How safe are messaging apps

With the massive rise in popularity of messaging apps in the past few years with Snapchat said to have at least 30 million active monthly users while WhatsApp and LINE sport 400 million and 300 million registered users, respectively. The ever increasing risk of cyber attacks against such accounts and there retrospective servers is a given. The issue with a lot of these apps is they request a mountain of personal information in order for you to be able to use the service. Giving this information requires a lot of trusting of the application developer and from past exploits its hard to say a lot of these developers deserve your trust. The question now is "how do you protect yourself whilst using such application?"

Well in order to help you with this I have compiled a number of steps that if followed should help minimize your risk of exposure if your account becomes victim to a cyber attack.

1) Be discreet. If you want to use messaging apps as a way to contact certain people, avoid using real-life identification details that can be traced back to you. If that can’t be avoided, use as little real information as possible, depending on the app you’re using. Avoid linking your social networking profiles to your messaging app accounts.

2) Secure your messaging app accounts. Use a unique email account for your messaging app. Don’t reuse passwords.

3) Don’t share anything you wouldn’t want the public to get wind of. Oversharing is one of the biggest mistakes you can ever make online; using messaging apps is no exception. Be aware of what you share. And when in doubt, keep sensitive information to yourself.

4) Limit what access you give your messaging application eg don't give access to your location or photos unless you need to.

Recovering "Deleted" snapchat messages

You have just arrived at this post and read the heading "recovering deleted snapchat messages" and now your thinking snapchat deletes my messages after 10 seconds doesn't it? Well the simple answer to that question is no. This isn't any kind of a new revelation the research has been around since 2013 it just doesn't seem to be well known so I have decided to do my part to try and highlight it. The main reason for writing this post is to try and get the message through to teenagers and young adults that the content you are sending may not be secure and could come back to bite you. There is also a massive legal issue with the sending of explicit images if both parties are seen as minors and you could land yourself in a whole lot of trouble with the law. It is important to presume that anything you send or do online can be traced and made public so the safest approach to take is think twice before sending anything out there that may prove harmful to yourself or others.

If you would like to read through the report on how to recover snapchat messages and I suggest that you do the link can be accessed here. After reading this report maybe you might consider sending a snap to your friends just to let them know you have a code red situation and you need to meet up. For anyone who is to lazy to click on the link I have copied in the body of the report below.
-------------------------------------------------------------------------------------------------------------------------

Methodology

We used two android devices to examine artifacts left behind by Snapchat. An account (rhickman1989) was created on a Samsung Galaxy Note 2, and pictures and videos were sent to another account (DeciphForensics). The receiving account was logged into on a Samsung Galaxy S3, when some of the images and videos were viewed, while others were not. We then acquired the phone using AccessData’s Mobile Phone Examiner+ version 5.2.1.499. After the acquisition was complete, the image was exported as an .AD1 image file, and then imported to AccessData’s Forensic Toolkit version 4.0.2.33.

After a brief examination of the contents, a different account (decipforensics2) was created on the Samsung Galaxy Note 2, and more pictures and videos were sent to the account on the Samsung Galaxy S3 (rhickman1989). This was to determine if there are identifiers for the sender account of a “snap.” The same acquisition process was followed again after the second batch of “snaps” were sent.

After another brief examination of the contents, pictures and videos were sent from the Samsung Galaxy S3 with the rhickman1989 account to both the DeciphForensics and DecipForensics2 accounts. The same acquisition process was followed again after sending these “snaps.”

All examination took place using AccessData’s Forensic Toolkit version 4.0.2.33.

Snapchat Structure

The majority of Snapchat data is stored within the data/data/com.snapchat.android folder. There are four folders within this directory, with two folders within the cache folder.

Examination of the Samsung Galaxy S3 revealed that within the shared_prefs folder are several XML files: CameraPreviewActivity.xml, com.google.android.gcm.xml, com.snapchat.android_preferences.xml, and SnapPreviewActivity.xml.

