Software

Wake up! You’ve been p0wned

Today I came across a popular app that is usually paid but just for today it was absolutely free for iOS users. It is a kind of “smart alarm clock” app which basically monitors your sleeping and wakes you up exclusively during your light sleeping cycle. Wow!

How does it do it? Well, the app enables your embedded mic and uses it during the night to monitor your sleeping cycles. In other words, it records your environment while you’re sleeping. When I read about it I just could not believe it. And that’s because of the variety of potential scenarios a threat actor could exploit with people who use similar apps.

Imagine if the company behind the app gets hacked and the app then transmits data, it will provide access to the private offline life of the people using the app. Or how about another scenario where no data is transmitted – what if the company gets hacked and the attackers edit the original code and then push a new version that does actually transmit recordings to a remote server?

In reality there are several scenarios an attacker could use. Worst of all, since this is a legit app available on AppStore, the attackers don’t even have to invest in expensive exploits for this OS.

Be careful when selecting apps and do not be too trusting when it comes to your much-loved devices. It’s hard to believe that something you trust with your personal life – your digital friend – can become your digital frenemy. But it does happen – and more often than you might think.

Wake up! You’ve been p0wned

Your email address will not be published. Required fields are marked *

 

  1. MOHAMED KUDSI

    THANK YOU

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox