Google To Ban Cryptocurrency-Related Advertising In June
"Yakuza Kiwami 2" Brings the Fight to the West on August 28
Invite-only Fortnite is already the top iPhone game in the US
Xiaomi Redmi Note 5 with AI Dual Camera Launched in China
More Evidence Surfaces to Suggest that Modern Warfare 2 is Being Remastered
Israeli Start-Up Leaks Data on 31m Users
06 December 2017, 05:59 | Justin Tyler
Millions caught in virtual keyboard app data breach
Security researchers claim to have found the personal data of 31 million Android users of the keyboard app Ai.type after finding an open database online.
Researchers had attempted to contact the company behind AI.type on multiple occasions but it wasn't until this past weekend that they finally acknowledged it. AI.type says it has now secured the database, and that the leak didn't impact AI.type's nine million iOS users.
Phone number, full name of the owner, device name and model, mobile network name, SMS number, screen resolution, user languages enabled, Android version, IMSI number (international mobile subscriber identity used for interconnection), IMEI number (a unique number given to every single mobile phone), emails associated with the phone, country of residence, links and the information associated with the social media profiles (birthdate, title, emails etc.) and photo (links to Google+, Facebook etc.), IP (if available), location details (long/lat). The app, created by Eitan Fitusi, has a free version that collects more personal data than the paid version, which is monetized by ads. In some cases, there's even specific details from the user's Google profile, including birth dates, genders, and profile pictures.
He pointed out that the misconfigured MongoDB database appears to belong to Tel Aviv-based Ai.Type, which designs and develops a personalised keyboard for mobile phones and tablets for both Android and iOS devices.
"Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?"
Several tables contained lists of each app installed on a user's device, such as banking apps and dating apps.
It doesn't stop there as the app also seemingly had access to a user's contacts.
Worst of all, researchers claimed the app stored - and uploaded to the insecure server - text entered into the keyboard, such as phone numbers, private and sensitive information, web search terms, emails addresses and their corresponding passwords. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers.
While the personalization features offered by ai.type certainly require a certain amount of data to be collected about users, questions have been raised about just how far-reaching this data collection has been. But ZD.Net says that it found signs that text typed on the app is recorded and kept by the company.
"It is clear that data is valuable and everyone wants access to it for different reasons", Alex Kernishniuk, VP of strategic alliances at Kromtech, said.
For now, the possibility that anyone who download the keyboard apps had all of their phone data exposed publicly online is a "logical" thought, adds Kromtech's Diachenko. "This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user", Bob Diachenko of the Kromtech Security Center said.
Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
Delhi Government Lifts All Exemptions Under Odd-Even Scheme
The play, however, continued uninterrupted on Monday even as indicators showed pollution levels rising to "hazardous" levels. Also, NGT had given the 48 hours time to Delhi government to submit its report against the Delhi air pollution action plan.
Redmi 5A launched in Coimbatore by Xiaomi
Earlier this week, Donovan Sung, Xiaomi Global spokesperson, revealed the Redmi 5 and Redmi 5 Plus ahead of launch. The Redmi 5 is expected to feature a 3,200 mAh, while the Redmi 5 Plus is said to pack in a 4,000 mAh battery.
Federal Grand Jury Indicts Steinle Killer
Gascon also criticized President Trump and conservative pundits for turning the trial into a "political football". A jury rejected that charge last week and convicted Garcia Zarate only of being a felon in possession of a gun.
Westworld and SWAT Reboot Suspend Filming Due to Wildfires
A wildfire in southern California stalled the production of the CBS drama series S.W.A.T. andHBO's Westworld on Tuesday. A representative at Sony Pictures Television, the studio behind "S.W.A.T.", also confirmed the production delay to CNN .