Google’s proud of its track record in protecting more than one billion Android phones and tablets from malevolent hackers. But in the last 12 months, it’s been dealt a few blows, including the biggest ad fraud to ever hit its mobile operating system and the most significant single theft of Google accounts thanks to an Android malware called Gooligan.
Those alarming events were set off via networks of cybercriminals focused on the platform, where coders combine their technical skills with the will and financial backing of organized gangs. Sometimes, the latter group don’t even have to pay for the former’s digital tools. Sometimes, the technically-savvy types open their minds for free.
That’s just what a character calling himself Maza-In did just before last Christmas, when he or she posted an in-depth guide on the Exploit.in hacker forum for creating Android “bankers” – malware designed to steal bank login details from users of Google’s platform. The post not only included directions, but source code for a banker too. There was also a description of the required backend infrastructure, all of which combined could deliver realistic-looking bank pages designed to trick victims into handing over their usernames and passwords.
And now, Android security experts have pinned a spike in banking malware on Maza-In and that post. They claim that Maza-In, in one fell swoop, caused a sudden leap in Android banking fraud, as cybercriminals took that open sourced code and adapted it to spread both in and outside Google’s official Play store. According to an independent researcher going by the moniker b0n1, as many as 60 variants of malware containing the Maza-In banker have been pushed out into the wider world by hackers hoping to make some easy money.
Check Point, which has been tracking the mini-explosion in Android bank fraud with ElevenPaths, a Telefónica security unit, told Forbes it had records of several dozen servers operating Maza-In’s malware, the largest of which controlled close to 3,000 bots. ElevenPaths said that, from Google Play alone, downloads of apps based on Maza-In’s code stood at above 10,000 and expected to rise, not to mention the number of downloads outside the store.
Those aren’t massive numbers. But what Maza-In and those who adapted his work for their own machinations have proven repeatedly are flaws in Google Play’s security, namely the Bouncer technology that’s supposed to keep bad apples out. Just two weeks ago, a sample of BankBot, based on Maza-In’s creation, was seen inside Google Play initially disguised as a video downloader tool. On June 13th, a very similar looking video downloader was up on the market; underneath was, again, a banker using Maza-In’s work. Going further back to April, a malware called Charger, which also borrowed heavily from Maza-In, was doing much the same, but masquerading as a flashlight app inside the official store, ESET reported. All were removed from Google Play as soon as the tech giant was alerted, but not before thousands were infected.
“Before this Maza-In code, there were a lot of Android banking Trojans, for sure,” said ElevenPaths security researcher Sergio de los Santos. “But accessing the source code was not easy and this helps all kinds of people create variants and even get into Google Play. Giving a very simple and effective framework to create and manage your own banking Trojan opens the door to hundreds of profiles of attackers that want to get into business the easy way.
“Maza-in made it very simple to add different banks to attack, so you may see people from Latin America with their own samples focused on banks in there, UK people, Russians.”
A hacker responds
Maza-In says he is no cybercriminal, though. (As Maza-In uses a profile picture of Bob Marley, Forbes has chosen to refer to the hacker in the masculine). In an interview over encrypted chat, he said he only wanted to highlight weaknesses in Google’s operating system, not spawn a spike in Android cybercrime. He claimed, for instance, that despite security firms’ claims he was behind the BankBot banker, another individual was responsible.
Yet he was aware of the criminal use of his code, revealing others, whether they’d given the malware additional features or not, were selling it for between $2,000 and $3,000 a pop on the web’s underground markets. “I did not expect it to work out that way, that it would spread so much,” he told me in Russian (translated by Google Translate).
“I did not write an article to harm people… I’m interested in studying the holey Android, since Google is not able to make a good operating system… by this I wanted to show the vulnerability of the Android and thought that Google would take care of security.” Unlike security pros who disclose bugs in return for credit or monetary reward, Maza-In said he didn’t contact Google.
In describing just what he thought was wrong with Android security, he added: “The biggest problem is that the device can install any application, get full access to the device and can be substituted for fake banking applications [that can] intercept SMS [and] manage the device. In general, everything is possible.”
As for Check Point and ElevenPaths’ assessment he was a malware creator supporting criminal operations, Maza-In said they’d exaggerated. He even claimed to be working on an Android anti-virus application.
But whilst analysts from both firms agree there’s no evidence he’s actively exploiting Android devices, they say it’s clear he is a malware creator who’s not followed best practise in highlighting security issues. “The blog contains explicit evidence that Maza-in is indeed behind the malware. He also boasted about his malware not being caught until January on one forum,” said Daniel Padon, mobile security researcher at Check Point. According to Lookout Mobile Security researcher Michael Flossman, Maza-In is just one handle used by a crew of Android fraudsters running all the aforementioned fraud malware.
“If you really want to show how unsecure Android is, you write an article about it, you code a proof of concept, you contact the right people to spread the word,” said de los Santos, explaining his disbelief at Maza-In’s claims to innocence.”But creating a Trojan? Oh, come on.”
Whatever the hacker’s involvement in the murkier parts of the internet, he and those who took advantage of his guide have given Google a headache. The company didn’t respond to requests for comment. But with the frequent appearances of these bankers on Google Play, it’s apparent the company has some work to do to keep ne’er-do-wells out of the market and users’ Android devices. – Written by Thomas Fox-Brewster, FORBES STAFF
How Virtual Therapy Apps Are Trying To Disrupt The Mental Health Industry
Millions of Americans deal with mental illness each year, and more than half of them go untreated. As the mental health industry has grown in recent years, so has the number of tech startups offering virtual therapy, which range from online and app-based chatbots to video therapy sessions and messaging.
Still a nascent industry, with most startups in the early seed-stage funding round, these companies say they aim to increase access to qualified mental health care providers and reduce the social stigma that comes with seeking help.
While the efficacy of virtual therapy, compared with traditional in-person therapy, is still being hotly debated, its popularity is undeniable. Its most recognizable pioneers, BetterHelp and TalkSpace, have enrolled nearly 700,000 and more than 1 million users respectively. And investors are taking notice.
Funding for mental health tech startups has boomed in the past few years, jumping from roughly $100 million in 2014 to more than $500 million in 2018, according to Pitchbook. In May of this year, the subscription-based online therapy platform Talkspace raised an additional $50 million, bringing its total funding to just under $110 million since its 2012 inception.
The ubiquity of smartphones, coupled with the lessening of the stigma associated with mental health treatment have played a large role in the growing demand for virtual therapy. Of the various services offered on the Talkspace platform, “clients by far want asynchronous text messaging,” says Neil Leibowitz, the company’s chief medical officer.
Users seem to prefer back-and-forth messaging that isn’t restricted to a narrow window of time over face-to-face interactions. At BetterHelp, founder Alon Matas notes that older users are more likely to go for phone and video therapy sessions, whereas younger users favor text messaging.
“Each generation is getting progressively more mobile-native,” says John Prendergass, an associate director at Ben Franklin Technology Partners’ healthcare investment group, “so I think we’re going to see people become increasingly more accustomed, or predisposed, to a higher level of comfort in seeking care online.”
The ease and convenience of virtual therapy is another draw, particularly for busy people or those who live in rural areas with limited access to therapy and a range of care options.
Alison Darcy, founder and CEO of Woebot, a free automated chatbot that uses artificial intelligence to provide therapeutic services without the direct involvement of humans, says that with Woebot and other similar services, there is no need to schedule appointments weeks in advance and users can receive real-time coaching at the moment they need it, unlike traditional therapy. The sense of anonymity online can also lead to more openness and transparency and attracts people who normally wouldn’t seek therapy.
Along with stigma, the cost of therapy has historically acted as a barrier to accessing quality mental-health care. Health insurance is often unlikely to cover therapy sessions. In most cities, sessions run about $75 to $150 each, and can go as high as $200 or more in places like New York City. Web therapists don’t have to bear the expense of brick-and-mortar offices, filing paperwork or marketing their services, and these savings can be passed on to clients.
BetterHelp offers a $200-a-month membership that includes weekly live sessions with a therapist and unlimited messaging in between, while Talkspace’s cheapest monthly subscription at $260-a-month, offers unlimited text, video and audio messaging.
But virtual therapy, particularly text-based therapy, is not suitable for everyone. Nor is it likely to make traditional therapy obsolete. “Online therapy isn’t good for people who have severe mental and relational health issues, or any kind of psychosis, deep depression or violence,” says Christiana Awosan, a licensed marriage and family therapist.
