Hackers | Message Mirroring Apps

Can Hackers use Message Mirroring Apps to Bypass Security?

Forty years ago, the world was a safer, and slower place. The internet was still in its infancy, and the need for online security would have featured low on a business’s to-do list. Fast forward to 2021, where online security, data storage and protection are now a priority and message mirroring apps another security concern altogether.

passwords vs 2FA

Most businesses make use of passwords as a means of protection but in this digitised environment a single password security system is all too easy to bypass.

Almost 80% of hacking-related breaches are attributed to weak and compromised credentials. Thus, the need for two-factor authentication (2FA) which provides an extra layer of security, which works in conjunction with your username and password.

However, as with everything internet related would-be hackers aren’t thwarted for long. Any hacker worth his weight in technical exploitation can develop ways of bypassing 2FA via the single access codes sent by SMS to a smartphone.

attack of the androids’

Hackers can also bypass SMS-based 2FA remotely by gaining access to the users email and password combination connected to a Google account. They then install a readily available message mirroring app onto the phone via Google Play.

This form of attack is made easy as people tend to be creatures of habit, using the same login details and passwords for many of their online services. Unfortunately, this type of online behaviour increases the risk of being hacked.

Once the message mirroring app is installed, the attacker reverts to good old-fashioned trickery and, posing as the service provider, influences the victim to grant the relevant app permissions. The hacker now has full access to their communications and SMS one-time passcodes used for 2FA.

Although there are several conditions to be fulfilled if this kind of attack is to work, it demonstrates that SMS -based 2FA methods do have their weaknesses. This form of attack doesn’t require much more than an above average knowledge of how apps work coupled with a bit of social engineering.

Imagine how real the threat if a trusted person with access to your smartphone orchestrated this type of attack.

how can you protect yourself from message mirroring apps?

  • Utilise a Password Manager – This makes your username /password more secure
  • Limit the use of SMS as a 2FA method – Use app-based one-time codes generated in apps such as Google Authenticator
  • Use dedicated hardware devices such as YubiKey– USB devices that enable 2FA across different services

Aside from using password managers and implementing alternative authentication methods, make sure that your data is backed up and stored securely in the cloud.

Mobile Apps – a threat to our digital privacy

Some would say that mobile apps pose a serious threat to our digital privacy. And surely anything that represents a threat should be quickly and effectively eradicated, especially when it comes to our privacy?

However, the suggestion of a world without Apps is sure to raise more than a few gasps. These nifty bite-sized pieces of software are easily downloaded onto our smartphones at the tap of a finger and quicker than you could make a cup of tea. And more often than not, downloaded without stopping to consider if the app could be a threat to personal information.

Responsible App Development

App developers following a ‘privacy by design approach should be aware of the laws that now govern and demand that a users’ data be protected irrespective of where they live on the globe. The complexities of being compliant with data protection laws in multiple countries can cause many a headache for the app developer though. The real concern is that developers often lack the technical understanding or interest to review privacy terms, and don’t actually speak the same ‘legalese’.

However, headaches aside, the responsibility of protecting the end users’ privacy is down to the developer from the moment they start to create the App.

While most apps have embedded technology that allows for the sharing of data with third-party platforms, privacy laws don’t do a particularly thorough job of ensuring that third parties abide by the compliance rules. Often, third parties have terms and conditions that push the responsibility of considering the user’s privacy upfront and onto the shoulders of the App developer.

This leaves App users unprotected, with the App developer legally liable for any misuse of data as determined by the Protection of Personal Information Act and the GDPR. Furthermore, App developers will ordinarily decide why and how the App collects data.

These protection acts make the App developer, the ‘data controller’ and thus responsible for the data’s use where ever it may end up.

If this information leaves you feeling vulnerable, the truth is you are and need to be implementing steps to safeguard yourself.

How an App Developer Needs to Safeguard Themselves

One of the seven foundational principles of the ‘Privacy by Design Approach’ is ‘Visibility and Transparency.’ By following this principle, App developers should be putting best practices into action to ensure they don’t face unforeseen legal liability.

A privacy by design approach for developers should follow the following principles:

  • Monitor developer platforms for security and privacy
  • Notify users of any data transfers to third parties
  • Provide easy to use privacy controls
  • Ensure that all privacy policies and procedures are documented, communicated, and assigned

In addition, app developers should always check the contract and third-party code carefully, ensuring that they are not saddled with all the responsibility.