The com.snapchat.android_preferences.xml File

This file is where the majority of information stored by Snapchat is located. Within this file is a listing of all the contacts stored on the device. This is done with the permission allowed by the user for the application to read the contacts on the device.

Below the list of contacts is a listing of Snapchat messages. It appears that there is a set of fields stored for each message in Snapchat. The following are the fields stored in this section of the XML file: type, mSender, mWasViewed, mCaptionPosition, mCaptionOrientation, mIsLoading, mIsTimerRunning, mIsBeingViewed, MWasOpened, mWasScreenshotted, mDisplayTime, mId, mTimestamp, mStatus, mIcon, and mMediaType.

We sent only two pictures from the DecipForensics2 account, and one was viewed and expired. Within this XML file are two records that show the mSender field set to “decipforensics2.” Of those two records, one has the mWasOpened set to “true.” The author kept documentation as to which images were opened and allowed to expire and which are not, so it is known which image is tied to this record.

The mTimestamp field is stored in Epoch format. Upon conversion of this value, it showed the time that the image was either taken or viewed. Further research will need to be done to determine which it is, however, the time is within the timeframe of both being sent and viewed. Unfortunately, the author did this within a few minutes of each other and did not record the exact time sent.

The mId field for the picture shown to the left is “270518365528484358r.” The mTimestamp field in the same record is “1365528484358.” After converting the Epoch time format to readable format, the time stamp is for April 9, 2013 11:28:04 MDT. The similarities here will be address further in a later section of this paper

The received_image_snaps Folder

Within this folder were located every image sent to the DeciphForensics account on the Samsung Galaxy S3, including the images that had been viewed and were expired. There were some duplicate images with different names as well, the reason for this is unknown.

Android developers created a way for media files such as graphics to be stored on the phone for application use and function without being put into the Gallery application as an image to be viewed. The way that they did this was with .nomedia files. “If a directory has a file named .nomedia, then the media store will not scan and record the metadata of files in that directory” (Hoog, 2011).

Each of the images within the received_image_snaps folder had a .nomedia extension appended to the end of the file name. For example, the name of the file figure 3 is “h1a81hurcs00h1365528700423.jpg.nomedia”. This was likely done to prevent the images stored within this directory from being placed in the gallery or from being scanned by the media store. AccessData’s Forensic Toolkit recognized the .nomedia extension that was appended to the end of the file name and ignored it, displaying the images.

Correlations between the XML Records and the Image Names

There is a small correlation between records within the com.snapchat.android_preferences.xml file and the name of the image file stored in the received_image_snaps folder.

As shown above, there are three correlations between the name of the image, the mTimestamp value, and the mId value. While this is consistent with this image, it is not always consistent with all images. The section in blue is present in several of the other images, only with different numbers following to separate the image.

Conclusion

The author began this research in an attempt to answer several vital questions about the Snapchat application as it is stored and used on Android devices. The author has concluded that metadata is stored for Snapchat images, as shown by the com.snapchat.android_preferences.xml file, and that it contains metadata about expired “snaps” as well as unexpired “snaps,” and that images that are sent via Snapchat are indeed recoverable, and do not “disappear forever.”

Securing your iot devices

2016 has been named the year that the internet of things (iot) takes hold, with a reported 50 million plus devices sold worldwide to date with everything from smart fridges to smart plugs iot is here to stay. It must be noted however with all of this extra connectivity comes a juicy threat surface for cyber criminals to prey on. The main thing consumers need to remember that if you bough a devices that connects to the internet then you can be guaranteed that it needs to be secured. In this post I am going to outline a number of steps you can take to help protect yourself and your family from becoming victims of a cyber attack.

1) Keep your devices up to date

This goes for all devices that connect to the internet but I would especially recommend it for iot devices as new exploits are exposed manufactures may push down patches to solve the vulnerability and therefor you should regularly check to make sure your device is running the latest software.

2) Change the default password on your device

This is a very important step to take as the majority of iot devices are mass produced with a default login and not changing this on day one will leave yourself vulnerable to attack. May I suggest using a password that is at least 10 character long with special characters and capitals and numbers i.e don't use your last name and type 123 after it.

