Top 5 Security Risks Quietly Eroding Your Privacy
Is privacy dead?
Security experts Michael Gregg and Kevin Blackman examine the many ways in which apps and services can promote your private information.
1. Some Apps Store Personal Data In Clear Text
"We found out that the Starbucks app was actually keeping personal information on your phone in clear text!" Gregg told Benzinga.
If an attacker obtained the user's phone (or a device storing a backup of the phone), that information could be viewed with little effort.
2. Most People Don't Know How To Use Dropbox
Dropbox is a fairly easy service to use. Unfortunately, consumers don't realize how easy it is to share their private files with the world.
"A lot of people don't know how to properly use Dropbox," Blackman, the CTO of e-security firm WISeKey, told Benzinga. "They don't know that a public photo is exactly that: public. They drop stuff in the public folder that should never be there, that is not meant for public consumption. All you have to do is troll Dropbox and tack on 'public' to every Dropbox user's URL that you find to go see what they left lying around for you to just dig into and discover."
3. Best Security Still Eclipsed By Weak Passwords
"You can have the strongest system in the world, but a weak password trumps strong security," Gregg warned. Many consumers use "password," "password1" or "1password" as their passwords.
4. Security Questions Are Extremely Vulnerable
Yahoo Mail (NASDAQ: YHOO), iTunes and others might ask a user to answer a couple of security questions in order to reset the password. Those questions may include:
- Where were you born?
- What was your mother's maiden name?
- Where did you attend high school?
"All that kind of information is very easy to find," Gregg said. "It's like me looking up someone and it says, 'I attended high school in Houston,' or 'I grew up in New York City.' That stuff is not hard to find. People can go in, go to the password reset, answer those common questions, then they'll get in. That's what happened [with] Sarah Palin. A young man in the Carolinas hacked her Yahoo account. He just guessed the password reset questions and got in."
5. Think Before Downloading
"You really got to be careful about what apps you download and what apps you install," Gregg said. "Generally they're given full control of the device -- your call log, your call history, your camera, your Wi-Fi, your GPS location -- a lot of different types of data."
Gregg said that iOS is not as bad as Android in this regard.
"Apple gives you the ability to go into your control panel and have some control over what each app does," he explained. "And since all Apple apps are controlled from a central point, it's much easier if those apps are found to be malicious or they're not doing something that would be correct or legitimate for Apple to block those."
Disclosure: At the time of this writing, Louis Bedigian had no position in the equities mentioned in this report.
© 2017 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.