Concerned about your Digital Privacy?

A few simple behavioural changes will ensure that you maintain security on your digital devices. Here’s our quick takeaway on how to protect your information online.

  1. Secure your accounts by using a password manager to save your passwords and generate different, complex passwords for all your accounts. Once setup you will end up with new passwords for all of your accounts.
  2. Protect your web browsing with a browser extension to block ads and the data that they collect.
  3. Use antivirus software to protect yourself from viruses and malicious software which can wreak havoc to your business and personal information.

Lastly, be sure to do regular online cloud backups for off-site data protection. Get in touch with us today for your free 30 day trial.

 

Mobile Health Apps Need Better Health to Reduce Cybersecurity Attacks

Mobile health apps are becoming more and more popular in modern medicine enabling hospitals to collect and share patient information on an anywhere-anytime basis.

Health apps also help to deliver a streamlined and beneficial process allowing hospitals and doctors to track and manage patient health and giving patients access to their medical data at the push of a button. The problem though is that many of these apps have been developed at high speed focussing more on innovation than security leaving the apps vulnerable to cyber-attacks.

why are cybercriminals targeting mobile health apps?

Mobile health apps amass detailed profiles of their users, making them a prime opportunity for cybercriminals to jump in and steal valuable user data. Some of the information includes an identification number, cell phone numbers, email addresses, banking details, and physical addresses. The personal information can be used to carry out identity theft, guess login details for accounts, and even make online purchases (especially if they encounter saved card details online) and there is big money in the ‘full medical record’.

Pair all the above sensitive personal data with vulnerable cybersecurity measures, and you have a big problem. Stored patient records make for a cybercriminal field day! Crime syndicates are quickly catching on to the fact that mobile health apps have inadequate data protection, which puts hospitals and patients in a precarious position. Measures need to be put in place swiftly to avoid significant repercussions.

authorisation and authentication

Authorisation as a step of security on these apps is not sufficient. Pairing authorisation with authentication may be the solution to the above problem.

Name and password authentication is no longer an adequate cybersecurity level, particularly with apps that store such a vast amount of personal data. App designers need to implement a further step of authentication as an added security element, which can be implemented in multiple ways.

One of the most common added security layers these days is a one-time pin (OTP) number that is sent to the users’ mobile device. Without the OTP pin, there is no access to the profile.

Avoiding user-only input and requiring a one-time pin generated from an external source is a simple yet effective solution to the problem. This simple step should reduce the number of cyberattacks on mobile health apps.

The issue of authorisation without authentication is not limited only to mobile health apps – it would seem to be a common security flaw in many apps. The concern with health apps, however, is that they contain far more personal data, making them a hot target for cyber-criminals as a “jackpot” of user data.

conclusion

Mobile Health Apps can save lives but there is no denying that cyberattacks are on the rise and these health apps are being targeted. It is up to both developers and hospitals to partner together and go the extra mile to ensure all users are sufficiently protected against possible cyberattacks. With the right crypto applications, end-users can ensure that they keep their data and privacy safe from cybercriminals.

What’s Coming to WhatsApp – New Features and Updates

What’s coming to WhatsApp in 2021? In October 2020 we gave you a sneak preview of the WhatsApp features and updates planned for users this year. It would seem that many of these updates have since been enabled, and a few more have been added. Let’s take a look.

Users can expect a deeper integration with Facebook and of course, the ability to function across various platforms including desktop, web, Android and iOS – something which the world has been waiting for with bated breath! The news that the deeper integration with Facebook will change the face of WhatsApps privacy terms has caused some backlash for the platform with recent statements appearing to contradict earlier assurances that message privacy will not be affected.

Should you be concerned about the privacy updates? Possibly, but you need to understand that it’s all really much of the same. WhatsApp has been sharing your data with Facebook since 2016 and importantly, none of your conversations and media will be shared under the new terms. Best bet – read up on the new privacy terms before accepting them but do it fast, the deadline for users is February 8th which is just around the corner!

With the new features and services mentioned in October, some users on Android and iOS, in beta versions have already been able to test the updates. The good news is that it seems to be a case of full steam ahead and we should see these features go live on the app sometime this year.

let’s talk about the new whatsapp features

Video muting
Users will soon be able to mute videos before sending them on to other users or adding them to their status updates. A small toggle will appear on videos that can be used to mute or unmute media.

