ORIGINAL SOURCE : SILICON ANGLE

Now that the long running war with Intel is behind him, John McAfee feels like the best thing about it all is that he can finally put his name behind a security product again.  The first of his projects is about to come together in a new product that launches on March 1st.  The product is called Dcentral1, a free to download app for Android mobile phones and tablets.  It protects those devices by empowering the user to be fully aware of all the permissions that applications have been granted on a device, knowingly or not.  Think of it as a mobile applications audit.  It’s a problem that has lacked an answer for a long time and that’s a campaign that McAfee has been on for some time – we are walking around with powerful portable computers in our pockets and trusting these applications to do the things they do is bad news.

In a non-descript Montreal office building, McAfee demonstrated how one popular chat application in particular had by default been granted what can only be described as excessive permissions.  The application has access to things like:  all call history, contacts, GPS, camera access, the ability to silently make calls and even turn off notifications of these activities to the user.   I install the app on my own phone to see this and sure enough, it’s pretty shocking.   If you think about it, if one were to describe a program that did all of these things on a PC, it could be called malware.  McAfee states that there are thousands upon thousands of apps out there doing the exact same thing, taking more permissions than are clearly necessary or that you may be comfortable with.

Security, Privacy, Freedom, there’s more that you can do

Privacy watchdogs have long advised the public to be aware of the applications they are installing, be careful with the permissions they request, and be sure you trust the source where they are being gathered from.  Many take this advice to heart, but as it turns out, that’s just not enough and it’s just not reasonably possible for the average phone user to routinely be on top of.  Before long permissions increasingly creep as applications update with new features, app updating begins to happen in the background and people stop paying attention altogether over time; as they switch phones and install apps throughout their digital lives from all over the place.    That’s the cold hard truth and as McAfee and others pointed out in our cybersecurity prediction series over the last few weeks, the human factor will always be the weakest link in any security system.  We’re letting these applications do what they want without giving it all full thought.  After all installing apps is quite easy, tap a few buttons and we trade a place on our devices for whatever functionality that app is selling, but that is increasingly not working out to be a fair trade.  The results could mean a loss of privacy, loss of control of your device or possibly a loss of information that you don’t want to happen.

“When it comes to these portable computing devices, we have these great big steel doors protecting a paper house, that’s why we’ve launched this product.  Endpoint protection, anti-virus, anti-malware, even encryption – all of those mean nothing if you have voluntarily given these applications access to everything”

 

Control your smartphone, know your apps

Dcentral1 by John McAfee

Dcentral1 is aiming to put that control back in people’s hands.  The app functions on the same kernel that is the core of McAfee’s future product D-Central.  D- Central of course is the product that was famously proclaimed as an anti-NSA device for the masses, designed to thwart rampant data collection by decentralizing the connective nature of your client device.   That hardware-based product is still forthcoming scheduled for now for later in the year.  Cognisant is but one piece of the full-on suite that McAfee is building because he sees the threat as far more than addressing these over-reaching apps, there are other threats to privacy and security out there that include the NSA.

“Info collection is everywhere and people have just assumed that all these apps are on the up and up – that’s a big problem.  When you ask yourself what a chat app is doing with built-in capabilities to silently make calls and put out other information, it’s a pretty dire picture.  It’s all about taking information, accessing your location, your camera and we’re losing our privacy.  There are many companies doing this, but that’s not the only threat, we’ve talked about the NSA but many governments are doing this as well.  There are persistent rumors and documented concerns about how much information is leaking to countries like China and Russia.  It would be surprising if they weren’t taking data at will at the highest levels possible right now, so why would it be any different for these applications.  There are also cybercriminals out there that live off of information they gather, it’s a big target.  When I launched McAfee Associates 27 years ago, the world of PC security was basically the Wild West and no one was really aware of the threat and the very real dangers we still deal with today.  We are in that exact same spot again.”

The timing of this is rather interesting as people are still reacting to news barely over a week old that had the NSA and GCHQ mining the popular phone apps that were leaking information, such as the incredibly successful and widespread game app Angry Birds.  The agencies have put systems in place to collect this commercial data that was freely given up by the applications.  ‘Leaky’ apps translates on one level to outbound information that is granted by permission apps – a perfect use case scenario for Dcentral1 it would seem.

McAfee 2.0 – ReLaunch

McAfee has done this before – bootstrapping a business that was ultimately acquired for over $7.6 billion.  One thing that is clearly different today is how McAfee is launching a company this time around.  Settled into Montreal, his operation is a global network of conference calls and virtual meetings that is heavily focused right now up to the launch with developers and engineers.  As if the fact that the first product is destined to be a Google Play app weren’t enough evidence, McAfee has picked up the framework of the modern startup quickly and he sees great things for this new venture ahead.   As Dcentral1 launches and the complete suite of Future Tense products are developed, there will be plenty of attention in this age of privacy concerns.

