Top
PanicGuard panic alarm app leaks your personal information, including location – A N I T H
fade
21874
post-template-default,single,single-post,postid-21874,single-format-standard,eltd-core-1.1.1,flow child-child-ver-1.0.0,flow-ver-1.3.6,eltd-smooth-scroll,eltd-smooth-page-transitions,ajax,eltd-blog-installed,page-template-blog-standard,eltd-header-standard,eltd-fixed-on-scroll,eltd-default-mobile-header,eltd-sticky-up-mobile-header,eltd-dropdown-default,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

PanicGuard panic alarm app leaks your personal information, including location

PanicGuard panic alarm app leaks your personal information, including location


Regular readers will know that I have spent a not inconsiderable time grumbling about the poor state of Android security, with many consumers left in the lurch by their manufacturers without any method of updating their devices to protect against newly-discovered security vulnerabilities in the operating system.

However, the truth is that there’s something that’s much more critical to smartphone security than whether you chose an iPhone or an Android – and that’s third-party apps.

You can have the most secure OS in the world, with a seamless updating infrastructure for security patches, but it’s not going to do you any favours at all if you’re running an app which is sloppy when it comes to keeping your personal information private and secure.

Researchers at Wandera have taken a close look at one app called PanicGuard, and found it lacking.

What makes PanicGuard’s failures particularly ironic is that it is actually intended to keep you safe.

As you can see from the app’s promotional video, PanicGuard is targeted specifically at people who feel vulnerable – including those who suffer from domestic abuse, people being stalked, or those who are worried about walking through the dodgy end of town…

If you feel threatened, the app can contact your nearest and dearest, telling them to contact the police, sharing your location and even taking video footage of your attacker.

PanicGuard was the first such personal safety app to be approved by UK police, but clearly it hasn’t been properly vetted for security flaws.

Wandera’s research reveals that PanicGuard fails to properly encrypt the user’s personal information, potentially exposing it to Wi-Fi sniffing hackers:

PanicGuard requires users to fill in their personal credentials upon their initial login. This includes obvious things like first name, last name, and e-mail however the app also takes in more personal information. Date of Birth, country, and emergency contact information are also required to register.

Furthermore, users’ locations are established during the login process including their exact longitude and latitude. For someone downloading a personal safety app, this information all seems pretty standard. However, what the innocent users of PanicGuard are unaware of is that their information is being transferred in plaintext over the internet.

This basically means that the HTTP connection the app uses to send information to its server is extremely insecure. Due to the nature of the connection, users’ credentials are susceptible to third party exposure.

There’s really no excuse for using such apps to use plaintext HTTP to transfer personal information in this day and age.

It’s ironic to think that an app designed – with obviously good intentions – to keep people safe, has at the same time reduced their security.

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and gives presentations on the topic of computer security and online privacy.

Follow him on Twitter at @gcluley, Google Plus, Facebook, or drop him an email.

Follow @gcluley



Source link

Anith Gopal
No Comments

Post a Comment