STE WILLIAMS

The US Deputy Attorney General has told business leaders that Uncle Sam won’t demand mandatory backdoors in encryption – so long as companies can cough up an unencrypted copy of every message, call, photo or other form of communications they handle.

Speaking at the 2017 North American International Cyber Summit in Detroit on Monday, Deputy Attorney General Rod Rosenstein appeared to shift tack on his earlier position that end-to-end encryption systems, such as instant messengers and video call apps, should grant special access exclusively to crime investigators on demand.

Tech giants are resisting weakening their strong end-to-end and filesystem crypto just to help cops and Feds arbitrarily decipher suspects’ messages and files on devices. So, Rosenstein has another approach: let people send stuff encrypted as normal, but a plaintext copy of everything – from communications to files on devices – must be retained in an unencrypted form for investigators to delve into as needed.

“Encryption serves a valuable purpose. It is a foundational element of data security and essential to safeguarding data against cyber-attacks. It is critical to the growth and flourishing of the digital economy, and we support it. I support strong and responsible encryption,” he said.

“I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so.”

Despite the fact that doing this would be a massive money and time suck, in terms of storage capacity and processing, it also kind of takes the point out of using encrypted conversations for privacy. It also means that any hacker who breaks into these archives would have access to the crown jewels of personal and corporate secrets.

‘There has never been a right to absolute privacy’ – US Deputy AG slams ‘warrant-proof’ crypto

READ MORE

Mind you, that would surely never happen. We never come across stories about servers getting hacked, and certainly the government is immune from such incidents, especially where they involve staffers’ fingerprints and security clearances.

Rosenstein prefaced his suggestions with dire warnings about the effects of online crime. Since January 1 last year, there has been an average of 4,000 ransomware “attacks” a day, up 300 per cent on the previous year, he claimed, and said the FBI warned him ransomware infects more than 100,000 computers a day around the world.

In other scary news, Rosenstein warned that botnets – commandeered internet-of-things devices – could end up crashing large chunks of the internet. Speaking of crashing, he also warned that hackers could launch devastating attacks against autonomous cars that could leave passengers injured or killed.

He said that some CEOs had told him that they were reluctant to report hacking attacks to the authorities. Rosenstein said he understood those concerns but that it was vital for businesses to get in touch so that the perpetrators could be stopped from using the same attacks against others.

“Many cyberattacks are directed by foreign governments. When you are up against the military or intelligence services of a foreign nation-state, you should have our federal government in your corner,” he said.

“By alerting law enforcement about a cyber incident, your organization performs a public service; it helps strengthen the cyber defenses of others. When law enforcement understands the details of an attack, we can promptly work on trying to apprehend the perpetrator, potentially before the next attack.” ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/10/30/encryption_backdoors_plaintext_deputy_ag/

Mozilla has incorporated a privacy protection option pioneered by The Tor Project into Firefox’s code, but plans to make the feature available only through the browser’s nightly builds.

For the past four years, Mozilla developers have been mulling how the Tor browser, which is based on Firefox ESR, prevents the use of the Canvas API for browser fingerprinting, a method for secretly tracking and potentially unmasking browser users online.

Modern browsers can be directed to write hidden data to the Canvas graphics layer and to then hash the data to generate a distinct identifier. Identifiers of this sort can be used to distinguish one unauthenticated user from another across websites, in what amounts to a denial-of-privacy attack.

Unlike tracking methods that rely on accepting a file from a server – one-pixel images, cookie files, and the like – browser fingerprinting isn’t easily blocked because it relies on information made available by the client.

Tracking of this sort can be done without the Canvas API, by analyzing the collected technical details automatically disclosed by browsers. Together, these details are often enough to create a set of browser characteristics that, without additional information, can distinguish website visitors from one another. Tracked characteristics may include configuration settings like installed fonts, whether JavaScript is enabled, the specified timezone, the operating system, the language, and the browser’s HTTP user-agent string.

There are extensions that can mitigate such data collection but the extensions may themselves be used as a form of identifying mark. In general, the best defense against browser profiling is to have one’s system appear like everyone else’s, in order to disappear into the crowd.

