Posts

Vault Apps Facilitate Lying Kids and Cheating Spouses

If you have a kid who uses a smartphone, or even a spouse who might not be totally honest with you, they might be using apps to keep things hidden from you. Basically, these apps offer space where people can hide things like photos, videos, and other files, and you would never know by looking at their phone.

appsKnown as vault apps, since they serve as a vault for storage, some examples are Ky-Calc, Calculator Percent, and Calculator Vault. When you open any of these, it looks like a calculator…you can even use them as a calculator. However, when a secret code is entered, the user can store “secrets.” Consider Ky-Calc. it has a folder for image storage, a secret internet browser, and even keeps a separate contact list.

Though you probably don’t want your kid hiding things from you, at the end of the day, that’s child’s play compared to the real danger that is hiding behind these apps. Yes, they are popular among teens and cheating spouses, but they are also popular among predators. These bad people will engage with teens or even younger children, online, and then ask them to download an app like this. They can easily communicate without you ever noticing.

Here is some more information about vault apps that every parent, or of course spouse, should know:

  • Vault apps aren’t as safe as someone using them might think. You can still take a screen shot and share it with someone else.
  • These apps look and act just like any similar app. Generally, they are calculators, and even work like calculators, but are ultimately unlocked with a secret code.
  • If you look at someone’s phone and you see more than one calculator app on it, there is probably something funny going on. All mobile smart phones come with a calculator.
  • These apps are very easy to find, and they are generally free. You can find them by searching “photo vault,” “ghost apps,” “hidden apps,” or more, in the App Store or Google Play Store.
  • You also might be surprised to hear that teens often compete amongst their peers to see what type of content they can hide on these apps.
  • Almost all teens who use mobile phones know about these apps. You shouldn’t be surprised if kids as young as 12, and sometimes even younger, are using them.

As a parent, and even as a spouse, you should be digging into your family’s phones. There should be open and honest discussions about this, and it should not be considered taboo, especially when it comes to a loved one. With children, they should not expect any privacy until the age of 18. With a spouse, trust is a fundamental requirement. And if there’s a lack of trust, it is generally because something is going on wrong.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

How to Avoid Bad Apps

If you think there’s like a million apps out there, that’s not exactly an exaggeration. For sure, there are more than you can imagine, which makes it easy to conceive that many certainly come with security problems.

In fact, out of the top 25 most popular apps, 18 of them bombed on a security test from McAfee Labs recently.

Creators of apps put convenience and allure ahead of security. This is why so many apps don’t have secure connections—creating welcome mats for hackers; they get into your smartphone and get your passwords, usernames and other sensitive information.

Joe Hacker knows all about this pervasive weakness in the app world. You can count on hackers using tool kits to aid in their quest to hack into your mobile device. The tool kit approach is called a man-in-the-middle attack.

The “man” gets your passwords, credit card number, Facebook login information, etc. Once the hacker gets all this information, he could do just about anything, including obtaining a credit line in your name and maxing it out, or altering your Facebook information.

You probably didn’t know that smartphone hacks are becoming increasingly widespread.

bad-apps

So what can you do?

  • Stay current – Know that mobile malware is growing and is transmitted via malicious apps.
  • Do your homework – Research apps, read reviews, and check app ratings before you download.
  • Check your sources – Only download apps from well-known, reputable app stores.
  • Watch the permissions – Check what info each app is accessing on your mobile devices and make sure you are comfortable with that.
  • Protect your phone – Install comprehensive security on your mobile devices to keep them protected from harmful apps.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Can an App really act as a Bodyguard?

In the event of an attack, new smartphone applications can be used to send an alarm to a pre-chosen person. And the potential victims location can then be tracked.

1SDBut is this faster and more secure than a woman whipping out pepper spray and blasting a drunken buffoon who has her cornered in a parking garage at night?

No.

Apps meant for personal security are simply one layer of protection but in no way should be relied upon for personal protection. I mean, come on!!!! IT’S AN APP!!!!!!!

