Beware what apps you download – Yet again, social engineering proves the easiest way to breach security…
A comment from the first:
In my last update to ‘Big Brother Camera Security (Free)’ (link to app removed), I added some code to record common user passcodes (completely anonymous, of course). Because Big Brother’s passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, I figured that the collected information would closely correlate with actual iPhone passcodes.
And a follow up after the app was removed from Apple’s App Store:
I think I should clarify exactly what data I was referring to, and how I was obtaining it. First, these passcodes are those that are input into Big Brother, not the actual iPhone lockscreen passcodes. Second, when the app sends this data to my server, it is literally sending only that number (e.g. “1234”) and nothing else.
And he wonders why the app was pulled.
Whilst Daniel claims he had no ill intent, his actions highlight risks with apps on any store or social network. There are limits to how many different passwords we can remember without having them written down and carried around everywhere (not a good plan). The more common method is to re-use passwords or use simple ones. At the very least, divide your user accounts/passcodes for sites and apps into two buckets: ‘important’ and ‘not so much’ . Never use a ‘not so much’ password for an important purpose, and vice versa. And if a ‘not so much’ app appears to be mimicking an ‘important’ security screen, think twice before using it and think again before allowing it to collect your data. And read those app descriptions before you download, try to spot one masquerading as something else. If it sounds too good to be true…
Yet again, social engineering proves the easiest way to breach security.
Featured image: iStockPhoto