Ruin Your IT Security? There's an App for That!
There's a running joke that no matter what you want to do, there's an app for that. Unfortunately, when it comes to IT security, many apps introduce security risks or downright security holes that we often fail to appreciate.
Which apps are the greatest risks to your IT security?
Remote Desktop Apps
Sites like GotoMyPC are legitimate, well tested remote desktop applications. Remote desktop applications are convenient, letting you access another PC and its files. This is why hackers love them, too. Stick to legitimate, big name remote desktop apps or avoid them altogether.
3rd Party Phone Services
Apps like Axtel Softphone and other VOIP apps seem like they are convenient. The problem is that they tend to have lower security standards than major ones like Skype. And Skype had a major security hole in 2012 that let anyone hack it as long as they knew your email address.
Password Storage Apps
Do you keep forgetting your passwords? Forget the security risk of having a yellow sticky note under the keyboard or in the desk drawer (yes, we know you put it there, sometimes). There's an app for password storage! Save all your passwords in one easy to find location.
Anyone who gets a hold of the device now has the passwords to imitate you on social media begging for money for their flight home from Aruba (to pay for their rent in Russia), drain your bank account, send themselves a donation via Paypal and post embarrassing images to Tumblr if they want to.
Don't forget the passwords saved in your browser; lax settings in your browser settings, failure to encrypt browser setting files where passwords are saved and using a generic password saved to the browser can compromise your personal security.
Ringtone apps are a security threat! You can get some cool sound snippets for your phone using the apps. What's the problem? Ringtone apps frequently show up on the list of apps known to be Trojans for malware, while users are not as aware of the risk. Is getting a cool ringtone for free worth the risk of installing malware on your phone?
Show Me Where Apps
Apps such as those that let you reveal your location to your best friends or identifying where sex offenders live along your planned route introduce a security risk we rarely think about - your location. This doesn't seem like a security risk at first. Wouldn't you want the police to know where you are in an emergency? It sounds great until you realize that one of the most terrifying text messages in history was sent out during Ukraine's revolution, "Dear subscriber, you are registered as a participant in a mass riot."
It's hard to have a revolution when the authorities know exactly where you are and who you are, and can track you down via the device on which the revolution uses to stay organized or send someone to wait for you when you get back home. While Ukraine's example we can hope is a rare fascistic move to quell a rebellion, apps that reveal your location to anyone with access to the app's code or location information can track you down at a moment's notice, determine your routine or simply spy to their heart's delight. Let's hope it is just their heart and not something else.
With apps like Alarm Security all in one where you can add fingerprint scans and additional phone protections, what could go wrong? The apps over-ride the built in security functions, often introducing new ones holes or stealth vectors. Always beware of a security application that demands security over-rides or jailbreaking your phone.
When you save data on your device, the data remains on the device. It is accessible if someone manages to hack the device or if you leave it out and unlocked. When you save your data to the cloud, people could hack the device OR the cloud. Be wary of cloud storage services. It isn't as safe or as private as you like, and that's ignoring the NSA's belief that anything in the cloud is as public as the amorphous water droplets floating on the breeze.
Free Instant Messaging Services
Installing software that lets you send free instant messages is not only the act of installing software but one that increases the risk that someone will send you a literally viral message that mainstream (paid) services would block.
Scanning apps seem convenient. Scan that form and send it as a fax instead of hunting for a working fax machine. Scan your check and deposit it. And anyone who offers a free and fairly simple app to do just that can have all that information - from your medical records to your bank account information to your signature. Be wary of scanning apps.
More by this Author
The OPM data breach involved the records and SF86 forms of over four million federal workers and contractors. What can you do to protect yourself now? What should we do to prevent it in the future?
What is the RIOT software? How is it different from prior social network data mining tools that came before it?
What are third party rights in contracts? When does a third party have obligations or rights per a contract?
No comments yet.