Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Your Smartphone is Watching You: Dangerous Security Holes in Tracker Apps

13.08.2018

Fraunhofer scientists find vulnerabilities in apps: Complete surveillance of smartphones possible. Millions of installations affected.

Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities. Scientists from the Fraunhofer Institute for Secure Information Technology have analyzed popular tracker apps available in the Google Play Store – the result: not even one of them was secure; all had serious security flaws.


Many tracker apps contain serious security vulnerabilities.

Fraunhofer SIT


Thousands of people can be tracked in real-time.

Fraunhofer SIT

Attackers can exploit these vulnerabilities to generate movement profiles, to read chats and text messages, and to view pictures.

A particularly precarious fact: attackers do not have to monitor each individual phone but can simultaneously attack millions of users, who have these apps installed on their smartphones. The researchers presented their results for the first time at the DEF CON Hacking Conference in Las Vegas on August 11.

Monitoring or tracker apps allow the consensual surveillance of smartphone users. For example, parents use such an app to monitor where their children are or which messages and pictures they post online. Using these apps is legal as long as the person under surveillance has agreed to it.

Fraunhofer SIT scientists from the ethical hacking group TeamSIK have analyzed 19 legal tracker apps offered in the Google Play Store. According to Google, these apps have been installed several million times over.

The scientists reviewed how the apps protect the highly sensitive user data they gather. The result: All apps showed severe vulnerabilities, not a single application was programmed with default security features in place. The researchers found 37 vulnerabilities in total.

Most apps store the highly sensitive data on a server in plain text, without any proper form of encryption. “We only had to open up a certain website and guess or enter a user name into the URL to retrieve an individual’s movement profile“, explains Fraunhofer head of project Siegfried Rasthofer.

The vulnerabilities not only affected individual users. Instead, the researchers were able to read out complete movement profiles for all app users, all of which were stored unprotected on that server. “With this, thousands of people can be tracked in real-time“, says Rasthofer.

These apps allow attackers to retrieve metadata such as a person’s whereabouts, and to read or view contents including SMS messages and images of the monitored app users. “It enables total surveillance“, explains Stephan Huber, Fraunhofer SIT researcher and member of TeamSIK.

The scientists also succeeded in reading the app users’ login information. Mostly, the apps used improper encryption or no encryption at all. In the backend of one app alone, the research team found 1.7 million valid login credentials that were freely accessible. The Fraunhofer researchers informed the app providers and Google Play Store team. Meanwhile, the Google Play Store team has deleted 12 of the 19 analyzed apps from the store. Notably, some app developers did not react to the team’s vulnerability reports.
More information at https://team-sik.org/trent_portfolio/in-security-of-tracking-apps/ .

Press contact: Oliver Küch, presse@sit.fraunhofer.de

Oliver Küch | Fraunhofer-Institut für Sichere Informationstechnologie SIT
Further information:
http://www.sit.fraunhofer.de/

More articles from Information Technology:

nachricht One Step Ahead: Adaptive Radar Systems for Smart Driver Assistance
20.09.2018 | Fraunhofer-Institut für Hochfrequenzphysik und Radartechnik FHR

nachricht Enjoying virtual-reality-entertainment without headache or motion sickness
19.09.2018 | Fraunhofer-Institut für Organische Elektronik, Elektronenstrahl- und Plasmatechnik FEP

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Scientists present new observations to understand the phase transition in quantum chromodynamics

The building blocks of matter in our universe were formed in the first 10 microseconds of its existence, according to the currently accepted scientific picture. After the Big Bang about 13.7 billion years ago, matter consisted mainly of quarks and gluons, two types of elementary particles whose interactions are governed by quantum chromodynamics (QCD), the theory of strong interaction. In the early universe, these particles moved (nearly) freely in a quark-gluon plasma.

This is a joint press release of University Muenster and Heidelberg as well as the GSI Helmholtzzentrum für Schwerionenforschung in Darmstadt.

Then, in a phase transition, they combined and formed hadrons, among them the building blocks of atomic nuclei, protons and neutrons. In the current issue of...

Im Focus: Patented nanostructure for solar cells: Rough optics, smooth surface

Thin-film solar cells made of crystalline silicon are inexpensive and achieve efficiencies of a good 14 percent. However, they could do even better if their shiny surfaces reflected less light. A team led by Prof. Christiane Becker from the Helmholtz-Zentrum Berlin (HZB) has now patented a sophisticated new solution to this problem.

"It is not enough simply to bring more light into the cell," says Christiane Becker. Such surface structures can even ultimately reduce the efficiency by...

Im Focus: New soft coral species discovered in Panama

A study in the journal Bulletin of Marine Science describes a new, blood-red species of octocoral found in Panama. The species in the genus Thesea was discovered in the threatened low-light reef environment on Hannibal Bank, 60 kilometers off mainland Pacific Panama, by researchers at the Smithsonian Tropical Research Institute in Panama (STRI) and the Centro de Investigación en Ciencias del Mar y Limnología (CIMAR) at the University of Costa Rica.

Scientists established the new species, Thesea dalioi, by comparing its physical traits, such as branch thickness and the bright red colony color, with the...

Im Focus: New devices based on rust could reduce excess heat in computers

Physicists explore long-distance information transmission in antiferromagnetic iron oxide

Scientists have succeeded in observing the first long-distance transfer of information in a magnetic group of materials known as antiferromagnets.

Im Focus: Finding Nemo's genes

An international team of researchers has mapped Nemo's genome

An international team of researchers has mapped Nemo's genome, providing the research community with an invaluable resource to decode the response of fish to...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

One of the world’s most prominent strategic forums for global health held in Berlin in October 2018

03.09.2018 | Event News

4th Intelligent Materials - European Symposium on Intelligent Materials

27.08.2018 | Event News

LaserForum 2018 deals with 3D production of components

17.08.2018 | Event News

 
Latest News

Glacial engineering could limit sea-level rise, if we get our emissions under control

20.09.2018 | Earth Sciences

Warning against hubris in CO2 removal

20.09.2018 | Earth Sciences

Halfway mark for NOEMA, the super-telescope under construction

20.09.2018 | Physics and Astronomy

VideoLinks
Science & Research
Overview of more VideoLinks >>>