Regardless, the Canvas API makes tracking easier. According to a discussion on the Firefox bug tracking forum, when Firefox 58 arrives as a beta release next month, it should have an option to “Manage canvas extraction permission.”

The discussion thread indicates there’s still some debate about the wording of the option and how it will be presented. Presently, it looks like the permission could be presented as a tooltip on a button that lets users open a panel to manage settings for websites accessing image data.

But Mozilla isn’t currently planning to expose the feature to the public via its beta or stable channels.

“Mozilla is working with the Tor Project to add a number of privacy and security features to the shared codebase that both Mozilla and Tor use to produce Firefox and Tor browser respectively,” said Selena Deckelmann, director of Firefox Runtime, in an email to The Register. “Canvas Fingerprinting is one such feature, however it is disabled by default and we have no current plans to ship Canvas Fingerprinting in Firefox beyond the Nightly channel.”

Deckelmann said the Canvas privacy feature is part of Mozilla’s Tor Uplift project to incorporate their patches into Firefox core code to make it easier for them to build the Tor browser.

There may be some consequences to disabling access to the Canvas, suggests Mozilla contributor Tim Nguyen, because Firefox does this by spoofing the User Agent so the browser appears to be an older version, Firefox 50, and spoofs timezones so they appear as UTC (which may affect calendar entries).

What’s more, the beneficial effect of gagging the Canvas may be minimal, because so many other browser settings will rat users out. But it’s a step in the right direction, for Tor users at least. ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/10/30/firefox_canvas_privacy_tor/

Whatever Google has in mind to replace its reCaptcha had better be ready soon: another research group has found a way to defeat it.

Late last week, researchers from startup Vicarious demonstrated their attack against reCaptcha’s image-based “I’m not a robot” proof. Now University of Maryland boffins have busted Google’s audio accessibility feature.

The University’s Kevin Bock, Daven Patel, George Hughey and Dave Levin call unCaptcha a low-resource defeat of the audio challenge that usually beats reCaptcha “less time than it takes to even play the audio challenge!”

By the numbers, they claim 85.15 per cent accuracy in 5.42 seconds over 450 reCaptcha challenges from live Websites.

The secret to getting cracking reCaptcha’s audio so quickly? The cloud, of course: rather than running their own audio analysis, the researchers used multiple online speech-to-text services, as described in full in this paper [PDF]:

• Download the audio captcha;
• Segment the audio into individual digit audio clips;
• Upload each segment to multiple online speech-to-text services;
• Convert these services’ responses to digits including:
  • Exact homophones: If it is “one” “two”, etc., then guess that number
  • Near homophones: If it sounds like a digit, like “true” sounds like “two”, then guess what it sounds like
  • Ensemble the multiple services together by taking a weighted vote based on confidence;
• And finally upload the answer.

Some of this had already been demonstrated, the researchers explain, in a project called ReBreakCaptcha posted at GitHub in February.

The University of Maryland researchers say their main contribution is in improving audio pre-processing, so the online speech-to-text converters work more accurately.

Segmenting the audio, the paper explains, is easy: with no background noise added to reCaptcha, the pre-processing need only identify silence. With the segments identified, unCaptcha then adds two steps not attempted in ReBreakCaptcha: phonetic mapping, and ensembling.

The phonetic mapping stage handles things like homophones (too/two/to/2) and near-homophones (free/3, sex/6 – the latter, of course, a true homophone in New Zealand) so that what’s passed to the speech-to-text engine gets a more accurate result.

“Ensembling” helps sort out which speech-to-text engines are most accurate by weighting results: “In essence, each candidate answer gets a weighted vote; the answer with the highest weight wins”, the paper says.

Possible countermeasures the paper suggests include giving reCaptcha a bigger vocabulary for its audio challenges, adding background noise to make it harder to segment the challenge into individual words, or making the challenge a set of instructions like “move your mouse upwards” or “type this word”. ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/10/31/uncaptcha_research_cracks_audio_captchas/

A security researcher accessed the most critical bugs in Google products and services by spoofing a corporate email address.

