Top 5 Security Risks From Apple Inc., Google Inc. & More
Are your favorite apps and services putting you at risk?
Security experts Michael Gregg and Kevin Blackman recently shared their thoughts about the rising dangers of the world's most popular software and services.
1. Passwords In The Cloud
Blackman, who serves as the CTO of e-security firm WISeKey, told Benzinga that when a user saves a password in Google's Chrome browser, Google will attempt to simplify the experience by sending that information to the cloud. The password will then be accessible on the user's other devices.
Apple's Keychain feature does the same thing. Keychain pulls information from Chrome and vice versa. This creates a problem for users who mistakenly save a password on a public machine. The user could change that password later or delete the associated account, but it may not matter because Google and Apple may have already brought other passwords (stored in the cloud) to that computer.
"We're just normal people, right?" Blackman said. "We don't know what's going on in the background, and we're using these tools for convenience. All of a sudden, some machine that I used, I just logged in to do something with my Google password, all of my passwords from everywhere got copied onto his machine. So there are all sorts of ways now where your personal life can just be busted open like a bazooka by the sort of practices these guys are doing."
Blackman doesn't blame Google or Apple for creating this feature. After all, consumers are always in favor of convenience. "It's a difficult thing for users to hop through all of the password systems that they put in place and tried in the past, so they've gone for the simplest solution," he said.
2. Saved Passwords Anywhere!
Even without the cloud, consumers should avoid saving passwords on their personal devices.
"Most of the big pieces of crimeware -- the big crimeware kits that we see come out of places like Moldavia, Russia, Ukraine -- the first thing they're going to do is scrape all those values out of your browser," Gregg, the founder and CEO of network security consulting firm Superior Solutions, told Benzinga. "Any passwords that have been cached, they're actually going to pick up. And then generally, they're going to drop something like a keylogger onto your machine to pick up anything you're typing in. So, if you're typing in something, they can potentially get it. But they're definitely going to pick up anything that's cached in the browser."
Gregg emphasized the danger. He said that users are unlikely to know if their machines are infected with crimeware, so they may not even notice if a hacker attempts to extract their data.
3. Facebook Auto-Tags Photos, Crashes Upon Removal
Facebook Inc. (NASDAQ: FB) has a weird glitch that is causing a lot of headaches.
The iOS app appears to be auto-tagging people even in photos added to a private album.
"When you try to delete a tag, it crashes," Blackman said. "We've got to do further tests. We want to know if it crashes by design. What happens is, when you add a photo that's tagged -- even if it's to a private album that only you can see -- that tagged photo is going to appear in the user's timeline with the user's timeline's privacy permissions tagged onto it, so it's no longer private. That's something that people have been coming to us with. They're concerned about it."
4. Two-Factor Authentication May Be More Important Than You Think
Gregg noted that PayPal sells a security key that adds an extra layer of protection. Other companies offer their own forms of two-factor authentication -- with or without a physical element involved. "Sometimes people don't want to do that because they see it as another layer of hassle or something else that they have to do," said Gregg, who is a fan of two-factor authentications that involve a cellular device. "You probably have your phone with you at all times or very close to you. For attackers to overcome that second piece, it's very difficult to do."
5. Banks Are Watching
"Many times people don't understand what they're agreeing to or what they're not agreeing to," Gregg said. "Sometimes for bank apps, you actually agree to the bank app. It says, 'We want access to your phone. We want access to your camera.' So when you get ready to do something like a deposit or do a picture of the check (when you deposit the check), they may actually take a picture of you on the phone and not actually tell you. They're doing that to verify later if something goes wrong that they have your information."
Disclosure: At the time of this writing, Louis Bedigian had no position in the equities mentioned in this report.
© 2017 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.