Posts

Mobile Apps Turn Smartphone Into Weapon

, ,

You and I have come to think of our Smartphones as indispensable tools. Flaws recently discovered in mobile apps for Facebook, Linkedin and Dropbox could turn our tools into weapons by exposing us to data theft at many levels, including personal identity theft and corporate data loss.

Taking  extra precautions now will protect not only your Smartphone but other devices, too, as the flaw may well be present in other mobile applications including many iOS games.

Apparently, Facebook’s iOS and Android apps don’t encrypt their users’ login credentials. These flaws expose users to identity theft by saving user authentication keys (usernames and passwords) in easily accessible, plain text files. These unencrypted files may be stolen, transferred to another device in a matter of minutes, and used to access the victim’s accounts without ever having to enter any user login credentials.

Security researcher Gareth Wright reported discovering the flaw in the mobile Facebook application for iOS late last week. Wright sent his Facebook .plist to an associate — Scoopz blogger Neil Cooper — who copied the file onto his own device, opened up the Facebook app, and had immediate, full access to Wright’s Facebook account.”

Facebook is working on closing the gap in security according to Wright  but the app developers must start encrypting the 60-day access token that Facebook supplies. Otherwise, there’s a world of private information just waiting to be tapped. Think of the chaos in trying to recover from identity theft of that magnitude.

In the meantime, here are some actions you can take to protect yourself:

  1. Don’t plug your Smartphone into a shared PC, public dock or charging station.
  2. If you do use a PC for charging, lock your device for the charge, and don’t unlock it until you remove it from the PC.
  3. Use strong passwords including letters, numbers, symbols, upper and lower case. Don’t rely on a four-digit password.
  4. Turn on the ‘Find My iPhone’ function.

The potential for criminals to exploit this flaw is enormous. You’ll be well served to take every precaution before you feel the nauseating pit of your stomach once you’ve been hacked. Further Resources on Mobile App Hacking.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

U.S. Lags Europe on Credit Card Security

, ,

We can be as patriotic as we want to be, but today, the US lags behind other countries in credit card technology and consumer safety. Our current-day magnetic-strip technology is archaic compared to the chip-embedded cards of our European counterparts.  Though some larger US retailers are offering support of the “smart-chip” cards, a mandate for their use (and greater protection for the consumer) is down the road. (Click here for the original story on NPR).

According to Andrea Rock, a senior editor at Consumer Reports who wrote an article about the security gap in the credit card industry (emphasis mine):

“The account information that’s needed to make a transaction on American cards is stored, unencrypted, on a magnetic stripe on the back of each card,”

And that means, until the industry changes, you are at risk. In the mean time, here are a few steps you can take to increase your security:

  • Limit use of your debit card. The bank offers you less protection on debit transactions than credit transactions. Additionally, with debit cards, there is a PIN involved, potentially providing immediate cash access to your accounts by clever thieves. If fraud occurs, you are out the money until it is resolved.
  • Use your credit card instead.  It’s safer.  Typically, credit card issuers offer zero-liability for losses associated with unauthorized transactions. You also have a longer time frame to catch and report the fraud.
  • Set up automatic account alerts so that you receive an email or SMS text anytime a transaction is made. That way, if someone is using your card illegally, you are notified and can shut it down immediately before it becomes a big problem.
  • Let your credit card provider know that in order to keep your business, they need to update to the latest security technologies.

John Sileo is the award-winning author of Privacy Means Profit, The Smartphone Survival Guide and The Facebook Safety Survival Guide. Learn more at www.ThinkLikeASpy.com.