If you have a flashlight installed on your smartphone, you have to watch this. You’re being spied on!
Gary Miliefsky, SnoopWall CEO, and founding member of the US Department of Homeland Security announces a privacy breach posed by smartphone flashlight apps. Miliefsky has advised two White House Administrations on Cybersecurity.
“You’re gonna lose your identity. You’re gonna wonder why there was a transaction. You’re gonna wonder how someone got into your bank account and paid a bill that doesn’t exist,” Miliefsky said.
Milifesky said when you download an app, you also give permission for it to access other parts of your phone, like an alarm clock app that can also track phone calls.
“You think an alarm clock needs all those permissions? Access to the Internet over wifi, your call information, calls you’ve made, call history, your device ID? This to me is not a safe alarm clock,” Miliefsky said.
And there’s the weather and flashlight apps that he says exploit legitimate banking apps to capture information, as he showed us in a demonstration of what could happen when someone takes a photo of a check to send to their bank.
“The flashlight app spies on the camera and noticed the check and grabbed a copy of it. Shipped it off to a server somewhere far away,” Miliefsky said.
Last year the group FireEye discovered 11 malware apps being used on iPhones that gathered users’ sensitive information and send it to a remote server, including text messages, Skype calls, contacts and photos Apple fought back by removing the apps and putting stricter security measures in place.
“They get at your GPS, your contacts list…to build a profile on you,” Miliefsky said.
Some apps are simply collecting information for advertising purposes. In 2014, the Federal Trade Commission settled a lawsuit with a company over its popular Brightest Flashlight app, alleging it transmitted consumers’ personal information to third parties without telling them.
But Miliefsky said he’s found another flashlight app that can do much more troubling things.
“This one turns on your microphone in the background, listens in on you, and sends an encrypted tunnel to a server we discovered in Beijing,” Miliefsky described.
“You’re saying that they’re actually listening to people’s conversations and sending that audio back to Beijing?” Werner asked.
“Yeah, we’ve tracked it. I can show you where it does it,” he said.
Miliefsky said it can be traced to a few blocks from Tiananmen Square on Information Drive in Beijing.
He gave a report on that app to the FBI.
“Because to me, it’s spyware at the nth degree,” Miliefsky said.