Superfish is also available for iOS and Android devices


Last week, all those involved in the technology have heard the news that Lanovo wants to have installed Superfish adware along with a security certificate on its devices.
Meanwhile, Microsoft, Lenovo and other companies have released software to remove Superfish and the security certificate, but the problem seems to be on mobile devices as well.
Superfish

The equivalent of Superfish for mobile devices is called LikeThat and is available for iOS and Android devices in the special app stores of each platform.

The app is designed to make it easier for users to take pictures by taking pictures. The photo then goes up to Superfish's servers and compares it to discover visually similar results provided by thousands of other retailers.

Jonathan Zdziarski, a dedicated iOS researcher, checking the application's code found that it included some features that give each device a unique identity, and retain all the EXIF ​​data available in the photos.

The device ID is also sent to an analytics company assigned to the device without any notice to the user while sending the mobile MAC address.

As for the EXIF ​​data in the images, each user's private life is trapped if the GPS is enabled. So, among other things, companies have their exact location and the time that photography was taken. Imagine many photos from different locations can very well show the movements of a user in a specific time period.

The researcher found that the LikeThat Superfish for iOS is quite invasive and includes code that can leak device-related information such as free disk space, MAC address, memory used, CPU frequency, or type screen.

In a Friday's publication, the investigator points out that if some of the tracking capabilities are disabled (closed GPS) in versions of the application for iOS ή Android, the ability to collect and transmit the user's location is possible through the SFLocationAPI they use.

"It seems that Superfish, if it doesn't have the way to collect information from an image you select from your photo album (UIImagePicker), uses a technique that could allow access to underlying image metadata that most users don't know is stored," says the researcher.

You can see it all analysis of the researcher from here.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news