McAfee has always been in forefront of finding new ways for securing our customers against threats and risks posed with mobile device. As part of this quest, we have introduced the concept of app reputation as part of our latest release of McAfee Mobile Security (MMS)(Ver 3.1) released on 18th July 2013. From a consumer perspective, Read more…
Last night I sat next to my teenage son as he played video games. It did not take long before I was abruptly reminded that he and I may look like fellow humans but we are definitely from two very different planets. I also learned that there’s a possibility that at times I may (stress Read more…
Could your car be the next target of a cyber attack? You might not think so, but new research has shown otherwise. The overall safety of your vehicle used to be rather straightforward to maintain with tune-ups, replaced brake pads, flushes and other scheduled upkeep. Unfortunately, with the incorporation of computer systems into newer car Read more…
The Android Master Key vulnerability, which was first reported by BlueBox Security, has been big news this month. McAfee explained the vulnerability and defense against future malware exploiting it in a previous blog. Last week the first malware that exploit the Master Key vulnerability were found in an Android application market in China. The app Read more…
Nick D’Aloisio hit the headlines recently by selling his Summly app to Yahoo for an estimated £18 million, which is not bad at all when you consider he is still a teenager.
So now you are hoping to emulate him. Fine. But first, although this may be stating the blindingly obvious, you need an idea. Let me rephrase that: you need a very good idea. But that doesn’t mean it’s just a very good idea to you. Other people need to think so, too, and not just your best mates, your parents, or devoted partner. I mean people you don’t know who would be willing to fork out their money for your app only after you’d convinced them it was worth every penny and a bit more. That, after all, is the ultimate test of anyone’s sincerity when it comes to doing business.
They do like it and would buy it? Great. But have you found out if someone else has already got there before you. Are there hundreds, even thousands, of people already happily using an app that’s all but identical to yours? No? Then time to move up the apps ladder to the next level.
Now, while your app should be exceptional to truly succeed, it should also be fairly easy to create. Anything intricate and complicated is likely to backfire: too expensive, with much reduced prospects of even breaking even, never mind setting you up for life. Speak to someone who has been through the experience. Find out what went wrong and why. That will set you in good stead.
What about the start-up capital? In the current climate it’s unlikely any bank will start throwing cash at you, but friends and family are a natural starting point.
Okay, time to roll up your sleeves, which could be literal or metaphorical. In other words, are you the one with the actual IT skills to create the app yourself of are you going to have to invest in the services of a computer engineer. When you find out what they charge per day – anything up to £1,000 a day is not that uncommon – you may well decide to invest in yourself and develop the required skills. But you don’t have to be all alone in this task. Several online and real-world code academies can help you. Some simple desk research and Google will typically show names such as Steer and Code Academy.
Then there is the matter of confidence… of your potential customers…. in you. How can they be absolutely sure that your app is coming from a risk-free source? Packaged software, of course, uses branding and trusted sales outlets to assure users of its integrity. But these are not available when code is transmitted on the Internet. Also, there is no guarantee that the code hasn’t been altered while being downloaded. So you need to be able to assure everyone from the outset that you – and your apps – are to be trusted.
On which note, it’s worth taking a look at Microsoft’s solution to these issues – Microsoft Authenticode. This allows developers to include information about themselves and their code with their programs through the use of digital signatures. And while Authenticode itself cannot guarantee that signed code is safe to run, it tells users quite clearly that the software publisher is participating in an infrastructure of trusted entities. That way, it serves the needs of both software publishers and users who rely upon the Internet for the downloading of software. Digital signatures ensure accountability, just as a manufacturer’s brand name does on packaged software.
So, now you have an app to tell people about, and they know it’s trustworthy across multiple platforms from Windows OS to Android to Windows Phone, how do you market and make some real money out of it? Sadly, there’s no magic formula. You app may be exceptional, but so, too, will be many of the countless other apps out there, clamouring for attention. So you want to make sure that your claim to fame, all things being equal, is un-equalled!
To which end, I came across some useful pointers recently on how to get this right – from the development and marketing team at Telerik Radcontrols for Windows Phone. Their ‘How to promote your Windows phone app on a tight budget’ guide contains a number of tips to help make you a savvy app entrepreneur. Just as helpful, if you go to: http://www.telerik.com/products/windows-phone/getting-started/resources.aspx, you can download a Windows app for free that allows you to browse through more than 100 examples to help inspire you.
Oh, and good luck!
With the eCommerce industry reaching new heights, creating the best web experience possible for your site visitors is going to be even more crucial to success. Users expect much more than basic product photos and descriptions when it comes to online shopping, and with these increased expectations comes new responsibilities for merchants. Optimization testing can Read more…
Since the beginning of the year, Japanese one-click fraud scammers have continued to pump new apps onto Google Play and the market has struggled to keep itself clean. Though many are removed on the day they are published, some remain for a few days. Al…
Let’s just say it. The world is going mobile. Practically any task you can perform on your computer, you can also do with a mobile phone, and there are even a few that your computer can’t do. In just moments, you can simultaneously shop for shoes, deposit a check and then quickly buy a plan Read more…
Modern cars contain a lot of nifty electronic gadgets, as well as more than one kilometer of cable wired to all kinds of sensors, processing units, and electronic control units. The cars themselves have become large computers, and as history shows, wherever there is a computer, there is someone trying to attack it. Over the past few years various studies have been conducted on how feasible it would be to attack a car through its onboard network. Most researchers focused on attacks with full physical access to the car, but some also explored external attack vectors.
If attackers have physical access to a car they can, for example, access the Controller Area Network (CAN) or the On-Board Diagnostic (OBD) system, but they can also perform other dangerous actions, such as physically tampering with the brakes or stealing the car. Digitally tampering with a car, on the other hand, might be much more difficult to prove after an accident. Such attacks could potentially be combined with other attacks that allow for a remote code execution and should be taken as a demonstration of payloads.
There are a few ways to get into a car’s system without having physical access to it, for example through tire pressure monitoring systems, traffic message channel (TMC) messages, or GSM and Bluetooth connections. Some manufacturers have started developing smartphone apps that can control some of the car’s functionalities, which opens another possible attack vector. There have also been some cases where specially crafted music files on USB drives were able to hijack some of the car’s systems.
Charlie Miller and Chris Valasek, two researchers working on a project for DARPA, explored how far they could go by hacking the Controller Area Network once inside the car. The pre-released video of their presentation for the upcoming DEFCON conference shows that nearly all of the car’s functions can be controlled or triggered including, switching off all lights, shutting down the engine, disabling the brakes, some limited steering, sounding the horn, and manipulating the system display. It doesn’t take much imagination to understand that this has the potential to cause serious accidents. Some of these changes could be made permanent and invisible with malicious firmware updates or system changes. Of course, a laptop with a modem in the glove box would work as well, but would not be as stealthy. If an attacker used the same method as the researchers, hopefully you would notice the attacker’s laptop on your backseat and wonder what was going on.
Car manufacturers are aware of these challenges and have been working on improving the security of car networks for years. Remote attack vectors, especially, need to be analyzed and protected against. At Symantec we are also monitoring this research field to help improve it in the future. Miller and Valasek’s research shows that cars can be an interesting target for attackers, but there are currently far bigger automobile-related risks than hackers taking over your car while driving. Personally, I’m more scared of people texting messages while driving and I assume they pose a far bigger risk than hackers when it comes to accidents, for now at least. Safe driving.
Symantec’s Internet Security Threat Report (ISTR) is an annual report which provides an overview and in-depth analysis of the online security landscape over the previous year. The report is based on data from Symantec’s Global Intelligence …