A security researcher was able to view some of Google’s most severe vulnerabilities due to flaws in the company’s internal bug tracking system, he said. The Issue Tracker, or Buganizer, as it’s known internally, is used among researchers and bug hunters to submit issues found in Google products and services.

External users only get to see “the tip of the iceberg” when it comes to issues submitted to the Buganizer, says Alex Birsan, who found the vulnerabilities. Birsan spoofed a Google corporate email address to enter the system’s back end. The system believed he was an employee and allowed him to view bug reports and mark those he wanted updates on.

Birsan discovered thousands of Google bug reports in his research. Some flaws were designated “priority zero,” a term for the most dangerous vulnerabilities. He was compensated a total of $15,600 in bug bounties from Google as a result of his work.

“Bug trackers used within prominent tech companies can be a hugely lucrative target for attackers looking to improve their 0-day capabilities,” says Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposures Research Team. Access to a private bug tracker gives the attackers lead time toward crafting an exploit as well as for finding related bugs before the public security community has a chance to do so.”

Read Birsan’s full write-up here.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/google-bug-database-flaws-expose-severe-vulnerabilities/d/d-id/1330264?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Warning from Kaspersky Lab second in recent month involving heightened threat activity in Middle East and North Africa.

Cyber threat activity in the Middle East and North Africa (MENA) appears to be ramping up.

Gaza Cybergang, a threat actor that has been targeting organizations in the MENA region since at least 2012, has added new malicious tools to its cyber arsenal, Kaspersky Lab warned Monday.

Among the new tools are exploits for a fairly recent vulnerability in Microsoft Access (CVE 2017-0199), at least one Android spyware sample, and spearphishing documents with highly topical geopolitical messages for delivering malware to targets.

Gaza Cybergang has continuously attacked government organizations, oil and gas companies, embassies, diplomatic staff and media in the MENA region for the past several years and recently appears to have expanded its operations there, Kaspersky Lab said.

Now the focus appears to be on gathering any type of intelligence across the Middle East and North Africa, which was not the case previously, the vendor noted. One of the group’s latest victims is an oil and gas company that appears to have been infiltrated more than a year ago.

The Kaspersky Lab report is the second warning in recent weeks that involves a threat actor in the Middle East and North Africa and suggests that cyber criminal activity in the region is accelerating.

In September, Palo Alto Networks warned about a massive adversary infrastructure it had discovered that is being used to target government and private organizations, including those in critical sectors, across the Middle East and North Africa. Palo Alto Networks had described the threat campaign it discovered as having links to another campaign involving OilRig, a malware tool that has been used to steal data from government, airline, financial services, and other organizations in Saudi Arabia.

A lot of the activty is being fueled by what Trend Micro recently described as a thriving cybercrime underground market that provides threat actors in the MENA region with easy – and often free – access to sophisticated malware tools.

According to Kaspersky Lab, the Gaza Cybergang has been using spearphishing emails with malware-laced attachments and download-links to infect target systems.  

Starting around March this year, the group has also begun using Microsoft Access documents with embedded macros to take control of systems and infect them with malware for logging keystrokes, stealing files, and taking screenshots on victim devices. The exploit for the Microsoft Access vulnerability has given the attackers direct code execution abilities from Microsoft Office documents on non-patched systems, Kaspersky Lab said.

The Gaza Cybergang has increasingly begun using local incidents with geopolitical or humanitarian implications to craft its spearphishing emails. Examples of recent lures have included emails with subjects pertaining to the Palestinian government not paying salaries to Gaza employees, the political crisis in Qatar, and news about a hunger strike by Palestinian prisoners in Israeli jails.

Some of the files that Kaspersky Lab has investigated suggest that the Gaza Cybergang may have an Android Trojan in their toolkit as well, the company said. The new tools have equipped the threat actor with the ability to bypass many current security products and remain persistent on a victim’s network for a prolonged period.

“Due to significant improvements in the group’s techniques, we expect the quantity and quality of Gaza Cybergang attacks to intensify in the near future,” Kaspersky Lab said. “People and organizations that fall into their target scope should be more cautious when online.”

