Email Productivity Applications Collect Users’ Personal Information to Sell to Third Parties

There are many email productivity applications that help manage and organize your inbox. While useful, they come at a costly price for your privacy. According to Motherboard’s Joseph Cox, many of these apps can scan through people’s emails and sell their data for profit. Some worth mentioning include Cleanfox, Slice, and Edison. On Edison’s website, the company states that it “accesses and processes” users’ emails, this similar statement used for the apps Cleanfox and Slice.

These types of applications scan people’s personal inboxes for emails that contain information such as package tracking notifications and receipts to record how much people spend as well as what they are purchasing. Once this data is collected, these application companies sell this information to e-commerce and finance companies that have an interest in such trends. However, they sell an anonymous version of the information. 

A spokesperson from Edison told Business Insider that their software “automatically recognizes commercial emails and extracts purchase information,” while disregarding any emails that include personal or work related matters. Slice’s parent company, Rakuten, stated that the reason as to why they collect people’s data is for market research purposes and – contrary to what we may believe – that they do value protecting their users’ privacy. 

Foxintelligence’s CEO Edouard Nattée stated in an email to Business Insider that new users are notified when their data is pulled from “transactional emails”, further stating that the information collected remains anonymous. While anonymized data may seem secure, data breaches that give access to the exact data can help cybercriminals trace information back to its original source. 

WiFi 6 Has Arrived and Promises Faster Data Delivery Speeds

WiFi is inevitably part of our everyday lives. With every passing year, we add more devices in our homes that require WiFi, consequently slowing down our speeds as more devices connect to our home routers. WiFi 6 is here to help solve that issue. WiFi 6’s devices/routers offer faster speeds of the internet and some of these routers are even inexpensive to own.

Last year at CES 2019, affordable routers were announced to be coming to stores, yet consumers were met with very high price points. A small number of routers were offered for just under $200. This year’s CES event introduced quality routers that ranged around the price points of $100-$200.

In large homes, it’s recommended to have a mesh router system. However, this could be a bit more expensive than singular routers. Mesh routers also provide stronger and faster speeds of WiFi. At CES, Comcast announced the WiFi 6 version of their Gateway. This was a crucial change for many since cable providers rent out routers to their consumers. Apple’s iPhone 11 and iPhone 11 Pro both support WiFi 6 in addition to other companies like Lenovo, Samsung, and Asus that announced new laptops that also incorporate WiFi 6.

In comparison to WiFi 5, WiFi 6 has nearly doubled in speed. WiFi 5 had about 3.5 Gbps compared to WiFi 6 which now has up to 9.6 Gbps. However, that speed isn’t necessarily for one device solely. Rather, the 9.6 Gbps is  needed for connecting and using multiple devices without sacrificing quality internet speeds. 

There’s more developments coming for WiFi 6 such as WiFi 6E, which increases speed and capacity, but consumers will have to wait a while for this one since it doesn’t exist yet. WiFi 6 doesn’t instantly improve internet speeds. Rather, the wireless upgrade will show noticeable improvements through your regularly used devices once support for WiFi 6 is established.

Some App Developers Had Access to Facebook Users’ Data Through the Platform’s Groups

Earlier this month, Facebook admitted that about 100 application developers still had access to Facebook user data, specifically those in Groups on the platform. The news comes as a surprise considering how Facebook took measures to restrict access to sensitive data in April 2018 after the Cambridge Analytica scandal. At the time, Facebook’s newly enforced rules limited third party access to users’ personal data – such as names and profile pictures – and instead allowed access to Group content.

Even after nearly a year and a half later, Facebook still has issues with controlling how much access third parties have. A post published by Facebook director Konstantinos Papamiltiadis stated that the platform’s implemented rules in 2018 were inconsistently carried out, allowing developers to collect personal information from users. Those 100 application developers have now been restricted from doing so. 

Facebook’s director stated that 11 developers had access to user’s data in the last 60 days but had not used the data in any unethical practices. Facebook is now requesting that all data collected by those developers be deleted. Papamiltiadis did not specify what personal data they had access to, however, he did state that the developer apps consisted mainly of “social media management [tools] and video streaming app[lications]…”

New Google Pixel 4 has One Big Privacy Issue with Face Unlock Feature

Google has created their own version of the face recognition unlock system for their Pixel 4 and 4 XL. Google’s system is similar to that of Apple’s Face ID technology and has changed their fingerprint authentication on the Pixel 4 to solely implement this method of phone unlock. However, there’s a huge privacy issue with their system: the phone can be unlocked even if your eyes are fully closed. 

The phone can be unlocked by someone else if the device is held up to your face – eyes closed or not. The unlock system will also work if you’re asleep and someone wanted to unlock your phone without you knowing. Contrary to Google’s unlock system, Apple’s requires your eyes to be fully open to unlock, thus making it more secure for its device users. 

Whether or not Pixel has intentions to add more security to the face unlock system remains unknown. A Google representative commented on the issue in a statement to The Verge, explaining: “We don’t have anything specific to announce regarding future features or timing, but like most of our products, this feature is designed to get better over time with future software updates”. With nothing yet officially announced, the privacy issue still stands, allowing a nosy friend or significant other to access a user’s device at ease. 

