Sunday, October 21, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Google Could Charge Android Partners in Europe up to $40 per Device
Samsung Display Develops Under Panel Sensor, Fingerprint On Display AMOLEDs
The 9th Generation Intel Core i9-9900K is Actually the World's Best Gaming Processor
European Commission Approves Acquisition of GitHub by Microsoft
Samsung, LG Launch Trade-in Promotions to Help Sales Of Latest Flagship Smartphones
Fujitsu's Cooling Control Technology Reduces Datacenter Energy Consumption
Tesla Unveils new $45,000 Model 3
Micron Wants to Buy Remaining Interest in IM Flash Technologies to Advance the 3D XPoint Technology
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > Mobiles > Fraunho...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, August 13, 2018
Fraunhofer Scientists Find Dangerous Security Holes in Tracker Apps


Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities, scientists from the Fraunhofer Institute for Secure Information Technology found.

The researchers analyzed popular tracker apps available in the Google Play Store. Tthe result: not even one of them was secure; all had serious security flaws. Attackers can exploit these vulnerabilities to generate movement profiles, to read chats and text messages, and to view pictures. A particularly precarious fact: attackers do not have to monitor each individual phone but can simultaneously attack millions of users, who have these apps installed on their smartphones. The researchers presented their results for the first time at the DEF CON Hacking Conference in Las Vegas on August 11.

Monitoring or tracker apps allow the consensual surveillance of smartphone users. For example, parents use such an app to monitor where their children are or which messages and pictures they post online. Using these apps is legal as long as the person under surveillance has agreed to it. Fraunhofer SIT scientists from the ethical hacking group TeamSIK have analyzed 19 legal tracker apps offered in the Google Play Store. According to Google, these apps have been installed several million times over. The scientists reviewed how the apps protect the highly sensitive user data they gather. The result: All apps showed severe vulnerabilities, not a single application was programmed with default security features in place. The researchers found 37 vulnerabilities in total.

Most apps store the highly sensitive data on a server in plain text, without any proper form of encryption. "We only had to open up a certain website and guess or enter a user name into the URL to retrieve an individual's movement profile," explains Fraunhofer head of project Siegfried Rasthofer. The vulnerabilities not only affected individual users. Instead, the researchers were able to read out complete movement profiles for all app users, all of which were stored unprotected on that server. "With this, thousands of people can be tracked in real-time," says Rasthofer. These apps allow attackers to retrieve metadata such as a person's whereabouts, and to read or view contents including SMS messages and images of the monitored app users. "It enables total surveillance," explains Stephan Huber, Fraunhofer SIT researcher and member of TeamSIK.

The scientists also succeeded in reading the app users' login information. Mostly, the apps used improper encryption or no encryption at all. In the backend of one app alone, the research team found 1.7 million valid login credentials that were freely accessible. The Fraunhofer researchers informed the app providers and Google Play Store team. Meanwhile, the Google Play Store team has deleted 12 of the 19 analyzed apps from the store. Notably, some app developers did not react to the team's vulnerability reports.


Previous
Next
HyperX Announces the HyperX Gaming microSD Cards        All News        Samsung Announces New SmartThings Mesh Wi-Fi System
Trendforce Confirms New iPhone Launch This Fall, Including a Budget Version     Mobiles News      Google Tracks Your Movements No Matter What

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft Focuses on Security and Brings AI to the Masses at Ignite 2018
Globalfoundries to Work With Fraunhofer on FDSOI
'Lazy State' CPU Security Hole Unveiled by Intel
MP3 Has Been Set Free Of Licensing
Fraunhofer IIS Showcases MPEG-H Enabled 3D Soundbar
Europe To Invest 1.8 billion Euros In Cybersecurity Sector
FREAK Vulnerability Appears In CERT Advisory
Windows Also Vulnerable to FREAK Encryption Flaw
Fraunhofer To Showcase The Future Of TV at IBC
Europe Tightens Up Rules To Protect Personal Data
Fraunhofer IIS to Present MPEG-H Audio at CES
Fraunhofer Reports Massive Security Issues with Apps

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .