Showing posts with label Beware. Show all posts
Showing posts with label Beware. Show all posts

Wednesday, August 3, 2016

Beware ! Advertisers are Tracking you via Mobile Battery Status



Is my smartphone battery leaking details about me?


Unfortunately, YES!


Forget about supercookies, apps, and malware; your smartphone battery status is enough to monitor your online activity, according to a new report.


In 2015, researchers from Stanford University demonstrated a way to track users' locations – with up to 90 percent accuracy – by measuring the battery usage of the phone over a certain time.


The latest threat is much worse.


Two security researchers, Steve Engelhard and Arvind Narayanan, from Princeton University, have published a paper describing how phone's battery status has already been used to track users across different websites.


The issue is due to the Battery Status API (application programming interface).


How Does Battery Status API Help Advertisers Track You?


The battery status API was first introduced in HTML5 and had already shipped in browsers including Firefox, Chrome, and Opera by August last year.


The API is intended to allow site owners to see the percentage of battery life left on a laptop, tablet, or smartphone in an effort to deliver an energy-efficient version of their sites.


However, researchers warned last year about the API’s potential threat that could turn your battery level into a "fingerprintable" tracking identifier.

The researchers found that a combination of battery life loss in seconds and battery life as a percentage offers 14 Million different combinations, potentially providing a pseudo-unique identifier for each device that can be used to pinpoint specific devices between sites they visit.


Now, the last year's research has grown into a proper threat.



Advertisers Are Tracking You via your Battery Status


One of those researchers named Lukasz Olejnik has published a blog post this week, saying that companies are currently leveraging the potential of this battery status information.

"Some companies may be analyzing the possibility of monetising the access to battery levels," he writes. "When a battery is running low, people might be prone to some - otherwise different - decisions. In such circumstances, users will agree to pay more for a service."
Olejnik underlined the latest research by Engelhard and Narayanan, who discovered two tracking scripts of shady code running on the Internet at large scale, which take advantage of battery status API and currently tracking users.


The duo explains that they observed the behavior of two actual scripts and suggested the companies and other entities are perhaps leveraging this technique for their own purposes.

"These features are combined with other identifying features used to fingerprint a device," the researchers write in their paper titled, "Online Tracking: A 1-million-site measurement and analysis."
For in-depth information, you can head on to the research paper [PDF].


Here's come the worst part of this attack:


There's hardly any way to mitigate against this attack. Nothing works: Deleting browser cookies or using VPNs and AdBlockers will not solve your problem.


The only option is to plug your smartphone into the mains.

"Some companies may be analyzing the possibility of monetising the access to battery levels," Olejnik writes.
Over two months ago, Uber's head of economic research Keith Chen said the company had been monitoring the battery life of its users, as it knows users are more likely to pay a much higher price to hire a cab when their phone's battery is close to dying.

Tuesday, July 12, 2016

Beware ! it could be Malicious to download Pokemon Go Game for Android



"Pokémon Go" has become the hottest iPhone and Android game to hit the market in forever with enormous popularity and massive social impact. The app has taken the world by storm since its launch this week.


Nintendo's new location-based augmented reality game allows players to catch Pokémon in the real life using their device's camera and is currently only officially available in the United States, New Zealand, UK and Australia.



On an average, users are spending twice the amount of time engaged with the new Pokémon Go app than on apps like Snapchat. In fact Pokémon Go is experiencing massive server overload in just few days of launch.


Due to the huge interest surrounding Pokémon Go, many gaming and tutorial websites have offered tutorials recommending users to download the APK from a non-Google Play link.


In order to download the APK, users are required to "side-load" the malicious app by modifying their Android core security settings, allowing their device's OS to install apps from "untrusted sources."



Pokémon Go is Installing DroidJack Malware


Security researchers have warned users that many of these online tutorials are linked to malicious versions of the Pokémon Go app that install a backdoor on Android phones, enabling hackers to compromise a user's device completely.


Security firm Proofpoint has discovered the malicious app, or APK, that has been infected withDroidJack – a Remote Access Tool (RAT) that can hack any Android device by opening a silent backdoor for hackers.



Just less than 3 days after Nintendo initially released the game in Australia and New Zealand on July 4, the malicious app was uploaded to an online malware detection repository.


Since Android core security settings normally prevent the installation of untrusted third-party apps from "unknown sources," side-loading should have never been done by a user.



"This is an extremely risky practice and can easily lead users to install malicious apps on their own mobile devices," researchers at Proofpoint wrote in a blog post. "Should an individual download an APK [Android application package] from a third-party that has been infected with a backdoor, like the one we discovered, their device would then be compromised."

Here's How to Prevent Yourself


Fortunately, there are several ways to check if you have downloaded the malicious version of the Pokémon Go app.


The infected version of the Pokémon Go app would have been granted more system permissions, so one way to differ between the two is to compare the permissions of your app to those of the legitimate one.


To do so, Go to the Settings → Apps → Pokemon GO and check the game's permissions.


If you find that the game has asked for permissions like directly call phone numbers, edit and read your SMSes, record audio, read Web history, modify and read your contacts, read and write call logs, and change network connectivity, then you should uninstall the game right away, since it is infected with DroidJack.


You can also compare the game's SHA-1 hash – a long string of characters used to verify if a file was infected with or modified by a malicious third-party – to make sure the game matches the hash of the legitimate version.



The Bottom Line:


Instead of downloading available applications from unknown third party stores, wait for the Pokémon Go app to launch in your country.


However, downloading apps from third parties do not always end up with malware or viruses, but it certainly ups the risk. So, it's the best way to wait in order to avoid compromising your device and the networks it accesses.

Wednesday, February 10, 2016

Facebook Hacking Tool that can hack YOURS account



Yes, you heard me right.

A newly discovered Facebook hacking tool actually has the capability to hack Facebook account, but YOURS, and not the one you desire to hack.

How to Hack Facebook account? How to Hack my Girlfriends Facebook account? My boyfriend is cheating on me, How do I hack his Facebook Account?

These are the queries that most of the Internet users search on Google.

But Beware! If you come across any Facebook hacking tool that promises you to help you hack your friends Facebook accounts, you may end up downloading a hacking tool that could hack you, instead of them.





Dubbed Remtasu, the tool is marketing itself as a Facebook hacking tool but actually is aWindows-based Trojan that has accelerated globally over the past year, and has now capability to disguise itself as an app for accessing people's Facebook account credentials.

The tool contains a Keylogger that can capture all your keystrokes and store them in a file that is subsequently sent to the attacker's server.

The malicious Facebook hacking tool is exploiting "the constant desire of a lot of users to take control of accounts from this well-known social network," according to a Monday blog post by IT security company ESET.

How Remtasu Works:


The malicious tool is delivered via direct download websites.

Once a user visits one of these websites, the dangerous Win32/Remtasu.Y malware automatically gets downloaded and executed on victim's machine and hide itself among other files.

Remtasu has capability to:
  • Open and obtain information from the clipboard.
  • Capture keystrokes.
  • Store all the data in a file which is subsequently sent to an FTP server.

    The worst part is yet to come:


    The malware remains on the infected computer even when the victim reboots their system or attempts to find the malware threat in the list of active processes.

    "In this case, the malware replicates itself, saving the copy in a folder that it also creates within the system32 folder," reads the post. "The new InstallDir folder remains hidden inside the system files, making it difficult for users to access."

    Most affected parts of the world include Colombia, Turkey, Thailand and elsewhere. In past, Remtasu was distributed through malicious files attached to phishing emails purporting to be from legitimate government or businesses organisations.