Last week, all those involved in the technology have heard the news that Lanovo wants to have installed Superfish adware along with a security certificate on its devices.
Εντωμεταξύ η Microsoft, η Lenovo και άλλες εταιρείες έχουν εκδώσει λογισμικό για την αφαίρεση του Superfish και του πιστοποιητικού ασφαλείας, αλλά το πρόβλημα φαίνεται να υπάρχει και στις κινητές συσκευές.
Το ισοδύναμο του Superfish για τις κινητές συσκευές ονομάζεται LikeThat και είναι διαθέσιμο για συσκευές με iOS και Android, στα ειδικά app bedspread of each platform.
The app is designed to make it easier for users to take pictures by taking pictures. The photo then goes up to Superfish's servers and compares it to discover visually similar results provided by thousands of other retailers.
Jonathan Zdziarski, an expert iOS researcher, checked the app's code and discovered that it included some characteristics που προσδίδουν σε κάθε συσκευή μια μοναδική ταυτότητα, και διατηρούν όλα τα EXIF δεδομένα που είναι διαθέσιμα στις φωτογραφίες.
The device ID is also sent to an analytics company assigned to the device without any notice to the user while sending the mobile MAC address.
As for the EXIF data in the images, each user's private life is trapped if the GPS is enabled. So, among other things, companies have their exact location and the time that photography was taken. Imagine many photos from different locations can very well show the movements of a user in a specific time period.
The researcher found that the LikeThat Superfish for iOS is quite invasive and includes code that can leak device-related information such as free disk space, MAC address, memory used, CPU frequency, or type screen.
In a publication he made on Friday, the researcher points out that if some of the possibilities monitorings are disabled (GPS off) in app versions for iOS ή Android, the possibility collectionς και μετάδοσης της θέσης του χρήστη είναι δυνατή μέσω του SFLocationAPI που χρησιμοποιούν.
"It seems that Superfish, if it doesn't have the way to collect information from an image you select from your photo album (UIImagePicker), uses a technique that could allow access to underlying image metadata that most users don't know is stored," says the researcher.
You can see it all analysis of the researcher from here.