866-629-3757

Free Consulation

Call 866-629-3757

Posts Tagged ‘cyber safety’

Beware: Free Google Play Flashlight Apps Could Cost You

March 24th, 2015 | Cyber, Privacy, Security | 0 Comments

malicious-apps

March 24, 2015

By Stephanie Kent
Investigative Research Assistant

Why would you go to the store and pay $0.99 for a flashlight keychain when you could just download a free flashlight app from the Google Play Store? Perhaps because the latter could cost you your privacy, your identity and thousands more dollars in the long run.

Researchers have found that the most popular flashlight applications are secretly stealing personal data stored on users’ mobile devices. Gary Miliefsky, cybersecurity expert and CEO of SnoopWall, has called this issue “bigger than Ebola,” as he explains that “500 million people are infected without knowing it.” Based on his company’s research, Mr. Miliefsky asserts that “the top ten flashlight apps from the Google Play Store are all malware; they’re all malicious; they’re all spying; they’re all snooping; they’re all stealing.” It’s a costly assumption that these applications solely function as flashlights. Upon one click of the app, they can access and store any information you have ever entered on your device. Masses of such stolen data have been tracked and linked to three countries: China, India and Russia. Mr. Miliefsky states that this personal information is primarily used for criminal purposes, but also provides nation states an easy way to collect information on Americans.¹

How do they get away with this?

Let me refer you to a recent lawsuit: the Brightest Flashlight application was sued by the FTC for this malicious activity. As part of the settlement, Brightest Flashlight agreed to construct a 25-page Privacy Policy essentially stating that by accepting the terms and conditions, the user is allowing the application to access all personal data stored on the device. At the time of the lawsuit, Brightest Flashlight had 50 million downloads. Now, it has approximately 100 million downloads. Clearly, people are not reading the Privacy Policy.

What are the top-ten flashlight apps from the Google Play Store that have access to personal information?

 1. Super-Bright LED (Surpax Technology Inc.)
 2. Brightest Flashlight Free (GoldenShores Technologies, LLC)
 3. Tiny Flashlight + LED (Nikolay Ananiev)
 4. Flashlight (Zerone Mobile)
 5. Flashlight (Mobile Apps Inc)
 6. Brightest LED Flashlight (Intellectual Flame Co., Ltd.)
 7. Color Flashlight (Notes)
 8. High-Powered Flashlight (iHandy Inc.)
 9. Flashlight HD LED (smallte.ch)
10. Flashlight: LED Torch Light (Mobile Apps Inc)

What if I have already downloaded a malicious app?

First, uninstall the application from your device(s). Then, backup your crucial data (family photos, contacts, etc.). Finally, take your phone in for a factory reset, which will wipe hidden data areas where malicious trojans have been installed by the application.

Note: Simply uninstalling the app is not always sufficient, as trojans often operate in the background while you do important things on your phone, like mobile banking or online shopping!

How do we know which apps are safe?

1. Read the privacy policies! That means scroll and read through every page, and make sure they aren’t blatantly telling you they’re going to access your personal information.
2. Take note of the application size. Ex: Safe flashlight apps should be under 100KB. The malicious flashlight apps are generally 1.2+MB. Any flashlight around 1.2MB or larger is suspect – that is an abnormally large file to just turn a light on and off.
3. Know the features to which each app is requesting access. If the app requests information beyond the requirements for that particular app function, don’t install it!
Ex: If Google Maps wants access to your GPS, that makes sense! However, if Angry Birds or Candy Crush (for example) wants access to your GPS, you should be skeptical!

Note: 82% of malicious apps send, receive, read or write SMS messages. Very few legitimate apps require any SMS permissions; 10% of spying apps ask for permission to install other apps – another unlikely requirement of legitimate apps.²

How can we protect our smartphones and ourselves from eavesdroppers and privacy breaches?

Common sense goes a long way when it comes to protecting our personal information. In order to accept this responsibility, we must recognize that our smartphones can be serious threats if not properly protected. Take the following free and easy steps to better safeguard your smartphone:

1. Disable your GPS and Bluetooth after each use. They should never be running when it’s not necessary.
2. Permanently disable your NFC (Near Field Communications) or, on Apple devices, your iBeacon.
3. Verify all app requirements and privacy risks before installing. Do some research and ask yourself “why is this app requesting access to my GPS, microphone, webcam, contacts, etc.?” Most apps only use these ports if they intend to invade your privacy. Don’t install these risky applications – there are usually safe alternatives.
4. iPhone users: Go to “Settings” > “Privacy” and see which apps request which information. You may switch a particular application to “Off” if you do not want it linking to certain data (like your contacts or photos, for example).
5. Either cover your webcam and microphone or disable your smartphone when you are not using it. This may sound extreme, but it will ensure your personal safety. It’s better to err on the side of caution when it comes to identity theft!³

If you or your organization has fallen victim to any malicious cyber activity, contact Jennings Smith Associates toll-free today at 866-629-3757 for a free consultation or visit us online at www.jsainvestigations.com.

Sources:
¹https://www.youtube.com/watch?v=Q8xz8xKEFvU
²https://www.websense.com/assets/reports/websense-2013-threat-report.pdf
³http://www.snoopwall.com/threat-reports-10-01-2014/

5 Tips for Being Cyber Safe

December 2nd, 2012 | Cyber, Privacy, Private Investigator, Security | 0 Comments

Going online today may seem innocent and completely harmless, but most people have no idea what actual dangers there are when going online. We’re not just talking about shopping either. Going online to chat, to pay bills, or posting information about yourself on social networks all can post dangers. Check out our top five tips on protecting yourself online.

Don’t Talk to Strangers

Cyber Safety

You probably think this is a ridiculous tip, but I’ve seen grown adults accept friend requests and skype requests from total strangers that they have no clue of who they are – and this can pose a danger. Hacker’s are amazing with technology these days and sometimes even just accepting a friend request from one could pose a huge threat. So play it safe and refuse those adding you online that you don’t know.

Always Log Off

I mean this! Even if you’re in the privacy of your own home, you should always log off of anything whether it be your Facebook account, LinkedIn account, bank account, or Skype, always log off. If you don’t log off, you are leaving the door wide open for others.

Passwords Are Key

A lot of people don’t realize how powerful passwords are. Some people have the mixconception that Hacker’s can get into your account with the password – and this is true but highly difficult. So most hacker’s are always looking for ways to crack the passwords of people’s accounts. Therefore it’s up to you to create a strong password – not your birth date.

MChild Locks

Some parents don’t like the idea of “spying” on their children, but after seeing some terrifying cases, I HIGHLY suggest that parents take the necessary precautions in protecting their children online. That includes setting time restraints on the internet – you can control this by actually setting it up that you’re wireless internet turns off at a certain time each night. You can also restrict certain websites from being visited.

Don’t Open Spam Emails

Some people think that opening up a spam email is harmless – it’s not. When you open up a spam email it can easily allow that sender to place something on your computer. So if you don’t know the sender, avoid opening it altogether.

Don’t forget to follow us on Twitter at @JenningsSmith

  • Jennings Smith Associates Professional Certifications

    • Professional Certified Investigator (PCI), ASIS International
    • Certified Protection Professional (CPP), ASIS International
    • Physical Security Professional (PSP), ASIS International
    • Certified Homeland Security Level 5 (CHS-V), American Board for Certification in Homeland Security
    • Certified Business Continuity Professional (CBCP), Disaster Recovery Institute International
    • Certified Healthcare Safety Professional (CHSP), Board of Certified Hazard Control Management
    • Certified Healthcare Emergency Professional (CHEP), Board of Certified Hazard Control Management
    • Certified Safety & Health Manager (CSHM), Institute for Safety and Health Management
    • Certified Hazard Control Manager (CHCM), Board of Certified Hazard Control Management
    • Certified Forensic Consultant (CFC), American College of Forensic Examiners International

    Certifications Continued

  • NEW SERVICE OFFERING

    Cyber Forensic Investigations

    JSA's cybersecurity experts are ready to assist you with a complete array of cybercrime protection, data recovery, and evidence collection services. Cyber forensic Investigations include: unauthorized data access; PII (personal identifiable information) exposure; IP (intellectual property/proprietary information) theft; employee social media/email/messaging abuse; ransomware data corruption; and more.

    Cyber Forensics Continued

  • Share

    Share
  • Major Credit Cards Accepted