#WhatTheTech 6

Written by:
Date Posted:
7 June 2019

We’ve handpicked some tech/security related news stories from the past week, in case you missed them.

Cookies you can’t delete (or eat)

Researchers at Cambridge University have discovered a new way that advertisers can track iOS and Android users across websites and apps by ‘fingerprinting’ the unique characteristics of their devices.

Tracking users is not a new phenomenon. Some common identifiers include phone IMEI numbers, Wi-Fi and Bluetooth MAC addresses. This is why access to this data is controlled using permissions.

However, this research reveals that devices can also be tracked via sensors. iOS and Android phones are packed with sensors such as GPS, cameras, ambient lighting sensors and barometers. Access to these sensors does not require any permissions and can be accessed via a native app installed on a device or by JavaScript when visiting a website on an iOS or Android device.

Unlike traditional fingerprinting, this whole process is ‘invisible’ – for advertisers, this is the perfect form of device fingerprinting.

Dating app exposes personal data
JCrush, a dating app for the Jewish community, left a database open without a password which left sensitive user records and private messages exposed.

The information that was compromised included the users’ name, gender, email address, IP address, geolocation, date of birth, sexual preference, religious denomination and photos they used on the app.

In some cases, the geolocation was so accurate that it was actually possible to identify the users’ exact home address.

The app’s founder, Natasha Nova, has refused to comment on the situation.

This is the latest data breach of a dating app following Donald Daters and Rela which have both admitted data leaks in the last year.

Apple’s 20-year-old bug
Apple has just patched a modem configuration bug that has existed since 1999.

The bug was discovered by Joshua Hill (now a vulnerability researcher) when he was twelve years old. He explains that the flaw could have potentially been exploited by hackers to gain remote root access of any macOS. He revealed the vulnerability at the ‘Objective by the Sea’ Mac security conference in Monaco last week.

The hack mirrors a service that Apple used to offer called ‘Remote Access’. The service allowed you to call up your computer from a phone or another PC and control it remotely, without entering a username or password.

Apple finally patched the flaw in April, however, they have refused to comment on the situation.

Not-so Smart TV
A security researcher has found a vulnerability in SUPRA Smart TV’s which allows remote hackers to take full control of the TV.

The unpatched vulnerability could allow hackers on the same Wi-Fi network to hijack the TV set and broadcast their own content. Remote hackers could broadcast fake news and spy on end users without their consent.

Although the requirement of hackers having access to the victim’s Wi-Fi network limits the threat, a growing number of IoT and router vulnerabilities makes this a serious and potentially dangerous attack.

Our security team recommend keeping your network secure by setting strong passwords and avoiding sharing plain text passwords with untrusted people. If IoT devices are connected to the same network, be sure they are behind a firewall.

We’ll be back next week with more tech news!

Rating: 5.0/5. From 1 vote.
Please wait...
Voting is currently disabled, data maintenance in progress.

Recommended Videos

Find out why Safestore adopted Hyve as their hosting provider

Case Studies

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.