Jul, 2015

Android phones and the StageFright vulnerability

 

An issue was recently discovered on Android devices which could expose the user to potential cyberattacks. It is characterized by a specially crafted text message which attaches multimedia (video, music, pictures) data to the communication. By default, Android tries to process this information in the background so that when you open it up, it doesn’t buffer or cause delays with seeing the content. When the android device is attacked, malicious StageFright imagecommands are sent to the phone in the background and the user do not know they have lost control of the device. Risks of a compromise include stolen passwords, leaked contact information which are subject to attacks, data loss if files are stored on the device, and potential fraudulent transactions conducted in the user’s name without their knowledge or consent.

Unfortunately, fixes for android devices are pushed infrequently, but there are some steps you can take to prevent yourself from becoming a victim of this type of attack until your manufacturer releases an update.

There is an option in the text messaging application used to disable the automatic retrieval of MMS (multimedia) text messages. This allows you to determine if you trust the sender of the message before opening their communication. The steps for disabling may be slightly different for various versions of the Android operating system, but typically the user can find it by following these instructions.

Google Hangouts as default SMS:

  • Open Google Hangouts
  •  Choose Settings
  •  Select SMS
  •  Scroll down and turn off Auto Retrieve MMS

Google Messenger as default SMS:

  •  Open Messenger App
  •  Go to right hand of application and select the three dots
  •  Choose Settings
  •  Choose Advanced
  •  Turn off Auto-retrieve

Other (using default messaging app):

  •  Go to Messages App
  •  Select More
  •  Select Settings
  •  Select Multimedia Messages
  •  Turn OFF Auto retrieve

In order to see multimedia messages in the future, users will be required to click on the download button and the phone will process them as usual.

We are recommending that users watch closely for an update from the manufacturer that addresses this issue and apply it as soon as it is released. For additional information on the StageFright vulnerability, please visit the website: http://fortune.com/2015/07/28/stagefright-google-android-security/

For assistance, contact the Solutions Centre at 403-329-2490, or help@uleth.ca, or visit E610 in University Hall.

Future-proofing our network

Not unlike a vehicle needing new tires, suspension, or even a new motor, the University’s network needs constant maintenance and upgrading if it is to take it longer distances while operating efficiently.

Parts of the network are 20 years old, installed when the University of Lethbridge connected to its first campus-wide data network, says Terry Kirkvold, Infrastructure and Maintenance Support Manager.

Typical network closet prior to upgrade

Typical network closet prior to upgrade

“As many of the current network switches and routers are nearing end of life, what we’re doing, in essence, is future-proofing our network. With this

upgrade, at a minimum, we’re able to maintain and increase the quality, and also improve our service. Users will probably not see a difference in their day-to-day operations, but if they were to look under the hood, they would see a very modern, clean and efficient engine.”

Over the Family Day weekend in February, new core network switches were installed and are currently in operation, as well as new Wi-Fi access points in many classrooms and learning spaces. Next will be the installation of a new Domain Name Server (DNS) and DHCP (IP address allocations).

As outlined in the August 2014 blog article, the upgrade provides a number of improvements:

  • Faster response times for core services such as email and internet
  • Increased wireless capacity which will provide better coverage in classrooms and other student spaces
  • Ability to grow and change with the University’s needs
  • Enhanced security which provides a more secure infrastructure

“We will flip buildings to the new network in a staggered manner, one at a time, over the summer,” says Kirkvold. “These moves will be during the day as a rule and IT resources will be available to troubleshoot any problems that may occur.”

The current closets  are a complicated maze of organic growth that accommodated previous upgrades over the years.

Teams of Infrastructure staff will be required to visit each of the more than 70 network closets to completely reconfigure the network devices, cabling and fiber connections. The current closets  are a complicated maze of organic growth that accommodated previous upgrades over the years.

“With 5,500 connections and more than 27 kilometers of patch cables that have to be moved, each closet, depending on its size, could take two to four hours a day to re-configure and turn up the new infrastructure. For example, the CCBN has three closets and our staff could spend a full day or more in just that one building.”

The move will consist of first moving the wireless access points to the new network followed by the wired computers, phones and other devices attached to the network, and cleaning up all of the cables which could take up to two or three hours to complete.

Go here to see the tentative schedule of the planned work.

For more information, please contact Terry Kirkvold at kirkvold@uleth.ca, or 403-329-2720.

Network upgrade at full throttle

Did you know?

  • Portions of the University’s current network date back to 1995 when the first fiber connection went live.Fiber_optic_illuminated
  • More than 5,500 wired users are connected to the network.
  • There are more than 600 wireless access point on campus.
  • On an average day, the wireless network is accessed 17,000 times.
  • If the network cables were attached end-to-end, they would stretch out 27 kilometers—the distance from Lethbridge to Welling.

Why are we telling you this?

IT Services’ Infrastructure team has been working on a major network upgrade project on the Lethbridge campus during the last nine months, and now is preparing to do the heavy lifting required to move all users from the old network to the new, says Terry Kirkvold, Infrastructure and Maintenance Support Manager.

For the next two months, Infrastructure staff will be visiting more than 70 network closets situated throughout campus to completely overhaul (move and/or replace) the switches and cables. This may or may not impact individual users. (see schedule below)

As buildings and areas are scheduled to be switched over, Information Technology will be emailing notices to users, posting up-to-date information to the Notice Board and sending out reminders of installation and completion dates. It will also provide an explanation of the changes, suggestions on how to fix known issues, and who to contact with questions or concerns.

Kirkvold adds that the upgrade will only affect devices attached to the current network. IT Services is aware of most but there are some that will be discovered as part of this migration process. “For example, we have to find all of the non-central printers that are hidden away in many offices in campus. We do not have a good idea of how many exist or where they are – but we’ll certainly be finding out once the new network is configured; these devices may need IT’s assistance with new configurations.”

By completing these upgrades during the day…we will be better able to respond to issues as they arise.

The other expected issue may only require a simple reboot of machines in order to bring them online with the new network. If users are experiencing any connection issues, they should first try to reboot their computers to see if the issue resolves. If not, IT Services will be available to assist. “While we have attempted to minimize the impact of this change on University clients there is always the risk of unanticipated issues.   By completing these upgrades during the day in manageable chunks we will be better able to respond to issues as they arise.”

Although exact dates and times are not yet confirmed, below is a rough schedule of the work. Service Notice updates will be sent to users as they are known.

Please contact Terry Kirkvold at kirkvold@uleth.ca, or 403-329-2720, with questions or concerns.

Go here to see what the current network closets look like, and read the full story on the network upgrade.

Planned migration dates:

University Hall……………………July 8 – 31
Centre for the Arts………………August 4 – 7
LINC………………………………….August 10 – 14
Students’ Union Building……. August 17 – 18
Turcotte Hall…………………….. August 24 – 28
Anderson Hall…………………… August 31 – Sept 1
PE……………………………………..September 2 – 4
CCBN……………………………….. September 7 – 9
Water Building………………….. September 10 – 11
Markin Hall………………………. September 14 – 18

NOTE: As of October 19th, this schedule has been updated. Please view it here.