Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Mobile Security. Show all posts
User Safety
Data Surveillance Data tracking Mobile Security User Privacy User Safety

An Unusual Tracking Feature Identified on Millions of iPhone Users

 

Millions of iPhone users across the globe discovered an interesting new setting that was automatically switched on in their iPhones. The latest software version included a new setting called "Discoverable by Others''. It can be located under 'Journalling Suggestions' in iPhone's privacy and security settings. Journalling Suggestions was included in the new Journal app, which was launched with iOS 17.2 in December 2023. 

When enabled, the feature accesses past data stored on the user's iPhone. Music, images, workouts, who they've called or texted, and significant locations are all included in the data. It is used to suggest what times to write about in the Journal app.

The feature is enabled by default and stays so even after a user deletes the Journal app. According to Joanna Stern, a senior personal technology correspondent for The Wall Street Journal, Apple has confirmed that customers' phones can use Bluetooth to locate nearby devices associated with their contact list. However, the phone does not save any information about the detected contacts. This feature offers context to enhance Journalling suggestions.

The firm has also denied disclosing users' identities and locations to anyone. To clarify their point, Apple provided an example of holding a dinner party at your home with pals listed in your contacts. According to the tech behemoth, the system may prioritise the event in Journalling Suggestions. This is because it recognises that the number of guests made it more than just another night at home with your family.

As per Apple's support page, if you disable the 'Discoverable by Others' option to avoid yourself from being counted among your contacts, the 'Prefer Suggestions with Others' feature will also be turned off. This implies that the Journalling Suggestions feature will be unable to determine the number of devices and contacts in your vicinity.
Read more »
Social Media
Cyber Criminal Cyberattacks CyberCrime Cybersecurity Cyberthreats Instagram Mobile Security Passwords Social Media

Heightened Hacking Activity Prompts Social Media Security Warning

 


Having social media software for managing users' privacy settings, and security settings, and keeping track of recent news and marketing opportunities can provide a great way to keep in touch with family, and friends, and stay updated on recent news. However, it is important to abide by these settings to keep information safe. 

When social media is used improperly, it can introduce several risks to a person's personal information, as online criminals are devising new and in-depth methods for exploiting vulnerabilities more frequently than ever before. There are many things users need to know about keeping their Facebook, X and Instagram accounts secure - from finding out how accounts are hacked, to recovering accounts. 

When fraudsters gain access to the details of the users' accounts, they can take advantage of their contacts, sell their information on the dark web, and steal the identity of the users. According to reports by Action Fraud, some victims of email and social media hacking have been forced into extortion by criminals who have stolen their private photos and videos and used them to extort them. 9 out of 10 of the people who participated in the survey (89%) stated that they knew or were aware of people whose profiles had been compromised, and 28% said they knew at least five to ten people who had been hacked. 

The survey found that 15 per cent of the respondents knew someone who was hacked on social media more than ten times. With 76% of respondents indicating they have increased concerns within the last year compared to the previous year, it appears that the fears are growing. What scammers do to hack accounts Online users' accounts can be accessed in a variety of ways by fraudsters to gain access to their money. 

The hacked account user may be wondering how they managed to gain access to one of their accounts if they discover that one of theirs has been hacked. There are times when hackers gain access to a system which carries highly confidential data about a person and causes the system to be breached. This information is then used by fraudsters to gain access to accounts that have been compromised. 

Phishing attacks are designed to entice users into divulging their details by impersonating legitimate companies and containing links that lead them to malicious websites that can harvest their data. As a result, users may end up downloading malicious code to the devices they use to steal their information once they enter the information on the website. 

A chain hack which takes place on a social media platform involves a fraudster posting links to dubious websites in the comment section of a post. After the victim clicks on the link, the fraudster will then ask them to enter their social media account details. This will allow the fraudster access to the victim's account information. It has been reported that fraudsters are known to send messages to victims impersonating one of their contacts in an attempt to get them to share their two-factor authentication code with them. 

Hackers who use credentials they have previously been successful in obtaining access to other accounts belonging to a particular person are known as credential stuffers. When a scammer watches a user log into an account while an account is being used, they are shoulder surfing the user. It is possible to download a malicious app to the users' phones, which will, in turn, install malware onto their devices, enabling the fraudster to steal the username and password for their account and use it to steal users' money. 

When users' accounts have been hacked, take precautions to avoid recovery scammers contacting them on social media and saying they can retrieve their accounts for them if only they would follow their instructions. This is just another scam that they cannot fall victim to, and they would not be able to do this. 

Find out who to contact to get help with a hacked account by going to the help page of the account provider. All devices must be logged out of the users' accounts as well as their passwords must be changed on all devices. Please examine to ascertain the presence of any newly instituted protocols or configurations within users' email accounts, which may have been established without their explicit authorization. 

These modifications could potentially dictate the redirection of emails about their accounts. It is incumbent upon users to promptly notify their contacts of a potential security breach and advise them to exercise caution, as any received messages may not be legitimately sent by them.
Read more »
User Privacy
Credential Phishing iPhone Users Mobile Security Phishing Campaign User Privacy

Novel Darcula Phishing Campaign is Targeting iPhone Users

 

Darcula is a new phishing-as-a-service (PhaaS) that targets Android and iPhone consumers in more than 100 countries by using 20,000 domains to impersonate brands and collect login credentials.

With more than 200 templates available to fraudsters, Darcula has been used against a wide range of services and organisations, including the postal, financial, government, tax, and utility sectors as well as telcos and airlines.

One feature that distinguishes the service is that it contacts the targets over the Rich Communication Services (RCS) protocol for Google Messages and iMessage rather than SMS for sending phishing messages.

Darcula's phishing service

Darcula was first discovered by security researcher Oshri Kalfon last summer, but according to Netcraft researchers, the platform is becoming increasingly popular in the cybercrime sphere, having lately been employed across numerous high-profile incidents. 

Darcula, unlike previous phishing approaches, uses modern technologies such as JavaScript, React, Docker, and Harbour, allowing for continual updates and new feature additions without requiring users to reinstall the phishing kit. 

