Your Smartphone is Watching You: Dangerous Security Holes in Tracker Apps

 

DARMSTADT, Germany, Aug. 13, 2018 – Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities. Scientists from the Fraunhofer Institute for Secure Information Technology have analyzed popular tracker apps available in the Google Play Store – the result: not even one of them was secure; all had serious security flaws. Attackers can exploit these vulnerabilities to generate movement profiles, to read chats and text messages, and to view pictures. A particularly precarious fact: attackers do not have to monitor each individual phone but can simultaneously attack millions of users, who have these apps installed on their smartphones. The researchers presented their results for the first time at the DEF CON Hacking Conference in Las Vegas on August 11.

Monitoring or tracker apps allow the consensual surveillance of smartphone users. For example, parents use such an app to monitor where their children are or which messages and pictures they post online. Using these apps is legal as long as the person under surveillance has agreed to it. Fraunhofer SIT scientists from the ethical hacking group TeamSIK have analyzed 19 legal tracker apps offered in the Google Play Store. According to Google, these apps have been installed several million times over. The scientists reviewed how the apps protect the highly sensitive user data they gather. The result: All apps showed severe vulnerabilities, not a single application was programmed with default security features in place. The researchers found 37 vulnerabilities in total.

Most apps store the highly sensitive data on a server in plain text, without any proper form of encryption. “We only had to open up a certain website and guess or enter a user name into the URL to retrieve an individual’s movement profile,” explains Fraunhofer head of project Siegfried Rasthofer. The vulnerabilities not only affected individual users. Instead, the researchers were able to read out complete movement profiles for all app users, all of which were stored unprotected on that server. “With this, thousands of people can be tracked in real-time,” says Rasthofer. These apps allow attackers to retrieve metadata such as a person’s whereabouts, and to read or view contents including SMS messages and images of the monitored app users. “It enables total surveillance,” explains Stephan Huber, Fraunhofer SIT researcher and member of TeamSIK.

The scientists also succeeded in reading the app users’ login information. Mostly, the apps used improper encryption or no encryption at all. In the backend of one app alone, the research team found 1.7 million valid login credentials that were freely accessible. The Fraunhofer researchers informed the app providers and Google Play Store team. Meanwhile, the Google Play Store team has deleted 12 of the 19 analyzed apps from the store. Notably, some app developers did not react to the team’s vulnerability reports.

More information at https://team-sik.org/trent_portfolio/in-security-of-tracking-apps/ .

Contact: Oliver Küch, [email protected], +49-6151-86-92-13




I want to grow my online platform to create awareness about ethical consumerism, environmentalism, and the plant-based lifestyle. My main mission is to share information that empowers people to make better choices and create a VEG NEW WORLD :)


Your support is vital and is helping me share the collected information with thousands of readers and viewers. I try to deliver exclusive stories and relevant content in a challenging commercial environment. Your contribution helps me to cover the costs that my service requires. Please consider contributing (no matter how small) to keep the information flowing so you can remain informed and have life changing interviews and stories to share.

Related articles

Betty Tűndik
Betty Tűndikhttps://vegnew.world
Hi everyone! Nice to e-meet you! Here are a few things you should know about me. I am a conscientious, open-minded, adaptable to new experiences, and ambitious Business Development Manager with a Bachelor's Degree in Economics - Banking, Finance, and Accountancy. Through my studies, I've also obtained many naturopathic and nutrition degrees as well. Part-time jobs have added marketing, network marketing, event management, and store management skills to my experience throughout my career. Throughout my career, I have also been a Hotel Manager and owned a Bar/Restaurant & Internet Cafe. My online marketing and social media interactivity experience was gained when I and my husband started a business with an online/organic webshop & healthy lifestyle consultancy. I've improved my English at Cambridge Academy of English - 2003, in Cambridge. I live a conscious lifestyle, and try to protect the ecosystem. Animal lover and capable of helping others without judgment or negative reactions, this is thanked my knowledge in holistic therapies and the naturopathy courses I've followed. I cannot leave for my spiritual growth and the continuous development in alternative and holistic therapies, so I'm learning at Kyron School of New Consciousness, receiving a Bio Energo-therapist diploma. Thanks to all my experiences I've decided to venture into publishing and writing, while also continuing to learn many new things daily. I hope you enjoy reading my hand-picked news and check back for my weekly articles.