Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Your Smartphone is Watching You: Dangerous Security Holes in Tracker Apps

13.08.2018

Fraunhofer scientists find vulnerabilities in apps: Complete surveillance of smartphones possible. Millions of installations affected.

Tracker apps provide a means for legitimate personal tracking, i.e. for parents to locate their children. Many tracker apps, however, contain serious security vulnerabilities. Scientists from the Fraunhofer Institute for Secure Information Technology have analyzed popular tracker apps available in the Google Play Store – the result: not even one of them was secure; all had serious security flaws.


Many tracker apps contain serious security vulnerabilities.

Fraunhofer SIT


Thousands of people can be tracked in real-time.

Fraunhofer SIT

Attackers can exploit these vulnerabilities to generate movement profiles, to read chats and text messages, and to view pictures.

A particularly precarious fact: attackers do not have to monitor each individual phone but can simultaneously attack millions of users, who have these apps installed on their smartphones. The researchers presented their results for the first time at the DEF CON Hacking Conference in Las Vegas on August 11.

Monitoring or tracker apps allow the consensual surveillance of smartphone users. For example, parents use such an app to monitor where their children are or which messages and pictures they post online. Using these apps is legal as long as the person under surveillance has agreed to it.

Fraunhofer SIT scientists from the ethical hacking group TeamSIK have analyzed 19 legal tracker apps offered in the Google Play Store. According to Google, these apps have been installed several million times over.

The scientists reviewed how the apps protect the highly sensitive user data they gather. The result: All apps showed severe vulnerabilities, not a single application was programmed with default security features in place. The researchers found 37 vulnerabilities in total.

Most apps store the highly sensitive data on a server in plain text, without any proper form of encryption. “We only had to open up a certain website and guess or enter a user name into the URL to retrieve an individual’s movement profile“, explains Fraunhofer head of project Siegfried Rasthofer.

The vulnerabilities not only affected individual users. Instead, the researchers were able to read out complete movement profiles for all app users, all of which were stored unprotected on that server. “With this, thousands of people can be tracked in real-time“, says Rasthofer.

These apps allow attackers to retrieve metadata such as a person’s whereabouts, and to read or view contents including SMS messages and images of the monitored app users. “It enables total surveillance“, explains Stephan Huber, Fraunhofer SIT researcher and member of TeamSIK.

The scientists also succeeded in reading the app users’ login information. Mostly, the apps used improper encryption or no encryption at all. In the backend of one app alone, the research team found 1.7 million valid login credentials that were freely accessible. The Fraunhofer researchers informed the app providers and Google Play Store team. Meanwhile, the Google Play Store team has deleted 12 of the 19 analyzed apps from the store. Notably, some app developers did not react to the team’s vulnerability reports.
More information at https://team-sik.org/trent_portfolio/in-security-of-tracking-apps/ .

Press contact: Oliver Küch, presse@sit.fraunhofer.de

Oliver Küch | Fraunhofer-Institut für Sichere Informationstechnologie SIT
Further information:
http://www.sit.fraunhofer.de/

More articles from Information Technology:

nachricht Plant identification increased tenfold with Flora Incognita App in March
03.04.2020 | Technische Universität Ilmenau

nachricht AI finds 2D materials in the blink of an eye
02.04.2020 | Institute of Industrial Science, The University of Tokyo

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Harnessing the rain for hydrovoltaics

Drops of water falling on or sliding over surfaces may leave behind traces of electrical charge, causing the drops to charge themselves. Scientists at the Max Planck Institute for Polymer Research (MPI-P) in Mainz have now begun a detailed investigation into this phenomenon that accompanies us in every-day life. They developed a method to quantify the charge generation and additionally created a theoretical model to aid understanding. According to the scientists, the observed effect could be a source of generated power and an important building block for understanding frictional electricity.

Water drops sliding over non-conducting surfaces can be found everywhere in our lives: From the dripping of a coffee machine, to a rinse in the shower, to an...

Im Focus: A sensational discovery: Traces of rainforests in West Antarctica

90 million-year-old forest soil provides unexpected evidence for exceptionally warm climate near the South Pole in the Cretaceous

An international team of researchers led by geoscientists from the Alfred Wegener Institute, Helmholtz Centre for Polar and Marine Research (AWI) have now...

Im Focus: Blocking the Iron Transport Could Stop Tuberculosis

The bacteria that cause tuberculosis need iron to survive. Researchers at the University of Zurich have now solved the first detailed structure of the transport protein responsible for the iron supply. When the iron transport into the bacteria is inhibited, the pathogen can no longer grow. This opens novel ways to develop targeted tuberculosis drugs.

One of the most devastating pathogens that lives inside human cells is Mycobacterium tuberculosis, the bacillus that causes tuberculosis. According to the...

Im Focus: Physicist from Hannover Develops New Photon Source for Tap-proof Communication

An international team with the participation of Prof. Dr. Michael Kues from the Cluster of Excellence PhoenixD at Leibniz University Hannover has developed a new method for generating quantum-entangled photons in a spectral range of light that was previously inaccessible. The discovery can make the encryption of satellite-based communications much more secure in the future.

A 15-member research team from the UK, Germany and Japan has developed a new method for generating and detecting quantum-entangled photons at a wavelength of...

Im Focus: Junior scientists at the University of Rostock invent a funnel for light

Together with their colleagues from the University of Würzburg, physicists from the group of Professor Alexander Szameit at the University of Rostock have devised a “funnel” for photons. Their discovery was recently published in the renowned journal Science and holds great promise for novel ultra-sensitive detectors as well as innovative applications in telecommunications and information processing.

The quantum-optical properties of light and its interaction with matter has fascinated the Rostock professor Alexander Szameit since College.

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

13th AKL – International Laser Technology Congress: May 4–6, 2022 in Aachen – Laser Technology Live already this year!

02.04.2020 | Event News

“4th Hybrid Materials and Structures 2020” takes place over the internet

26.03.2020 | Event News

Most significant international Learning Analytics conference will take place – fully online

23.03.2020 | Event News

 
Latest News

Capturing 3D microstructures in real time

03.04.2020 | Materials Sciences

First SARS-CoV-2 genomes in Austria openly available

03.04.2020 | Life Sciences

Do urban fish exhibit impaired sleep? Light pollution suppresses melatonin production in European perch

03.04.2020 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>