Connect with us

Cyber Security

Voice recordings from domestic violence alerting app exposed on the internet

Avatar

Published

on


One the face of it, it sounded like a good idea.

A smartphone app, disguised as a regular app delivering the top world, sports, and entertainment news, containing a secret feature that allows victims of domestic abuse to send a covert distress call for help at the touch of a button.

That was the idea behind the free Aspire News App, launched some years ago by When Georgia Smiled, a US non-profit founded by Robin McGraw and her husband US TV star “Dr Phil” to help victims of domestic violence and sexual assault.

To be honest, that still sounds like a good idea to me – if the app is coded well, and if any data it collects is properly secured.

But what isn’t a good idea is for voice recordings made by the app to be left exposed on an unsecured Amazon Web Services (AWS) S3 bucket, allowing anyone with internet access to download them and listen if they so wish.

According to security researchers at VPN Mentor, who found the exposed data, over 4,000 voice recordings of emergency messages left by victims of domestic violence were available to access – no password required.

Some of the 230MB worth of recordings included personally identifiable information such as names, home addresses, as well as the identities of violent abusers.

Transcripts of just two of the recordings that were exposed reveal the seriousness of the situation:

“[Full Name] is threatening or hurting me. Please send help now. [Full address]”

and

“Please call the police right away and have them come to [Full Address]. I am in great danger. I need you to send the police right away, please…”

Potentially, if the information fell into the wrong hands it could not only expose people who did not want the data revealed at the risk of extortion, but it could also put victims in greater physical danger if their abuser found out.

The researchers attempted to reach out to When Georgia Smiled and the Dr. Phil Foundation to get the serious data breach fixed last Wednesday, but ultimately it took the involvement of AWS itself to get the unsecured web bucket shut down.

So, that’s a happy end to the story, right?

Well, perhaps not.

You see, a security failure like this could lead to victims of domestic abuse losing confidence in Aspire News App. If they do not feel safe any longer using the app, they may find it harder to escape abusive relationships safely.

That clearly wasn’t what Dr Phil and his wife Robin McGraw wanted – the Aspire News app was supposed to help people escape dangerous situations, not make it even harder to find a way out.

Source: https://hotforsecurity.bitdefender.com/blog/voice-recordings-from-domestic-violence-alerting-app-exposed-on-the-internet-23609.html#new_tab

Cyber Security

Huawei ban might see Phone Signal Blackouts across UK

Avatar

Published

on

If British Prime Minister Boris Johnson takes a U-Turn from allowing Chinese telecom firm Huawei in building a 5G network in UK, then almost all phone users living across Britain might witness a phone signal blackout for 2-5 days says Howard Watson, the Chief Technology and Information Officer for BT Group Plc.

It’s already a known fact that from the past two weeks there has been extreme pressure on Britain from Trump Administration to impose a ban on Huawei’s business in the region citing espionage, data steal, and national security concerns.

Therefore, the British Telecom Chief says that any tightening of restrictions on the Chinese vendor will lead to disruptions, higher prices for customers and delay in establishing 5G services in the region.

UK is not in a position to turn nations like US into adversaries by disobeying their sanctions on Huawei as they found the equipment to be unreliable and insecure.

Shutting down doors in next threats years is like inviting trouble as it might lead to disruptions in phone signals as the officials need to switch off the entire network for two days or more says Mr. Watson.

In January 2020, Britain proposed the usage cap to the use of Huawei equipment not over 35% by 2023.

And if, UK tightens the current guidelines, we need to spend hugely to build the infrastructure from zero which might invite constraints related to budget and spending.

Experts say that such decisions need at least 5 years time to be implemented without troubles as removing Huawei kits from the phone signaling pole masts within 2 years is like inviting a blackout of phone signals for 2 or more days- as the disruption time frame strictly depends on how deep the network has to be dug out to favor.

