When I wrote this blog, I suspected it
was just the tip of the iceberg. With the disclosure of what our
National Security Agency (NSA) is collecting about us, it should be
no surprise that our technology companies are doing the same. They
are collecting information about you and making it possible in some
cases for others to do the same. Some of this is through
ignorance, but some is not. Sales or additional income drives much
of this collection of data about you.
This article from PC World is
rather disturbing about how Americans and others are being used to
collect data. When the president of the United States is not allowed
to have an iPhone, but is limited to a BlackBerry, you know security
is behind this. Of course, neither the president nor the Secret
Service is willing to say exactly how security could be compromised
with an iPhone. One security risk is the unpredictable nature of both
iPhone and Android apps. An information security company called
Trustwave said this month that file-sharing apps for iPhones and
iPads can compromise user security —even simple picture-sharing
apps or apps that enable users to exchange documents.
Hewlett-Packard conducted a study about
the security of business apps and found that more than 90 percent of
those apps had privacy or security flaws. Many of them give
themselves permission to access phone features and user data that
make no sense for the apps. Many of the flaws coincide with
unencrypted data and insecure protocols. About 20 percent of the
apps send user data via unprotected HTTP and about the same use
HTTPS, but don't get it right. Other problems were found that could
compromise user security and privacy not through malice, but through
incompetence.
Another report from Trend Micro is
disturbing also. The company found that there are now one million
“malware and high risk apps” in the wild. These apps are those
that aggressively serve up ads that lead to dubious sites and are
about one quarter of the total apps. A good number of these apps
open up an insecure file server on the device, which makes the file
vulnerable to copying and even for malicious crackers to upload files
of their own because many apps don't require user authentication.
This can be compounded by apps running on older versions of the
operating system.
Anyway you slice this, security
problems grow with added apps regardless of the platform they are
installed on. We all need to be cautious and not rely on an app
being secure because it is highly rated or popular. Education is the
best defense and even then we are not infallible. The best defense
is that users need to realize that the Apple App Store, the Google
Play Store, and other Android stores are laden with apps that can
compromise your security and privacy without you even knowing about
it.
Even if this is not about diabetes, you
still need to know that your diabetes data stored or transmitted via
cell phones, iPhones, iPads, and Android cell phone and tablets may not be secure.
No comments:
Post a Comment