Connect with us

Android phones constantly monitor their users

Published

on

The OS sends sensitive data, including persistent identifiers and telemetry information.

Cybersecurity research team from the UK revealed multiple privacy issues that arise when using Android smartphones.

The experts analyzed Samsung, Xiaomi, Realme and Huawei devices running Android or two forks of the OS – LineageOS and / e / OS.

According to the researchers, even when the phone is minimally configured and idle, Android transfers a significant amount of information to Google, as well as to third parties (Microsoft, LinkedIn, Facebook, etc.), whose applications are preinstalled on the device. The OS sends sensitive user data, including persistent identifiers, application usage information, and telemetry information.

As noted by experts, it is impossible to refuse to collect data, so users of Android devices are powerless against this type of telemetry.

In the case of some embedded system applications such as miui.analytics (Xiaomi), Heytap (Realme) and Hicloud (Huawei), researchers have found that encrypted data can sometimes be decoded, thus putting users at risk of MitM attacks.

Even if the user resets the advertising IDs for their Google account on Android, the data collection system can re-associate the new ID with the same device and add it to the original tracking history.

Deanonymization of users occurs using various methods such as viewing the SIM card, IMEI, location history, IP address, network SSID, or a combination of these.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Hackers hacked Trump’s social network prior to launch

Published

on

A few hours after the launch was announced, the attackers created an account on behalf of Trump and posted obscene notes to the address of the founder of another social network.

The social network of ex-US President Donald Trump Truth Social, the creation of which he announced the day before, was subjected to a hacker attack. Writes about this The New York Times (NYT).

The cybercriminals claim that a few hours after the announcement of the creation of TRUTH Social, they were able to gain access to the beta version of the platform. Cybercriminals created fake accounts on behalf of Trump and his former aide Steve Bannon. On the fake page of the ex-President of the United States, they posted a photo of a defecating pig and obscene remarks about the founder of Twitter Jack Dorsey.

The developers had to delete these accounts and close access to the site. Its official release was scheduled for 2022.

The hackers chose to hide their identities, but claim to be associated with the Anonymous group. According to them, the hacking of the social network was part of their “war against hate.” They also wanted to have fun.

Continue Reading

Security

Olympus was attacked by ransomware for the second time in two months

Published

on

The company was attacked by Macaw ransomware developed by Evil Corp.

Japanese tech giant Olympus fell victim to ransomware for the second time in two months. This time, the attack was carried out by the cybercriminal group Evil Corp, against which the US government has imposed sanctions.

The attack on Olympus using a new variant of malware called Macaw began on October 10, 2021. The malware encrypted company systems in the United States, Canada and South America.

Macaw is a variant of WastedLocker ransomware, and both are developed by the cybercriminal group Evil Corp.

This is the second ransomware attack on Olympus in the past two months. The first incident took place in September, when the company’s networks in Europe, the Middle East and Africa were encrypted with BlackMatter ransomware (BlackMatter and Evil Corp. are not related).

“Olympus was attacked by BlackMatter last month and a week or so by the Macaw,” Allan Liska, an analyst at information security firm Recorded Future, told TechCrunch.

According to Liska, the ransomware Macaw left a ransom note on the compromised computers with a data theft statement.

According to the official press release Olympus, the company is investigating “possible data breaches” – a known technique of the so-called “double extortion” in which ransomware steals data from their victims and threatens to publish it if the ransom is not paid.

The company does not provide details about the incident, citing an ongoing investigation.

Continue Reading

Security

Scientists have learned to track gadgets using BLE signals

Published

on

Devices can be tracked by prints of their physical characteristics.

In the past few years, mobile devices have become more likely to use the Bluetooth Low Energy (BLE) protocol to transfer messages, which can pose a significant privacy risk, experts at UC San Diego warn.

Within the framework of research they examined the implementation of BLE in a number of popular models of smartphones, laptops and gadgets and found that devices can be traced back to their physical characteristics. The bottom line is that devices can have a unique fingerprint that can be used to determine where they were and when.

BLE messaging has become more common in phones, laptops, smartwatches and other gadgets due to the support of operating devices for functions such as Apple Continuity or Find My, which imply the use of the BLE standard.

Typically, applications using this protocol try to hide identifiable data by encrypting the device’s MAC address, but this does not help to hide the built-in hardware characteristics of the device, based on which it can be identified.

Experts have tested their theory on several devices, including the iPhone 10, Thinkpad X1 Carbon (Windows), MacBook Pro 2016 (macOS), Apple Watch 4 (watchOS), Google Pixel 5 (Android), and Bose QuietComfort 35. In most cases, they were able to get a fingerprint of the physical BLE chip and distinguish one device from another.

In the course of the study, the scientists faced some difficulties, for example, it turned out to be more difficult to distinguish devices operating on the same chipset model than to distinguish gadgets based on different chips. The device’s ability to identify was also influenced by its temperature and signal transmission power.

Using special equipment, the researchers intercepted BLE signals from 162 devices in public places and were able to identify 40% of them. In addition, the group recorded BLE signals from bystanders’ devices with COVID-19 tracking apps from Apple and Google for two days for 10 hours. Scientists managed to “uniquely identify” 47.1% of 647 MAC addresses.

In theory, the method can be used to track the Apple AirTag and Samsung SmartTag Plus Bluetooth trackers, the researchers noted.

Continue Reading

Most Popular