Are YOUR apps spying on you? Researchers find anyone can create an Android app for just $25 to access sensors and track your every move


Technology has opened us up to a new world of information, but it has also opened up doors for cyber-thieves.

Researchers found that hackers can easily manipulate Android apps to track a user's location and traffic patterns without their knowledge or consent - and these apps launch in Google Play for just $25.

The team developed an algorithm for their own Android app, which inserted data from the phone's built-in sensors into graphs of real world roads, allowing them to 'see' users' exact paths.


HOW DID RESEARCHES CONDUCT THE STUDY?

Researcher at Northeastern University developed their own app to show just how easy it is for these data pirates to trail users.

The algorithm isn't using anything proprietary, instead, it checks against OpenStreetMap, a free and collaborative public database of maps and roads, reportsThe Daily Dot.

The app's algorithm attaches to a smartphone's accelerometer, gyroscope and magnetometer without being granted permission by the user.

During first portion of experiments, Noubir and his colleagues simulated drivers in 11 cities around the world including Berlin, London, Rome, Boston and Atlanta.

The second was done through real road trips, which the researchers traveled 1,000 over more than 70 different routes across Boston and Waltham, Massachusetts.

Scores of measurements from the phones' positions, which includes angles of turns and the trajectory of curves, for both tests were then collected once the driving was completed.

When an Android app wants to access sensitive information on a smartphone, such as accessing the GPS or Wi-Fi, it usually has to notify users before proceeding with the process.


However, some app creators place permission for this kind of access deep within the terms-of-use that users skip over.

Android apps are able to access key sensors linked to location, movement and orientation, without being given the go-ahead.

Researcher at Northeastern University developed their own app to show just how easy it is for data pirates to trail users.

According to Gue­vara Noubir, pro­fessor in the Col­lege of Com­puter and Infor­ma­tion Sci­ence, the algorithm isn't using anything proprietary, instead, it checks against OpenStreetMap, a free and collaborative public database of maps and roads, reportsThe Daily Dot.

'In our research we show that an app in fact does not need your GPS or Wi-​​Fi to track you,' says Noubir.

'Just using these sen­sors, which do not require per­mis­sions, we can infer where you live, where you have been, where you are going.'

To test the system's accuracy, the team conducted two separate studies.

The second was done through real road trips, which the researchers traveled 1,000 kilometers over more than 70 different routes across Boston and Waltham, Massachusetts.


SECURITY FLAW IN 900 MILLION ANDROID DEVICES COULD LET HACKERS RUN WILD

Owners of Android phones have been warned of a serious security flaw that could give attackers complete access to a phone's data.

The problem has been identified in software used in about 900 million Android phones, including the HTC One, and Sony Xperia Z Ultra.

While there is currently no evidence of the flaws being used by hackers, experts say it is a race as to who finds the bug first.

The glitch was found by researchers from Checkpoint, who posted about it in a blog.

The problem appears to affect phones which run on Qualcomm processors, which the blog estimates to be around 900 million devices.

Checkpoint discovered the problem after spending six months reversing Qualcomm's code.

They found that the problem lay in the software that handles graphics, and in the code that controls communication within the phone.

While the patches – fixes for the bug – have been distributed to the phone makers, it is still unclear how many of those companies have sent the update to their customers.

In the meantime, Checkpoint has created an app called 'QuadRooter Scanner', that allows users to check if their phone is vulnerable to the bug.

For each trip, the system then generated the five most likely paths taken and 50 percent of the time, one of the five paths generated by the algorithm was the correct route.

'Infer­ring a dri­ving pattern from an Android app can lead to much greater invasions of pri­vacy, such as where the user lives and works,' says Noubir.

'Addi­tional infor­ma­tion can then be gleaned by searching town and city public data­bases for, say, prop­erty tax records.'

'Adver­saries can recover lots of details through these side channels.'

Noubir suggests the best way to protect yourselves is to investigate apps before installing them and skips those that aren't familiar.



He also advises to uninstall apps you rarely use and make sure any apps you do use are not running in the background.

Since these findings reveal anyone can release an app on Google Play, the reseearchers believe Google has a role to play in ensuring the safety of its users.

Noubir told The Daily Dot that it was his team's opinion that Google 'should continue [its] effort investigating and mitigating the potential of privacy attacks, in particular side-channel attacks.'
Read the Original

Comments

Post a Comment

Popular posts from this blog

El-Rufai’s Son Killed In Auto Crash

Image
Former Minister of the Federal Capital Territory, FCT, Mallam Nasir El-Rufai, has lost one of his sons in a car crash. Hamza El-Rufai died Tuesday morning in Abuja. The former Minister and Chieftain of the All Progressive Congress, APC, broke the news on his faceboook page today. El-Rufai wrote: “From Allah, we came and to Him we shall return. Please join our family in praying for the repose of the soul of my son, Hamza El-Rufai who died in a motor accident in Abuja.” See more photo below:
Read more

Kim Kardashian blasts Kendall Jenner – “I bought her a F***ING career!”

Image
There will be no shortage of family drama in season 10 of Keeping Up With The Kardashians. The first look trailer released Monday for the upcoming season of the highly-popular E! series features plenty of fights, sex, romance and even infringement claims for reality television's favourite family. In one of the more tense moments in the clip, Kim Kardashian appears to lash out at younger sister Kendall Jenner, who has a fast growing modelling career.
Read more

Billy Bob Thornton Denies Sleeping With Amber Heard

Image
The domestic violence case between Amber Heard and Johnny Depp is getting messier by the minute, and now they're dragging other people in the midst of their conflict. Depp apparently accused his wife of cheating on him with Billy Bob Thornton back in 2015, but the actor has completely denied all allegations. 'Our Brand Is Crisis' star Billy Bob Thornton has branded the suggestion that he slept with Amber Heard during the production of their latest movie 'London Fields' as 'completely false' according to reports from TMZ . The story is that he 'never socialized with Amber off set, other than a cast dinner', and adds that he had no on-set contact with her either, other than in a professional capacity. Of course, in the movie, their character's are close; it follows the story of a manipulative young woman named Nicola Six (Heard) who strings along three men including a writer named Samson Young (Thornton) in a bid to bring about her own murder. Jo
Read more