Tag Archives: Google Apps

Posted on Author Atlantic Computer Services Categories Blog

Some Android Apps To Receive Your Data Without Permission

When it works, Android’s app permissions are awesome.

They’re straightforward and easy to understand.

When you install a new app on your phone, you’ll get a popup box that gives you a summary of what permissions the app says it needs. Then, you have the option to either accept or deny it that permission.

Sometimes, the app winds up working fine, even if you deny it the permission.  But sometimes (like in the case of a map or direction app where you don’t allow it access to geolocation data), it won’t work at all.  By and large though, the system works as intended and it gives you a fair amount of control over which apps have what permissions.

Unfortunately, things are not always as they seem.  Researchers from UC Berkeley’s International Computer Science Institute recently tested 88,000 apps from the Google Play Store. They found 1,325 instances where apps continued to collect information even after users denied them the permission to do so.

The researchers had this to say about their findings:

“Modern smartphone platforms implement permission-based models to protect access to sensitive data and system resources.  However, apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels.

Side channels present in the implementation of the permission system allow apps to access protected data and system resources without permission, whereas covert channels enable communication between two colluding apps, so that one app can share its permission-protected data with another app lacking those permissions.”

To cite one example, the researchers discovered that the photo sharing website Shutterfly (which is commonly used for sharing and editing photos) collects GPS data from mobile phones and sends it to its own servers. That is even if users have declined the app permission to access location data.

The report estimates that based on the number of apps found to be circumventing permissions, the number of users being impacted are likely in the hundreds of millions. Even worse, there are no easy fixes for this problem.  Be aware then, that the apps you’re using are likely collecting more data about you than you realize, even if you’ve told them not to.

0
Posted on Author Atlantic Computer Services Categories Blog

Large Percentage Of Mobile Apps Have Security Flaws

How many apps do you have on your phone?If you’re like most people, you’ve likely got dozens or more. Considering how much storage is available on mobile devices these days, people tend to install apps and when they no longer want them, they don’t bother to uninstall them. Whatever your number is, the statistics recently published by Positive Technologies in their report “Vulnerabilities and Threats in Mobile Applications 2019” will alarm you.

Here are a few of the key findings:

  • 35 percent of all mobile apps tested had vulnerabilities relating to the insecure transmission of sensitive data.
  • 35 percent had issues with the incorrect implementation of session expiration
  • 20 percent had problems relating to sensitive data being stored in the app source code and insufficient protection against cyber attacks using brute-force techniques
  • 29 percent of tested apps contained vulnerabilities relating to insecure inter-process communications, which are classed as high risk

Overall, high-risk vulnerabilities were found in 38 percent of tested iOS apps, and 43 percent of Android apps.  Even worse, 89 percent of the vulnerabilities that were discovered could be exploited via malware.  The hacker targeting the device would never even need to take physical control of the device.

Leigh-Anne Galloway (one of the people responsible for the report) said:

“Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information.  However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue. We recommend that users take a close look when applications request access to phone functions or data.  If you doubt that an application needs access to perform its job correctly, decline the request.”

Wise words, and very good advice.  So back to the initial question, and with the statistics above in mind, how many apps do you have on your phone?

0
Posted on Author Atlantic Computer Services Categories Blog

Google Bug Exposed Passwords For Some GSuite Enterprise Customers

Even companies that are normally quite good at providing security for their users occasionally wind up with egg on their faces.  Google is a classic case in point, in this instance.  Recently, the company announced that a bug in an older segment of their GSuite code base resulted in the recent discovery that the company had been storing customer passwords in an encrypted but un-hashed form for more than a decade.

Somehow, this bug managed to go undetected for a staggering fourteen years.  On discovering it, the company immediately corrected the issue, so there’s nothing for GSuite users to do at this point. Although, the company is recommending that all GSuite Enterprise customers immediately change their passwords just to be safe.

The company also notes that only GSuite Enterprise customers were impacted.  If you’re just a regular Gmail user, your password was not exposed in the manner described above.  Google’s official statement about the matter reads, in part, as follows: “To be clear, these passwords remained in our secure encrypted infrastructure.  The issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”

This is the second time in recent months that the company has found itself dealing with issues of exposed passwords in systems that were thought to be highly secure.  Again, this is proof positive that even the largest companies with generally good reputations where security is concerned can misstep.

GSuite Admins have been notified and instructed to reset all user passwords that had been set using the old tool. If you’re one of the impacted users, odds are excellent that this has already been done.   If you’re not sure, take the time to query your IT staff just to be sure that base is covered.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Using WhatsApp To Install Malware On Phones

If you’re among the masses of people using WhatsApp, for either Android or iOS, be advised that the Israeli hacking consortium known as the NSO Group may have installed spyware on the device you use WhatsApp on.

A massive security flaw identified as CVE-2019-3568 has been discovered and weaponized by the NSO Group.

This allows them to install spyware and steal a variety of data from impacted devices.  Worse, the group is installing their Pegasus spyware, which is among the most advanced on the planet. It’s very good at hiding itself, deleting incoming calls, and other log information in order to remain hidden.

The good news is that Facebook, which owns WhatsApp, has patched the flaw with an update. As long as you’re using the latest version, you’re protected.  Unfortunately, not everyone keeps their apps up to date. Prior to the patch being released, all 1.5 billion of the app’s users were considered vulnerable.

According to the official company statement:

“The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to 2.18.15.”

Although millions of users have already updated their software, the sad reality is that for most people, keeping apps up to date generally ranks quite low on their list of priorities. That means there are still untold millions of users who are vulnerable.

If you use the app or if you know anyone who does, the best thing you can do is to update to the latest version right away and have your phone thoroughly scanned to be sure you don’t have the Pegasus Spyware already embedded in your system.

0
Posted on Author Atlantic Computer Services Categories Blog

Hundreds Of Apps Loaded Adware Onto Millions Of Android Phones

How many malicious apps would you need on the Google Play Store to infect more than one hundred and fifty million Android devices? Unfortunately, we have a good answer to that question, courtesy of SimBad adware, which can be found in 210 different Android apps.

Taken together, they’ve made their way onto nearly 150 million devices.

If that was the only strain of adware in existence it would be bad enough. Of course, SimBad is only one form of malware.  Granted, it’s a significant strain with a hefty footprint, but the statistics above only demonstrate the sheer scope and scale of the problem. The internet is awash in malware of all types, and the problem is only getting worse.

On top of that, hackers are getting increasingly sophisticated in the way they deploy their poisoned code. Even worse, they’re sharing secrets and adopting each other’s most effective strategies. They’re creating a kind of ‘Black Hat Best Practices’ that enable even hackers with only a moderate level of skill to cause real damage.

If all of the above wasn’t bad enough, even worse is the fact that the larger hacking groups have begun serving as hired guns.  On the Dark Web, it’s easy to find a massive botnet for hire, or to rent out someone else’s malware and leverage their resources to launch your own devastating campaign.

Arrayed against these forces are a motley collection of industry insiders, independent researchers, corporate IT staff members, and security company professionals. They are all trying gamely to keep up with the ever-shifting threat matrix.

Unfortunately, it’s a battle these forces are losing.  2018 was another record setting year in terms of the number of successful data breaches, and 2019 will almost certainly beat last year.  Stay vigilant.

0
1 5 6 7