Breaking News

Qualcomm Redefining Wireless Audio with Launch of Qualcomm Snapdragon Sound ASUS announces the ROG Strix, TUF Gaming and Dual AMD Radeon RX 6700 XT graphics card series Leica announces The APO-SUMMICRON-M 35 f/2 ASPH GIGABYTE Launches Radeon RX 6700 XT series graphics cards Samsung Announces Galaxy XCover 5, the Newest Durable and Advanced Smartphone Built for Tough Environments

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Fraunhofer Scientists Find  Dangerous Security Holes in Tracker Apps

Fraunhofer Scientists Find Dangerous Security Holes in Tracker Apps

Smartphones Aug 13,2018 0

Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities, scientists from the Fraunhofer Institute for Secure Information Technology found.

The researchers analyzed popular tracker apps available in the Google Play Store. Tthe result: not even one of them was secure; all had serious security flaws. Attackers can exploit these vulnerabilities to generate movement profiles, to read chats and text messages, and to view pictures. A particularly precarious fact: attackers do not have to monitor each individual phone but can simultaneously attack millions of users, who have these apps installed on their smartphones. The researchers presented their results for the first time at the DEF CON Hacking Conference in Las Vegas on August 11.

Monitoring or tracker apps allow the consensual surveillance of smartphone users. For example, parents use such an app to monitor where their children are or which messages and pictures they post online. Using these apps is legal as long as the person under surveillance has agreed to it. Fraunhofer SIT scientists from the ethical hacking group TeamSIK have analyzed 19 legal tracker apps offered in the Google Play Store. According to Google, these apps have been installed several million times over. The scientists reviewed how the apps protect the highly sensitive user data they gather. The result: All apps showed severe vulnerabilities, not a single application was programmed with default security features in place. The researchers found 37 vulnerabilities in total.

Most apps store the highly sensitive data on a server in plain text, without any proper form of encryption. "We only had to open up a certain website and guess or enter a user name into the URL to retrieve an individual's movement profile," explains Fraunhofer head of project Siegfried Rasthofer. The vulnerabilities not only affected individual users. Instead, the researchers were able to read out complete movement profiles for all app users, all of which were stored unprotected on that server. "With this, thousands of people can be tracked in real-time," says Rasthofer. These apps allow attackers to retrieve metadata such as a person's whereabouts, and to read or view contents including SMS messages and images of the monitored app users. "It enables total surveillance," explains Stephan Huber, Fraunhofer SIT researcher and member of TeamSIK.

The scientists also succeeded in reading the app users' login information. Mostly, the apps used improper encryption or no encryption at all. In the backend of one app alone, the research team found 1.7 million valid login credentials that were freely accessible. The Fraunhofer researchers informed the app providers and Google Play Store team. Meanwhile, the Google Play Store team has deleted 12 of the 19 analyzed apps from the store. Notably, some app developers did not react to the team's vulnerability reports.

Tags: FraunhoferSecurity
Previous Post
HyperX Announces the HyperX Gaming microSD Cards
Next Post
Samsung Announces New SmartThings Mesh Wi-Fi System

Related Posts

  • Samsung Develops New Security Chip For Mobile Devices

  • Samsung Says Your Galaxy S20’s Secure Processor Protects it Against Hardware Attacks

  • SK Telecom and Samsung Unveil the First QRNG-Powered 5G Smartphone

  • AMD Downplays Reported Side Channel Vulnerabilities in Zen Chips

  • RSA 2020: Intel Announces Compute Lifecycle Assurance Momentum, Previews New Security Capabilities

  • Samsung Introduces Data Security Chip Solution for Mobile Devices

  • Google Adds New Security Measures for Nest Accounts

  • DARPA Seeks to Improve 5G Network Security

Latest News

Qualcomm Redefining Wireless Audio with Launch of Qualcomm Snapdragon Sound
Smartphones

Qualcomm Redefining Wireless Audio with Launch of Qualcomm Snapdragon Sound

ASUS announces the ROG Strix, TUF Gaming and Dual AMD Radeon RX 6700 XT graphics card series
GPUs

ASUS announces the ROG Strix, TUF Gaming and Dual AMD Radeon RX 6700 XT graphics card series

Leica announces The APO-SUMMICRON-M 35 f/2 ASPH
Cameras

Leica announces The APO-SUMMICRON-M 35 f/2 ASPH

GIGABYTE Launches Radeon RX 6700 XT series graphics cards
GPUs

GIGABYTE Launches Radeon RX 6700 XT series graphics cards

Samsung Announces Galaxy XCover 5, the Newest Durable and Advanced Smartphone Built for Tough Environments
Smartphones

Samsung Announces Galaxy XCover 5, the Newest Durable and Advanced Smartphone Built for Tough Environments

Popular Reviews

CeBIT 2005

CeBIT 2005

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

CeBIT 2006

CeBIT 2006

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Hitachi DZ-MV100A DVD Camcorder

Hitachi DZ-MV100A DVD Camcorder

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed