Ads
Researchers found over 1325 apps from the Google Play store that would take personal data from sources like Wi-Fi connections and metadata stored in photos, working around the permissions system.
Researchers found that Shutterfly, a photo-editing app, had been gathering GPS coordinates from photos and sending that data to its own servers, even when users declined to give the app permission to access location data.
Some apps were relying on other apps to gather phone identifiers like your IMEI number by reading the SD card. This includes apps like Baidu's Hong Kong Disneyland park app, researchers said.
Other apps were gathering location data by connecting to your Wi-Fi network and figuring out the router's MAC address.
Ads
A long-term device tracking attack which works in spite of MAC randomization, and may reveal personal information such as the name of the device owner (over 75% of experiment cases).
This information, researchers argued, is more than enough to create profiles and track users. Combined with data from online advertisers and analytics providers, it could be used to link devices to their real owners.
The research team worried that Airdrop-based tracking technology could be deployed in retail stores or public spaces and track users' movement through an area.
The research team said they notified Apple of all the vulnerabilities they found, between August and December 2018, but a patch cannot be expected soon as "the security and privacy vulnerabilities require the redesign of some of their services," researchers said.
2019: 黃之鋒指他在 8 月 30 日被捕及起訴時使用的 iPhone XR 被警方撿取作證物,而被捕期間從未向警方提供手機密碼,警方亦從來沒有向他索取密碼。惟在昨日(18日)黃昏,距離開庭前約 20 小時前,他收到控方提供的證據列表,其中包括 4 份「黃之鋒手機訊息交流記錄」,2 份是 WhatsApp 對話,2 份是 Telegram 對話。而他指,截至開庭聆訊前,從沒有收到控方通知或警方查閱手機內容的手令。
從控方提交的證據可觀察到,警方甚至能得知個別訊息是從軟件的手機版本或電腦版本發出,並非一般用戶介面可以做到。
Ads
希望大家可以幫我推到上熱門同埋send去tg group (我冇用tg)
希望有熱心手足可以將內容製成文宣,教銀髮族點保障自己 (唔駛credit我)
樓主建議最低消費:
(1) 用Tor Browser 同埋 Firefox上網 記得睇安全使用建議
https://www.torproject.org/download/
iOS: https://onionbrowser.com/
https://www.mozilla.org/en-US/firefox/78.2.0/releasenotes/
(2) 用Signal 取代 WhatsApp (Telegram唔係加密通訊)
https://signal.org/download/
(3) 用兩步驟驗證 (唔好用SMS驗證)
Android: andOTP – https://f-droid.org/packages/org.shadowice.flocke.andotp;
iOS: FreeOTP https://freeotp.github.io/
(4) 用25個字或以上既密碼,切忌重用或者用一啲可以人哋可以估到嘅嘢; 絕對唔好用指紋/瞳孔解鎖,用KeepassXC儲存密碼
https://keepassxc.org/download/
https://play.google.com/store/apps/details?id=keepass2android.keepass2android
https://itunes.apple.com/us/app/strongbox-password-safe/id897283731
(5) 所有裝置都要用full disk encryption (記得睇安全使用建議)
https://www.veracrypt.fr/en/Downloads.html
(6) 用Standard Notes取代 Google Docs
https://standardnotes.org/
(7) 用 ProtonMail/Tutanota 取代Gmail
https://protonmail.com/
https://www.tutanota.com
(8) Send相/video前移除metadata
Android: https://play.google.com/store/apps/details?id=com.jarsilio.android.scrambledeggsif
iOS: https://apps.apple.com/us/app/viewexif/id945320815
(9) 用OnionShare share文件 (幾大都得)
https://onionshare.org/
安全啲:
(1)-(9)做晒
(10) 盡量避免用public / shared WiFi
(11) 盡量避免用closed source software,尤其係嗰啲天氣app / 電筒app
待續
幫手推