Flashlight applications may host malware
Malware by definition is short for malicious software. It refers to software programs designed to damage or do other unwanted actions on a computer system. Mobile malware is on the rise.
The newest source of mobile malware is coming from flashlight applications available for Android phones. Gary Miliefsky, CEO of Snoopwall and founding member of the U.S. Department of Homeland Security, told Fox News in an October interview that the top 10 flashlight apps available from the Google Play Store were acting in a very malicious way.
The top 10 flashlight apps to which Miliefsky refers are: Super-Bright LED Flashlight, Tiny Flashlight + LED, Brightest Flashlight, Brightest LED Flashlight, Color Flashlight, High-Powered Flashlight, Flashlight HD LED, FlashLight by Zerone Mobile, Flashlight by Mobile Apps, and Flashlight by Crazy Softech.
“This problem is bigger than Ebola because 500 million people are infected and they do not know it,” Miliefsky said during his interview with Fox News. “They’re malicious, they’re spying, they’re snooping and they’re stealing. The stolen data is used mainly for criminal purposes, and the information primarily flows into three countries: China, India and Russia.”
In a follow up interview with The Signal, Miliefsky said he was mostly concerned with the apps’ ability to access GPS, users’ networks and record conversations.
“Reality check – you are completely insecure and easily eavesdropped on your microphone and webcam if you have antivirus software,” Miliefsky warns. “It’s just not enough anymore.”
A study performed in February 2014 by Digital Consumer Report shows that 65 percent of Americans owned a smartphone as of 2013. The battle for who owns the market between Android and Apple continues to swing back and forth here in the United States. Android, however, owns the worldwide market, claiming nearly 71 percent of all smartphone sales.
Because the apps are available through a recognized market, a common assumption is that there have been some security measures taken before the release of the app. This is not necessarily true.
“For Apple, their vetting process is a combination of automated tools looking for known patterns of malicious behavior in the code as well as behavior, combined with an actual person reviewing the app itself to ensure it complies with their security and privacy policies” said Ken Westin, a security researcher at Tripwire. “This, of course, is not the case in unregulated markets such as Cydia Open App Marketplace. For the Google Marketplace, it is a bit more permissive; although there are automated checks and scans, there is not a manual process to release each application, however manual reviews do occur if there are complaints or something is identified in automated scans.”
App creators are aware of these reduced regulations for Android products and have exploited consumer’s false sense of security when downloading apps.
“This, however, has made the mobile consumer a bit complacent about security, as they feel the carriers and manufacturers are handling their security and [consumers] will generally fail to take responsibility for their own security and privacy,” Westin said.
Privacyrights.org documents the security breaches from 2005 to present day. On their website, they have recorded 931, 326, 448 records have been breached.
“930 million identities have been stolen in the U.S. alone, along with $500 billion in bank fraud and $100 billion in credit card fraud,” Miliefsky said.
There are certain measures consumers can take in order to keep their personal information secure. Reading the terms and conditions that apply to the specific app is the first step.
Warning signs include flashlight apps asking for suspicious access that seems to have no relevance to perform the task under its description. The app should not need to modify or delete the contents on the USB drive in order to shine a light. There should be zero need for a flashlight app to access your precise location via GPS.
If one of these flashlight apps has been downloaded, Miliefsky gave one final piece of advice.
“Uninstall all the apps you don’t use every day,” Miliefsky said. “Run a free PRIVACY APP scanner from SnoopWall or D-Central from John McAfee. See which apps spy on you and delete them.”
