
Hack Day: App attack

Jonathan Swift has turned hacker for the day and reveals how spyware can be one of the most powerful weapons in a cyber criminal’s arsenal.
Looking for spyware?
Where are you looking? On your main servers? On staff laptops? Even on their phones? Perhaps your Bring Your Device to Work screening hasn’t been as diligent as it might have been?
All good places to look but how about your apps?
I worked on your app Check My Drive, the one you designed for your customers, and thought it might be a clever idea to build in a piece of spyware just in case it took off.
Wow! The data I have now have on your customers is going to be very interesting to some criminal gangs I am in touch with. I can even see where these customers are driving to and pick up on their routines and favourite haunts.
I could sell the information back to you but I think I’ll get more money for it my way. Crime pays…
Is it in the Android app or the Apple app or both? Wouldn’t you like to know?
What data did I target? Well, I wasn’t greedy. I don’t need much to make myself a tidy sum. I haven’t taken the same data from everyone, or even targeted every customer. The triggers for activating the spyware are actually quite sophisticated but with something that is almost permanently connecting the user to the internet, grabbing the data hasn’t been too hard.
Of course, you can re-engineer the app and try to take the spyware out of it but the damage is done.
What are you going to tell your customers now? You can’t be sure which ones have lost personal data and which ones haven’t.
Do you tell them all? Or, do you deploy expensive resources to try and trace where the spyware was active? Tough choice. I’m glad I am not in your shoes.
Of course, I could let the media know how careless you have been. A couple of posts on Twitter and you’ll be answering some very awkward questions.
You also need to think about how I got myself into a position to embed this in your high profile App.
Was I on your staff or did I work for one of the developers you had to sub-contract to get this project off the ground?
I might even still be working for you – you might even ask me to find the solution. Wouldn’t that be ironic?
Great App by the way.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact [email protected].
You are currently unable to print this content. Please contact [email protected] to find out more.
You are currently unable to copy this content. Please contact [email protected] to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email [email protected]
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email [email protected]
More on Technology
Videos/Podcasts
Insurance Covid-Cast: How has staff productivity been impacted by remote working?
For the 35th episode of Post and Insurance Age’s video series we gathered together a panel of senior insurance managers to discuss how productive staff have been since Covid-19 lockdown, and whether it has changed as restrictions have eased?
Subscribe to our daily newsletter for all the latest news
Most read
- Insurers urged to pay claims quickly following BI ruling
- Aviva confirms office closures amid restructure
- Blog: The broker fallout from the Supreme Court BI ruling
- Biba reveals measures to help brokers in light of Supreme Court judgment
- The Insurance Age Deal Tracker
- BI test case: Brokers buried under avalanche as clients clamour to claim
- Supreme Court rejects insurers' appeals in BI test case judgment