Support for multiple devices
This support feature is two-pronged.

  • The first prong will allow users to sign into their WhatsApp account on up to four different devices.
  • The second prong will enable users to log onto their desktop or web version of WhatsApp without having their device nearby and connected to the internet. This feature is in the final testing phase. While WhatsApp hasn’t mentioned an actual release date yet, they have said that it will be coming in 2021.

Video calling from desktop and web mode
Currently, WhatsApp can be used online on a web application as well as a desktop application. Unfortunately, these versions have only allowed for text chats, but later this year, you could be able to video call from desktop and web mode!

Read later functionality
On vacation or sick leave? Now you can pop chats into the Read Later area and deal with them when you are ready. The messages sent to these chats will update, but you won’t receive notifications until you elect to.

keep an eye on the app for additional updates

2021 seems like it is going to be a good year for WhatsApp. While there’s much debate around the new data-sharing issues faced by WhatsApp users, most are willing to admit that the service has been a reliable and stable form of communication in our lives.

Watch out for the arrival of the new features and updates and let us know what you think of them when you have tested them out for yourself. If you haven’t taken the time to suss out the new privacy terms for using WhatsApp, now is a good time to do that. Make sure that you understand them and are comfortable with them. Alternatively, start looking at other chat apps such as Signal and Telegram.

Masking Up! There’s Even an App for That!

Who could ever have predicted that wearing a face mask would be a sign of the times when today, it seems to be the new norm and a long-term precaution! With companies eager to get back to work they need to ensure that they meet and implement a variety of conditions and measures which include finding ways to incorporate face masks into their daily business operations.

Given that in most countries, anyone leaving their home is required to wear a face mask whether they are shopping or working, facial recognition becomes a little tricky. And it’s not just the office-based businesses that need to worry about ensuring that their staff wear masks. Companies such as Uber need to reassure clients that they too are taking all the necessary precautions and as such, that their drivers will be monitored, while tech companies need to find innovative ways to promote mask-wearing and of course to allow us to unlock doors, phones etc. if we don’t want to revert to Touch ID!

It turns out of course that tech companies were ready to react, and that tech is far more versatile than we thought. Several big brands and industries are going all out to promote apps that drive behavioural change to ensure people wear a mask in line with government regulations and health recommendations.

Face Mask Wearing Apps

It sounds a little odd to utter the phrase “there’s an app for that” when talking about wearing a face mask, but it would seem that brands have been thinking out of the box to adopt the new norm.

  • A solution to overcome facial scan phone unlocks

Okay, this one was worth a laugh! When Apple announced that it was releasing an app that would let you unlock your phone using facial recognition without removing your mask, we thought they had finally lost the plot. But then the actuality struck! Apple isn’t doing anything that fancy or impressive. In fact, all that this new app does is open the facial recognition feature to bring up a screen that requests the user to insert their pin code. Guess what…most phones already have this phone locking feature, without the need to download a new app! Just saying…

  • Uber introduces an app to ensure drivers are wearing their masks

Uber doesn’t want its drivers or customers to be at risk and so the company is doing what it can to ensure that drivers who profess to be wearing a mask are actually wearing one. If you are familiar with the Uber app, you will know that it is constantly monitoring its drivers with a real-time ID check. To ensure that the assigned Uber driver is actually the driver working, the app requests a driver to snap a selfie at random times.

With an app update, which is still in a developmental stage, it is believed that the app will be able to confirm if the driver is wearing a mask. Uber isn’t all about being creepy though – it’s about driver and customer safety, which is why the company already provides its drivers with sanitiser and masks for their vehicles.

  • The Apna Mask Initiative gets big brands promoting mask-wearing awareness

The Apna Mask Initiative is working hard to get big brands to change their app icons and social media handles to promote the wearing of masks. This StartupVsCOVID community initiative has been embraced across India by internet companies such as Urban Company, MakeMyTrip and Zomato. The startup stalwarts were later joined by celebrities including the likes of Vidya Balan, Juhi Parmar, Sonu Sood, and Preetika Rao to name a few.

Do Your Bit – Mask Up!

As a South African citizen and potentially a business owner, you need to make sure that you are doing your bit to promote safe hygiene practice and awareness in your company. Will you join the Apna Mask Initiative? Or perhaps you have your own business app designed to keep your workforce safe. Whatever the case, what we don’t know about face masks is as much as what we do know, and whether you wear one for your own safety or for the health of others, as the economy fires up again – we should all simply mask up and do our bit.

Best Software for Remote Working Teams, Meetings and Conferences

As a business owner, you already know that COVID-19 has brought on a nationwide lockdown, but it doesn’t mean that your business has to close for business entirely. Many business owners have come up with innovative ways to continue operating online, with their employees working remotely. While this is the new norm, for now, there are challenges that are faced by work-from-home teams that need to be addressed. These challenges can certainly be solved by making use of software designed specifically for remote workers, online meetings, and digital conferences.

When looking for remote software and applications, it is always best to take a few things into consideration. These are:

  • Affordability
  • Online availability (do all team members have access to enough data/internet service?)
  • Privacy
  • Security
  • Method of communication

How to Connect Your Team Remotely

The question begs to be asked; What is the best software to use when you have teams working remotely? Below are the top applications, tools, and programs that many companies and individuals make use of when working remotely.

  • Asana

Asana as a brand claims to simplify team-based work management and in reality, it does just that. There is both a web and mobile version of the program that allows teams to connect, organise, track and manage work and projects currently underway.

Asana is considered safe and secure to use as sharing of info can be controlled in the app/program settings. All information entered is encrypted with industry-standard encryption.

Asana is free to use for up to 15 users. Premium features in the workspace are only available to paid members. Prices start from around $13.50 per month.

  • Zoom

Zoom describes itself as a leader in modern enterprise video communications. It has a reliable cloud-based platform that is ideal for webinars, chats, audio conferencing, and video conferencing. What makes Zoom popular is that it is able to collaborate with mobile as well as desktop.

Zoom claims to provide end-to-end encryption. Unfortunately, as evidenced in local news, Zoom’s video and audio meetings were not quite as private and secure as initially believed.  You can read more on the risks here. This doesn’t mean that Zoom isn’t a highly useful program to use, but if you are considering using it for sending and storing of sensitive data, do your research first.

Zoom offers a Basic Free Plan that allows unlimited meetings with many participants for up to 40 minutes. There are other pricing plans for larger conferences and longer meetings.

  • Skype

Skype has earned itself a great reputation over the years as being a world-class conference, audio, and video calling program. It also offers a great messaging chat service which makes it easy for team members to keep in touch and share information at the click of a button. Skype is considered very safe to use as it does a verification check to ensure that users are who they say they are.

The program encrypts communications and ensures that no third parties are able to gain unauthorised access to communications. The payment systems are also secured and considered safe to store card details.

Skype is free to use if you are communicating with other Skype users. Users only pay to use the service if they are calling an external number or sending a text message.

  • Slack

Slack is a great program for teams working remotely and is considered a good alternative to email and an effective way to keep conversations organised and tracked. Slack allows its users to organise communications in channels for group exchanges, and also allows for private messaging where individual employees can share files and information with each other.

Slack advises that data is encrypted and also offers data protection tools including Enterprise Key Management, audit logs and further protection by integrating with various data loss prevention providers. Unfortunately, Slack has been hacked in the past and this means that while the program is useful, it shouldn’t be used to share highly sensitive information, usernames or passwords.

What to Do for Safe Storage and Sharing of Data?

If you have team members that work with sensitive information you should consider using a cloud based backup service that encrypts data and password protects the information. With these services, you can set up user accounts and allowances, limit access and ensure that sensitive documents aren’t stored on-site or on personal devices, but rather in the cloud.

While working from home has become the new norm, it is important to make use of convenient, reliable and secure remote applications and software. Do your research and choose wisely – for the sake of your data security.
 

 

Is your money app safe?

Using a money management app these days has almost become the norm, but more and more people are becoming concerned about their privacy and the built-in security that these apps offer. As they should!

Saving time and money is the main reason why banking and money apps have become a popular choice not only for corporates but for the average man on the street too. The apps offer a quick and convenient way to manage our money.

The thing is that many of the money apps out there are non-bank apps and because of this, consumers are rightfully concerned about their data privacy.

Is there really a risk?

For the app to do its job, it will need your banking credentials. This means your account details, login details and all those titbits of information we would not usually share with anyone else.

