Employees are routinely cautioned not to leave their work laptops unattended or use unsecured Wi-Fi networks when they travel for business, but a new threat is cropping up where employees may least expect it: ride-sharing applications.
Specifically, a Kaspersky Lab security review finds that of 13 international ride-sharing apps, all revealed several security problems. Researchers say that vulnerabilities include users being re-routed through an attacker’s site, allowing that person access to personal data such as passwords or logins. In addition, a lack of defense against reverse-engineering can give hackers knowledge about how the app works and then find a vulnerability that gives them access to server-side infrastructure.
The scope of the problem is considerable: The 13 ride-sharing apps that were studied have been downloaded more than one million times, Google Play reports.
Norton Security has identified even more security concerns. Users of Lyft and Uber use their smartphones, which come with GPS, to locate one another. But if the users don’t turn off the app after reaching their destination, the app can continue to track and collect data on the user – perhaps even how long the person remains at a certain location.
Victor Chebyshev, security expert at Kapersky, says that research shows ride-sharing apps aren’t ready to fight off malware attacks. “Cybercriminals understand the value that such apps hold, and existing offers on the black-market point to the fact that vendors do not have much time to remove the vulnerabilities,” he says.
Currently, Uber is still in legal hot water over a massive 2016 data breach, with lawsuits seeking millions of dollars in damages. After that breach, the company paid hackers $100,000 to delete the information and keep it quiet. Several top security officials at Uber later lost their jobs.
While there are continuing revelations about security breaches with ride-sharing apps, companies need to ensure that their employees are educated about how to keep bad actors from accessing their personal or company information through such pathways.
Some recommendations to keep data safe from hackers includes:
- Disconnect. If a car sharing service sends an employee an SMS with a PIN code for his account, that worker should contact the security service and remove his bank card from that account. In addition, employees should use a separate bank card for online payments, including car sharing.
- Stay up-to-date. Remind workers to use the latest operating system on a device to cut down on software vulnerabilities and improve the odds of keeping a device free from attacks.
- Do the homework. Employees may spend more time researching where to eat dinner than if an app is secure. Urge them to research reviews of the app and the company before downloading and to be aware of any potential pitfalls.
- Read the privacy app. Not usually a fun chore, but an important one. Educate workers that their lack of knowledge about an app can come back to haunt them and the company. If there’s anything that doesn’t sound right, advise them to avoid the app or seek additional advice from security experts.
Just as more employees are becoming aware of the dangers of unsecured passwords and phishing attacks, they need to know that when they use certain apps, criminals may be trying to come along for the ride.
Great security starts with a great data back-up and recovery plan delivered by a trusted, data recovery pro. Contact StorageCraft today to learn more about all the solutions we offer and how we can help you secure your data.
View Comments
-
-
You’re correct, we were referring to the guest. But, after further review, we noticed that the sentence you pointed out in step five doesn’t quite fit with the remainder of the post, so we’ve removed it. It is, however, still important to check the virtual machines’ event logs for VSS errors-- this is just a standard best practice to make sure everything is running smoothly.
-
Nice catch, Eric. Looks like "it"" got away from me."
-
Interesting point, Kurt. The more you lean on the cloud, the more you stand to be without if your cloud provider takes a temporary fall. An example would be the recent outage of Microsoft Azure (check out our article) For disaster recovery, the cloud is great because your backups are there in emergency when you need them. It's very important who you choose to work with when it comes to storing your backups in the cloud and you'll want to go with people in the industry that are true experts in backup and disaster recovery. The idea behind backup and disaster recovery is redundancy. You need a backup of, well, everything. That means if you've got a cloud provider taking care of infrastructure needs you'll probably want to have a plan for what you'll do if their cloud goes down for awhile. If you're relying on your own hardware, you'll want it backed up to a place that allows you to easily retrieve it in an emergency. What's even better is to use a cloud provider that gives you the ability to virtualize from the cloud so that your downtime is almost nothing. Check out StorageCraft Cloud Services if you'd like to learn more."
Previous
1
…
8
9
10
Hello Carlo,
Yes, you have pointed out the travails of being both a Techie and a Marketer, namely predicting software release dates. We both know how fast technology changes these days. What with Microsoft updates, new hardware (and the associated drivers), the constant flow of Linux distros, and StorageCraft's penchant for getting everything perfectly aligned before a release and my job as a Technical Marketer job becomes nigh impossible. I apologize for getting the date wrong, and will post more information about the upcoming software release as soon as I get it.
Thank you for keeping me honest.
Cheers,
Steven