For the iPhone and Android, one such app is called STOP-ATTACK. This can be programmed to call 9-1-1. Once this app is activated it will record video and audio that gets sent to a cloud. This way, you’ll have evidence of who was on top of whom or if someone really did reach into their pocket and pull out a metallic-looking object.

The threatening person won’t even know he’s being recorded. STOP-ATTACK also has an alarm and light that, once triggered, might scare off the perpetrator. It can be activated without actually logging into your phone if your device normally requires a security code. You get all this for $3.99 per year.

Will STOP-ATTACK actually stop an attack? NO. The name is misleading.

Others are out there (e.g., StaySafe, Circle of 6, Panic and Guardly), but the bottom line is that there’s really no reason not to have one—even if you’re a big brute. Women concerned about assault represent one slice of the pie. Muggings over smartphones are getting more common, and often, victims are men.

Like with the can of mace, the potential victim needs to be prepared to handle the smartphone’s security feature very quickly, even slyly, before the perpetrator can grab it—whether he just wants the phone or wants to commit assault. So if the phone is in a woman’s purse while she’s walking around town alone past midnight, it does no good.

Nevertheless, an application like this adds a layer of security to the user. The user needs to insert some human factor into the equation when a threat arises. If a woman senses danger, and she must dig into the deep crevasses of her purse to locate her smartphone…she could have already bolted from danger or leveled a right hook into the would-be assailant’s temple. A trained woman can debilitate an attacker with proper training. But please, DO NOT rely on an app to protect you.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Mobile Apps Failing Security Tests

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

6WYou may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

  • Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
  • Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
  • Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
  • Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Mobile Apps Failing Security Tests

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

5WYou may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

  • Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
  • Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
  • Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
  • Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Expect all Free Mobile Apps to leak your Data

Mashable.com says that recently over 98,000 photos have been leaked from Snapsaved.com, which has shut down. The Snapchat app makers won’t take any credit, even though previously, 4.7 million phone numbers and usernames were leaked. The company seems indifferent, though this May, they reached a settlement with the FTC.

5WSnapchat blames third-party sites and apps for the leakage, and also users of Snapchat (mostly teens), rather than their servers being hacked, but can’t explain how this is. Nevertheless, there’s a problem with Snapchat’s product.

Third parties can come up with their own applications to interact with Snapchat. Anyone can construct an application to the Snapchat service. People like these apps even though they violate the TOS. And Snapchat, thanks to its flawed infrastructure, can’t tell legitimate traffic from third-party traffic.

Snapchat doesn’t consider that users could be communicating with people who are using third-party apps. To date, people using Snapchat to send an image can’t trust that privacy won’t be compromised. How would the user know that the receiver of the image isn’t using a third-party app that ultimately can unleash the images for all to see?

But Snapchat insists that the images can disappear rather than be shared. Snapchat is failing to inform users that their images can be leaked. Though the way that Snapchat’s terms of use is worded protects them legally, there’s a morality issue when the company expects its users (mostly ages 13-17) to have the wits to know about third-party users violating terms of use.

Snapchat says it has removed dozens of third-party apps from key app stores. But this doesn’t stop new websites and apps from appearing. And you can’t rid an app from every app store. What users can do in the meantime is realize that Snapchat is not secure, and to be careful whom you Snap with. Snapchat is about fun, not privacy.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Removing Location data from Mobile Pics

Those cutesy photos in your phone of your puppy can reveal your location because the images leave footprints leading straight to your home. The trace data is called EXIF: exchangeable image file format. It may contain GPS coordinates of where you took the photos.

6WApple’s and Google’s smartphones ask owners if it’s okay to access their location. Click “okay,” and this means every photo you take gets tagged with GPS coordinates. Thieves look for this information, which remains with images that are uploaded to Flickr, Photobucket, etc. (Facebook strips EXIF.) Crooks or pervs can then use Google Maps to get your exact location.