The biggest concern is that because the money app is not directly linked or supported by the bank, will there be any sort of cover or payout if the app is hacked and you lose all your money? App security can get a little hazy here. And how many of us can say that we really read all the small print before we clicked “download and install”.

Why people still take the risk

Money management apps are cropping up across the board. And they aren’t just aimed at helping you bank your money. Some help you send money, apply for a loan, invest capital and more.

While people are worried about what is being done or can be done with their banking data, they are still prepared to take the risk by using the apps. Why? Mainly because these apps help them to save money and time, but also because the banks aren’t offering anything as convenient or cost-saving. And therein lies the real problem. Consumers want a good deal, and these apps are seen as a way to ensure that.

The changes and improvements money app users wish to see

Traders are keen to see money app security greatly improve. They want to continue using the apps, but they want the process to be more transparent. Consumers believe they should have more say about which data these apps have access to. With the seemingly endless data breaches, there has been a general trend towards money app users wanting more control over the information they give out.

Luckily, the banking industry has heard the voice and needs of the people. In fact, a number of banks have hopped on board and have offered to work with money app developers to help users make use of a money app without having to provide their private banking credentials. This isn’t going to be a quick fix or something that happens overnight, but it’s hoped that this improvement/change will be seen within the next year or so.

Not keen to wait a year? Want to keep using your money app?

It’s natural to want to hang onto something that’s making your life easier and potentially saving you money. Assuming you take the necessary precautions there’s no real reason why you should. Here are a few tips:

  • Understand the money app before making use of it. Yes, read the small print. It’s essential. After all, it’s your hard earned money you need to protect.
  • If you aren’t using a specific app and your banking credentials are saved to it, lose it. Get rid of apps that you aren’t actively using.
  • Regularly change your banking passwords and app passwords. This ensures that any old apps that you no longer use will no longer have access to your banking data.

Do you use a money management app? Let us know about it! We’d love a few recommendations.

 A Family Sharing App Might not be so Much Fun When it’s Hacked!

When it comes to apps, both Android and Apple devices have a plethora of options to choose from. For a long time, Apple has been considered a superior service provider, but recently an Apple family sharing app feature has led to some trouble.

Actually, it’s led to a lot of trouble as scammers in China have been hijacking Apple IDs to make purchases by using Apple device’s “Family Sharing” feature. App hacking has become a problem that the online community should be paying particular attention to.

The Family Sharing App Feature – What you Need to Know

To help families share apps and music, Apple introduced a “Family Sharing” feature in 2014, which has worked quite well – until now that is. Now, opportunistic criminals have found a way to lock people out of their own Apple accounts. They then use their IDs to make in-app purchases and also to buy iTunes gift cards making use of this “Family Sharing” feature. By the time the activity is noticed, it’s too late. The money has been spent.

While Apple is the focus of attention now, it must be noted that the problem of hacked apps is not significant only to this particular brand!

Are you at Risk & What can you do?

The first thing that you need to do is check whether your Family Sharing feature is turned on or not. If it is on and you aren’t using it, check the settings when you try to turn it off. Is the feature linked to any other person? If it is, and you didn’t set it up that way, a call to Apple customer care is a must. You will need to have that contact removed!

The next step is to ensure that you have Two-Factor authentication set up. This means that no changes can be made on your account without 2 security steps being successfully passed.

A third step that you can take if you are actually using the Family Sharing app and don’t want to turn it off, is to ensure that you set up the security features correctly. Make sure that the app will send a confirmation message that must be accepted by you, on your device, if any purchase is attempted.

Apple ID Hacking is Common and Can be Avoided

Many people have reported falling victim to this particular scam but have no idea how it happened as there seems to be no suspicious activity on their account.

A simple explanation for this is that when someone is added to the Family Sharing feature, your device will receive a message requesting confirmation. This appears as a pop-up screen message and is often accidentally confirmed/accepted as it’s misunderstood or creates confusion. It is important to deny any messages requesting confirmation if you don’t understand them or they take you by surprise.

Also, make sure that your password is secure and regularly changed and that family members are notified. This will ensure that hackers cannot guess your password and if they do gain access to your password, they will lose access to your account when the password is changed.

Technology can be highly beneficial to our daily lives, but it must be used responsibly, especially if data security or the security of your personal information is important to you. If you are an Apple user, turn on two-factor authentication now and make sure that your account hasn’t been used to make suspicious purchases.