Watch those SmartPhone Apps!!

[mbrood]

Friends,

 

Good information from the activity security office

 

Many on this distribution will understand OPSEC, but for those who do not, Operational Security (OPSEC) is the activity to protect and defend the 'Operations' (movement, location, strength, capabilities, etc.). In this case the message below also regards your PERSONAL OPSEC. The control of your personal movement, location, activity, FINANCES, security, etc. In this increasingly digital world our personal security is a growing concern. Your smart phone is an extremely vulnerable access point. If you are using this device for banking, credit processing, on line shopping, anything .... you must assume the device is

vulnerable and what you are doing is visible to anyone.

 

Similarly, if you use a thumb drive or similar portable computer storage, you must assume that it has vulnerabilities also. Foreign manufacturers of these devices have been embedding code in the chips to transfer spyware or viruses, and even to 'call home' and transmit your data back to the manufacturing country. For many years these countries have been collecting business and personal information, and using it to their advantage.

 

Basically, if you are using a computer or smart phone, assume whatever you do or put on that device someone else has access to.

 

Understand the threat and do not allow yourself to be a cyber victim.

 

It's time for an OPSEC Reminder. This time I'd like to discuss OPSEC vulnerabilities associated with smart phone apps. Smart phone Apps are inexpensive and many are free making them very desirable. The trade-off is when installing the app, you "authorize" the App developer many permissions over your phone. Here's one example:

 

The App: Smart Tools (500,000-1M installs), cost: $2.50

 

What it does: Smart Tools is a complete package of 5 app sets. It includes 5 Pro sets for a total of 15 tools. In a word, All-in-One.

- Set 1: Length, Angle, Slope, Level, Thread - Smart Ruler Pro

- Set 2: Distance, Height, Width, Area - Smart Measure Pro

- Set 3: Compass, Metal detector, GPS - Smart Compass Pro

- Set 4: Sound level meter, Vibrometer - Sound Meter Pro

- Set 5: Flashlight, Magnifier - Smart Light Pro"

 

Pretty cool, eh?

 

What permissions does it require: Hardware controls - take pictures and videos

 

WHAT?! By downloading this app you authorize the app to take pictures and videos with the camera at any time without your confirmation.

 

Anyone want to question the NAVSEA Photo and Recording devices Ban now?

 

Please let this serve as a reminder if you use a smart phone, check the App permissions you have authorized prior to downloading the App.

 

The above is just one small example of a larger set of vulnerabilities.

 

Be safe in cyberspace!

[KeithR]

This was posted on the CBC news site....They tested it at a local station and it worked in most cases

 

A technology designed to make it easier to pay with your credit card may be putting Canadians at risk of fraud and identity theft, security and privacy experts warn.

Many new credit and debit cards come with chips that allow customers to tap the card to make a purchase. These chips, used in many retail outlets from Tim Hortons to high-end computer shops, are read by payment machines and supposed to be a safe and convenient way to pay for goods.

http://www.cbc.ca/gfx/images/news/photos/2013/04/23/mi-phone2.jpgThe ease with which a smartphpne can be turned into a credit card skimmer is “impressive from a technology, and scary from a privacy perspective,” said a Winnipeg lawyer. (Leif Larsen)But CBC News has found out those chips can also be read with a device millions of Canadians carry with them everyday — a smartphone.

Using a Samsung Galaxy SIII — one of the most popular smartphones available in Canada — and a free app downloaded from the Google Play store, CBC was able to read information such as a card number, expiry date and cardholder name simply holding the smartphone over a debit or credit card.

And it could be done through wallets, pockets and purses.

 

 

“They don't even need to talk to you or touch you, they can get information about who you are. That may make you more of a target for certain types of crime,” he said.

Although the NFC antennas in current smartphones need to be very close to a card in order to work — no farther than 10 cm — that could change with the next generation of Android smartphones.

Legary said the Samsung Galaxy S4, set to go on sale this spring, might have a much more capable NFC antenna, which could not only read credit cards from a greater distance, but could also be able to read the chips embedded in enhanced driving licenses and passports.

The technology also has privacy experts concerned.

Brian Bowman, a partner with Pitblado Law in Winnipeg, said the ease with which a smartphone can be turned into a credit card skimmer is “impressive from a technology, and scary from a privacy perspective.”

“The fact that you can gather those different numbers and pieces of identifiers definitely is something that Canadians need to know, that the risk is there,” Bowman said.

He expects cellphone manufacturers, app developers and card issuers are going to have to “step up and find ways to combat [this] risk.”

[OB-1]

My wife and I finally "upgraded" to smart phones two months ago so we could keep in touch with the kids and grand-kids. These are great tools, but I've found that many Apps take complete control of your phone. For example, Apps from Discover Card and United Airlines want to be able to track your location, access your personal data, send data, take photos, etc all without your knowledge. All this for the convenience of being able to pay your credit card bill or buy an airline ticket with just a couple of keystrokes. No Thank You.

 

Be careful with Apps!

[Hummingbird]

I've had a smart phone for business/work for several years.

I use it specifically as a PHONE and to store contacts (about 500)

I use it also for email to and from customers

I use it to take and send pictures

I use it for texting customers

 

I do have pictures of personal things like my bike, cats and various thing of personal nature

 

The phone (Razr Maxx) came with 35 or more apps that have no interest to me at all. Most of which I don't even know how to use. I did download and install a weather app, a world clock and white and yellow pages, all of which are used for business.

 

Somehow I manage to find time to watch football on TV (not on my phone), have time to go to the bank when necessary, don't know how to twitter and I don't have any inclination to facebook (whatever that is)

 

So bottom line, the smart phone is as smart as I let it be

[RandyR]

 

So bottom line, the smart phone is as smart as I let it be

 

Your phone just reported you to G**gle's central tracking system as being an unfriendly.

[wrenchrob]

I have a stupid phone. I can never find the stupid thing!

[djh3]

Well with todays "kids" tweating and twitter and the like at every move they make, somehow I dont think they give it a second thought about unfriendlys knowing what thier next move is before they do. Hell they tell people they are at the corner coffee store, going on a date etc. Kind of like "Hey thieves go to my house I'm gone for the next 3hr"

[Hummingbird]

Your phone just reported you to G**gle's central tracking system as being an unfriendly.

 

I thought I turned that off

[Squeeze]

You'll probably watch much more than just your Smart Phone or Apps once the Government decides to stop using Cash, everything will go through electronic Cards.

 

Sweden decided to do so, other Countries will follow sooner or later.

[reddevilmedic]

you cannot turn THEM off...no smart (tracking) phone for me (even though my "dumb" phone can still be pinged for 911).

[keith217]

you cannot turn THEM off...no smart (tracking) phone for me (even though my "dumb" phone can still be pinged for 911).

 

Thats just a safety precaution. That way you can always be able to reach 911. I definitely agree with the too many apps and access into our lives type deal.

It's especially eye opening with the RFID thing on our cards, and how easily stolen our information is. Just goes to show you that everything is up for grabs nowadays. I keep a password on my phone, but I don't really think it'll help prevent anyone from seeing all my sh*t.