866-629-3757

Free Consulation

Call 866-629-3757

Posts Tagged ‘Mobile’

Beware: Free Google Play Flashlight Apps Could Cost You

March 24th, 2015 | Cyber, Privacy, Security | 0 Comments

malicious-apps

March 24, 2015

By Stephanie Kent
Investigative Research Assistant

Why would you go to the store and pay $0.99 for a flashlight keychain when you could just download a free flashlight app from the Google Play Store? Perhaps because the latter could cost you your privacy, your identity and thousands more dollars in the long run.

Researchers have found that the most popular flashlight applications are secretly stealing personal data stored on users’ mobile devices. Gary Miliefsky, cybersecurity expert and CEO of SnoopWall, has called this issue “bigger than Ebola,” as he explains that “500 million people are infected without knowing it.” Based on his company’s research, Mr. Miliefsky asserts that “the top ten flashlight apps from the Google Play Store are all malware; they’re all malicious; they’re all spying; they’re all snooping; they’re all stealing.” It’s a costly assumption that these applications solely function as flashlights. Upon one click of the app, they can access and store any information you have ever entered on your device. Masses of such stolen data have been tracked and linked to three countries: China, India and Russia. Mr. Miliefsky states that this personal information is primarily used for criminal purposes, but also provides nation states an easy way to collect information on Americans.¹

How do they get away with this?

Let me refer you to a recent lawsuit: the Brightest Flashlight application was sued by the FTC for this malicious activity. As part of the settlement, Brightest Flashlight agreed to construct a 25-page Privacy Policy essentially stating that by accepting the terms and conditions, the user is allowing the application to access all personal data stored on the device. At the time of the lawsuit, Brightest Flashlight had 50 million downloads. Now, it has approximately 100 million downloads. Clearly, people are not reading the Privacy Policy.

What are the top-ten flashlight apps from the Google Play Store that have access to personal information?

 1. Super-Bright LED (Surpax Technology Inc.)
 2. Brightest Flashlight Free (GoldenShores Technologies, LLC)
 3. Tiny Flashlight + LED (Nikolay Ananiev)
 4. Flashlight (Zerone Mobile)
 5. Flashlight (Mobile Apps Inc)
 6. Brightest LED Flashlight (Intellectual Flame Co., Ltd.)
 7. Color Flashlight (Notes)
 8. High-Powered Flashlight (iHandy Inc.)
 9. Flashlight HD LED (smallte.ch)
10. Flashlight: LED Torch Light (Mobile Apps Inc)

What if I have already downloaded a malicious app?

First, uninstall the application from your device(s). Then, backup your crucial data (family photos, contacts, etc.). Finally, take your phone in for a factory reset, which will wipe hidden data areas where malicious trojans have been installed by the application.

Note: Simply uninstalling the app is not always sufficient, as trojans often operate in the background while you do important things on your phone, like mobile banking or online shopping!

How do we know which apps are safe?

1. Read the privacy policies! That means scroll and read through every page, and make sure they aren’t blatantly telling you they’re going to access your personal information.
2. Take note of the application size. Ex: Safe flashlight apps should be under 100KB. The malicious flashlight apps are generally 1.2+MB. Any flashlight around 1.2MB or larger is suspect – that is an abnormally large file to just turn a light on and off.
3. Know the features to which each app is requesting access. If the app requests information beyond the requirements for that particular app function, don’t install it!
Ex: If Google Maps wants access to your GPS, that makes sense! However, if Angry Birds or Candy Crush (for example) wants access to your GPS, you should be skeptical!

Note: 82% of malicious apps send, receive, read or write SMS messages. Very few legitimate apps require any SMS permissions; 10% of spying apps ask for permission to install other apps – another unlikely requirement of legitimate apps.²

How can we protect our smartphones and ourselves from eavesdroppers and privacy breaches?

Common sense goes a long way when it comes to protecting our personal information. In order to accept this responsibility, we must recognize that our smartphones can be serious threats if not properly protected. Take the following free and easy steps to better safeguard your smartphone:

1. Disable your GPS and Bluetooth after each use. They should never be running when it’s not necessary.
2. Permanently disable your NFC (Near Field Communications) or, on Apple devices, your iBeacon.
3. Verify all app requirements and privacy risks before installing. Do some research and ask yourself “why is this app requesting access to my GPS, microphone, webcam, contacts, etc.?” Most apps only use these ports if they intend to invade your privacy. Don’t install these risky applications – there are usually safe alternatives.
4. iPhone users: Go to “Settings” > “Privacy” and see which apps request which information. You may switch a particular application to “Off” if you do not want it linking to certain data (like your contacts or photos, for example).
5. Either cover your webcam and microphone or disable your smartphone when you are not using it. This may sound extreme, but it will ensure your personal safety. It’s better to err on the side of caution when it comes to identity theft!³

If you or your organization has fallen victim to any malicious cyber activity, contact Jennings Smith Associates toll-free today at 866-629-3757 for a free consultation or visit us online at www.jsainvestigations.com.