The phishing kit includes 200 phishing templates that spoof businesses and organisations from over 100 countries. The landing pages are high-quality, with proper local language, logos, and information. 

The fraudsters choose a brand to spoof and then run a setup script that installs the phishing site and management dashboard right into a Docker environment. The Docker image is hosted via the open-source container registry Harbour, and the phishing sites are built with React.

According to the researchers, the Darcula service commonly uses ".top" and ".com" top-level domains to host purpose-registered domains for phishing attacks, with Cloudflare supporting nearly a third of those. Netcraft has mapped 20,000 Darcula domains to 11,000 IP addresses, with 120 new domains added everyday. 

Abandoning SMS 

Darcula breaks away from standard SMS-based methods, instead using RCS (Android) and iMessage (iOS) to send victims texts with links to the phishing URL. The benefit is that victims are more likely to perceive the communication as trusting the additional safeguards that aren’t available in SMS. Furthermore, because RCS and iMessage use end-to-end encryption, it is impossible to intercept and block phishing messages based on their content.

According to Netcraft, recent global legislative initiatives to combat SMS-based crimes by restricting suspicious communications are likely encouraging PhaaS providers to use other protocols such as RCS and iMessage

Any incoming communication asking the recipient to click on a URL should be viewed with caution, especially if the sender is unknown. Phishing threat actors will never stop trying with novel delivery techniques, regardless of the platform or app.

Researchers at Netcraft also advise keeping an eye out for misspellings, grammatical errors, unduly tempting offers, and calls to action.
Read more »
Mobile Security
Android Cyber Hacking Cyber Security MaaS Malware Attack Mobile Cyber Attacks Mobile Security

Unveiling the MaaS Campaign: Safeguarding Android Users in India

 

In the vast landscape of cybersecurity threats, a new campaign has emerged, targeting Android users in India. Dubbed as the "MaaS Campaign," this nefarious operation has caught the attention of security experts worldwide due to its sophisticated nature and potential for widespread damage. Let's delve into the intricacies of this campaign, understanding its modus operandi and the measures users can take to protect themselves. 

The MaaS Campaign, short for Malware-as-a-Service, represents a significant evolution in cybercrime tactics. Unlike traditional cyberattacks that require substantial technical expertise, the MaaS Campaign allows even novice hackers to deploy sophisticated malware with minimal effort. This democratization of cybercrime poses a severe threat to users, particularly in regions like India, where Android devices dominate the market. 

At the heart of the MaaS Campaign lies the exploitation of Android's vulnerabilities. Android, being an open-source platform, offers a fertile ground for cybercriminals to exploit security loopholes. Through various means, including malicious apps, phishing emails, and compromised websites, hackers lure unsuspecting users into downloading malware onto their devices. Once the malware infiltrates a device, it operates stealthily, often evading detection by traditional antivirus software. One of the primary objectives of the MaaS Campaign is to steal sensitive information, including personal data, financial credentials, and login credentials for various online accounts. 

This information is then used for a range of malicious activities, including identity theft, financial fraud, and espionage. What makes the MaaS Campaign particularly concerning is its targeted approach towards Android users in India. With India's burgeoning smartphone market and increasing reliance on digital services, the country has become a lucrative target for cybercriminals. 

Moreover, the diversity of Android devices and the prevalence of outdated software versions exacerbate the security risks, leaving millions of users vulnerable to exploitation. To mitigate the risks associated with the MaaS Campaign and similar cyber threats, users must adopt a proactive approach to cybersecurity. Firstly, maintaining vigilance while downloading apps or clicking on links is crucial. Users should only download apps from trusted sources such as the Google Play Store and avoid clicking on suspicious links or email attachments. 

Additionally, keeping software and operating systems up-to-date is paramount. Developers frequently release security patches to address known vulnerabilities, and failing to update exposes devices to exploitation. Users should enable automatic updates wherever possible and regularly check for updates manually. 

Furthermore, investing in robust cybersecurity solutions can provide an added layer of defense against malware and other cyber threats. Antivirus software, firewalls, and anti-malware tools can help detect and neutralize malicious activity, safeguarding users' devices and data. Education also plays a pivotal role in combating cyber threats. Users should familiarize themselves with common phishing tactics, malware warning signs, and best practices for online security. By staying informed and vigilant, users can avoid falling victim to cyberattacks and protect their digital identities. 

In conclusion, the MaaS Campaign represents a significant threat to Android users in India and underscores the importance of robust cybersecurity measures. By understanding the tactics employed by cybercriminals and adopting proactive security practices, users can minimize the risk of falling victim to such campaigns. Ultimately, safeguarding against cyber threats requires a collective effort involving users, cybersecurity professionals, and technology companies to create a safer digital environment for all.
Read more »
WhatsApp updates
Authentication Mobile Security user data security WhatsApp WhatsApp security features WhatsApp updates

WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature

 

In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further emphasizing its commitment to safeguarding user conversations. 

Additionally, WhatsApp has released utilities such as chat lock and app lock to enhance chat security and privacy. One notable feature is chat lock, which allows users to hide private conversations from the main chat lists. By enabling chat lock on a per-conversation basis, users can ensure that sensitive chats remain secure. When activated, users are prompted for biometric authentication, either through face or fingerprint recognition, before accessing locked chats. For users who require comprehensive protection for all their chats, WhatsApp offers app lock functionality. 

This feature, available at a device level on certain Android skins by major OEMs, allows users to secure the entire app with biometric authentication or device passcodes. Recently, in the latest WhatsApp beta version 2.24.6.20, the app's app lock feature underwent significant enhancements. According to findings by WABetaInfo, app lock is expanding to include additional authentication methods beyond just biometric fingerprint recognition. 

The update will introduce options such as face unlock and device passcodes, providing users with more flexibility in securing their chats. The inclusion of multiple authentication methods serves as a backup for fingerprint authentication, ensuring accessibility even in scenarios where fingerprint recognition may not be feasible. 

For example, users wearing gloves can still unlock the app using alternative methods. Moreover, the expansion of authentication options enhances accessibility for users who may face limitations with certain authentication methods. While the introduction of new authentication methods represents a significant improvement to WhatsApp's app lock feature, users are advised to exercise caution when installing the latest beta version. The current beta release may be prone to crashes, potentially compromising the app's core functionality. 

