Skip to content

Mobile Security

Verizon’s hidden Super Cookie to get larger role

Verizon_Hack
Verizon purchased AOL earlier this year and now is breathing new life in their invasive (lack of) privacy policy

Quote

The Relevant Mobile Advertising program uses your postal and email addresses, certain information about your Verizon products and services (such as device type), and information we obtain from other companies (such as gender, age range, and interests). The separate Verizon Selects program uses this same information plus additional information about your use of Verizon services including mobile Web browsing, app and feature usage and location of your device. The AOL Advertising Network uses information collected when you use AOL services and visit third-party websites where AOL provides advertising services (such as Web browsing, app usage, and location), as well as information that AOL obtains from third-party partners and advertisers.
We do not share information that identifies you personally as part of these programs other than with vendors and partners who do work for us. We require that these vendors and partners protect the information and use it only for the services they are providing us.

That is BS Verizon, you collect “postal and email addresses”… “gender, age range, and interests” what else do you, need to identify the user. His/her shoe size?

Quote

Privacy advocates say that Verizon and AOL’s use of the identifier is problematic for two reasons: Not only is the invasive tracking enabled by default, but it also sends the information unencrypted, so that it can easily be intercepted.

“It’s an insecure bundle of information following people around on the Web,” said Deji Olukotun of Access, a digital rights organization.
Verizon, which has 135 million wireless customers, says it is will share the identifier with “a very limited number of other partners and they will only be able to use it for Verizon and AOL purposes,” said Karen Zacharia, chief privacy officer at Verizon.

In order for the tracking to work, Verizon needs to repeatedly insert the identifier into users’ Internet traffic. The identifier can’t be inserted when the traffic is encrypted, such as when a user logs into their bank account.

Previously, Verizon had been sending the undeletable identifier to every website visited by smartphone users on its network 2014 even if the user had opted out. But after ProPublica revealed earlier this year that an advertising company was using the identifier to recreate advertising cookies that users had deleted, Verizon began allowing users to truly opt-out, meaning that it won’t send the identifier to subscribers who say they don’t want it.
Verizon users are still automatically opted into the program.

“I think in some ways it’s more privacy protective because it’s all within one company,” said Verizon’s Zacharia. “We are going to be sharing segment information with AOL so that customers can receive more personalized advertising.”

A recent report by Access found that other large carriers such as AT&T and Vodafone are also using a similar technique to track their users.
In order for Verizon users to opt-out, they have to log into their account or call 1-866-211-0874.

Remember, as a Verizon subscriber, you are paying Verizon to farm your data and use it make more money. Furthermore, the unencrypted streams leave you & your phone open to hacking and all the issues that can cause. Verizon and their ilk are despicable.

Spyware from Apple iTunes, Google Play, and Microsoft App Store

Quote

“Many trusted applications downloaded from Apple iTunes, Google Play, and Microsoft App Store are spying, snooping and stealing,” said Cybersecurity Expert Gary S. Miliefsky, CEO of SnoopWall, Inc.

See: https://www.youtube.com/watch?v=Q8xz8xKEFvU

This video has gone viral with nearly 6 million views, yet malicious flashlight app downloads have reached nearly 1 billion devices.

During FinDEVr, Miliefsky will demonstrate how popular apps are eavesdropping on bank accounts stealing PINs and credentials and monitoring check deposit from the largest banks in America. Consumers must be made aware of the fact that their smartphones are natural targets; that malware exists in trusted apps; and that ALL major mobile banking applications are susceptible to this exploitation.”

One of the big issues I see in the mobile space is the phone manufacturers & providers themselves. Their updates often contain spyware to sell more services, the operating systems themselves are not secure, especially with Android, and there is no easy application level control that allows users to select which apps can talk to the internet and which cannot (like a good workstation based firewall). Google Apps (GAPPS) are one of the biggest offenders. But they are not alone.

This is a big part of the Cyber Security problem and not just in mobile. Systems are insecure in many ways by design so manufacturers can collect as much data as they can and sell it advertisers and/or use it themselves to sell more. Windows 10 OS s a good case in point. Unfortunately, those same vehicles use by manufacturers to get user data are also used by nefarious actors to do the same and then use the data for identity and credit card theft and other criminal pursuits.

I think the ultimate solution for Mobile, at least in the non Apple market, will be a complete divorce from hardware and operating system. CyanogenMod and other open source projects have started in this direction. Will this take off? I think it will be very difficult as there is so much money at stake form both the Phone Manufacturers that want to sell more kit and the Phone Carriers that are in bed with them to sell more services and collect as much info as they can on users. I also think the average user will still want a turn-key easy to use solution. That said, a secure feature rich phone is not difficult, just at the moment not as profitable.