At her New York and New Jersey offices, she works predominantly with black clients, a population that she says prefers face-to-face meetings. “This community is wary of mental health in general because of structural discrimination,” Awosan says. “They pay attention to nonverbal cues and so they need to first build trust in-person.”
Virtual therapy apps can still be beneficial for people with low-level anxiety, stress or insomnia, and they can also help users become aware of harmful behaviors and obtain a higher sense of well-being.
Sean Luo, a psychiatrist whose consultancy work focuses on machine learning techniques in mental health technology, says: “This why some of these companies are getting very high valuations. There are a lot of commercialization possibilities.” He adds that from a mental health treatment perspective, a virtual therapy app “isn’t going to solve your problems, because people who are truly ill will by definition require a lot more.”
Relying on digital therapy platforms might also provide a false sense of security for users who actually need more serious mental-health care, and many of these apps are ill-equipped to deal with emergencies like suicide, drug overdoses or the medical consequences of psychiatric illness. “The level of intervention simply isn’t strong enough,” says Luo, “and so these aspects still need to be evaluated by a trained professional.
– Ruth Umoh, Diversity and Inclusion Writer, Forbes Staff.
AI 50 Founders Say This Is What People Get Wrong About Artificial Intelligence
Forbes’ new list of promising artificial intelligence companies highlights how the technology is creating real value across industries like transportation, healthcare, HR, insurance and finance.
Naturally, the founders of the honoree companies are excited about the technology’s benefits and, in their roles, spend a lot of time thinking and talking about its strengths and limitations. Here’s what they think people get wrong about artificial intelligence.
Affectiva CEO Rana el Kaliouby says she’s too often encountered the idea that AI is “evil.”
“AI—like any technology in history—is neutral,” she says. “It’s what we do with it that counts, so it’s our responsibility, as an AI ecosystem, to drive it in the right direction.”
Companies need to be aware of how AI could widen bounds of inequality, she adds: “Any AI that is designed to interact with humans—Affectiva’s included—must be evaluated with regards to the ethical and privacy implications of these technologies.”
Sarjoun Skaff, CTO and cofounder of Bossa Nova Robotics, says that the biggest misconception he encounters is that artificial intelligence is actually, well, intelligent.
“The truth is much more mundane,” he says. “AI is a very good pattern-matching tool. To make it work well, though, scientists need to understand the details of how it internally works and not treat it as an ‘intelligent’ black box. At the end of the day, making good use of great pattern matching still belongs to humans.”
Similarly, Aira cofounder Suman Kanuganti says that the public has “over-inflated expectations” for artificial intelligence.
“Garry Kasparov sums it up nicely: ‘We are in the beginning of MS-DOS and people think we are Windows 10,’” Kanuganti says. “AI realistically is still like a 3-year-old child at this stage. When it works, it feels magical. It does some things well, but there’s still a long way to go.”
So, no, we are nowhere close to “artificial general intelligence,” or AGI, where machines are actually as smart as humans.
“We’re still a long way from AI having the general intelligence of even a flea,” says David Gausebeck.
Despite the tendency to overestimate what artificial intelligence can do, the difficulty of building an effective system is often underestimated, some founders say.
“The systems you need to implement and manage machine learning in production are often much more complex than the algorithms themselves,” says Algorithmia CEO Diego Oppenheimer. “You can’t throw models at a complex business problem and expect returned value. You need to build an ecosystem to manage those models and connect their intelligence to your applications.”
Put another way, you can’t just “sprinkle on some artificial intelligence like a magic sauce,” says Feedzai CEO Nuno Sebastiao.
One of the most common tropes that a handful of founders brought up was the idea that artificial intelligence is primarily a job killer.
People.ai founder Oleg Rogynskyy says that AI should be seen as a creator of new opportunities instead of a destroyer of jobs.
“In a nutshell, AI does two things: It automates repetitive low-value-add work for humans (which will indeed take low-complexity jobs away), which we think of as ‘Autopilot,’ and it guides people on how to do their work or other activities better (which makes humans more effective at what they do), which we call ‘Copilot,’” he says. “While Autopilot can take simple, repetitive and boring jobs away, Copilot is absolutely the best way to guide, train and educate humans on how to do new things.”