Therefore, it is recommended to await a wider release before attempting to access the new features. In conclusion, WhatsApp's dedication to user privacy and security is evident through its continuous efforts to enhance encryption and introduce innovative security features. The expansion of authentication methods for the app lock feature underscores WhatsApp's commitment to providing users with robust security options while maintaining accessibility and ease of use.
Read more »
TRAI
Fraud Calls Mobile Security SIM SIM swap Spam Call telecommunications TRAI

TRAI Updates Regulations to Prevent SIM Swap Fraud in Telecom Porting

 

The Telecom Regulatory Authority of India (TRAI) recently announced updated regulations aimed at combating SIM swap fraud in the telecom sector. According to the new regulations, telecom subscribers will be prohibited from porting out of their current network provider if they have recently "swapped" their SIM card due to loss or damage within the past seven days. 

This amendment is intended to prevent fraudulent activities by disallowing the issuance of a "unique porting code" (UPC), which is the initial step in changing providers using mobile number portability. 

The TRAI highlighted that this measure is part of its broader efforts to address concerns related to fraudulent and spam calls, which have been on the rise in recent years. In addition to SIM swap fraud, spam calls and messages have become a significant nuisance for telecom subscribers, leading to increased efforts by regulatory authorities to combat such activities. 

Previous anti-spam measures undertaken by TRAI include the establishment of a do-not-disturb registry, the release of an app for filing complaints against telemarketers, and the enforcement of regulations on transactional SMS messages by businesses. 

However, despite these efforts, fraudulent activities continue to pose challenges for both regulators and consumers. In addition to the prohibition on porting after SIM card swapping, TRAI has recommended to the Department of Telecommunications (DoT) the implementation of a feature that would display the legally registered name of every caller on recipients' handsets. This proposal aims to enhance transparency and enable recipients to identify the origin of incoming calls more accurately. 

However, the proposal has faced criticism on privacy grounds, with concerns raised about the potential misuse of caller identification information. To further address concerns related to fraudulent communication, the DoT has introduced its own portal called Chakshu for reporting suspected fraud communication. This platform allows users to report instances of suspected fraud, helping regulatory authorities to track and investigate fraudulent activities more effectively. 

Furthermore, the TRAI is considering a suggestion from the DoT regarding the verification of subscriber identity during the porting process. Currently, porting requires only the possession of an unblocked SIM, with know-your-customer (KYC) processes conducted anew. This policy has implications for minors and other dependents whose SIMs may not be registered in their names. 

The suggestion to double-check KYC during porting will be examined separately by TRAI. Overall, TRAI's efforts to strengthen regulations in the telecom sector aim to enhance security and protect consumers from fraudulent activities such as SIM swap fraud. By implementing measures to prevent unauthorized porting and enhancing transparency in caller identification, TRAI seeks to safeguard the interests of telecom subscribers in India. However, as fraudsters continue to evolve their tactics, regulatory authorities will need to remain vigilant and adapt their strategies accordingly to stay ahead of emerging threats.
Read more »
Trojan
Cybersecurity Precautions data security iPhone Malware Mobile Security Trojan

Securing Your iPhone from GoldPickaxe Trojan

 

In recent times, the digital realm has become a battleground where cybercriminals constantly devise new tactics to breach security measures and exploit unsuspecting users. The emergence of the GoldPickaxe Trojan serves as a stark reminder of the ever-present threat to our personal data and privacy. As reported by 9to5Mac, this insidious malware has targeted iPhone users, raising concerns about the safety and security of our devices. 

The GoldPickaxe Trojan is a sophisticated form of malware designed to infiltrate iPhones, compromising sensitive information and potentially causing significant harm to users. This malicious software operates covertly, often masquerading as legitimate applications or using social engineering tactics to trick users into installing it. Once installed on a device, the GoldPickaxe Trojan can execute a range of malicious activities, including stealing personal data such as login credentials, financial information, and sensitive communications. 

Moreover, it may grant unauthorized access to the device, allowing cybercriminals to control its functionalities remotely. Given the severity of the threat posed by the GoldPickaxe Trojan, it is imperative for iPhone users to take proactive measures to safeguard their devices and personal data. Here are some essential steps to enhance your device's security and protect against this insidious malware. 

Ensure that your iPhone's operating system, as well as all installed applications, is up to date. Manufacturers regularly release security patches and updates to address vulnerabilities and strengthen defences against emerging threats like the GoldPickaxe Trojan. Exercise caution when downloading and installing applications from the App Store or third-party sources. Verify the authenticity of the developer and scrutinize app permissions before granting access to your device's resources. Avoid installing apps from unknown or untrusted sources, as they may contain malicious payloads. 
 
Activate two-factor authentication (2FA) wherever possible to add an extra layer of security to your accounts. By requiring a secondary verification method, such as a one-time code sent to your phone, 2FA can thwart unauthorized access attempts even if your login credentials are compromised by the GoldPickaxe Trojan. Use strong, unique passwords for all your online accounts, including your iPhone's lock screen and iCloud account. Avoid using easily guessable passwords or reusing the same password across multiple platforms, as this can significantly increase the risk of unauthorized access and data breaches. 

Consider installing reputable antivirus and security software on your iPhone to detect and remove malicious threats like the GoldPickaxe Trojan. These applications can provide real-time protection against malware, phishing attacks, and other cyber threats, helping to safeguard your device and personal information. Remain vigilant against suspicious activities and phishing attempts, such as unsolicited emails or messages requesting sensitive information. Stay informed about the latest cybersecurity threats and trends, and educate yourself on best practices for online safety and privacy. 

The GoldPickaxe Trojan represents a significant threat to iPhone users, highlighting the importance of robust security measures and proactive defence strategies. By following the guidelines above and adopting a security-conscious mindset, you can mitigate the risk of falling victim to this malicious malware and protect your device, data, and privacy from harm. Remember, safeguarding your iPhone is not just a matter of convenience; it's a crucial step in safeguarding your digital identity and maintaining control over your online presence in an increasingly interconnected world.
Read more »
WiFi
Consumer Geofencing Mobile Security Technology WiFi

Geofencing: A Tech Set to Transform the Consumer Landscape?