As of now, the only way to combat this issue is a lockdown function equipped on Android phones. Lockdown can be accessed through the power menu, and once pressed, the device disables the face unlock feature until the user’s PIN code is entered. If you choose to do lockdown, notifications will not be displayed on your phone screen. Bluetooth devices also lose the ability to unlock the phone.

5 Cybersecurity Threats That You Should Look Out for

Ransomware attacks, cyber attacks, data breaches – these are just a few cybersecurity threats that catches one’s attention. However, here are some other types of threats you may not have expected:

Malicious USBs That Could Carry Viruses 

Some USB Sticks could be very dangerous if initially tampered with and – once plugged in – can install a backdoor on PCs. You should be very cautious of plugging in a USB drive to your PC if you are unsure of where it’s from. Other USB sticks may not start causing immediate damage once inserted. Instead, such USBs could carry viruses that could wreak havoc on your computer after initial download. Always make sure you know where the USB comes from, keep your computer’s operating system up-to-date, and have the proper security tools installed.  

Browser Extensions That May Do More Harm Than Good

Browser extensions have everyday useful features, but some extensions need close evaluation from its users. Extension developers could use these programs to collect data on what you search online. If you happen to choose the wrong extension, it could end up annoying you with pop-ups, installing unneeded software, and could also sell your browser data. To help prevent this, minimize your extension downloads, do your research on the developers behind each extension, and just stick to the ones you know of. 

Charging Cables That Could Give Hackers Access To Your Device

The purpose of a charging cable is to give power to your device and help sync information. However, there are some charging cables out there that look very similar to your everyday charger, but they could give hackers access to your device’s information. All you would have to do is click “trust this computer” when a malicious cable is plugged in, and the hacker would have access to your device. To help prevent this issue, be mindful of the charging cables you purchase or only use the charging cables that come with your device.

Photo Uploads That Give More Information Away Than Wanted

There’s nothing wrong with posting photos on social media. However, you should be careful with putting your pictures on “public”, as uploaded photos can carry your location data. Apps like Facebook and Instagram remove this information, but apps like Google Photos track the location of where the photo has been taken. Posting the photo online with a location tag can add the location back to a photo even if you remove the location data. This photo data can put you at risk of identity theft or online stalking if a cybercriminal were to use your pictures for these malicious purposes. To prevent this, keep your social profiles on “private” mode.

Smart Home Devices That Could Be Hacked

As homes get smarter, hackers have the chance to target them. If hackers are able to access homes, they could make sure doors remain unlocked or check your security cameras. To combat this, buy devices that are well-known and make certain that all your devices – including your router – are always up-to-date with the latest software. Also, do not keep default passwords for your smart home device accounts. Make sure your passwords are hard to guess and are not used elsewhere. For more protection, turn on two-factor authentication for your device accounts.

Apple Will Release a Special iPhone for Security Research Purposes

Apple will release a special modified iPhone for research purposes only. With new software installed within its operating system, this modified iPhone is set to be a part of Apple’s bug-bounty program. While Apple’s bug-bounty program was initially introduced in 2016, this is the first time such iPhones will be used for this service.  

These new iPhones will be included in Apple’s iOS Security Research Device Program and will only available to the security research team. The program supplies security researchers with this uniquely modified iPhone to which these analysts will use to help with making security-related improvements. This would make it easier for ‘experienced bug hunters’ to work on Apple products. 

These modified iPhones will have “advanced debugging capabilities and a root shell, among other modifications designed to make the software more open and accessible for researchers,” says Lisa Eadicicco of Business Insider

In August, Apple announced that the new Research Device Program is one of many updates in their bug-bounty program. They have yet to announce how many applications they will accept into this program. Apple will pay a $1 million reward to researchers who find flaws and to whoever could take control of a device with no user interaction involved. The company will expand their bug-bounty program, so it will include most of Apple’s products, such as the Apple Watch, Mac computers, and their Apple TV, in addition to the current iOS.

Google Study Reveals Many People Are Still Using Breached Passwords

Recently, a Google study showed that about 316,000 passwords have already been breached and are still in use. These used password credentials also include financial and governmental accounts. The information used to create this study was from Google Chrome’s Password Checkup extension. Google recently stated on their blog, “The study illustrates how secure, democratized access to password breach alerting can help mitigate one dimension of account hijacking.”

The Password Checkup Extension activates when someone signs into a site, which uses one out of 4 billion username/passwords that Google finds unsafe due to a third-party breach. Google found out that out of 21 million passwords and usernames, 1.5% of these sign-ins were risky. They also stated that many people like to reuse passwords that tend to be vulnerable, which puts them at risk. People use vulnerable passwords when it comes to entertainment and news websites, and sometimes on shopping sites where there could be credit card information stored. About 26 percent of unsafe passwords were reset by users. In addition to that, 60 percent of those new passwords are secured, leaving out the possibility of guessing attacks, which would take a hacker over a hundred million guesses before figuring out the user’s new password. 