Related content:

• Malware Investigation Leads to Sophisticated Mideast Threat Network
• Cybercrime Meets Culture In Middle East, North African Underground
• Report: ‘OilRig’ Attacks Expanding Across Industries, Geographies
• Meet Some Of The Emerging Israeli Cybersecurity Firms 

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/gaza-cybergang-acquires-new-tools-expands-operations/d/d-id/1330266?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Once upon a time, there was a Dell domain called (deep breath…)

dellbackupandrecoverycloudstorage.com

(Loooooooooong name, isn’t it? Kind of asking for trouble a la Equifax and that silly domain name it came up with post-mega-breach, wouldn’t you say? But that’s another story.)

Its purpose is to serve as an information repository for Dell’s data protection products. Its other job is to be a home base for Dell’s Backup and Recovery application, which “enables the user to backup and restore their data with just a few clicks.”

As Dell customer liaison Jesse L described it on a Dell support forum, the basic version of that program is installed by default on Dell PCs:

The Basic version comes pre-installed on all systems and allows the user to create the system recovery media and take a backup of the factory installed applications and drivers. It also helps the user to restore the computer to the factory image in case of an OS issue.

In other words, if you have a problem on your system – say, all of your files have been wiped or encrypted by malware – you can use Backup and Recovery to restore it to a pristine state.

As you can see, this all means that whoever controls that mouthful of a domain name could exercise an awful lot of power over the data on Dell customers’ systems.

Fine, if that somebody is Dell, but what if it’s not?

What if the somebody who controlled the domain wasn’t offering an if-all-else-fails route back to a malware-free system but was actually looking to spread malware?

Unfortunately, that may be exactly what happened for about a month this year, from early June to early July 2017.

On Tuesday, security reporter Brian Krebs published a tale of how during that time, the domain slipped out of the hands of a Dell partner – SoftThinks.com, a software backup and imaging solutions provider in Texas.

Krebs explains:

From early June to early July 2017, DellBackupandRecoveryCloudStorage.com was the property of Dmitrii Vassilev of  “TeamInternet.com,” a company listed in Germany that specializes in selling what appears to be typosquatting traffic. Team Internet also appears to be tied to a domain monetization business called ParkingCrew.

A typosquatter registers misspelled domain names (think faceboook or goggle) in the hope of fooling users who mistype them. Type in a domain like that and you might find it hosting ads for scam products, or worse, it might be inhabited by a website designed for phishing or hosting malware.

Regardless of whether TeamInternet was the primary malware shipper or not (it’s possible the site was inadvertently malvertising) the server that was running what should have been a Dell-controlled domain started showing up in malware alerts about two weeks after SoftThinks let it slip out of its grasp.

Dell confirmed it lost control of the domain to The Register. Here’s its statement:

[the domain] expired on June 1, 2017 and was subsequently purchased by a third party. The domain reference in the DBAR application was not updated, so DBAR continued to reach out to the domain after it expired. Dell was alerted of this error and it was addressed.

We do not believe that the Dell Backup and Recovery calls to the URL during the period in question resulted in the transfer of information to or from the site, including the transfer of malware to any user device.

Well, that’s a relief: malware might have been on the menu if you visited the domain with your web browser, but when your Dell Backup and Recovery application came calling it wasn’t.

What isn’t a relief: a major PC and data backup vendor – or what Dell calls the “Great Partner” it entrusts with its customers’ data – managed to #fail at something as easy as renewing a domain.

Of course, Dell isn’t alone in the walk of shame you have to take if your domain somehow slips from your grasp.

Earlier this month we brought you the story of a company that supplies a video relay service (VRS) – including emergency services – to deaf, hard of hearing and speech-disabled people. Forgetting to renew its domain meant a three-day outage for customers and a $3 million fine from the Federal Communications Commission (FCC).

Because really. Really. Failing to renew is hard.

Almost everyone wants you to renew – you want the domain and your registrar wants your money. Even if your domain expires it’s set aside for you and nobody else for what can amount to months of get-out-of-jail-free time as grace and redemption periods play out.