Geofencing

One technological advancement that is subtly changing the marketing and customer engagement scene is Geofencing. It effortlessly connects your device to companies and services by drawing virtual borders around real-world locations. As soon as you cross these lines, you get relevant messages that are tailored to your area, including discounts, event reminders, or special offers.

Even if this technology helps some industries more than others, it poses serious privacy issues because it tracks your whereabouts and may generate issues with consent and data protection.

Let's examine the workings of this technology, consider how important your mobile device is to this procedure, and consider the privacy issues in more detail.

Geofencing: What is it?

Digital technology known as "geofencing" creates imaginary borders around a predetermined region. It's similar to encircling a location, such as a park, coffee shop, or neighborhood, with an invisible fence on a map.

As people enter or leave these designated regions, this equipment keeps an eye on gadgets like cell phones that depend on GPS, WiFi, or cellular data. Additionally, it monitors the movement of radio-frequency identification (RFID) tags—compact devices that wirelessly transmit data, similar to contactless vehicle keys—across these virtual boundaries.

How does Geofencing work?

1. Specifying the Geofence: To establish a geofence around their store, a retailer first chooses a location and then enters geographic coordinates into software to create an invisible boundary.

This could cover the immediate vicinity of the store or cover a broader neighborhood, establishing the context for the activation of particular digital activities.

2. Granting Access to Location Data: For geofencing to function, users must allow location access on their cell phones. With this authorization, the device can use:

  • GPS for accurate location monitoring
  • WiFi uses neighboring networks to estimate closeness
  • Cellular data uses cell towers to triangulate the device's location

These permissions guarantee that the device's position can be precisely detected by the system. (We'll talk about the privacy issues this has raised later.)

3. Getting in or out of the fence: The geofencing system tracks a customer's smartphone location in the geofenced geographical area as they get closer to the store. When a consumer enters this region, the system is triggered to identify their entry based on the GPS data that their smartphone continuously provides.

4. Setting Off an Event: A predetermined action, such as delivering a push notification to the customer's smartphone, is triggered by this entry into the geofence.

The action in this retail scenario could be a notification with a marketing message or a unique discount offer meant to entice the customer by offering something of value when they are close to the business.

5. Carrying Out the Response: The customer knows a promotion or discount has been sent straight to their smartphone with a notice that appears on their device.

The customer's experience can be greatly improved by this prompt and location-specific interaction, which may result in more people visiting the store and a greater rate of sales conversion.

Industries where Geofencing is used

  1. Child Safety and Elderly Care
  2. Workforce Management
  3. Smart Home Automation
  4. Transport and Logistics

Future and Geofencing

Geofencing technology is anticipated to undergo a substantial transformation in 2024 and beyond, mostly because of the progress made in IoT (Internet of Things) technology. IoT encompasses physical objects, automobiles, household appliances, and other products that are integrated with sensors, software, electronics, and communication.

Read more »
Vishing
Cyber Fraud Cybersecurity Federal Trade Commission Mobile Security Scammers Vishing

Watch Out for Phone Scams

 


At the extent of people's gullibility, there is an increasing cybersecurity threat known as "vishing" which has become a cause for concern, impacting unsuspecting individuals and even businesses. Vishing, short for voice phishing, involves scammers attempting to trick people into revealing sensitive information over the phone. These calls often impersonate authorities like the IRS or banks, creating urgency to manipulate victims. In 2022 alone, victims reported median losses of $1,400, per the Federal Trade Commission (FTC).

What Is Vishing?

Vishing operates on social engineering tactics, relying on psychological manipulation rather than malware. The scammers may pose as government officials or company representatives to extract financial details, Social Security numbers, or other sensitive data. Notably, technological advancements, such as caller ID spoofing and AI-driven voice mimicking, contribute to the rising prevalence of vishing attacks.

Detecting a Vishing Attempt

Identifying vishing calls involves recognizing key signs. Automated pre-recorded messages claiming urgent matters or unsolicited requests for sensitive information are red flags. Scammers may pose as government officials, exploiting the authoritative tone to create a sense of urgency. The use of aggressive tactics during the call is another indicator.

What To Do? 

To safeguard against vishing scams, individuals can adopt practical strategies. Screening calls carefully and letting unknown numbers go to voicemail helps avoid falling prey to scammers who may attempt to spoof caller IDs. Remaining suspicious of unsolicited calls and refraining from sharing personal data over the phone, especially Social Security numbers or passwords, is crucial. Joining the National Do Not Call Registry can also reduce exposure to illegitimate calls.

Preventive Measures

Taking preventive measures can further fortify against vishing attacks. Signing up for the National Do Not Call Registry informs marketers about your preference to avoid unsolicited calls. Additionally, services like AT&T's TruContact Branded Call Display provide an extra layer of security, displaying the name and logo of the business calling AT&T customers.

In case one suspects falling victim to a vishing scheme, prompt action is essential. Contacting financial institutions, placing a security freeze on credit reports, and changing passwords, especially for sensitive accounts, are immediate steps. Reporting any attempted scams to the FTC and FBI adds an extra layer of protection.

As vishing scammers continually refine their tactics, individuals must stay vigilant. Being sceptical of unsolicited calls and refraining from sharing personal information over the phone is paramount in protecting against these evolving threats.

To look at the bigger picture, vishing poses a significant risk in the digital age, and awareness is key to prevention. Individuals can strengthen themselves against these deceptive attacks by staying informed and adopting precautionary measures. Remember, scepticism is a powerful tool in the fight against vishing scams, and every individual can play a role in ensuring their cybersecurity. Stay informed, stay cautious.


Read more »
Social Media App
Data Safety iOS Mobile Security Passkey Social Media App

X Launches Secure Login with Passkey for iOS Users in US

 

X (formerly known as Twitter) is set to allow users to login in with a passkey rather than a password, but only on iOS devices.

X earlier announced its intention to roll out passwordless technology, and it has now made the option available to iPhone customers. It enables a faster login process by allowing users to authenticate with whatever they use to lock their device, such as their fingerprint, FaceID, or PIN. 