Prevent Geotagging: Six Steps

  • For social media applications, turn off the location services.
  • For iPhone, go to Settings, Privacy, Location Services, and turn off the location services.
  • For Android, go to Settings, Location Services, and turn off the location services.
  • There are apps such as Pixelgarde that wipe geotags from existing online photos.
  • For computers, Windows can strip out the EXIF; just right click the image, click Properties, then in the “details” tab, hit the Remove Properties and Personal Information.
  • Mac users can use XnView, but this bulk-stripper works also for Windows.
  • Run Hotspot Shield which masks your IP address creating an incomplete profile of location data.

Many people don’t even know that photos store location information. You’re a walking map unless you take certain steps to protect your privacy. With those pictures you take with a smartphone camera, you also record all sorts of goodies like shutter speed, type of camera, date the image was taken, and of course…GPS coordinates. Here are the details for protecting your privacy:

Windows Phones

  • Select photos in Windows Explorer.
  • Right-click them, hit Properties.
  • Beneath the Details tab, click “Remove Properties and Personal Information.”
  • A window will pop up; hit Okay.
  • You’ll see a copy of each right-clicked photo in that same folder. The copied images are safe to upload.

Mac OS X

  • Use an app called SmallImage. Download the file.
  • Open the app; drag photos into its window.
  • Uncheck the box called “Recompress at quality.”
  • Click “Process,” and the copied photos will appear in the folder.
  • To replace the original photos rather than make duplicates, uncheck the “Add Suffix” box.

Linux

  • You’ll need a tool, EXIFTool. Install it on Ubuntu by running this command: sudo apt-get install libimage-exiftool-perl.
  • Next, to create clean copies of your photos, cd to their folder, then run: exiftool -all= *.jpg.
  • It will then generate copies of the photos

There exist a number of other programs for removing location data from your mobile phone, but the steps described here are among the easiest.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

United Airlines Passport Scanning Mobile App: is it safe?

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

How much easier international travel is for United Airlines fliers: They can now use their iOS or Android device to scan their passports.

PP

If a customer checks in with United’s mobile application for international flights, they can access the passport-scanning feature. One can check in within 24 hours of departure. Fliers will get an option to confirm their stored passport data or to scan their passport.

If a customer chooses the scan, the app will use the smartphone’s camera to capture passport information. United says this is “similar to a mobile banking deposit.” The flier can retrieve the boarding pass after the passport scan is verified.

United says that their passport scanning feature is very time-saving and gives fliers more control.

Since it’s launch, Ive been asked by multiple outlets in regards to its security and the safety of this application, as it pertains to possible data breaches. The company who created the apps backbone is “Jumio” and by all accounts, they seem top notch.

It’s important consumers never blindly download or use any application without doing some due diligence. This is what I found;

Jumio states: “Jumio is PCI Level 1 compliant and regularly conducts security audits, vulnerability scans and penetration tests to ensure compliance with security best practices and standards. To demonstrate PCI compliance a yearly on-site validation assessment by a QSA is carried out. Jumio carries the security controls established to achieve PCI compliance over to PII data which is of comparable sensitivity and has extended the scope of such controls to cover and protect all systems used to transmit/process/store PII data. Doing so, provides Jumio with a coherent and independently tested set of security policies/processes/controls and enables Jumio’s customers to gain confidence that their data – be it credit card or PII – is handled in a secure manner throughout its lifetime.”

This is great. Now let’s hope my airline, Delta, signs on too!

And again, know what you’re getting into with any app because the Wall Street Journal ran a report in 2010 warning people of app developers’ missing transparency. And yes, we’ve come a long way in 4 years but 101 popular applications for iPhone and Android were examined. It turned out that 56 actually transmitted the mobile device’s unique ID to other companies. This was done without the user’s consent or even awareness.

Forty-seven of the apps transmitted the device’s location. Five of the applications sent gender, age and other personal data to outsiders.

This shows how intent that online-tracking companies are at collecting private information on people. Kind of makes you think of that song, “Every Breath You Take,” by the Police, especially the part that goes, “I’ll be watching you.”

Trackers know what apps the user is downloading, how often they’re used and for how long, the whole works. And there’s been no meaningful action taken to curb this. It’s all about money. (Isn’t everything?)

The more “they” know about the user, the more targeted ads will come the user’s way. If they know you love shoes, ads about shoes will pop up. However, all this “transmitted” personal information can also be used for ID theft and other criminal purposes.

Solution:

Be aware. Don’t just blindly downloads and use an application. Do your research, read the terms and conditions and/or terms of service.

The user must weigh the risks and benefits when downloading the next application. In addition, download only from a reputable app store—after you’ve read user reviews and the app’s privacy policy regarding how much personal information it will get into and share.

Other tips include avoiding conducting smartphone transactions over unsecured Wi-Fi connections and keeping the software current in your smartphone: keeping up to date on its operating system, security software and browser.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Tech Tips and Disaster Prep Planning

A 93-year-old woman survived Hurricane Sandy, but not before her family went through hell wondering if she was alive, being that her landline was down and she had no cellphone. Lesson learned: Elderly people who live alone should have a cellphone. This technology is available; use it.

7WTexting

With today’s technology, it’s easier than ever to prepare and plan for disasters. Texting seems more functional than calls when lines are jammed say in a tornado-ravaged town (or the Marathon bombings) with no conventional phone lines, or working lines that are jammed.

Prepare by getting used to texting and making sure all family members are savvy with it. Stage mock disasters by texting from dark closets, traffic jams and outside “buried” in a snowdrift.

Keeping updated

Make a list or bookmark the websites for state and local governments, since they will have real-time updates on catastrophes (mud slides, tornadoes, wildfires, etc.). Google “emergency management” for your county or city to get started. Follow local police and other agencies on Twitter and Facebook. Example: the world and media followed the Boston Polices Twitter page all through the bombings all the way to the capture.

Emergency apps

Smartphone apps will also keep you updated such as those from the American Red Cross. There are apps for first aid, earthquakes, hurricanes, wildfires and more, even one for a shelter finder.

Non-tech Preparedness

Before a calamity hits, stock up on water, non-perishable food, first aid supplies, flashlights, other tools, etc. Consider a cloud storage system for things like insurance cards. Practice accessing it.

Keep cool, stay informed

Don’t panic. But at the same time, don’t lose sight of the gravity of a situation. People of all ages need to keep pace with evolving technology and use it to your advantage. .

Take advantage of today’s technology to prepare for disasters—even if it’s just to tell a loved-one, “I’m safe.”

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Is That Mobile Application Invading My Privacy?

Facebook now offers “Home.” Facebook says “With Home, everything on your phone gets friendlier. From the moment you turn it on, you see a steady stream of friends’ posts and photos. Upfront notifications and quick access to your essentials mean you’ll never miss a moment. And you can keep chatting with friends, even when you’re using other apps. Cover feed puts the spotlight on whatever friends are sharing now—photos, status updates, links and more.”

CNN reports “Built-in GPS technology means smartphones know where a person is at any given time. Phones with Facebook Home could access this information at any time to determine what businesses or neighborhoods you visit the most or even where you live. That data could then be used to serve up a more personalized ad, such as a coupon for a store you’re near or coffee shop you visit every Sunday. A Facebook representative told CNN that Home will not actively track users’ GPS location.”

Back in 2010, The Wall Street Journal was already warning us about app developers’ lack of transparency with regard to their intentions:

An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.28

One developer of online ads and mobile apps acknowledged, “We watch what apps you download, how frequently you use them, how much time you spend on them, how deep into the app you go.”

And since then, our level of engagement with mobile apps has only increased, while no meaningful steps have been taken to prevent applications’ access to your data. The motivation here is money. The more they know about you, the more targeted ads they can deliver, and the more likely you are to buy. The information also can be abused for identity theft and other malicious purposes.

Facebook Home may have the best intentions and could very well be a great addition for any heavy Facebook user. And keep in mind, every application you install wants more access to who/what/where/when about you so they can send you targeted ads.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures