by Gary S. Miliefsky, CEO, SnoopWall – Privacy & Security Expert
October, 2014 marks the beginning of the 11th annual National Cyber Security Awareness Month (see:http://staysafeonline.org/ncsam/). What better time than now to realize you are being spied on. Why does Brightest Flashlight need to Geolocate you? It doesn’t. For that and other privacy reasons, that’s why the FTC recently sued them. However, the FTC was mostly concerned with their privacy policy. Do you even read the privacy policy of the apps you install? Most people don’t. Here’s the story: http://www.ftc.gov/news-events/press-releases/2014/04/ftc-approves-final-order-settling-charges-against-flashlight-app
Everyone wants a flashlight app on their phone. Finding your keys, searching for something you lost, looking for the light switch in a hotel room? What a great utility, right? Wrong! The top 10 free flashlight apps in the Google Play store alone account for nearly 1/2 BILLION INSTALLATIONS are all spying on users with an application size ranging from of 1.2 to 5 megabytes. In fact, an optimized flashlight application should only be 72k which is 10-50 times smaller than the smallest one of these apps. So, why so big? The size is significant because there’s a lot more code than necessary embedded in these applications which allows them to eavesdrop on you. Nothing in life is free. These flashlight apps do some very strange things – geolocate you, read your contacts list, read your device storage looking for personal, sensitive pictures and videos, read and write files, check to see what apps are running, look for ways to communicate over the internet (wifi or cellular), get your phone number and so much more that SnoopWall considers all of them well designed MALWARE. All of them!!!
It’s obvious to us at SnoopWall that these applications are designed to expose your personal information to cybercriminals or other nation states (such as China and Russia). In addition, you are at significant risk if you are doing Mobile Banking on the same device as one of these free Flashlight Apps. Our strong recommendation is to uninstall your flashlight app immediately.
For a full copy of SnoopWall’s Flashlight Apps Threat Report, visit http://www.snoopwall.com/threat-reports-09-29-2014/
While the FTC.gov has gone after one of these ten vendors, it seems they are still at it and the other 9, as well. It seems time to ask “where’s the outrage?” – shouldn’t you UNINSTALL your FLASHLIGHT APP today? The answer is yes! You might also want to contact the FTC and tell them you are concerned.
We’ve come up with a list of what we think are best practices for increasing privacy and security on your device without spending any money. This is based on SnoopWall’s counterveillance research for improving your privacy from eavesdroppers and helping you from getting infected with spyware that could cost you your identity. They are:
1) Disable your GPS at all time except in an emergency or when you need to use your smartphone for navigation purposes;
2) Disable your NFC (Near Field Communications) or on Apple devices, iBeacon, permanently (http://support.apple.com/kb/HT6048);
3) Disable Bluetooth at all times except when you are in your car, driving, if you want to have hands-free calls, if supported by your car;
4) Verify Apps behavior and privacy risk BEFORE installing – do some research and ask the questions “why does this app need GPS, MICROPHONE, WEBCAM, CONTACTS, etc.?” – most apps don’t need these ports unless they want to invade your privacy. Find an alternative before installing risky Apps;
5) Either put masking tape over your webcam and microphone when not in use or pull the battery out of your smartphone when you are not using it.
Obviously for #1, there’s no need for geolocating you, unless you don’t mind being spied upon by these malicious flashlight apps – or worse – your children’s location being monitored by online predators. Best to keep this hardware port disabled until you really need it.
For #2, you’re probably wondering “what the heck is NFC and why should I care?”. We’ll it’s a new protocol for ‘bumping’ or getting close to other devices, within 3 meters or so, to exchange information such as photos and contacts. Is it secure? No. Can it be hacked just like Bluetooth? Yes. Go into your device settings, find NFC, if you see it, disable it.
Ok, for #3, you’re thinking ‘that makes sense’ – Bluetooth is an easily hacked protocol and folks can eavesdrop on communications over Bluetooth; broadcast into your earpiece (yes, it’s been done); access your contacts list and hack your smartphone device over Bluetooth. So, if you disable this protocol everywhere except when you are in the car, wanting a hands free experience for making and receiving calls, you should be much more secure.
For #4, how many times do you install an app with excitement about promised features and functions, only to find that it requires incredible privacy risk? If it’s too good to be true it probably is and nothing in this world is free. There are 9 major advertisement networks and some deploy spyware. Free apps use these networks to monetize their businesses and some are developed by professional cyber criminals, enemy nation states for spying or by hackers for malicious reasons.
We really don’t like making recommendation #5 but until you try out our SnoopWall product, there’s really nothing you can do to block webcam and microphone eavesdropping, so why not make it hard for the bad guys to see or hear anything useful?
Because some of the Flashlight Apps write settings and have access to your device storage, it may be to install additional backdoors or remote access Trojans (RATs), therefore you might need to reset your phone completely after an uninstall of your favorite Flashlight App. Some might even wish to go to FACTORY RESET or a WIPE. Once you’ve cleaned off the Flashlight RAT, you might still want a flashlight app on your phone that you can trust.
WARNING: Don’t reset or wipe without backing up ONLY those contacts and files you are certain to trust. If you do a complete device backup and restore, you risk also restoring malware. Ask a friend who is an expert with your kind of phone or the staff at the store you purchased your smartphone or tablet on how to do this the right way.
We developed the SnoopWall Privacy Flashlight for Google Android, Apple iOS and Microsoft Windows smartphones and tablets. The file size of the SnoopWall Privacy Flashlight application is approximately 72 kilobytes. It only accesses the light of the webcam and the screen display which is all a flashlight app should be doing anyway. Get it today at: http://privacyflashlight.snoopwall.com
We’ve also developed another free application called Privacy App which will scan your Android or Windows device and show you which apps are spying on you. If you have suspicions, confirm them with Privacy App. Learn more about our technology and products at: http://www.snoopwall.com/products/
About The Author
Gary S. Miliefsky is a Counterveillance expert and founding member of the U.S. Department of Homeland Security, Gary Miliefsky, is the Founder of SnoopWall and the sole inventor of the company’s technologies. He has successfully advised two White House administrations on cyber security, filed more than a dozen patents of his network security inventions, and licensed technology to major public companies, including IBM, BlackBox Corp. and Computer Associates International. Gary is a recent Editor of Cyber Defense Magazine. He also founded NetClarity, Inc., an internal intrusion defense company, based on a patented technology he invented. He also advised the National Infrastructure Advisory Council (NIAC) at the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace. Miliefsky serves on MITRE’s advisory board and its CVE Program (http://CVE.mitre.org) and is a founding Board member of the National Information Security Group (www.NAISG.org). He is a member of ISC2.org, CISSP® and Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. Gary is a prolific author, a frequent presenter and subject matter expert on topics related to digital privacy, counterveillance and cybersecurity for corporations and the news media.
It’s obvious to us at SnoopWall that these applications are designed to expose your personal information to cybercriminals or other nation states (such as China and Russia). In addition, you are at significant risk if you are doing Mobile Banking on the same device as one of these free Flashlight Apps. Our strong recommendation is to uninstall your flashlight app immediately.
For a full copy of SnoopWall’s Flashlight Apps Threat Report, visit http://www.snoopwall.com/threat-reports-09-29-2014/
While the FTC.gov has gone after one of these ten vendors, it seems they are still at it and the other 9, as well. It seems time to ask “where’s the outrage?” – shouldn’t you UNINSTALL your FLASHLIGHT APP today? The answer is yes! You might also want to contact the FTC and tell them you are concerned.
We’ve come up with a list of what we think are best practices for increasing privacy and security on your device without spending any money. This is based on SnoopWall’s counterveillance research for improving your privacy from eavesdroppers and helping you from getting infected with spyware that could cost you your identity. They are:
1) Disable your GPS at all time except in an emergency or when you need to use your smartphone for navigation purposes;
2) Disable your NFC (Near Field Communications) or on Apple devices, iBeacon, permanently (http://support.apple.com/kb/HT6048);
3) Disable Bluetooth at all times except when you are in your car, driving, if you want to have hands-free calls, if supported by your car;
4) Verify Apps behavior and privacy risk BEFORE installing – do some research and ask the questions “why does this app need GPS, MICROPHONE, WEBCAM, CONTACTS, etc.?” – most apps don’t need these ports unless they want to invade your privacy. Find an alternative before installing risky Apps;
5) Either put masking tape over your webcam and microphone when not in use or pull the battery out of your smartphone when you are not using it.