They are also regarded to be safer, because the device generates the underlying cryptographic key, which is unknown to anyone, even the user. This means they are impervious to phishing, which means cybercriminals cannot use fake emails and social engineering strategies to lure them out of targets.

Only for iPhones

The FIDO Alliance designed passkeys and set technological guidelines for them. They employ the WebAuthn standard, which is a vital component of the FIDO2 requirements. The alliance's board of directors includes the majority of top technology firms, including Apple, Google, and Microsoft. 

To set up passkeys on X, open the X app on iPhone and go to "Settings and privacy" under "Your account". Then navigate to "Security and account access" and then "Security". Choose "Passkey" under "Additional password protection" and comply with the on-screen directions. You can remove a passkey from the same menu at any moment. 

Although X does not make passkeys necessary, it highly encourages users to start using them. Currently, users must have a password-protected account with X before they can set up a passkey, however the company advises customers should "stay tuned" on this.

As iOS devices are the only ones capable of logging into X using a passkey (for the time being), users' passkeys will be synced across their Apple devices via Apple's Keychain password manager, allowing multiple iOS devices to login to X with an identical passkey.
Read more »
Technology
internet access Mobile Security Online Safety Sensitive data Technology

Why Limiting Online Access Risks More Than Teen Safety



In the age of increasing online presence, especially amplified by the COVID-19 pandemic, the safety of young people on the internet has become a prominent concern. With a surge in screen time among youth, online spaces serve as crucial lifelines for community, education, and accessing information that may not be readily available elsewhere.

However, the lack of federal privacy protections exposes individuals, including children, to potential misuse of sensitive data. The widespread use of this data for targeted advertisements has raised concerns among young people and adults alike.

In response, teens are voicing their need for tools to navigate the web safely. They seek more control over their online experiences, including ephemeral content, algorithmic feed management, and the ability to delete collected data. Many emphasise the importance of reporting, blocking, and user filtering tools to minimise unwanted encounters while staying connected. 

Despite these calls, legislative discussions often seem disconnected from the concerns raised by teens. Some proposed bills aimed at protecting children online unintentionally risk limiting teens' access to constitutionally protected expression. Others, under the guise of child protection, may lead to censorship of essential discussions about race, gender, and other critical topics.

Recent legislative efforts at the federal and state levels raise concerns about potential misuse. Some proposals subject teens to constant parental supervision, age-gate them from essential information or even remove access to such information entirely. While the intention is often to enhance safety, these measures could infringe on young people's independence and hinder their development.

In an attempt to address harmful online outcomes, some bills, like the Kids Online Safety Act, could fuel censorship efforts. Fear of legal repercussions may prompt technology companies to restrict access to lawful content, impacting subjects such as LGBTQ+ history or reproductive care.

In some cases, laws directly invoke children's safety to justify blatant censorship. Florida's Stop WOKE Act, for instance, restricts sharing information related to race and gender under the pretext of protecting children's mental health. Despite being blocked by a federal judge, the law has had a chilling effect, with educational institutions refraining from providing resources on Black history and LGBTQ+ history.

Experts argue that restricting access to information doesn't benefit children. Youth need a diverse array of information for literacy, empathy, exposure to different ideas, and overall health. As lawmakers ban books and underfund extracurricular programs, empowering teenagers to access information freely becomes crucial for their development.

To bring it all together, while teens and their allies advocate for more control over their digital lives, some legislative proposals risk stripping away that control. Instead of relying on government judgment, the focus should be on empowering teens and parents to make informed decisions. 


 

Read more »
User Security
Data Leak Data Privacy Mobile Security Unwiped Data User Security

Here's How Unwiped Data On Sold Devices Can Prove Costly

 

As time passes, it is disturbing to see how many people still have a casual attitude towards their personal data, despite the constant stream of cyber incidents and large data breaches in the headlines. Millions of accounts and sensitive personal information have been compromised, but the general public's attitude towards data security remains carelessly lax.

SD cards

Take SD cards, for example, as portable storage medium. These minuscule yet mighty gadgets are immensely useful, allowing us to carry vital data like images, messages, and recordings. But since it's so simple to store personal data on these cards, security breaches frequently occur. 

When these cards are sold or handed on to others, a prevalent issue arises. Many people do not properly erase their private information, which might remain accessible to the new owner. Regular file deletion does not ensure safety, because data recovery tools can frequently recover what was believed to be gone for good. Surprisingly, some people do not even care to erase their data before handing the cards on, exposing their sensitive information. 

SD cards are frequently mistakenly included in the sale of mobile phones and tablets. This omission, along with a general lack of concern, poses a serious risk. Furthermore, company data is occasionally left on these devices, unnoticed by security agencies and personnel.

A study undertaken by the University of Hertfordshire a few years ago brought this issue to the forefront. Researchers bought roughly 100 discarded memory cards from eBay and used phone stores, then attempted to extract data from them. These cards have been utilised in a variety of devices, including phones, tablets, cameras, and drones. Selfies, document images, contact information, browsing history, and much more sensitive items were discovered in the retrieved data. This data is easily exploitable by criminals, revealing a significant disparity between public recognition of the importance of data security and actual user behaviour. 

Hard drives

The Techradar group carried out a study on old hard drives in 2008. They analysed the contents of the drives they bought from internet stores like eBay. The results were alarming: a significant quantity of private information, including records and images, could still be retrieved. 

Smartphones

Similarly, Avast's investigation of used smartphones in 2014 identified an identical issue. Despite the fact that many users thought they had wiped their phones clean, over 40,000 images, including sensitive ones, and financial data were discovered on these devices. 

The aforementioned studies point to a significant knowledge gap regarding digital data security that most people have. Using smartphones' "Restore and reset to factory settings" feature alone does not ensure that personal data is completely erased and permanently lost. Experts in data recovery and hackers can frequently retrieve data that regular commercial tools are unable to. In simple cases, even well-known software tools can retrieve files; however, if a hacker is committed and has the necessary resources, they can go much further.
Read more »
VPN Apps
Android App Data Safety Mobile Security Security Badge User Privacy VPN Apps

Google to Label Android VPNs Clearing a Security Audit

 

Google hopes that better badging alerting to independent audits will help Android users in finding more trustworthy VPN apps.

The ad giant and cloud provider has given independently audited apps in its Play store a more visible display of their security credentials, particularly a banner atop their Google Play page. 

According to Nataliya Stanetsky of Google's Android Security and Privacy Team, in an announcement, VPN apps are the first to receive this special treatment since they manage a sizable quantity of classified data. Therefore, miscreants frequently target them for subversion.

"When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the 'Independent security review' badge in the Data Safety Section," explained Stanetsky.

Google and the App Defence Alliance (ADA) expanded their partnership last year to incorporate the Mobile App Security Assessment (MASA), which verifies the Android apps comply with OWASP-defined security standards. The ADA was founded in 2019. 

The audit isn't very comprehensive. As the ADA's website states, "MASA is intended to provide more transparency into the app's security architecture, however the limited nature of testing does not guarantee complete safety of the application."

Additionally, MASA does not always verify the safety claims made by app developers, according to the ADA. The alliance's MASA endorsement is significant, even though it is understandable that it doesn't want to be held accountable if it overlooks something and an information-stealing app gets through. 

Among its many checks, MASA looks for apparent bad practices, such as whether sensitive data is written to application log files and whether the application reuses cryptographic keys for multiple purposes. Even though it's not safe to say that apps are guaranteed to be secure, it's safe to say that you're better off with those that avoid such mistakes. 

If MASA fails, there are backup security measures available in the Android ecosystem. As Google proudly declares, when your gibberish translator is offline, it attempts to defend against PHAs and MUwS, or potentially malicious applications and unwanted software. It accomplishes this by collecting information about malicious apps, using machine learning and other techniques, performing static and dynamic risk analyses, and more.
Read more »
SEO
Analytics Cybersecurity Google Google URLs Mobile Security SEO

Google Completes Mobile-First Indexing After 7 Years


Google has finally announced that it has completed its mobile-first indexing initiative, which means that it will use the mobile version of websites for indexing and ranking purposes. This is a major change that affects how Google crawls, indexes, and ranks web pages, and it has implications for webmasters, SEOs, and users alike. In this blog post, we will explain what mobile-first indexing is, why it matters, and how you can optimize your website for it.

What is Mobile-First Indexing?

Mobile-first indexing is a process that Google uses to determine which version of a website to use for indexing and ranking. It means that Google will use the mobile version of a website as the primary source of information, and the desktop version as a fallback option. This differs from the previous approach, where Google used the desktop version as the primary source of information, and the mobile version as a secondary option.

Google started experimenting with mobile-first indexing in November 2016 and gradually rolled it out to more and more websites over the years. On October 31, 2023, Google announced that it had completed the switch to mobile-first indexing for all websites and that it would stop using its legacy desktop crawler and remove the indexing crawler information from Google Search Console.

Why Does Mobile-First Indexing Matter?

Mobile-first indexing matters because it reflects the growing importance of mobile devices and user experience. According to Google, more than half of the global web traffic comes from mobile devices, and users expect fast and easy access to information on any device. Therefore, Google wants to ensure that its search results are relevant and useful for mobile users and that its ranking algorithm is aligned with the mobile web.

Mobile-first indexing also matters because it affects how webmasters and SEOs optimize their websites for Google. If a website has different versions for desktop and mobile, or if the mobile version is not optimized for speed, usability, and content, it may suffer from lower rankings and traffic. Therefore, webmasters and SEOs need to make sure that their websites are mobile-friendly and consistent across devices.

How to Optimize Your Website for Mobile-First Indexing?

To optimize your website for mobile-first indexing, you need to follow some best practices that Google recommends. Here are some of them:

  • Use responsive web design, which adapts to the screen size and orientation of the device. This way, you can have one website that works well on both desktop and mobile and avoid having duplicate or conflicting content.
  • Ensure that your mobile version has the same content and functionality as your desktop version and that it is not missing any important information or features. For example, do not hide or remove text, images, videos, or links on mobile, and do not use different URLs or redirects for mobile and desktop.
  • Optimize your mobile version for speed, usability, and accessibility. For example, use compressed images, minified code, and lazy loading techniques to reduce the loading time, use clear and legible fonts, buttons, and menus to improve readability and navigation, and use descriptive and concise titles, headings, and meta tags to enhance the visibility and relevance.
  • Test and monitor your mobile version using Google's tools and resources. For example, use the Mobile-Friendly Test, PageSpeed Insights, and the Lighthouse tools to check the performance and quality of your mobile version, and use the Google Search Console and Google Analytics to track the indexing and traffic of your mobile version. 

What's next for Google?

Mobile-first indexing is a significant milestone for Google and the web industry, as it shows the shift from desktop to mobile as the primary platform for web browsing and searching. It also presents new challenges and opportunities for webmasters and SEOs, who need to adapt their websites to the mobile web and provide the best possible experience for their users. By following the best practices and using the tools that Google provides, you can optimize your website for mobile-first indexing and benefit from the mobile web.

Read more »
User Privacy
Android Spyware Application Security Data Safety Mobile Hacking Mobile Security User Privacy

Five Markers that Your Phone is Being Spied on or Has Been Compromised

 

A notification stating that "State-sponsored attackers may be targeting your iPhone" was received by a number of leaders of India's opposition parties, including the Indian National Congress, Trinamool Congress, and Shiv Sena, earlier this week. A commotion and discussion on social media ensued when they claimed that the government was spying on the opposition leaders. A statement on the subject has already been released by Apple. Smart apps that blend into your phone's background are what carry out the spying. 

In order to determine whether your phone has been hacked, you can look for the following indicators. 

 
Phone's battery is draining faster than usual 

The first and simplest way to determine whether your phone has been compromised is to examine the battery behaviour. If you've started charging your phone too frequently, or if the battery is draining faster than usual, it's possible that malware or fraudulent apps are using malicious code that drains a lot of power. It should be noted that you must first ensure that there are not a large number of apps running in the background, as this consumes battery. 

