Cookies you can’t delete (or eat)
Researchers at Cambridge University have discovered a new way that advertisers can track iOS and Android users across websites and apps by ‘fingerprinting’ the unique characteristics of their devices.
Tracking users is not a new phenomenon. Some common identifiers include phone IMEI numbers, Wi-Fi and Bluetooth MAC addresses. This is why access to this data is controlled using permissions.
Unlike traditional fingerprinting, this whole process is ‘invisible’ – for advertisers, this is the perfect form of device fingerprinting.
Dating app exposes personal data
JCrush, a dating app for the Jewish community, left a database open without a password which left sensitive user records and private messages exposed.
The information that was compromised included the users’ name, gender, email address, IP address, geolocation, date of birth, sexual preference, religious denomination and photos they used on the app.
In some cases, the geolocation was so accurate that it was actually possible to identify the users’ exact home address.
The app’s founder, Natasha Nova, has refused to comment on the situation.
This is the latest data breach of a dating app following Donald Daters and Rela which have both admitted data leaks in the last year.
Apple’s 20-year-old bug
Apple has just patched a modem configuration bug that has existed since 1999.
The bug was discovered by Joshua Hill (now a vulnerability researcher) when he was twelve years old. He explains that the flaw could have potentially been exploited by hackers to gain remote root access of any macOS. He revealed the vulnerability at the ‘Objective by the Sea’ Mac security conference in Monaco last week.
The hack mirrors a service that Apple used to offer called ‘Remote Access’. The service allowed you to call up your computer from a phone or another PC and control it remotely, without entering a username or password.
Apple finally patched the flaw in April, however, they have refused to comment on the situation.
Not-so Smart TV
A security researcher has found a vulnerability in SUPRA Smart TV’s which allows remote hackers to take full control of the TV.
The unpatched vulnerability could allow hackers on the same Wi-Fi network to hijack the TV set and broadcast their own content. Remote hackers could broadcast fake news and spy on end users without their consent.
Although the requirement of hackers having access to the victim’s Wi-Fi network limits the threat, a growing number of IoT and router vulnerabilities makes this a serious and potentially dangerous attack.
Our security team recommend keeping your network secure by setting strong passwords and avoiding sharing plain text passwords with untrusted people. If IoT devices are connected to the same network, be sure they are behind a firewall.
We’ll be back next week with more tech news!