– By Jillian D’Onfro, Forbes
‘AI Is A Powerful Tool’
Research forecasts that by 2025, machines will perform more current work tasks than humans. Murat Sonmez, member of the managing board, and Head of the Centre for the WEF Fourth Industrial Revolution Network, expands on the role humans might play.
The Fourth Industrial Revolution (4IR) is at the center of the current economic frontier. In reality, is Africa prepared for such changes?
Moving quickly and being agile are key principles of success in the 4IR. Any country can succeed if they take on this mindset. A few years ago, Rwanda saw the opportunities drones, a 4IR technology, brought to their country.
They helped save over 800 lives by delivering blood to remote villages. To scale this, the government worked with the World Economic Forum’s (WEF) drones’ team to create the world’s first agile airspace regulation. Now, we see countries in Africa and around the world looking to the Rwandan model.
READ MORE | 5 Ways Tech Can Revolutionize Education
What feasible solutions can artificial intelligence (AI) offer in terms of forecasting natural disasters, droughts food security on the African continent?
AI can help predict diseases, increase agriculture yields and help first responders. It is a powerful tool for governments and businesses, but it needs a lot of data to be effective.
For AI to be all that it can be, countries and companies need to work together to build frameworks for better management and protection of our data and ensure that it is shared and not stored in silos. Data is the oxygen of the (4IR). If countries do not leverage data and have their policies in place, they will be left behind.
There is a growing concern that the 4IR will strip people of jobs, of which there is already a shortage. How true is this?
The world is going through a workplace revolution that will bring a seismic shift in the way humans work alongside machines and algorithms.
Latest research from the WEF forecasts that by 2025, machines will perform more current work tasks than humans, compared to 71% being performed by humans today.
READ MORE | Roadmap For African Startups
The rapid evolution of machines and algorithms in the workplace could create 133 million new roles in place of 75 million that will be displaced between now and 2022.
Consumers have real concerns around the potential harm technology can cause in areas such as privacy, misinformation, surveillance, job loss, environmental damage and increased inequality. What ethical precautions are being considered in the robotics space?
Now more than ever, it is important to incorporate ethics into the design, deployment and use of emerging technology. Innovating in the 4IR requires addressing concerns around privacy and data ownership, while attracting the skills and forward-looking thinkers of the future.
There are big challenges and bigger opportunities ahead. We have seen many companies and countries create ethical and human rights-based frameworks. What’s important is they are co-designed with members of both communities along with academia, civil society and start-ups.
A multi-stakeholder approach will result in a more holistic set of guidelines and principles that can be adopted in many different industries and geographies.
READ MORE | It’s Time For Africa’s Gazelles To Shine
What changes need to take place for the African continent to be on par with global developments, and are there tangible goals set?
The 4IR provides governments the opportunity to be global leaders in shaping the next 20 to 30 years of science and technology. It is important they create an environment where companies can innovate.
The other tenet is to be open to working across borders and learning from each other. The global health industry has access to mountains of data on rare diseases, but it is trapped within countries and sometimes even within the hospital walls.
If we can build trust and find innovative ways to share the data while protecting privacy, we can employ tools like AI to help us cure disease faster. Countries and companies need to have the right governance frameworks and mechanisms in place for these breakthroughs to happen. It is possible to do these things now, but we need to work together to make it happen.
Subscribe to Forbes
These Are The Biggest Givers On The Forbes 400
The Rage And Tears That Tore A Nation
Forbes Africa | 8 Years And Growing
How Virtual Therapy Apps Are Trying To Disrupt The Mental Health Industry
Having A Ball With Data
Brand Voice3 weeks ago
FOCUS ON CAMEROON: The Heart Of Africa Unleashing Its Potential From Within
7 Questions With...3 weeks ago
‘The One Thing I Want To Do Before I Die’
Arts4 weeks ago
Can Diddy’s Ciroc Recipe Work On Alkaline Water?
Focus4 weeks ago
How LinkedIn Is Looking To Help Close The Ever-Growing Skills Gap
Technology2 weeks ago
AI 50 Founders Say This Is What People Get Wrong About Artificial Intelligence
Entrepreneurs2 weeks ago
Owning The African Narrative
Entrepreneurs1 week ago
Having A Ball With Data
Entrepreneurs2 weeks ago
The $100 Trillion Opportunity: The Race To Provide Banking To The World’s Poor