Employees are routinely cautioned not to leave their work laptops unattended or use unsecured Wi-Fi networks when they travel for business, but a new threat is cropping up where employees may least expect it: ride-sharing applications.

Specifically, a Kaspersky Lab security review finds that of 13 international ride-sharing apps, all revealed several security problems. Researchers say that vulnerabilities include users being re-routed through an attacker’s site, allowing that person access to personal data such as passwords or logins. In addition, a lack of defense against reverse-engineering can give hackers knowledge about how the app works and then find a vulnerability that gives them access to server-side infrastructure.

The scope of the problem is considerable: The 13 ride-sharing apps that were studied have been downloaded more than one million times, Google Play reports.

Norton Security has identified even more security concerns. Users of Lyft and Uber use their smartphones, which come with GPS, to locate one another. But if the users don’t turn off the app after reaching their destination, the app can continue to track and collect data on the user – perhaps even how long the person remains at a certain location.

Victor Chebyshev, security expert at Kapersky, says that research shows ride-sharing apps aren’t ready to fight off malware attacks. “Cybercriminals understand the value that such apps hold, and existing offers on the black-market point to the fact that vendors do not have much time to remove the vulnerabilities,” he says.

Currently, Uber is still in legal hot water over a massive 2016 data breach, with lawsuits seeking millions of dollars in damages. After that breach, the company paid hackers $100,000 to delete the information and keep it quiet. Several top security officials at Uber later lost their jobs.

While there are continuing revelations about security breaches with ride-sharing apps, companies need to ensure that their employees are educated about how to keep bad actors from accessing their personal or company information through such pathways.

Some recommendations to keep data safe from hackers includes:

  1. Disconnect. If a car sharing service sends an employee an SMS with a PIN code for his account, that worker should contact the security service and remove his bank card from that account. In addition, employees should use a separate bank card for online payments, including car sharing.
  2. Stay up-to-date. Remind workers to use the latest operating system on a device to cut down on software vulnerabilities and improve the odds of keeping a device free from attacks.
  3. Do the homework. Employees may spend more time researching where to eat dinner than if an app is secure. Urge them to research reviews of the app and the company before downloading and to be aware of any potential pitfalls.
  4. Read the privacy app. Not usually a fun chore, but an important one. Educate workers that their lack of knowledge about an app can come back to haunt them and the company. If there’s anything that doesn’t sound right, advise them to avoid the app or seek additional advice from security experts.

Just as more employees are becoming aware of the dangers of unsecured passwords and phishing attacks, they need to know that when they use certain apps, criminals may be trying to come along for the ride.

Great security starts with a great data back-up and recovery plan delivered by a trusted, data recovery pro. Contact StorageCraft today to learn more about all the solutions we offer and how we can help you secure your data.

View Comments

  • Thanks for the post. We are currently in the process of reviewing our current "inefficient"" disaster recovery plan."

  • i impress regarding your product,now it is also available world wide,i am also worker for the same nature of beverage manufacturing, it is different from the beer of saudi.......cheer up

  • Why was the Durability not considered in this article? Disk drives are generally warranted for 1-3 years and ends life by 5 years. The risk of bad blocks in disks are higher than tape. and tape life time exceeds 15 years.

  • John,

    Excellent comments! Thank you for contributing to this blog post by sharing your ideas and experience. We're all about creative ways of using our amazing tools.

    I wanted to also point out that there are some USB drives that don't work as a bootable device. Also, I'm using a third party software which we don't support. So StorageCraft doesn't officially support putting the Recovery Environment on a USB at this time. My intent with this article is to spur discussion and creative thinking.

    Many times we'll hear great comments like yours on ways to use our product that we hadn't thought of before. We rely on this constructive feedback to constantly improve upon the product.

    Please, keep those comments coming. We're glad you're finding new ways of using our tools to make your lives easier.


  • I did the same thing using command line to make my usb bootable and extracting the .iso to the flash drive using WinRAR.

    Rather than using a 2gb just to accomodate the SP iso, I used a 64gb drive so that I can take an image of the machine I'm booting and save straight to the flash drive rather than setting up a share and bringing network speed to a crawl while I back up the device. But that's just my 2 cents.

  • Great post on exchange server email recovery. One more tip to users of exchange server and Outlook, if you have no hope to recover from exchange server you can check the recovery with Outlook OST files from each user.
    It may be some hectic task but I am sure your data worth much more than that

  • There's that old adage: "Garbage in, garbage out."" Computers are tools to get the job done, and while yelling at that hammer might unload some of the hurt, we hardly think it's really the hammer's fault for hitting the thumb. :)"

    • Thanks for the comment, James.

      That sounds a bit expensive per MB, hopefully the cost will decline in the near future.

  • With companies like Samsung & Apple giving away free cloud stroage option with their smartphones, I think cloud storage will become quite famous on smartphones.

  • ASCII and our almost 1,000 members in every state of the US is focused on this trend and we are working at headquarters to implement these services.

    • That's awesome, Alan. It's great to have apps that meet an organization's specific needs. We'll see ASCII at the next event in Florida on March 21!

    1 2 3 4 5 6 10

Search by Tag

2014 press release award backup BDR Big Data business business continuity case study cloud cloud computing curation cyber security data center data management data protection data recovery data security disaster planning disaster recovery Hard disk drive Hardware healthcare industry news IT industry linux marketing Microsoft Mobile MSP MSPs news partners ransomware ShadowProtect software StorageCraft StorageCraft Cloud Services storagecraft news tech tips VAR verticals video virtualization webinar Windows