Employees are routinely cautioned not to leave their work laptops unattended or use unsecured Wi-Fi networks when they travel for business, but a new threat is cropping up where employees may least expect it: ride-sharing applications.
Specifically, a Kaspersky Lab security review finds that of 13 international ride-sharing apps, all revealed several security problems. Researchers say that vulnerabilities include users being re-routed through an attacker’s site, allowing that person access to personal data such as passwords or logins. In addition, a lack of defense against reverse-engineering can give hackers knowledge about how the app works and then find a vulnerability that gives them access to server-side infrastructure.
The scope of the problem is considerable: The 13 ride-sharing apps that were studied have been downloaded more than one million times, Google Play reports.
Norton Security has identified even more security concerns. Users of Lyft and Uber use their smartphones, which come with GPS, to locate one another. But if the users don’t turn off the app after reaching their destination, the app can continue to track and collect data on the user – perhaps even how long the person remains at a certain location.
Victor Chebyshev, security expert at Kapersky, says that research shows ride-sharing apps aren’t ready to fight off malware attacks. “Cybercriminals understand the value that such apps hold, and existing offers on the black-market point to the fact that vendors do not have much time to remove the vulnerabilities,” he says.
Currently, Uber is still in legal hot water over a massive 2016 data breach, with lawsuits seeking millions of dollars in damages. After that breach, the company paid hackers $100,000 to delete the information and keep it quiet. Several top security officials at Uber later lost their jobs.
While there are continuing revelations about security breaches with ride-sharing apps, companies need to ensure that their employees are educated about how to keep bad actors from accessing their personal or company information through such pathways.
Some recommendations to keep data safe from hackers includes:
- Disconnect. If a car sharing service sends an employee an SMS with a PIN code for his account, that worker should contact the security service and remove his bank card from that account. In addition, employees should use a separate bank card for online payments, including car sharing.
- Stay up-to-date. Remind workers to use the latest operating system on a device to cut down on software vulnerabilities and improve the odds of keeping a device free from attacks.
- Do the homework. Employees may spend more time researching where to eat dinner than if an app is secure. Urge them to research reviews of the app and the company before downloading and to be aware of any potential pitfalls.
- Read the privacy app. Not usually a fun chore, but an important one. Educate workers that their lack of knowledge about an app can come back to haunt them and the company. If there’s anything that doesn’t sound right, advise them to avoid the app or seek additional advice from security experts.
Just as more employees are becoming aware of the dangers of unsecured passwords and phishing attacks, they need to know that when they use certain apps, criminals may be trying to come along for the ride.
Great security starts with a great data back-up and recovery plan delivered by a trusted, data recovery pro. Contact StorageCraft today to learn more about all the solutions we offer and how we can help you secure your data.