Today cybersecurity researchers have discovered a new dangerous cyberattack.
It all begins with the iOS app permissions request, is some cases if users agree without proper research of what they are permitting. If malicious app permission is granted the victims’ device will become a spy tool that will provide to hacker all he needs to launch other cyberattacks and reach a higher level of infestation.
Everyone must realize that now is the era of smartphones that are defined by apps, which now control our lives more than ever.
This new cybersecurity report illustrates very well how some Apple iOS apps represents a clear end present danger to everyone’s privacy and security if they are gathering data through permissions that users give to them.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
In this study, researchers analyzed more than 30000 apps. The results were surprising in a very bad way, because more than half the apps requested, used and gathered locations when the app is in use; camera; and the user’s photo library; and in some cases without even needing this kind of accessibility for proper working.
The biggest threats came from social networking apps that request permission for all of your iPad or iPhone data. The socials are closely followed by the weather apps, that are asking for a huge array of permissions.
This kind of apps is gathering so much data because their developers are looking forward to creating a detailed profile of each user in order to transform this kind of info into money. Which is not a surprise when we see that more than 96% of the analyzed apps are offered for free, so in order to make money they are requesting a lot of data that will be monetized later in other paid apps or sold to other 3rd party entities.
In each app permissions are requested in clever ways like this example: you want to add a new credit card to Apple Pay, you take a picture of the credit card and you really don’t use the camera again, but the permission remains permanent to the camera. This kind of behavior represents a huge security risk for more than just the normal user because enterprises and government agencies can have huge leaks if permissions are not managed properly.
What to do:
Always review what you are permitting, and take a closer look at one-time use app permissions that must be disabled after that step was checked.
Companies must use a strict smartphone app hygiene like: don’t click on unknown links or attachments, and only download apps from enterprise-approved app stores.
We would continue to monitor these cybersecurity problems. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.