John McAfee is scheduled to sit down live on CrowdChat to take your questions and talk about Dcentral1.  https://www.crowdchat.net/mcafee 

February 14, 2014 at 3pm EST.

Washington Times Dec 20 2013

By John McAfee

In recent days, Target customers were shocked to learn that since late November hackers have managed to steal the names, credit and debit card numbers, expiration dates and security codes from as many as forty million Target customers. Target customers should be very concerned, but they shouldn’t be shocked because dozens of stores, companies and government agencies have been hacked in recent years opening millions of Americans to identity theft, fraud and the possibility that sensitive personal information will be misused.

In just the last two years, hackers have gotten into the computers of J.C. Penney, 7-Eleven, Nasdaq OMX Group, JetBlue, Dow Jones and others and made off with similar information on 160 million of their customers. The hackers who successfully targeted Target could cost the US economy an estimated 4 billion dollars and the potential total cost of all these security breaches could be many times that amount. It has been estimated, in fact, that the total cost of these thefts to the US economy could be the equivalent of 450,000 average wage earners working for a full year.

That is a lot of money down the drain in an economy still struggling to recover from recession and the sad thing about it is that it wouldn’t have happened if security experts at these companies had thought well enough ahead to anticipate the nature of the attacks on their systems and put security measures into effect to thwart the hackers.

Many of the measures taken by companies and government security experts are either designed without anticipating the nature of the next assault on the system they are charged with protecting or without fully realizing that human beings are fallible and too often give hackers the very openings they are trying to eliminate. Preparing for the last attack, like military organizations that train for the last war is of limited value as is a strategy that ignores the human factor.

We have the technology today which can be utilized to at least keep institutions one or two steps ahead of the hackers if put in place and managed with an eye to what individual customers will and won’t do to assist in protecting their own and the institution’s data.

For example, in today’s world, cardholders can be easily empowered to control how, when and where their credit and debit cards can be used. Smart phones are ubiquitous and Apps can be developed for these phones that would allow individual customers tremendous flexibility by allowing them to disable their cards when they are not in use and enable them just prior to a purchase. The individual cardholder could be given the power to control his or her transaction limits, the types of purchases that can be made on the card as well as where and when it can be used. With such a system in place, hackers couldn’t use whatever data they might get their hands on without hacking in to the phones of individual cardholders, a daunting and virtually impossible task.

We know too that even those charged with protecting computer security within government security agencies often use dated technology or like those in the private sector develop systems that ignore the frailty of the human beings who use them. The idea that someone like Edward Snowden could waltz into the NSA, gain access to virtually every secret stored there and walk out with it shocked the nation and the world, but it happened. We learn almost monthly that state sponsored hackers have broken into supposedly secure government data bases either because of a human breach or because the agency is several steps behind the hackers in employing technology to protect the nation’s secrets.

In a few cases the people charged with putting complex systems in place either disregard or don’t appreciate the importance of protecting the data they will be protecting. This happens rarely, but those who built the government’s Obamacare on line system did so without giving much thought at all to the fact that hackers might gain access to the system and thereby to sensitive information on tens or even hundreds of millions of Americans. The stories about successful hackers stealing data from Target or 7-Eleven will seem minor by comparison to those we could see next year as these same hackers go after the Obamacare system as the mother lode of data on individual Americans.

Within public and private sector institutions, the human element must be factored in from the beginning. Human beings with the best of intentions make mistakes that can compromise the privacy of others. Simple human curiosity is a trait often used by hackers. Hackers frequently use curiosity to gain access to an institution’s security system, For example, a major European corporation was hacked recently by placing a USB memory stick on the ground next the parked car of one of the corporation’s security employees who found it and picked it up. It was labelled “weight loss” and the employee, who the hackers knew was struggling with weight issues, took it back to her office and inserted it into the USB slot in her computer to see if it might contain information she could use. The hacker’s program immediately took control of the company’s security system and millions of dollars’ worth of data was stolen.

Institutions must address the human element with the same thoroughness they put into the technological component of the security systems they devise to protect our privacy. Technological flaws, such as occurred with such glaring visibility in the Obamacare systems design and deployment are relatively rare, but human mistakes are common

If we don’t learn from our mistakes, what occurred at Target will become a daily threat to the privacy and financial security of every American.

Read more: http://www.washingtontimes.com/news/2013/dec/20/thwarting-hackers-by-keeping-it-human/#ixzz2o4l8jbGK

Follow Washington Times on Twitter : @washtimes on Twitter