Still, it shouldn’t come to that. There are many ways to stay on top of your domain renewals – you could try to construct a memory palace, say, or perhaps you could get a tattoo, though you’d have to keep up with re-inking – but the easiest option is to hit autorenew when you register the name.

Follow @LisaVaas
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/ww2fs3TYCC8/

At last, a glimmer of hope that a company with industry clout might be about to impose order on flaky Internet of Things (IoT) security.

The saviour-in-waiting is ARM’s open source Platform Security Architecture (PSA), announced this week at the company’s TechCon show, a reference spec for which was promised for early 2018.

Terms like “architecture”, “framework” and “platform” can sound a bit abstract but the gist of the PSA is that it does a lot of difficult legwork for companies who fancy using ARM’s hardware to build their own IoT products and services.

Before designing anything, ARM’s engineers say they modelled likely attacks on different kinds of IoT devices before working out how to protect them.

For example, smart meters are a common IoT device vulnerable to remote attacks which, ARM reasons, can only be protected against by wrapping the meter in verified boot architecture (to stop firmware tampering), based on strong crypto, with a trust architecture to manage it.

What they’ve come up with is the open source “Trusted Firmware-M” designed to work with the company’s ARMv8-M processor architecture. This makes possible:

• A proper root of trust
• A protected crypto keystore
• Software isolation between trusted and untrusted processes
• A way of securely updating firmware
• Easy debugging down to chip level
• A reliable cryptographic random number generator
• On-chip acceleration to make crypto run smoothly

For smart meter developers, building this on their own would lie somewhere between technically complex and economically impossible, one reason why this sector has ended up riddled with security problems.

The most infamous example of where those security problems can lead was last year’s Mirai, a botnet built by hijacking appallingly-secured IoT devices such as routers and webcams.

One insecure webcam is a problem for its owner. Tens of thousands of insecure webcams, corralled into something with the power to launch disruptive DDoS attacks on well-known internet services, are a problem for all of us.

Things have become so bad that the US Congress has even roused itself to propose an Internet of Things Cybersecurity Improvement Act, as a way of enforcing basic standards on device and gateway makers before the crack of doom. Because it’s hard to make this mandatory, a labelling scheme might be needed to sort the wheat from the chaff.

Is the arrival of PSA the moment when things change?

It certainly has backing, including from Google’s Cloud, Microsoft Azure, Cisco and Vodafone, as well as a host of smaller device makers who probably already use ARM kit. Big-name endorsement is important because big names provide (or would like to provide) the platforms on which a growing number of IoT devices operate.

It will also make the security side of IoT development a lot cheaper and easier for device makers of all kinds who will be able to use it to solve myriad complex security problems they might once have ignored or under-estimated.

One slightly confusing issue is that ARM already has the Mbed OS (and Mbed Cloud), launched in 2014 to do something that sounds very similar to the PSA but running on the ARMv7-M architecture. Apparently, PSA doesn’t yet support it but will do so in the future.

Perhaps the biggest takeaway from the PSA is that fixing this sector is not going to be cheap, or quick.

It’s true that the reference architecture is open source but implementing it depends on additional layers such as certificate-based authentication which, presumably, ARM will be delighted to offer at a price.

Device makers, and their customers, have been warned – IoT can be fixed but only by radically reforming the chaotic business model that has powered its breakneck growth rates.

Follow @NakedSecurity
Follow @JohnEDunn

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/W5xk6LJ7Bjo/

The UK Ministry of Defence has unveiled latest its science and technology strategy by writing a jargon-ridden report full of incomprehensible diagrams – but it contains good news for startups.

In the Science and Technology Strategy 2017, which is supposed to underpin the £80m/year Defence Innovation Fund, the ministry’s chief scientific adviser, Hugh Durrant-Whyte, wrote that it is “time for a renewed focus on ST in Defence.”

Durrant-Whyte himself is a professor of robotics at Sydney University and has a background in developing autonomous drones, something the MoD is particularly keen on for battlefield reconnaissance.

“To meet its strategic challenges, Defence must focus on how to get innovative concepts and novel technologies translated and implemented into MOD’s operations and business processes. This is a challenge for the whole of Defence which ST cannot address alone,” the report said.

