ibusinesslines.com
ibusinesslines.com December 17, 2017


Israeli Start-Up Leaks Data on 31m Users

06 December 2017, 05:59 | Justin Tyler

Millions caught in virtual keyboard app data breach

Popular Keyboard App with Tens of Millions of Downloads Leaks Data of Its 31 Million Users

Security researchers claim to have found the personal data of 31 million Android users of the keyboard app Ai.type after finding an open database online.

Researchers had attempted to contact the company behind AI.type on multiple occasions but it wasn't until this past weekend that they finally acknowledged it. AI.type says it has now secured the database, and that the leak didn't impact AI.type's nine million iOS users.

Phone number, full name of the owner, device name and model, mobile network name, SMS number, screen resolution, user languages enabled, Android version, IMSI number (international mobile subscriber identity used for interconnection), IMEI number (a unique number given to every single mobile phone), emails associated with the phone, country of residence, links and the information associated with the social media profiles (birthdate, title, emails etc.) and photo (links to Google+, Facebook etc.), IP (if available), location details (long/lat). The app, created by Eitan Fitusi, has a free version that collects more personal data than the paid version, which is monetized by ads. In some cases, there's even specific details from the user's Google profile, including birth dates, genders, and profile pictures.

He pointed out that the misconfigured MongoDB database appears to belong to Tel Aviv-based Ai.Type, which designs and develops a personalised keyboard for mobile phones and tablets for both Android and iOS devices.

"Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?"

Several tables contained lists of each app installed on a user's device, such as banking apps and dating apps.


It doesn't stop there as the app also seemingly had access to a user's contacts.

Worst of all, researchers claimed the app stored - and uploaded to the insecure server - text entered into the keyboard, such as phone numbers, private and sensitive information, web search terms, emails addresses and their corresponding passwords. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers.

While the personalization features offered by ai.type certainly require a certain amount of data to be collected about users, questions have been raised about just how far-reaching this data collection has been. But ZD.Net says that it found signs that text typed on the app is recorded and kept by the company.

"It is clear that data is valuable and everyone wants access to it for different reasons", Alex Kernishniuk, VP of strategic alliances at Kromtech, said.

For now, the possibility that anyone who download the keyboard apps had all of their phone data exposed publicly online is a "logical" thought, adds Kromtech's Diachenko. "This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user", Bob Diachenko of the Kromtech Security Center said.

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.



Other News

Trending Now

Delhi Government Lifts All Exemptions Under Odd-Even Scheme
The play, however, continued uninterrupted on Monday even as indicators showed pollution levels rising to "hazardous" levels. Also, NGT had given the 48 hours time to Delhi government to submit its report against the Delhi air pollution action plan.

Eminem reveals Ed Sheeran and Pink collaborations for Revival album
Grey, who performs on a song entitled Tragic Endings , will be making her latest appearance with Eminem . Revival comes almost four years after Em's 2013 studio album, The Marshall Mathers LP 2 .

Redmi 5A launched in Coimbatore by Xiaomi
Earlier this week, Donovan Sung, Xiaomi Global spokesperson, revealed the Redmi 5 and Redmi 5 Plus ahead of launch. The Redmi 5 is expected to feature a 3,200 mAh, while the Redmi 5 Plus is said to pack in a 4,000 mAh battery.

Dele Alli bids to recover form in weakened Spurs team
But, despite scoring twice in the 3-1 win over defending European champions Real Madrid, he has generally struggled to recreate that form this term.

Federal Grand Jury Indicts Steinle Killer
Gascon also criticized President Trump and conservative pundits for turning the trial into a "political football". A jury rejected that charge last week and convicted Garcia Zarate only of being a felon in possession of a gun.

Wind advisory for much of Tuesday, maybe snow by the weekend
Breezy, with a north northwest wind 5 to 10 miles per hour increasing to 13 to 18 miles per hour in the afternoon. Forget about those above-average high temperatures in the 50s to around 60 over the past couple of weeks.

Westworld and SWAT Reboot Suspend Filming Due to Wildfires
A wildfire in southern California stalled the production of the CBS drama series S.W.A.T. andHBO's Westworld on Tuesday. A representative at Sony Pictures Television, the studio behind "S.W.A.T.", also confirmed the production delay to CNN .