Sources:
¹https://www.youtube.com/watch?v=Q8xz8xKEFvU
²https://www.websense.com/assets/reports/websense-2013-threat-report.pdf
³http://www.snoopwall.com/threat-reports-10-01-2014/

Top 3 Cyber Crime Trends Expected in 2013

January 18th, 2013 | Cyber, Privacy, Private Investigator, Security | 0 Comments

Each year it seems that cyber crime is getting worse and worse. With all the amazing and astonishing hurdles that technology has helped us overcome, with every positive, there are usually multiple negatives that follow along behind.

Top 3 Cyber Crime Trends for 2013

One of those negatives is the ability of some highly knowledgeable individuals to hack banks, steal identities, and more using technology. Here are the top three cyber crime trends that are expected for 2013.

The Mobile Speedy Pay

There are many applications now available to consumers that allow for “easy” banking, payments, and more. Of course this sounds great to consumers as we are always looking for faster methods of doing things. However, with these speedy pay applications come the higher risk of someone getting ahold of your information and using it without your knowledge to purchase goods. The scariest aspect about these speedy payment applications is that they are the most dangerous when using them in busier areas such as airports. Someone who has the technological capability to get this information will have a field day at an airport.

Malicious Applications

Although mobile applications have been around for a while now, it’s taken a while for many hackers to figure out exactly how to hack into phones. However, some of done this very successfully, and we now expect others to learn the same process. The issue with this is that they don’t want to hack your phone to get access to your confidential information, they want to hack into your phone, get into your App Store (which has your credit card information), and purchase “Malicious Applications” where the money used to purchase them goes directly to them (the hacker) so it’s easy money in their pocket.

Mobile Malware

We all know how large the problem with malware is when dealing with PCs and laptops, so it was just a matter of time before there was a type of malware created to infect mobile devices. And apparently 2013 is that time. This is when things get pretty crazy. Criminals can steal data from someone’s phone, and almost hold it until the phone owner pays ransom to retrieve the information. Of course this would only happen if the criminal got a hold of some highly confidential information.

Not wanting to scare you, we thought we would also share with you a few times on how to protect yourself from allowing any criminals the opportunity to get into your phone. Install security onto your phone such as Norton’s Mobile security programs. Always change your passwords about once per month and make them difficult.

Hope you found this blog post helpful and don’t forget to follow us on Twitter at @JenningsSmith

Why Your Mobile is at Risk for a Cyber Attack

January 10th, 2013 | Business Security, Cyber, Privacy, Private Investigator, Security | 0 Comments

We know that that little device that you carry around with you all day long, sleep with, and use the washroom with (we’re all guilty!) – is amazing. However, because of just how amazing it is, it also poses a danger. Users across the world are experiencing malware attacks everyday.

Why Your Mobile is at Risk for a Cyber Attack

With people using so many different types of applications such as banking applications, shopping applications, social media applications, and more, this is providing all the vital information to criminals around the world. Although so many people think changing their password to these applications regularly will keep them safe, the truth is that this amazing technology poses a major threat to users and their private and confidential information.

The main issue with these “hackers” is that they are experts in their field. These hackers aren’t high school schools, they are well trained professionals in the computer science industry.

Banks across the world are trying to find more and more methods of protecting their customers when using these applications, however, the reality is that with all these customers using these applications, once the hacker gets into the application, they have all the information they require to get access to your banking details, which is obviously terrifying for customers.

Please keep this in mind when you are using your mobile phone to check your bank accounts, pay bills, and transfer money.

Don’t forget to follow us on Twitter at @JenningsSmith

  • Jennings Smith Associates Professional Certifications

    • Professional Certified Investigator (PCI), ASIS International
    • Certified Protection Professional (CPP), ASIS International
    • Physical Security Professional (PSP), ASIS International
    • Certified Homeland Security Level 5 (CHS-V), American Board for Certification in Homeland Security
    • Certified Business Continuity Professional (CBCP), Disaster Recovery Institute International
    • Certified Healthcare Safety Professional (CHSP), Board of Certified Hazard Control Management
    • Certified Healthcare Emergency Professional (CHEP), Board of Certified Hazard Control Management
    • Certified Safety & Health Manager (CSHM), Institute for Safety and Health Management
    • Certified Hazard Control Manager (CHCM), Board of Certified Hazard Control Management
    • Certified Forensic Consultant (CFC), American College of Forensic Examiners International

    Certifications Continued

  • NEW SERVICE OFFERING

    Cyber Forensic Investigations

    JSA's cybersecurity experts are ready to assist you with a complete array of cybercrime protection, data recovery, and evidence collection services. Cyber forensic Investigations include: unauthorized data access; PII (personal identifiable information) exposure; IP (intellectual property/proprietary information) theft; employee social media/email/messaging abuse; ransomware data corruption; and more.

    Cyber Forensics Continued

  • Share

    Share
  • Major Credit Cards Accepted