Source: https://www.cybersecurity-insiders.com/huawei-ban-might-see-phone-signal-blackouts-across-uk/

Continue Reading

Cyber Security

Data Breach on Clubillion Gambling app puts millions of users to risk

Avatar

Published

on

A popular gaming app titled Clubillion is in news for putting millions of users to risk due to a massive data leak. According to a research carried out by vpnMentor, the sensitive data related to Clubillion Gambling app built on the Elasticsearch Engine of AWS database was leaked because of a technical glitch throwing details like names, winning track,  IP addresses, private messages in account, phone numbers and email IDs open to be accessed by hackers.

So, the security researchers of vpnMentor say that the exposed data could put all the users of the gaming app vulnerable to banking frauds and various cyber attacks such as phishing.

Technically, Clubillion is a free to play casino game dedicated to Android and iOS users where the gamers can avail free 30+ slots for free to try their luck.

It’s now revealed in the research that all the gaming related data hosted on Amazon Web Services was left exposed from the past few weeks to hackers because of a technical glitch. All the log action like when an individual player entered the game, won it, lose updated the account, created account was available to be accessed by anyone on the cloud platform.

It is estimated, that the database exposed over 200 million records daily, meaning around 50GB data was available to be accessed by hackers with no authentication.

According to sources reporting to Cybersecurity Insiders, players of Clubillion are located across the globe like in countries such as USA, UK, France, Israel, Germany, Spain, Italy, Netherlands, Australia, India, Poland, Romania, Vietnam, Lebanon, Indonesia, Philippines, Thailand, Austria, Hungry, Latvia, Canada, Brazil, Sweden and Russia.

Clubillion Data Breach could spell deep trouble to the future of the gaming app as it can lead to loss of trust among players, force EU’s data watchdog to reprimand it for breaking GDPR rules and make Google Play and Apple Store remove it from their respective platforms as it has failed to protect its user data securely.

Source: https://www.cybersecurity-insiders.com/data-breach-on-clubillion-gambling-app-puts-millions-of-users-to-risk/

Continue Reading

Cyber Security

Honeywell Says USB-Borne Malware That Can Cause Major ICS Disruption Are Significantly Increasing

Avatar

Published

on

USB-Borne Malware

Honeywell reports it’s seen a large rise in USB-borne malware over the past year, which can threaten industrial control systems (ICS).

This week Honeywell Industrial Cybersecurity released its USB Threat Report for 2020. The report is based on data collected by the company’s Secure Media Exchange (SMX) USB security platform from oil and gas, energy, chemicals , food, shipping, construction, aerospace, pulp and paper, and manufacturing companies across 60 countries across the Americas, Europe , and Asia over a 12 month period.

An analysis of the data showed that at least one threat was blocked by SMX at 45% of industrial sites using the product, up from 44% in the previous report published by the company in 2018.

While only 11 percent of the malware found on USB drives was specifically designed to target industrial systems — this represents a slight drop from the 14 percent identified in 2018 — 59 percent of the detected threats could cause significant disruption to industrial systems, compared to only 26 percent in 2018. On the other hand, the 11 percent becomes 28 percent if consideration is also given to ransomware, which has increasingly targeted operational technology (OT) systems.

These pieces of malware can launch DoS attacks, cause the operations management networks to lose sight and harm or interrupt key properties, says Honeywell.

Compared to 2018 , the company has seen an increase in the percentage of trojans , worms, rootkits and viruses, and a drop in potentially unwanted applications (PUA), non-targeted bots, spyware , adware and hacking instruments. Other commercial security solutions did not detect five per cent of all threats, Honeywell claimed.

RATs, backdoors, and droppers were the most common threats observed by the company.

“This makes logical sense: a sound strategy for an attacker is to gain a foothold via USB in industrial environments where network access is difficult, and then establish remote access and download new malware,” the company said in its report. “In these otherwise elusive environments, while ransomware can be effective via USB, establishing a persistent backdoor with command and control, more coordinated attacks may be attempted.”