Not changing used passwords can lead to cybercriminals gaining unauthorized account access. There have been “credential-stuffing incidents”, which affected companies like Dunkin Donuts and State Farm. Hackers would use lists of breached usernames and passwords to log in to web application accounts through automated requests. When the right username and password combination are found, cybercriminals can gain access to the targeted account. 

Google recommends using their Password Checkup Extension as a precautionary measure to alert users of whether their password has been breached. It is good practice to use different passwords for all your accounts and store them in a secure password manager application. As always, avoid using simple-to-guess passwords and instead use phrases with numbers and symbols. 

New Trojan Malware Spreads via Word Document

There’s a new trojan malware spreading through malicious Word documents, and cybercriminals are using this virus to steal personal information and sensitive banking details. The malware, Ursnif trojan, attacks Windows operating systems and is popular with hackers since its main source code was leaked, becoming a more widely available option for cybercriminals to take advantage of. This type of trojan has existed in different forms over the years, starting in 2007 when the code first surfaced in the Gozi banking trojan. 

Since the code was leaked, hackers have customized it to their liking, stealing banking account information and other valuable account details. Cybersecurity firm Fortinet has identified a new version of the trojan that spreads through Word documents, it’s file format name: “info_[date].doc.” The hacker attaches a malicious macro script to launch once the document’s macros (a series of operations done through a single command) have been enabled.  

The macros can be enabled by clicking “Enable Content” which releases a VBA code that drops a version of the Ursnif malware onto the victim’s computer. This malware then runs “iexplorer.exe” processes to connect to a command and control server on the hacker’s end. In an effort to sway user suspicion, the host list for the server refers to security companies as well as Microsoft. 

Researchers have stated that the campaign is still operating. Even though these techniques might seem a little basic, an easy phishing email attack could give these cybercriminals a chance to invade networks and initiate an extensive cyberattack. 

As always, be mindful of the emails you receive, especially those with unsolicited document attachments, and check the sender email address to verify if the email is spam. When in doubt, directly contact the company referenced in the email using a phone number provided on the actual website.

iPhone Settings Changes That Will Help Your Battery Life Last Longer

Our iPhone batteries never last long enough because we rely on it for nearly everything. From searching up places to eat, to ordering an Uber, to relying on our device for hours of scrolling through social media – we never have enough battery life that lasts for an entire day. To combat quick battery drainage, there are small adjustments you can make to your phone just from a few Settings adjustments! Switching to Low Power Mode, turning off your location services, turning off automatic downloads, lowering your screen brightness and disabling push notifications all help you save more power to get the most use out of your phone. 

Another modification you can make to your iPhone is limiting the Background Refresh feature. With this feature you have the option to turn it off or only use Wi-Fi. To do this you would first go into your Settings, and then tap on General, and click on Background App Refresh. You could also pick and choose which apps you want to refresh instead of having all of them refresh automatically. To do this, just follow the same steps as above, but instead of clicking the Background App Refresh, start scrolling down to see the apps that are on your iPhone and turn off/on the ones you want!

To check which apps take up most of your battery life, you would go to your Settings app, then click on Battery, and then scroll down to the subsection where it states Battery usage by app. This shows you the percentage of the apps you use and how much of your battery life each app is eating up.

A few other small tips to help with your phone’s battery are: 

  • Enabling airplane mode in areas with poor reception
  • Using Wi-Fi instead of cellular internet when you have access to it (However, be wary of Unsecured Wi-Fi networks. Avoid conducting online business that involves inputting personal or sensitive information when on public Wi-Fi).
  • Turning off Wi-Fi and Bluetooth when you are not using it 
  • Turning off your Location Services

Zoom Conference App Vulnerability Allowed Unauthorized Access to Mac Users’ Video Cameras

 

A researcher, Jonathan Leitschuh, claimed that Zoom users that use Apple’s Mac computers were left unprotected and could have had their computer camera hacked. This application glitch allowed any user to force other users into joining Zoom calls, turning on their camera without permission. Leitschuh, the one who discovered this flaw, stated in his blog, “This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link… and when they open that link in their browser their Zoom client is magically opened on their local machine.”

Leitschuh discovered how to expose the flaw by switching the Participants option from “Off” to “On.” When he notified the public about this vulnerability, users on social media put it to the test – and it was a frightening success. In addition, even if a user deletes Zoom from their Mac, a hacker could reinstall it. As a quick and temporary fix to this issue, users can go into their Zoom settings and click on “Turn off my video when joining a meeting.” 

Leitschuh gave Zoom a 90 day window to repair this issue. Over 40 million people who use Zoom are exposed to potential invasion of privacy. He was not convinced with the quick fix Zoom came up with. The company commented that the issue is still ongoing, however, on Tuesday, they stated that had begun to fix this matter. 

Apple recently released a silent update to patch the vulnerability on users’ Zoom apps. The update is deployed without the need for user interaction and effectively stops the possibility of web servers activating a user’s video camera without permission.