Skip to main content

Unnoticed Hacks: How People Leak Private Data

Information Technology Blog - - Unnoticed Hacks: How People Leak Private Data - Information Technology Blog

We all understand that there are a myriad of threats to our personal data in the modern world. Every time we sign up for a new service, we are risking our personal data falling into the wrong hands.

The worst part is that most of the time, there is no indication that our data has been leaked through some proxy server.

Today, there are three potential sources of leaks that you should be especially cautious of.

Mobile Apps

This is a problem that is more prevalent on Android, owing to the fact that anyone can develop, download, and install an Android app. Apple has iOS locked down quite tight but that doesn’t stop the occasional bad app from making it through the net. There are several different attack vectors that a mobile app can use to acquire your personal data.

Most of us live a significant portion of our lives on our smartphones, making them absolute treasure troves as far as our personal data is concerned. In some cases, apps will ask directly for the information that they want, although they aren’t always completely honest about what they intend to do with it.

In other cases, apps will trick users into entering information with the promise of unlocking various features or triggering some kind of reward or payout. A prominent example of this is the game Fortnite for Android, which, unusually for a major Android release, is not on the Google Play Store. This is because Google takes a cut of all those sweet microtransaction payments that app developers are addicted to.

But because you need to download the Fortnite APK and install the game yourself, there have been numerous examples of criminals setting up fake websites to trick users into installing a malicious app onto their device and running it. The situation is similar for other games, including those available on the Play Store. There are fake apps purporting to be ports of popular games, like PUBG, which can safely be downloaded from the Play Store. Often, users are tricked into downloading these by promises of the app being hacked in some way.

As well as stealing personal and financial data, the same apps that used to leak user data are now beginning to steal user photos and use them to commit identity fraud. Most of us have enough data stored in our smartphones for someone to be able to identify us with relative ease.

Adware

Lots of app developers have chosen to fund their or support their apps through the use of advertising. After all, there are now a number of advertising networks that offer code app developers can freely add to their apps. This code will handle everything for the developer, leaving them with nothing to do but collect the revenue that they earn through it. In principle, it’s a great system – app developers get to earn enough money to maintain their apps, while advertisers get to display their ads to large numbers of people.

However, there are also a number of illegitimate ad networks operating. These often have the appearance of being legitimate advertising networks and the majority of them will even pay out what appears to be a fair sum to the developers.

Beneath the surface, though, things are more complicated. By creating advertising overlays that utilize a variety of different methods, malicious advertising networks are able to display ads in places where the user can’t see them and force them to use far more data than they should have to. By doing this, the network’s operators are able to create the illusion of having displayed more than they actually have.

The businesses that pay to be on the network, under the impression that their ads are going to be displayed to mobile users, pay the advertising networks according to the number of views or interactions an advert gets, but it is difficult to verify that ads are being displayed properly. There are ad verification services that can help advertisers to verify their ads are displayed properly. Unfortunately, cybercriminals are using very sophisticated methods to hide more ads on the page and make it look like they are being displayed legitimately.

These malicious adverts have been known to infect legitimate apps, unbeknownst to their developers. This is done by inserting malicious ads into the supply chain of a legitimate ad network. This attack is difficult to pull off but devastatingly effective.

A notorious variant of this, SimBad, was one of the largest malicious adware campaigns ever seen. The attack infected 210 apps with 147 million downloads between them. The attack got its name from the fact that most of the apps infected were simulator games.

Malicious actions performed by the app include showing ads outside of the visible area, constantly opening a browser using a legitimate link within the app in order to engage in targeted spear-phishing of the user, and stealth downloading malware.

Free Proxies and VPNs

A while ago, Facebook, that most trustworthy of businesses, bought a little-known VPN maker by the name of Onavo. Facebook then released the Onavo VPN for free on Android and iOS. Facebook claimed that Onavo, like any VPN, would improve users’ privacy by enabling them to route their data through Onavo’s servers.

The problem was that Onavio’s servers were now Facebook’s servers, and Facebook is always hungry for data. Of course, Facebook logged all of the data that flowed through its servers.

 

Remember that Facebook is supposedly a reputable business; just think what unscrupulous VPN and proxy services could do! You should avoid free VPNs or proxies like the plague. Running the infrastructure necessary for either is going to require money from somewhere. If they aren’t charging you anything to use the service, then they must be paying for it some other way.

A nefarious proxy is more of a threat than a VPN because with a VPN there is some degree of encryption, limiting what VPN providers can find out about their users. They can still monitor your activity, but with a compromised proxy, they will be able to read all your unencrypted data.

Data is a very valuable resource, so it is only natural that it would attract organized crime. However, few people realize just how prevalent it is and how at risk they might be. Always be careful what apps you install on your phone, especially if they aren’t from an official app store.

The post Unnoticed Hacks: How People Leak Private Data appeared first on Information Technology Blog.



Udimi - Buy Solo Ads from Information Technology Blog https://ift.tt/2W9kTeL
via IFTTT

Comments

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi

How to Stay Creative and Keep SEO in Mind

Information Technology Blog - - How to Stay Creative and Keep SEO in Mind - Information Technology Blog Search engine optimization (SEO) refers to customizing your website’s content to ensure that web browsers give your website a high SEO score. The sites with the highest SEO scores are featured on the search engine’s first page of search results for relevant searches.  71%  of the click-throughs happen with articles listed on the first page of results on the search engine. This means that if your website’s article is the second (or third, or fourth page), it’s less likely the search user will even see your article. You want your article to be ranking as close to the top of the first page of results as possible. In order to have a good SEO score your site’s content needs to feature keywords and relevant phrases. It must be optimized for easy navigation between pages. It also needs to be referenced via external links that drive traffic to your site. Incorporating all of these elem

Everything we know about HHS Protect, a secretive government project with Peter Thiel's Palantir that helps brief Trump's coronavirus task force

A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus .  Dubbed "HHS Protect," the effort tracks information from around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  HHS uses Palantir Technologies , a data firm cofounded by Peter Thiel, to distill that information for the White House coronavirus task force. Visit Business Insider's homepage for more stories . A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus.  Dubbed "HHS Protect," the effort includes roughly 2.5 billion pieces of data from healthcare providers, government officials, and labs around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  The goal is learn about the progress