Defending against the next generation of privacy threats

Defending against the next generation of privacy threats

Dave Henderson at BlueFort Security describes some of the threats to our privacy that are easy to miss.

Our privacy is under attack. As it stands today almost everyone is being tracked and monitored 24/7 with cameras recording our expressions and speech to determine what we might be thinking, where we are going and who we are meeting. If you are picking up tones of George Orwell’s famous novel, 1984, then you’d be right to do so.

When it comes to protecting the privacy of our data, it is a difficult task and it’s only getting harder. With rapidly evolving security and privacy risks, and super determined cyber criminals, there are always more privacy threats than users can possibly track.

When it comes to privacy mishaps, plain old human error is often to blame. We all know about the importance of using hard-to-guess passwords and saying yes to the multi-factor authentication option. However, the deployment of Artificial Intelligence and sophisticated automation technologies means that some of today’s more sinister threats are easy to miss. 

Here are some examples that can easily fly under the radar: 

Web Browsers and Apps

Before smartphones existed, “apps” did not exist. Anything accessed now through an app was before accessed through an internet browser. The web browser on our smartphones is “sandboxed,” meaning it cannot access general data on the system or control hardware.

An installed app, however, can be coded to do anything it wants to gain access to any hardware the user has control of. When accessed via the browser on a smartphone, many sites prompt the user to download the app. Often, if you don’t download the app you can’t access the site. But by agreeing to download the app, you are forced to give you personal information, or give the app access to your camera or microphone.

The answer is, I’m afraid, to be savvy with your apps. Before downloading an app, make sure you understand what information the app will access. Read the permissions the app is requesting and determine whether the data it is asking to access is related to the purpose of the app. Read the app’s privacy policy to see if, or how, your data will be shared. If the policy is vague or the permissions request seems excessive, don’t download it.

Geotagging

When we finally get back to travelling, you might tag your latest whereabouts in an Instagram story, or tweet about culinary adventures in a new restaurant. The reason you can post your location is a useful feature called geotagging, which adds your GPS-location metadata to a video, photo, and other media content. It’s one of several convenient ways people document their travel.  If you share photos on a regular basis, you can effectively be sharing a detailed trail of your movements. 

If we want to get serious, law enforcement regularly uses image metadata to locate unwitting criminals. And it’s worth considering that hackers could use geotagged posts to track people too. With the amount of data, location-based search tools, and services available, vulnerable people, such as domestic violence victims, can be at risk if they’re unintentionally added to a geotagged photo. That said, most social platforms will strip out the metadata from uploaded photos but glitches happen – and this could result in an image’s metadata being accessible.

Web scraping

Some websites can contain a very large amount of invaluable data. Web scraping is the process by which bots extract content from a website, usually without permission of the website owner. This activity in itself is not illegal or harmful but like many things, if used in the wrong way, it could result in sensitive user information falling into the wrong hands. Take a user’s credentials, for example. Stolen credentials are one of the most sought after prizes for cyber criminals. Verizon’s latest DBIR found that 67% of breaches were caused by compromised credentials and social attacks.

Cross-correlation

In this scenario the sum is definitely worth more than the individual parts. Cross-correlation risk is where a cyber criminal is able to build a detailed picture of a person by gathering together individual bits of seemingly harmless data. Giving your email address to a retailer to receive an emailed receipt rather than having a paper one may seem innocuous, but when that email is looked up on third-party marketing lists, and then combined with leaked lists of voter registrations, it can now be used to identify where you live, how you vote, your health issues, your movements, and whom you communicate with on social media. This profile of you can then also be sold over and over again.

At the forefront of these next-generation risks is IoT, big data, and third party/cloud, all of which are really just getting going. The sheer scale of what’s possible is a lot for most people to process. However, it’s not all doom and gloom. Cybersecurity professionals understand the cat and mouse game that’s played with cyber criminals. As much as the cyber criminals consider AI their new power weapon of choice, the reality is that it is being used equally (if not more) successfully by defenders to identify and mitigate against these threats.

What’s needed from us all is awareness that these threats are out there, and then we proceed with caution. This slightly paraphrased quote from George Orwell’s novel, 1984, sums it up well I think…“You have to live–from habit that became instinct—in the assumption that every sound you made was overheard, and, every moment scrutinized.”


Dave Henderson is co-founder BlueFort Security. Dave has a wealth of cyber security expertise after spending more than two decades helping many of the world’s leading enterprises defend their digital assets. As Co-Founder of BlueFort Security since 2007, David and his partner have been working with household names and central and local government to strengthen, optimise and mature their cyber security solutions.

Main image courtesy of iStockPhoto.com

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]