but first time being used in malware campaign targeting Malaysian Online Banking users.

5.0 Recommendation

5.1 For laptop/PC User:

1) Install robust anti-virus, anti-spyware and firewall software on your computer and other devices and configure it to update regularly.

2) Perform regular scans of your systems for malware and other risks.

3) Operating system providers such as Microsoft, periodically releases updates and patches that improve the security of your operating system. You should periodically check for these updates and keep your system current or configure it to do so automatically.

4) When accessing to online banking, make sure there is no pop-up/window that requires personal info such as credit card number, smartphone platform(Android/iOS) etc. Do not enter those information if required.

5) Use only a dedicated computer or laptop to do online banking

6) If you suspect your bank account has been compromised or spot any activity you have not authorized, please notify your banking provider immediately.

7) Please ensure you logout properly at the end of each session by clicking log-out button. Do not exit by simply closing the browser window.

8) If you come across anything suspicious when you do banking online such as unusual web pages asking for banking information, notify your bank provider immediately.

9) Never respond to any email/advertisements requesting you to provide your login details or log in via a link sent in an email/applications. The bank will never send you a mail or provide links in any applications like that, and such a request is likely to be a phishing attempt.

5.2) For Smartphone Users:

1) Verify an app’s permission and the app’s author or publisher before installing it.

2) Do not click on adware or suspicious URL sent through SMS/messaging services. Malicious program could be attached to collect user’s information.

3) Since URL on mobile site appears differently from desktop browser, make sure to verify it first.

4) Always run a reputable anti-virus on your smartphone/mobile devices, and keep it up to date regularly.

5) Don’t use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use. These can be open windows for eavesdroppers intercepting the transaction or installing spyware and other malware on user’s smartphone/tablet.

6) Update the operating system and applications on smartphone/tablet, including the browser, in order to avoid any malicious exploits of security holes in out-dates versions.

7) Do not root or otherwise ‘Jailbreak’ your phone; avoid side loading
(installing from non-official sources) when you can. If you do install Android software from a source other than the Market, be sure that it is coming from a reputable source.

6.0 References

6.1. Kapersky report on Zitmo malware

6.2. ATSEngine

Source: CyberSecurity Malaysia