Connect with us

Google Play login allows you to secretly track user locations

Published

on

The problem is related to the Google Maps Timeline feature, which marks the user’s geolocation.

Cybersecurity researcher Pieter Arntz of Malwarebytes discovered that by logging into the Google Play store, a user’s location can be tracked.

“I was able to spy on my wife’s whereabouts without installing anything on her phone,” the expert said.

Arntz logged into his Google Play account on his wife’s phone to pay for the app she wanted to install. He then handed her the phone back to her, forgetting to log out. Soon, the specialist noticed that Google, using the Google Maps Timeline service, marked him in places where he had not been that day.

“It suddenly dawned on me that I was actually getting location updates from my wife’s phone as well as my phone,” he said.

As it turned out, Arntz’s account was added to his wife’s phone accounts when the researcher logged into the Google Play Store. However, the account was not deleted even when the technician logged out. The only thing that could have warned his wife about this unintentional tracking was the initial in a small circle in the upper right corner of her phone.

Arntz reported his findings to Google, but the specialist does not hope that the tech giant will eliminate the potential danger of misuse of the Google Maps Timeline function.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

HackerOne Expands Open Source Vulnerability Scanning Program

Published

on

Open source projects eligible for the HackerOne reward program include Ruby, Ruby on Rails, RubyGems, Curl, Electron, Django, Nginx, and OpenSSL.

HackerOne Community announced on expanding the program for searching for vulnerabilities in open source projects. The initiative is part of the ongoing Internet Bug Bounty program.

Open source projects eligible for the HackerOne reward program include Ruby, Ruby on Rails, RubyGems, Curl, Electron, Django, Nginx, and OpenSSL. For vulnerabilities found in these projects, HackerOne will pay from $ 300 to $ 5000, depending on the severity of the bug. Payment will be made as follows. Four-fifths of the awards will immediately go to the researcher who discovers the problem. The fifth part of the award will be given to the developer who is engaged in the open source project in the direction that affects the new vulnerability. He will receive payment from HackerOne after he releases a patch against the vulnerability.

“Open source software is used in almost all modern digital infrastructure. Currently, an average, solid, not very rich application uses 528 different open source components. Critical vulnerabilities discovered in 2020 existed by the time of discovery for an average of about two years , and the application development companies did not have access and the ability to eliminate the identified deficiencies of the components used, “the company said in a press release.

Along with HackerOne, participating partners are organizations that rely on open source for software supply chains and other critical digital infrastructure – Elastic, Facebook, Figma, GitHub, Shopify, and TikTok.

Continue Reading

Security

Vice Society ransomware attacked a network of medical facilities in California

Published

on

The ransomware said that they do not care who to attack, and they will not make exceptions for hospitals.

United Health Centers, a California-based network of medical facilities, was subjected to a ransomware cyberattack that disrupted all of its centers and leaked patient data.

United Health Centers has 21 public health centers in California counties such as Fresno, Kings and Tulare.

On August 31 of this year, BleepingComputer learned from an informed source from the information security community that United Health Centers’ medical facilities suffered from an attack by the Vice Society cyber ransomware group, as a result of which they had to turn off their entire network and IT systems and start restoring files from backup copies. However, representatives of United Health Centers did not comment on this information in any way.

This week, the Vice Society released files allegedly stolen in the August attack on United Health Centers. They contain sensitive information, including about beneficiary patients, financial records, test results and examinations. However, the organization remains silent.

The Vice Society is a relatively new cyber ransomware group that began operations in June this year. 20% of the companies published on its leak sites are related to the healthcare industry.

When asked by BleepingComputer why the group allows them to attack hospitals, the Vice Society responded as follows:

“Why not?

They always keep our confidential data clear. You, me and everyone else go to hospitals, give them our passports, talk about health problems, etc., and they don’t even try to protect our data. They receive millions from the state. Are they stealing this money?

The US President has given large sums of money to protect government networks, and where is this protection? Where is our defense?

If the IT department doesn’t want to do their job, we’ll do ours, and we don’t care if it’s a hospital or a university. “

Continue Reading

Security

The data of those wishing to take out a loan from Sovcombank got into the public domain

Published

on

The announcement of the sale of the Sovcombank customer database appeared on the darknet on September 20.

The questionnaires contain the full name, phone number, passport data, type of loan, address, marital status, contacts of relatives, place of work, position and income. The database also includes the responses of citizens to a call from a bank specialist. The bank said that in 2020 they identified an employee of an external call center who illegally copied loan applications. He was found guilty of divulging bank secrets and was sentenced to two years probation. During the investigation, the ex-employee of Sovcombank published an advertisement for the sale of data in his telegram channel, according to the organization. After that, Sovcombank again turned to the police: the department of the Ministry of Internal Affairs in Dagestan opened a criminal case on disclosing bank secrets and illegal access to protected computer information, and then transferred it to the regional department of the FSB. The case has now been sent to court. Now the stolen base is publicly available. …

Continue Reading

Most Popular