Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Your Smartphone is Watching You: Dangerous Security Holes in Tracker Apps

13.08.2018

Fraunhofer scientists find vulnerabilities in apps: Complete surveillance of smartphones possible. Millions of installations affected.

Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities. Scientists from the Fraunhofer Institute for Secure Information Technology have analyzed popular tracker apps available in the Google Play Store – the result: not even one of them was secure; all had serious security flaws.


Many tracker apps contain serious security vulnerabilities.

Fraunhofer SIT


Thousands of people can be tracked in real-time.

Fraunhofer SIT

Attackers can exploit these vulnerabilities to generate movement profiles, to read chats and text messages, and to view pictures.

A particularly precarious fact: attackers do not have to monitor each individual phone but can simultaneously attack millions of users, who have these apps installed on their smartphones. The researchers presented their results for the first time at the DEF CON Hacking Conference in Las Vegas on August 11.

Monitoring or tracker apps allow the consensual surveillance of smartphone users. For example, parents use such an app to monitor where their children are or which messages and pictures they post online. Using these apps is legal as long as the person under surveillance has agreed to it.

Fraunhofer SIT scientists from the ethical hacking group TeamSIK have analyzed 19 legal tracker apps offered in the Google Play Store. According to Google, these apps have been installed several million times over.

The scientists reviewed how the apps protect the highly sensitive user data they gather. The result: All apps showed severe vulnerabilities, not a single application was programmed with default security features in place. The researchers found 37 vulnerabilities in total.

Most apps store the highly sensitive data on a server in plain text, without any proper form of encryption. “We only had to open up a certain website and guess or enter a user name into the URL to retrieve an individual’s movement profile“, explains Fraunhofer head of project Siegfried Rasthofer.

The vulnerabilities not only affected individual users. Instead, the researchers were able to read out complete movement profiles for all app users, all of which were stored unprotected on that server. “With this, thousands of people can be tracked in real-time“, says Rasthofer.

These apps allow attackers to retrieve metadata such as a person’s whereabouts, and to read or view contents including SMS messages and images of the monitored app users. “It enables total surveillance“, explains Stephan Huber, Fraunhofer SIT researcher and member of TeamSIK.

The scientists also succeeded in reading the app users’ login information. Mostly, the apps used improper encryption or no encryption at all. In the backend of one app alone, the research team found 1.7 million valid login credentials that were freely accessible. The Fraunhofer researchers informed the app providers and Google Play Store team. Meanwhile, the Google Play Store team has deleted 12 of the 19 analyzed apps from the store. Notably, some app developers did not react to the team’s vulnerability reports.
More information at https://team-sik.org/trent_portfolio/in-security-of-tracking-apps/ .

Press contact: Oliver Küch, presse@sit.fraunhofer.de

Oliver Küch | Fraunhofer-Institut für Sichere Informationstechnologie SIT
Further information:
http://www.sit.fraunhofer.de/

More articles from Information Technology:

nachricht Terahertz wireless makes big strides in paving the way to technological singularity
19.02.2019 | Hiroshima University

nachricht Gearing up for 5G: A miniature, low-cost transceiver for fast, reliable communications
19.02.2019 | Tokyo Institute of Technology

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Light from a roll – hybrid OLED creates innovative and functional luminous surfaces

Up to now, OLEDs have been used exclusively as a novel lighting technology for use in luminaires and lamps. However, flexible organic technology can offer much more: as an active lighting surface, it can be combined with a wide variety of materials, not just to modify but to revolutionize the functionality and design of countless existing products. To exemplify this, the Fraunhofer FEP together with the company EMDE development of light GmbH will be presenting hybrid flexible OLEDs integrated into textile designs within the EU-funded project PI-SCALE for the first time at LOPEC (March 19-21, 2019 in Munich, Germany) as examples of some of the many possible applications.

The Fraunhofer FEP, a provider of research and development services in the field of organic electronics, has long been involved in the development of...

Im Focus: Regensburg physicists watch electron transfer in a single molecule

For the first time, an international team of scientists based in Regensburg, Germany, has recorded the orbitals of single molecules in different charge states in a novel type of microscopy. The research findings are published under the title “Mapping orbital changes upon electron transfer with tunneling microscopy on insulators” in the prestigious journal “Nature”.

The building blocks of matter surrounding us are atoms and molecules. The properties of that matter, however, are often not set by these building blocks...

Im Focus: University of Konstanz gains new insights into the recent development of the human immune system

Scientists at the University of Konstanz identify fierce competition between the human immune system and bacterial pathogens

Cell biologists from the University of Konstanz shed light on a recent evolutionary process in the human immune system and publish their findings in the...

Im Focus: Transformation through Light

Laser physicists have taken snapshots of carbon molecules C₆₀ showing how they transform in intense infrared light

When carbon molecules C₆₀ are exposed to an intense infrared light, they change their ball-like structure to a more elongated version. This has now been...

Im Focus: Famous “sandpile model” shown to move like a traveling sand dune

Researchers at IST Austria find new property of important physical model. Results published in PNAS

The so-called Abelian sandpile model has been studied by scientists for more than 30 years to better understand a physical phenomenon called self-organized...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

Global Legal Hackathon at HAW Hamburg

11.02.2019 | Event News

The world of quantum chemistry meets in Heidelberg

30.01.2019 | Event News

Our digital society in 2040

16.01.2019 | Event News

 
Latest News

A Volcanic Binge And Its Frosty Hangover

21.02.2019 | Earth Sciences

Cleaning 4.0 in the meat processing industry – higher cleaning efficiency

21.02.2019 | Trade Fair News

New mechanisms regulating neural stem cells

21.02.2019 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>