Suspicious activity on linked accounts 

Users have multiple accounts on their phones, including Facebook, Instagram, and others. If you see posts made by your account that you don't remember making, it might suggest a breach in your defence. If you are unable to send or receive emails from your phone, hackers may have hacked your device.

Odd pop-ups

Push notifications for fake virus alerts and other threatening messages could indicate that you have adware on your phone, which requires input from you in order to function. Never click on such kinds of messages or notifications. 

Check your phone's app list

Most people are aware of the apps they use. Look through the list of apps on your smartphone and remove any that you don't recognise as they might contain spyware. Apps should always be downloaded from the App Store or Google Play Store. Before downloading, make sure the developer information, spelling, and app description are correct. 

Increased use of mobile data 

Verify whether you are using more data on your mobile device than usual or if it has increased suddenly. It's possible that malicious software or apps are using up your mobile data in the background.
Read more »
User Privacy
Account Takeover Data Safety Mobile Security Social Media User Privacy

Security Experts Warn Social Media Users of Account Takeover

 

Anyone with a social media account has been warned that criminals are increasingly targeting common people and taking over their profiles. According to Action Fraud, the national fraud and cybercrime reporting service, there were 18,011 reports of social media and email hacking between August 2022 and July 2023.

In addition to stealing critical personal data from victims, fraudsters are also using the accounts for fraud - for example, there have been a dozen reports in the last two months regarding hacked social media accounts being used to promote fake Taylor Swift tickets. 

If the tickets appear to be sold by someone with a large number of friends on their profile and posts going back a long way, officials said, people are less likely to suspect it's a scam. Out of the 18,000 reports, 4,092 people reported they had been the victim of financial extortion or that fraud against the public had been committed using their accounts. 

There were two main categories of account takeovers in 49% of cases that Action Fraud received reports of: 

On-platform takeovers 

These take place entirely on the platform, via the messaging feature of the service. The suspect will dupe the victim into sharing or changing critical account information. This is primarily accomplished by the suspect already having access to one of the victims' friends' accounts. The fraudster will then message the victim, posing as a friend. 

The victim will think they are speaking with their friend and won't realise their friend's account has been hacked. After that, the criminal will ask the new victim to do something, like help "securing" their account, cast a vote in a competition, or possibly even extend a financial offer. 

Email hacking and phishing 

These types of account hacks frequently occur when victims unwittingly divulge their login information to fake websites after clicking on a link in an email they thought was legitimate. Once a fraudster has gained access to a victim's email account, they can use it to reset the password of any social media accounts linked to that email address. 

The scammer can easily access the email as a result of weak account security, such as a lack of 2-step verification, weak and re-used passwords, a leak of the victim's email on the dark web, or the actual expiration and purchase of the victim's custom web domain. 

"Social media applications are, without a doubt, the most widely used in the world, which presents a huge opportunity for criminals," stated Pauline Smith, Head of Action Fraud. Scammers have a large pool of potential victims to choose from because millions of people use social media and other apps on a daily basis. They frequently attempt to access people's online profiles in order to defraud others.

“Keep your accounts secure and set up 2-step verification. Under no circumstances should you ever share your 2-step verification codes with anyone, and if you think something doesn’t seem right, report the message and block the sender within the app itself. To make your accounts even more secure, and to provide an extra layer of protection, we would recommend that your email and social media passwords should be strong and different to all your other passwords,” Smith added.
Read more »
User Security
Data Privacy End To End Encryption Mobile Security SMS Attack User Security

Here's Why You Should Stop Using SMS Messaging

 

Cybersecurity is more critical than ever in today's digital world. However, one commonly employed but often missed area of weakness could be something you use every day. Since Nokia made the technology available to the public in 1993, Short Message Service, or SMS messaging, has been the major way people have texted. You might be surprised to hear that it's one of the riskiest methods of mobile communication given that it's typically included by default on most mobile devices. 

However, if you intend to stay safe and private, you should avoid using it. Here are five of the reasons why. 

Lacklustre end-to-end encryption

SMS is not encrypted from beginning to end. SMS messages, in reality, are frequently sent as plain text. This means that there are no safeguards in place and that anyone with the necessary knowledge can intercept an SMS. If your mobile provider employs encryption, it is most likely a poor and outdated method that is only used during transit. 

SMS relies on obsolete technology 

SMS technology is based on a set of signalling protocols known as Signalling System No. 7 (SS7), which was established in the 1970s. It is out of date and highly insecure, making it exposed to different forms of cyberattacks. As Ars Technica reported at the time, in 2017, a hacker gang used an SS7 security hole to circumvent two-factor authentication and drained people's bank accounts. Similar attacks have taken place several times over the years. 

The government can read your SMS texts 

Why haven't the security flaws in SS7 been fixed? One probable explanation is that regulators are uninterested in doing so since governments all across the world eavesdrop on their citizens. Whether or not this is the true reason, it is undeniable that your government could read your SMS texts if it so desired. Law enforcement in the United States does not even require a warrant to examine correspondence older than 180 days.Congressional Representative Ted Lieu presented legislation to stop this in 2022, but it was unsuccessful. 

Messages stored by your carrier 

SMS texts are saved by carriers for a set period of time (the length varies depending on the carrier). Metadata, which is information on the data itself, is kept much longer. If you aren't concerned about police enforcement reading your texts, you should be aware that your mobile provider can as well. While it is true that laws, regulations, and internal rules restrict mobile providers from spying on users, unauthorised access and breaches do occur. 

SMS message cannot be unsent 

Unsending an SMS message is not possible. If the recipient receives it, it will remain on their phone indefinitely unless they delete it manually. It's one thing to send a terrible and embarrassing SMS, but what if the recipient's phone has been hacked or otherwise compromised? And what if you revealed personal information in an SMS that you should not have revealed? This is probably not a scenario you want to think about. 

Switch from SMS to a secure messaging app 

SMS should not be used by anyone who is concerned about their personal cybersecurity and wishes to safeguard their privacy. The difficulty is that it provides a level of ease that alternatives simply cannot equal, at least for the time being. However, in most cases, that is not a sufficient justification to employ it. 

