Monthly Archives: March 2021

Who is keeping your Android company?

Android Vulnerability, BlueFrag

Let's start with BlueFrag

This is a critical security issue allows a malicious entity to silently log onto your phone via bluetooth . “This vulnerability can lead to theft of personal data and could potentially be used to spread malware ” (TechSecurity, 2020). This vulnerability affects Android versions 4.2, 6.0.1, 7.0 and 8.0. If you are on a version that is older than 3 years you will not receive any security patches from Google.

How to reduce the risk of a BlueFrag vulnerability on older versions .

Since there aren’t any software patches what you can do is to keep your bluetooth connection turned off when not in use and not to make your phone is not discoverable via bluetooth.

The danger of running unsupported Android OS versions is high.

The current Android version is 10 but there are a lot of phones (millions!) running older versions which are no longer supported by Android and hence not patched for vulnerabilities. I have a phone with such an older android operating system v4.2 KitKat) and I am sure it has been hacked and the apps infected by malware. It has come to my attention many apps on it have every permission under the sun and even if you force stop them, they restart on reboot. BlueFrag is just one vulnerability. There are a host of malware apps that can be downloaded from the Google’s PlayStore including ones that can steal payments information and other personal information. To my mind Google takes a flexible view on security policy when it comes to safeguarding users’ personal data. Google have only committed to 3 year support plan for each version release. So you should consider this if you are in the market for a second hand phone.

What’s to be done if you are on a older OS?

Ditch phones with older versions. Personally I wouldn’t run anything older that v6.0 (Marshmellow) which has more strict settings to what permissions an app is granted. On v6.0 apps have to be granted permissions explicitly by the user to access sub systems on your phone. Of’course this requires knowledge by the user to know which permissions to allow or deny an app when prompted.

If you have the ability you can use ADB (Android Debug Bridge ) utility to remove bloatware apps from your phone and generally manage what is on your phone, in a better way.

More is less.

Be very careful with which apps you install. Just because an app (application) is available from Google Play for download does not mean that it is secure or that it will be secure in the future. Carefully check which permissions an app is requesting and has been granted. See this in your Settings -→ Apps.

Good luck everyone – remember to think twice 🙂

References:

https://techsecurity.news/2020/02/bluefrag-critical-bluetooth-vulnerability-in-android-cve-2020-0022/

thtps://www.cvedetails.com/vulnerability-list.php?vendor_id=1224&product_id=19997&version_id=188440&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=772&sha=cc989d75eb9a930c55694358f687a94f77858134h

GoAccess -a fab tool for quick Web Analysis on Linux

I was looking for linux Web Analysis tools and came across GoAccess. I found it’s recommended on a cybercitibiz site (Gite,2021).

On Linux Ubuntu 18.04 you can install it from the debian repository. Open Terminal and type

sudo install goaccess

This will run the install script and install goaccess on your system. To get help type

goaccess –help

To do something useful you need to point it at a web server log file. I am using a LAMP configuration for my test web server (Linux Apache MySql and PHP) . The log files here are located at /var/log/apache2/access.log where access.log is the name of the log file. If you have virtual hosts running you may have setup separate log files for each virtual host which is a good idea.

You can download remote web server log files to your local linux and view them in the goacess application.

To view the log file in goaccess run

goaccess -f/path/to/logfile/access.log

example: goaccess -f/var/log/apache2/access.log

Note: If any of your directory names contains a space or spaces enclose it in quotes or goaccess will encounter a parsing error.

The following screen should come up.

GoAccess initial selection screen- GoAccess is a light weight web traffic analysis Terminal tool for Linux

Pressing enter gives you the Analysis view shown below.

GoAccess Analysis of log file from a web server

I think it is an excellent tool for giving you some idea quickly, on what’s happening on your web site.

In my February log file snapshot, you can see that I had 3748 unique visitors and unfortunately no referrals (referrers). Referrals are when visitors come to your site through a link of your website on another site.

I think it is an really excellent tool! It’s small in size, just over 2Mb and easy on processor resources. And you don’t have to pass your or your client’s data to a third party like Google. Having mentioned Google , there is Google Analytics which is a full blown web analytics application. It is free. The down side is google have access all your web server traffic and activity.

There are Open Source Web Analytics alternatives which I am going to look into but for the moment I am happy with just GoAccess.

Sources: 7 Awesome Open Source Analytics Software For Linux and Unix - nixCraft , https://goaccess.io/