ibusinesslines.com
ibusinesslines.com July 17, 2018


Israeli Start-Up Leaks Data on 31m Users

06 December 2017, 05:59 | Justin Tyler

Israeli Start-Up Leaks Data on 31m Users

Israeli Start-Up Leaks Data on 31m Users

Security researchers claim to have found the personal data of 31 million Android users of the keyboard app Ai.type after finding an open database online.

Researchers had attempted to contact the company behind AI.type on multiple occasions but it wasn't until this past weekend that they finally acknowledged it. AI.type says it has now secured the database, and that the leak didn't impact AI.type's nine million iOS users.

Phone number, full name of the owner, device name and model, mobile network name, SMS number, screen resolution, user languages enabled, Android version, IMSI number (international mobile subscriber identity used for interconnection), IMEI number (a unique number given to every single mobile phone), emails associated with the phone, country of residence, links and the information associated with the social media profiles (birthdate, title, emails etc.) and photo (links to Google+, Facebook etc.), IP (if available), location details (long/lat). The app, created by Eitan Fitusi, has a free version that collects more personal data than the paid version, which is monetized by ads. In some cases, there's even specific details from the user's Google profile, including birth dates, genders, and profile pictures.

He pointed out that the misconfigured MongoDB database appears to belong to Tel Aviv-based Ai.Type, which designs and develops a personalised keyboard for mobile phones and tablets for both Android and iOS devices.

"Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?"

Several tables contained lists of each app installed on a user's device, such as banking apps and dating apps.


It doesn't stop there as the app also seemingly had access to a user's contacts.

Worst of all, researchers claimed the app stored - and uploaded to the insecure server - text entered into the keyboard, such as phone numbers, private and sensitive information, web search terms, emails addresses and their corresponding passwords. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers.

While the personalization features offered by ai.type certainly require a certain amount of data to be collected about users, questions have been raised about just how far-reaching this data collection has been. But ZD.Net says that it found signs that text typed on the app is recorded and kept by the company.

"It is clear that data is valuable and everyone wants access to it for different reasons", Alex Kernishniuk, VP of strategic alliances at Kromtech, said.

For now, the possibility that anyone who download the keyboard apps had all of their phone data exposed publicly online is a "logical" thought, adds Kromtech's Diachenko. "This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user", Bob Diachenko of the Kromtech Security Center said.

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.



Other News

Trending Now

The $6.7M Tab for Mueller's Russia Investigation Will Grow
The bulk of the spending - $1.7 million - has been on personnel salary and benefits, according to the report . Since the probe began in May, the special counsel has charged four people, two of whom have pleaded guilty.

David Feeney first Labor MP referred to High Court over dual citizenship
Ms Gallagher has always been under a cloud, having not received confirmation she'd renounced her United Kingdom citizenship. A vote to refer eight other MPs to the court was narrowly defeated in the House of Representatives.

Westbrook triple double as Thunder down Jazz
Paul George added 21 points while Steven Adams scored 20 points, his third consecutive game with 19 or more. George and Anthony combined to score 19 of their 35 points in the fourth quarter.

Supreme Court grants Trump's bid to revive full travel ban for now
The third version of the travel ban blocks visitors and immigrants from Chad, Iran, Libya, Somalia, Syria, Yemen and North Korea. The move was largely seen as a victory for the administration even though the court did not rule on the merits of the case.

Eminem reveals Ed Sheeran and Pink collaborations for Revival album
Grey, who performs on a song entitled Tragic Endings , will be making her latest appearance with Eminem . Revival comes almost four years after Em's 2013 studio album, The Marshall Mathers LP 2 .

Steinhoff CEO resigns, company says accounting irregularities to be investigated
Steinhoff's share price fell by more than 50% by midday on Wednesday, dropping to about R19 from its Tuesday close of R45.65. Its European operation expanded previous year to include United Kingdom discount retailer Poundland .

Pharma giants caution United Kingdom government about Brexit impact on drug supply
But the issues of the rights of expatriate citizens and the UK-EU border on the island of Ireland remain fraught, diplomats say. The coming week brings the negotiations to date to a climax, with disagreements potentially halting the entire process.