The Defence Innovation Fund is being slowly spent on bringing startups’ good ideas to life through competitions and funding.

However, exactly how the MoD plans to get the most bang from its innovation buck has been lost in a blizzard of incomprehensible diagrams. Take this sample from the report:

Nope. No idea

If you know what this means, please let us know in the comments section. As one wag remarked to us upon seeing it: “This is why we’re not allowed Visio any more.”

On the flip side, the ministry is very keen to get “academia, industry and those elements of the startup community currently not well engaged with defence and security” into the fold. The giant carrot of the Innovation Fund is supposed to help with this, and some tech-focused startups are receiving central government funding as a result.

One recent recipient of defence largesse is South Wales-based Zoneart Networks, which develops a Wi-Fi tracking product that records the physical location of a user who logs onto a particular network.

The full strategy document can be read on the MoD website. ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/10/30/mod_sci_tech_strategy/

Oracle is urging users of its enterprise identity management system to apply an emergency update to stomp a bug that allows attackers take over the system.

The bug has been given a CVSS score of 10.0 – or critical – and could allow a remote, unauthorised hacker access to systems.

Oracle said the vuln “can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack”.

Oracle described the flaw as “easily exploitable”. It allows “unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager”.

Although the vuln is in the Fusion Middleware component of Oracle Identity Manager, Big Red said that “attacks may significantly impact additional products”.

The bug, designated CVE-2017-10151, does not appear to have been included in Big Red’s quarterly critical patch update, which was released just over a week ago.

That update contained details of 38 other vulns in Oracle Fusion Middleware.

Oracle said in the latest alert that users should apply the updates provided “without delay”.

The company listed supported versions affected as: 11.1.1.7; 11.1.1.9; 11.1.2.1.0; 11.1.2.2.0; 11.1.2.3.0; and 12.2.1.3.0.

Product releases that aren’t under premier or extended support aren’t tested for the vuln, but Oracle added that it was “likely that earlier versions of affected releases are also affected”. ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/10/30/oracle_releases_patch_for_remotely_exploitable_backdoor_in_identity_management_system/

Android apps secretly harboring cryptocurrency-mining code have managed to make their way onto the shelves in the official Google Play Store.

Researchers at Trend Micro found three programs available for download in the application souk that were surreptitiously using the spare CPU cycles on people’s smartphones to mine Monero, using code built by – you guessed it – Coin Hive. The mining apps were variously disguised as a wallpaper collection, a wireless safety app, and software to help Catholics with rosary prayers.

Essentially, the software would appear to do one very simple thing while sneakily using your hardware and battery power to mine XMR coins for its masters.

“These threats highlight how even mobile devices can be used for cryptocurrency mining activities, even if, in practice, the effort results in an insignificant amount of profit,” the researchers stated today. “Users should take note of any performance degradation on their devices after installing an app.”

While the apps have now been removed, after Trend alerted Google, the software slipped past the ad giant’s malware checking systems by using an old trick. While the apps appeared benign once they were installed, they immediately contacted a remote server, and downloaded and ran the stealth mining code.

Coin Hive, which was hacked last week, is no longer developing the version of its JavaScript code that harvests cryptocurrency on devices without warning users – and is instead focused on a more legitimate engine that alerts people when their hardware is being used for mining. But that hasn’t stopped the unscrupulous from still using the stealthy build.

Although Monero is a new and lightweight flavor of cyber-cash, and is ideal for mining on commodity desktop computers whereas the much more famous Bitcoin requires powerful dedicated number crunchers these days, mobile phones are a lousy way to produce XMR. Although handheld CPUs are pretty beefy these days, the drain on battery life makes it likely users will spot something is up and throw out the intensive apps. Trend estimates that the dodgy apps made just $170 before they were yanked from the store by Google.

Nevertheless, this should be something that Google is picking up on when it accepts apps in its official code bazaar. You expect unofficial app marketplaces to be riddled with malware but if Google can’t keep its own house in order then what are Android users left with, other than considering iOS? ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/10/30/cryptocurrency_android_apps/