Secure, end-to-end encrypted messaging apps outperform SMS in practically every other way. And, if you have no other choice, use SMS wisely. Do not share information that you would not want a third party to have access to, and remember to take additional security steps.
Read more »
technology related issues
cyber attack data stealing Data Theft Mobile Security Robo-calls technology related issues

Robo-Calls and Texts Are Stealing Money Every Day, What You Should Do?

 

The Future of Jobs Report 2020 from the World Economic Forum highlights a growing trend among businesses. Organizations are accelerating their adoption of AI and automation in the wake of the pandemic. Alongside this progress, there is a concurrent rise in cybersecurity challenges and advancements occurring on a daily basis. 

While the notion of AI domination has been a recurring theme in countless narratives, my apprehensions lie more with the impact of simpler, less advanced technologies, rather than highly sophisticated generative artificial intelligence. Every day, unsuspecting individuals fall victim to robocalls and text scams, losing hard-earned money. 

According to Robokiller, this year alone, Americans have suffered losses of $14 billion from robotexts and $34 billion from robocalls. The report warns that scammers are relentlessly honing their tactics to pilfer money. Their projection suggests that by year-end, the total losses to phone scams could escalate to a staggering $90 billion for Americans. 

What are Robocalls? 

Robocalls refer to automated phone calls made by a computerized system, typically using a pre-recorded message. These calls are often sent out in large volumes to reach a wide audience. They can be used for various purposes, including telemarketing, political campaigning, and scamming. 

Robocalls can be intrusive and annoying for recipients, especially when they are unsolicited or used for fraudulent activities. Many countries have implemented regulations and measures to combat unwanted robocalls and protect consumers from scams. 

According to Robokiller's estimates, an astounding 78 billion robotexts and 31 billion robocalls inundated phone lines between January and June. This marks an 18% surge compared to the corresponding period last year. 

Identifying a scam robocall or text can be tricky. Protecting oneself from robocalls involves a combination of awareness and proactive measures. 

Here are steps that individuals can take to identify and protect themselves from robocalls: 

1. Screening Calls: Give priority to known contacts and let unfamiliar numbers go to voicemail. Legitimate callers will often leave a message. 

2. Policy of Non-Engagement: Steer clear of interactions with suspicious calls. Refrain from pressing any buttons or engaging with automated systems, as this could validate the activity of your number. 

3. Make Use of Call-Blocking Features: Most modern smartphones come equipped with call-blocking capabilities designed to sift through potential spam calls. Ensure you activate this feature and routinely refresh your block list. 

4. Install Robocall-Blocking Applications: Explore trusted apps such as Robokiller, Nomorobo, or Hiya. These applications leverage sophisticated algorithms to detect and screen out robocalls effectively. 

5. Stay Informed: Stay in the loop with the latest news and updates regarding emerging robocall scams. Familiarity with their common tactics equips you to recognize and steer clear of potential threats. 

6. Verify Caller Identity: If you receive a call from an organization or government agency that raises suspicion, disconnect the call and independently confirm their contact information through official and reliable channels. 

By implementing these steps, individuals can significantly reduce their exposure to robocalls and safeguard themselves from potential scams.
Read more »
User Privacy
AI Chatbot Data Leak Data Privacy Google Bard Mobile Security Online Tracking User Privacy

Here's How You Can Prevent Google Bard From Breaching Your Data Privacy

 

Impressive new features have been added to Google Bard in its most recent update, enabling the AI chatbot to search through YouTube videos, delve into your Google Docs, and find old Gmail messages. Despite how amazing these developments are, it's important to remember your privacy whenever you deal with this AI. 

Every conversation you have with the chatbot is automatically stored by Google Bard for a period of 18 months. It also includes any physical addresses linked to your Google account, your IP address, and your prompts. While the default settings are in effect, certain interactions may be selected for human approval. 

How to disable Bard's activity 

Follow these measures to prevent Google Bard from saving your interactions: 

  • Navigate to the Bard Activity tab.
  • Disable the option to save your prompts automatically. 
  • You can also delete any previous interactions in this tab. By disabling Bard Activity, your new chats will not be submitted for human inspection unless you directly report an interaction to Google. 

However, disabling Bard Activity means you won't be able to use any of Bard's extensions connecting it to Gmail, YouTube, or Google Docs. 

Erasing conversations with Bard 

While you can opt to delete interactions with Bard manually, keep in mind that this data may not be immediately purged from Google servers. Google uses automatic technologies to erase personally identifiable information from selected chats, which are then saved by Google for up to three years after you delete them from your Bard Activity. 

Sharing Bard conversations 

It's important to note that any Bard conversation you have with others may be indexed by Google Search. 

To remove shared Bard links, follow these steps: 

  • In the top right corner, select Settings. 
  • Click on "Your public links." 
  • To stop internet sharing, click the trash symbol. Google has said that it is working to keep shared chats from being indexed by Search.

Privacy of Gmail and Google docs conversations 

Google claims that Gmail and Google Docs interactions are never subject to human scrutiny. As a result, despite your Bard Activity settings, no one will access your emails or papers. However, it is unclear how Google would use your data and interactions to train its algorithm or future chatbot iterations.

When it comes to location data, Bard gives users the option of sharing their precise location. Even if you choose not to share your actual location, Bard will have a fair idea of where you are.

According to Google, location data is collected in order to give relevant results to your queries. This data is collected via your IP address, which reveals your geographical location, as well as any personal addresses kept in your Google account. Google claims to anonymize this data by combining it with information from at least 1,000 other users within a 2-mile radius. 

While Google does not provide an easy solution to opt out of Bard's location monitoring, you can conceal your IP address by using a VPN. VPNs are available for both desktop computers and mobile devices.

In the age of artificial intelligence and smart technology, it is critical to be mindful of the data we share and to take measures to safeguard our privacy. The features of Google Bard are undeniably wonderful, but users should proceed with caution and examine their choices when it comes to data storage and location tracking. 

By following the above tips and tactics, you can maintain control over your interactions with Google Bard and reap the benefits of this breakthrough AI chatbot while protecting your personal information.
Read more »
Subscribe to: Posts (Atom)