E-mail: info@webenergy.ca |  

Webenergy Blog

Smartphone security needs to be taken more seriously

Facebook Google Plus Linked In

This is another chapter in my security series. I'm focusing on Smartphones in this blog because more and more vulnerabilities are surfacing all the time.

Revealing your location and where you have been 

Sure it might be cool to look back and see where you have been since you signed up with Google or Apple. But, did you know that apps on your phone also store that data? That's right, many 3rd party apps will also track your location history. You might be comfortable with Google or Apple knowing your location history but what about the game developer in Taiwan that made a game you play often? They are tracking your location history too along with other information.

The potential pitfalls were highlighted recently when an Australian college student discovered that maps released by the fitness-tracking app Strava could be used to identify U.S. military bases. Canadian Forces bases can also easily be identified. I wonder if Strava found Area 51?

It was even possible to identify individual military personnel by uploading routes to Strava's website to see who had the fastest times at these locations.

Facebook also allows users to "check-in" to locations, and SnapChat's SnapMap function broadcasts your location each time you open the app. Both reveal the information only to your friend list, but security researchers showed in 2011 that one-fifth of Facebook users accepted friend requests from strangers.

In a 2011 survey of 50 convicted burglars in the U.K., four fifths said thieves use social media to case their targets. Three burglars robbed at least 18 homes in New Hampshire in 2010 after checking Facebook for people announcing they weren't home.

Even when our data isn't public, we may be sharing more than we realize. Location data tracked by smartphone apps can reveal our shopping habits and how and where we drive, as well as which place of worship we visit, says Srivastava, while motion sensors in fitness-tracking wristbands can show everything from sleep patterns to hand movements that suggest we're smoking or eating.

Personal Data is the new digital currency

Personal data is valuable to advertisers, and some tech companies' business models rely on harvesting it. Many apps and services are only available with your data as your currency.

A 2012 Wall Street Journal investigation found that online retailers adjusted prices based on users' browsing history and location. Displayed prices were higher in areas with little competition from brick-and-mortar stores, which often overlapped with rural and poor areas.

British car insurer Admiral even announced plans in 2016 to assess customer's personalities by analyzing their Facebook posts, though Facebook forced them to scrap the scheme. It would have denied discounts to motorists whose posts suggested they might be comparatively reckless behind the wheel.

Apple says their source code leak doesn't pose a threat

If it did would they admit it? No.

Hours after Motherboard reported that the iBoot source code for iOS 9 had been leaked on GitHub, Apple has issued a response, significantly downplaying the severity of the leak. When the leak was first uncovered, panic set it almost immediately, with one security researcher going as far as to call it “the biggest leak in history.”

Apple's HomePod could let anyone hear your text messages

You might want to hold off buying a HomePod!

There are some downsides, though, to the HomePod experience. While we already knew that Siri on the device was stunted, it turns out that the HomePod is not capable of discerning individual voices. This is rather bizarre given that the “Hey Siri” feature on the iPhone has been doing this as far back as iOS 9. This omission is problematic because it enables anyone to access a HomePod owner’s text messages.

T-Mobile Phone Hijacking scams

This happens in Canada on Bell and Rogers too. Text messages claiming they are your service provider and provide a link to update the security on your acocunt. The link sends you to a fake website that looks like your provider. You put in your information and the cybercriminals have access to your account and steal your number.

Port-out fraudsters scam people by calling mobile carriers and impersonating their victims so they can either “port” the target’s number to a different carrier or get a new SIM card for the target’s number.

From there, the scammer can access personal accounts that are linked to the number. For instance, they can request that the target’s bank text them a password reset link.

The method isn’t new, but it seems to be growing more popular among scammers. “Port out fraud has been an industry problem for a long time, but recently we’ve seen an uptick in this illegal activity,” a T-Mobile spokesperson told Gizmodo. “We want to make sure our customers [are] aware of this risk and encourage them to add extra security features to their accounts.

France bans smartphone use in cars even when you pull over

Should we follow suit? I see people all the time on their phones either talking ot texting when they drive even though it's against the law. 

Road deaths have been on the rise lately in France and with nothing much else to pin it on, authorities are going after scofflaw drivers who text or call. It's now illegal to hold your phone on public roads even when you're pulled over to the side of the road, whether you're blocking traffic or not, Le Figaro reports.

2017 All Rights Reserved | by: Webenergy