Fraunhofer scientists find vulnerabilities in apps: Complete surveillance of smartphones possible. Millions of installations affected.
Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities. Scientists from the Fraunhofer Institute for Secure Information Technology have analyzed popular tracker apps available in the Google Play Store – the result: not even one of them was secure; all had serious security flaws.
Attackers can exploit these vulnerabilities to generate movement profiles, to read chats and text messages, and to view pictures.
A particularly precarious fact: attackers do not have to monitor each individual phone but can simultaneously attack millions of users, who have these apps installed on their smartphones. The researchers presented their results for the first time at the DEF CON Hacking Conference in Las Vegas on August 11.
Monitoring or tracker apps allow the consensual surveillance of smartphone users. For example, parents use such an app to monitor where their children are or which messages and pictures they post online. Using these apps is legal as long as the person under surveillance has agreed to it.
Fraunhofer SIT scientists from the ethical hacking group TeamSIK have analyzed 19 legal tracker apps offered in the Google Play Store. According to Google, these apps have been installed several million times over.
The scientists reviewed how the apps protect the highly sensitive user data they gather. The result: All apps showed severe vulnerabilities, not a single application was programmed with default security features in place. The researchers found 37 vulnerabilities in total.
Most apps store the highly sensitive data on a server in plain text, without any proper form of encryption. “We only had to open up a certain website and guess or enter a user name into the URL to retrieve an individual’s movement profile“, explains Fraunhofer head of project Siegfried Rasthofer.
The vulnerabilities not only affected individual users. Instead, the researchers were able to read out complete movement profiles for all app users, all of which were stored unprotected on that server. “With this, thousands of people can be tracked in real-time“, says Rasthofer.
These apps allow attackers to retrieve metadata such as a person’s whereabouts, and to read or view contents including SMS messages and images of the monitored app users. “It enables total surveillance“, explains Stephan Huber, Fraunhofer SIT researcher and member of TeamSIK.
The scientists also succeeded in reading the app users’ login information. Mostly, the apps used improper encryption or no encryption at all. In the backend of one app alone, the research team found 1.7 million valid login credentials that were freely accessible. The Fraunhofer researchers informed the app providers and Google Play Store team. Meanwhile, the Google Play Store team has deleted 12 of the 19 analyzed apps from the store. Notably, some app developers did not react to the team’s vulnerability reports.
More information at https://team-sik.org/trent_portfolio/in-security-of-tracking-apps/ .
Press contact: Oliver Küch, firstname.lastname@example.org
Oliver Küch | Fraunhofer-Institut für Sichere Informationstechnologie SIT
Quantum computers by AQT and University of Innsbruck leverage Cirq for quantum algorithm development
16.09.2019 | Universität Innsbruck
Artificial Intelligence speeds up photodynamics simulations
12.09.2019 | University of Vienna
Researchers from the Department of Atomically Resolved Dynamics of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science in Hamburg, the University of Hamburg and the European Molecular Biology Laboratory (EMBL) outstation in the city have developed a new method to watch biomolecules at work. This method dramatically simplifies starting enzymatic reactions by mixing a cocktail of small amounts of liquids with protein crystals. Determination of the protein structures at different times after mixing can be assembled into a time-lapse sequence that shows the molecular foundations of biology.
The functions of biomolecules are determined by their motions and structural changes. Yet it is a formidable challenge to understand these dynamic motions.
At the International Symposium on Automotive Lighting 2019 (ISAL) in Darmstadt from September 23 to 25, 2019, the Fraunhofer Institute for Organic Electronics, Electron Beam and Plasma Technology FEP, a provider of research and development services in the field of organic electronics, will present OLED light strips of any length with additional functionalities for the first time at booth no. 37.
Almost everyone is familiar with light strips for interior design. LED strips are available by the metre in DIY stores around the corner and are just as often...
Later during this century, around 2060, a paradigm shift in global energy consumption is expected: we will spend more energy for cooling than for heating....
Researchers from the Department of Atomically Resolved Dynamics of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science in Hamburg, the University of Potsdam (both in Germany) and the University of Toronto (Canada) have pieced together a detailed time-lapse movie revealing all the major steps during the catalytic cycle of an enzyme. Surprisingly, the communication between the protein units is accomplished via a water-network akin to a string telephone. This communication is aligned with a ‘breathing’ motion, that is the expansion and contraction of the protein.
This time-lapse sequence of structures reveals dynamic motions as a fundamental element in the molecular foundations of biology.
Two research teams have succeeded simultaneously in measuring the long-sought Thorium nuclear transition, which enables extremely precise nuclear clocks. TU Wien (Vienna) is part of both teams.
If you want to build the most accurate clock in the world, you need something that "ticks" very fast and extremely precise. In an atomic clock, electrons are...
10.09.2019 | Event News
04.09.2019 | Event News
29.08.2019 | Event News
18.09.2019 | Innovative Products
18.09.2019 | Physics and Astronomy
18.09.2019 | Materials Sciences