Source: https://cybersguards.com/honeywell-says-usb-borne-malware-cause-major-ics-disruption-increasing/

Continue Reading
Automotive3 hours ago

Union green lights third PSA vans shift at Luton

AR/VR4 hours ago

The Invisible Hours Brings Its VR Murder Mystery Drama To Quest ‘Soon’

Automotive4 hours ago

Bernhard Maier steps down as Skoda boss

Biotechnology4 hours ago

China Warns Spread of An ‘Unknown Pneumonia’ Deadlier Than COVID-19

Biotechnology5 hours ago

Life Sciences Fund Launches with €76M to Invest in Nordic Biotech

Automotive5 hours ago

Caasta launches new ‘subscribe and drive’ mobility solution

Automotive5 hours ago

Three Toyota GB dealers among Europe’s Ichiban Awards-winning elite

Blockchain5 hours ago

Bitcoin Dropped To $9,050 Following Stock Market Tumble: Friday Price Watch

Blockchain5 hours ago

Bitfinex to Face New York Courts Over Missing $850 Million in Cryptocurrency Funds

Automotive5 hours ago

Toyota, Mitsubishi may miss Philippine production incentive targets

Automotive5 hours ago

Ford hits Mexico engine supply problems

Automotive6 hours ago

BMW and Mini introduce online new car stock finder

Automotive6 hours ago

Peter Cooper Motor Group expands into Dorset with Think Cars acquisition

Automotive6 hours ago

The cars that are cheaper on finance revealed by WhatCar?

Biotechnology6 hours ago

Liquid metal synthesis for better piezoelectrics: Atomically-thin tin-monosulfide

Automotive6 hours ago

Freyr secures US$14m lithium-ion financing

Blockchain6 hours ago

Accomplice in Alleged $722M Bitcoin Ponzi Scheme Pleads Guilty to Charges

Cannabis6 hours ago

5 Questions With Flower By Edie Parker: ‘Cannabis For The Cool Kids’

Automotive6 hours ago

EDAG and Hexagon Purus team on hybrid storage

Blockchain6 hours ago

NY Court Rejects Bitfinex and Tether Appeal For Ongoing Dispute

Blockchain6 hours ago

5 Crypto and Blockchain Superstitions That Need Debunking

Blockchain6 hours ago

Brave Software and NYIAX Announce Partnership Utilizing Blockchain

Blockchain6 hours ago

Market Analysis Report (10 Jul 2020)

Blockchain7 hours ago

Fintech Firm Rapyd Launches Local Payment Solution in Mexico

Blockchain7 hours ago

ETH Price Rally From Yesterday Has Peter Brandt Predicting New Altseason

Blockchain7 hours ago

Interview: CEO Jay Hao on OKEx DeFi Plans and COMP Token Listing

Blockchain7 hours ago

BitClub Programmer Pleads Guilty for $722 Million Crypto Fraud

Blockchain7 hours ago

Ethereum and EOSIO Square Up Over Enterprise Blockchain Business in Latin America

AR/VR7 hours ago

Minecraft Gear VR Support To End In October, No More Multiplayer & Realms

Blockchain7 hours ago

Bitfinex Lists Dogecoin After TikTok Fad Sends DOGE Price Over $0.005

Blockchain7 hours ago

Tether Blacklists 39 ETH Addresses Worth Over $46 Million

venezuela-raises-petrol-prices-mandates-support-for-petro-at-gas-stations-3.jpg
Cannabis7 hours ago

CCC: Marijuana tax structure not worth disrupting

Blockchain7 hours ago

Ethereum users still waiting for ETH 2.0. But for how long?

Blockchain7 hours ago

Technicals Suggest Ethereum Must Stay Above $230 For Hopes of a Fresh Rally

Blockchain7 hours ago

Iranian government plans to tighten the crypto mining regulations.

Blockchain7 hours ago

DigiByte Holds Complete Support; Faces Strong Resistance at $0.0250

Blockchain7 hours ago

$147 million Bitcoin scammer still missing, CFTC plans to proceed case without him

Gaming7 hours ago

Hearthstone 17.6 update nerfs Galakrond Rogue and Demon Hunter

Blockchain7 hours ago

Bitfinex, Tether to Face Trial for Allegedly Hiding Lost Funds

Blockchain7 hours ago

TISE Reports Record-Breaking First Half Despite Covid-19 Crisis

Trending