Obviously for #1, there’s no need for geolocating you, unless you don’t mind being spied upon by these malicious flashlight apps – or worse – your children’s location being monitored by online predators. Best to keep this hardware port disabled until you really need it.
For #2, you’re probably wondering “what the heck is NFC and why should I care?”. We’ll it’s a new protocol for ‘bumping’ or getting close to other devices, within 3 meters or so, to exchange information such as photos and contacts. Is it secure? No. Can it be hacked just like Bluetooth? Yes. Go into your device settings, find NFC, if you see it, disable it.
Ok, for #3, you’re thinking ‘that makes sense’ – Bluetooth is an easily hacked protocol and folks can eavesdrop on communications over Bluetooth; broadcast into your earpiece (yes, it’s been done); access your contacts list and hack your smartphone device over Bluetooth. So, if you disable this protocol everywhere except when you are in the car, wanting a hands free experience for making and receiving calls, you should be much more secure.
For #4, how many times do you install an app with excitement about promised features and functions, only to find that it requires incredible privacy risk? If it’s too good to be true it probably is and nothing in this world is free. There are 9 major advertisement networks and some deploy spyware. Free apps use these networks to monetize their businesses and some are developed by professional cyber criminals, enemy nation states for spying or by hackers for malicious reasons.
We really don’t like making recommendation #5 but until you try out our SnoopWall product, there’s really nothing you can do to block webcam and microphone eavesdropping, so why not make it hard for the bad guys to see or hear anything useful?
Because some of the Flashlight Apps write settings and have access to your device storage, it may be to install additional backdoors or remote access Trojans (RATs), therefore you might need to reset your phone completely after an uninstall of your favorite Flashlight App. Some might even wish to go to FACTORY RESET or a WIPE. Once you’ve cleaned off the Flashlight RAT, you might still want a flashlight app on your phone that you can trust.
WARNING: Don’t reset or wipe without backing up ONLY those contacts and files you are certain to trust. If you do a complete device backup and restore, you risk also restoring malware. Ask a friend who is an expert with your kind of phone or the staff at the store you purchased your smartphone or tablet on how to do this the right way.
We developed the SnoopWall Privacy Flashlight for Google Android, Apple iOS and Microsoft Windows smartphones and tablets. The file size of the SnoopWall Privacy Flashlight application is approximately 72 kilobytes. It only accesses the light of the webcam and the screen display which is all a flashlight app should be doing anyway. Get it today at: http://privacyflashlight.snoopwall.com
We’ve also developed another free application called Privacy App which will scan your Android or Windows device and show you which apps are spying on you. If you have suspicions, confirm them with Privacy App. Learn more about our technology and products at: http://www.snoopwall.com/products/
About The Author
Gary S. Miliefsky is a Counterveillance expert and founding member of the U.S. Department of Homeland Security, Gary Miliefsky, is the Founder of SnoopWall and the sole inventor of the company’s technologies. He has successfully advised two White House administrations on cyber security, filed more than a dozen patents of his network security inventions, and licensed technology to major public companies, including IBM, BlackBox Corp. and Computer Associates International. Gary is a recent Editor of Cyber Defense Magazine. He also founded NetClarity, Inc., an internal intrusion defense company, based on a patented technology he invented. He also advised the National Infrastructure Advisory Council (NIAC) at the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace. Miliefsky serves on MITRE’s advisory board and its CVE Program (http://CVE.mitre.org) and is a founding Board member of the National Information Security Group (www.NAISG.org). He is a member of ISC2.org, CISSP® and Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. Gary is a prolific author, a frequent presenter and subject matter expert on topics related to digital privacy, counterveillance and cybersecurity for corporations and the news media.
nothing is free. Economics 101- there is no free lunch. repeat and think about it.
ReplyDelete