Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Your Smartphone is Watching You: Dangerous Security Holes in Tracker Apps

13.08.2018

Fraunhofer scientists find vulnerabilities in apps: Complete surveillance of smartphones possible. Millions of installations affected.

Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities. Scientists from the Fraunhofer Institute for Secure Information Technology have analyzed popular tracker apps available in the Google Play Store – the result: not even one of them was secure; all had serious security flaws.


Many tracker apps contain serious security vulnerabilities.

Fraunhofer SIT


Thousands of people can be tracked in real-time.

Fraunhofer SIT

Attackers can exploit these vulnerabilities to generate movement profiles, to read chats and text messages, and to view pictures.

A particularly precarious fact: attackers do not have to monitor each individual phone but can simultaneously attack millions of users, who have these apps installed on their smartphones. The researchers presented their results for the first time at the DEF CON Hacking Conference in Las Vegas on August 11.

Monitoring or tracker apps allow the consensual surveillance of smartphone users. For example, parents use such an app to monitor where their children are or which messages and pictures they post online. Using these apps is legal as long as the person under surveillance has agreed to it.

Fraunhofer SIT scientists from the ethical hacking group TeamSIK have analyzed 19 legal tracker apps offered in the Google Play Store. According to Google, these apps have been installed several million times over.

The scientists reviewed how the apps protect the highly sensitive user data they gather. The result: All apps showed severe vulnerabilities, not a single application was programmed with default security features in place. The researchers found 37 vulnerabilities in total.

Most apps store the highly sensitive data on a server in plain text, without any proper form of encryption. “We only had to open up a certain website and guess or enter a user name into the URL to retrieve an individual’s movement profile“, explains Fraunhofer head of project Siegfried Rasthofer.

The vulnerabilities not only affected individual users. Instead, the researchers were able to read out complete movement profiles for all app users, all of which were stored unprotected on that server. “With this, thousands of people can be tracked in real-time“, says Rasthofer.

These apps allow attackers to retrieve metadata such as a person’s whereabouts, and to read or view contents including SMS messages and images of the monitored app users. “It enables total surveillance“, explains Stephan Huber, Fraunhofer SIT researcher and member of TeamSIK.

The scientists also succeeded in reading the app users’ login information. Mostly, the apps used improper encryption or no encryption at all. In the backend of one app alone, the research team found 1.7 million valid login credentials that were freely accessible. The Fraunhofer researchers informed the app providers and Google Play Store team. Meanwhile, the Google Play Store team has deleted 12 of the 19 analyzed apps from the store. Notably, some app developers did not react to the team’s vulnerability reports.
More information at https://team-sik.org/trent_portfolio/in-security-of-tracking-apps/ .

Press contact: Oliver Küch, presse@sit.fraunhofer.de

Oliver Küch | Fraunhofer-Institut für Sichere Informationstechnologie SIT
Further information:
http://www.sit.fraunhofer.de/

More articles from Information Technology:

nachricht Quantum computers by AQT and University of Innsbruck leverage Cirq for quantum algorithm development
16.09.2019 | Universität Innsbruck

nachricht Artificial Intelligence speeds up photodynamics simulations
12.09.2019 | University of Vienna

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Happy hour for time-resolved crystallography

Researchers from the Department of Atomically Resolved Dynamics of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science in Hamburg, the University of Hamburg and the European Molecular Biology Laboratory (EMBL) outstation in the city have developed a new method to watch biomolecules at work. This method dramatically simplifies starting enzymatic reactions by mixing a cocktail of small amounts of liquids with protein crystals. Determination of the protein structures at different times after mixing can be assembled into a time-lapse sequence that shows the molecular foundations of biology.

The functions of biomolecules are determined by their motions and structural changes. Yet it is a formidable challenge to understand these dynamic motions.

Im Focus: Modular OLED light strips

At the International Symposium on Automotive Lighting 2019 (ISAL) in Darmstadt from September 23 to 25, 2019, the Fraunhofer Institute for Organic Electronics, Electron Beam and Plasma Technology FEP, a provider of research and development services in the field of organic electronics, will present OLED light strips of any length with additional functionalities for the first time at booth no. 37.

Almost everyone is familiar with light strips for interior design. LED strips are available by the metre in DIY stores around the corner and are just as often...

Im Focus: Tomorrow´s coolants of choice

Scientists assess the potential of magnetic-cooling materials

Later during this century, around 2060, a paradigm shift in global energy consumption is expected: we will spend more energy for cooling than for heating....

Im Focus: The working of a molecular string phone

Researchers from the Department of Atomically Resolved Dynamics of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science in Hamburg, the University of Potsdam (both in Germany) and the University of Toronto (Canada) have pieced together a detailed time-lapse movie revealing all the major steps during the catalytic cycle of an enzyme. Surprisingly, the communication between the protein units is accomplished via a water-network akin to a string telephone. This communication is aligned with a ‘breathing’ motion, that is the expansion and contraction of the protein.

This time-lapse sequence of structures reveals dynamic motions as a fundamental element in the molecular foundations of biology.

Im Focus: Milestones on the Way to the Nuclear Clock

Two research teams have succeeded simultaneously in measuring the long-sought Thorium nuclear transition, which enables extremely precise nuclear clocks. TU Wien (Vienna) is part of both teams.

If you want to build the most accurate clock in the world, you need something that "ticks" very fast and extremely precise. In an atomic clock, electrons are...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

Society 5.0: putting humans at the heart of digitalisation

10.09.2019 | Event News

Interspeech 2019 conference: Alexa and Siri in Graz

04.09.2019 | Event News

AI for Laser Technology Conference: optimizing the use of lasers with artificial intelligence

29.08.2019 | Event News

 
Latest News

Stroke patients relearning how to walk with peculiar shoe

18.09.2019 | Innovative Products

Statistical inference to mimic the operating manner of highly-experienced crystallographer

18.09.2019 | Physics and Astronomy

Scientists' design discovery doubles conductivity of indium oxide transparent coatings

18.09.2019 | Materials Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>