3) Be familiar with your devices privacy section

What kind of information are you saving or sharing through this device and what guarantees are put in place that this information is been protected. Don't assume just because the manufacturer says its a secure device to use that it is and make sure your information isn't been shared with third parties.

4) Be carefully buying a second hand device or selling your own device

Buying a second hand device on line may come pre-installed with malware or a backdoor only buy second hand devices from a reputable dealer. On the flip side think long and hard about selling your device, resetting a device may look like all your data has been cleared but with a little know how a lot of this information may be retrieved. There are a number of programs out there that ensure proper data erasure and this may be something you should look into first.

Securing your android (the basics)

I have been asked a bit lately about securing android devices as I tend to focus on the apple side of things as I myself use the iPhone. There is a myth out there that android is inherently insecure and this really isn't true, android out of the box is pretty good its the user that make the device insecure. The real issue with android is anyone can make an app and upload it to their store they don't check first to see if you are a potential cyber criminal. I think from memory that at one stage in the past few years the top 5 apps in the android store were in fact trojan horses this might be wrong but I am pretty sure their is some truth their I need to go back and double check this. So to minimize the waffle you ask "what do I need to do to secure my android?" Well I have put together a number of steps that if followed will definitely help you get to a place where you can feel "secure".

1) Do not save all of your passwords in your device! I don't know why I need to say this but people naturally tend to save their passwords for easy access of whatever the reason on their devices. This is a very bad practice and you should avoid this, think of memorizing your passwords of a way to delaying Alzheimer's and not getting ripped off by cyber criminals.

2) Use your devices inbuilt security features, If you are running on Jelly Bean, you can have a screen lock and encryption enabled to further enhance your security. Use these features they will help you keep your device safe.

3) Androids allow you to lock your apps you should use this feature especially for apps that hold sensitive information. Their is a free app that you can download to enable this feature called App Lock.

4) If you are installing an app read what permissions the app want's!!! If you are downloading some recipe app it doesn't need access to your camera, microphone and contacts. This should be common sense but for some reason people download apps and click ok to everything.

5)  Download a mobile security app, androids are very much open to virus's and malware in comparison to their i0S counterparts. An app I think is pretty good is avast!mobile security.

6) One of the most important things you can do to secure your android is secure your network. I know you wont listen but try to avoid using public networks. You can protect your information by using apps like Hideninja VPN so that your outgoing connection is always encrypted, making it harder for anyone to sabotage your data. If you suspect that your device is being attacked, WiFi Protector can help fend off these attackers. To further enhance your network security you can apply settings from SecDroid but note that this app is only for rooted phones.

Protecting Windows 10 (The Basics)

Over the past few months Microsoft have been firing out their new operating system Windows 10 to the world for free. This blog is more aimed at anyone who is just after installing the operating system as chances are if you are a windows user you may have already upgraded or will be doing so in the near future. Like most things that come fresh out of the box to make them work to a level you might expect takes some tweaking. I am going to focus on a few basic steps you should take right away to make your new operating system secure.

1) Run the windows update straight away, I know you may have spend an hour or two installing the dam thing but running windows update will make sure your operating system has the latest patches. To find windows update just click the little search bar at the bottom of your screen and type "windows update" once opened just hit "check for updates" and your done.

2) System restore is turned off by default in Windows 10 so you might want to turn this on. Microsoft have renamed this function as "system protection" so to turn this on head back down to the little search bar and type "This PC" when the logo appears right click on it and select "Properties" click on "system protection" then click "Configure" and turn system protection on.

3) Check your Windows 10 privacy setting by default everything and I mean everything in here is turned on. To get here you go to START > Settings> Privacy spend a bit of time looking over this and make sure you are happy with it.

4) Make sure that all of your applications are updated in an earlier post I mentioned that Secunia PSI was a good application to check this.

5) Make sure you have your anti-virus turned on if you don't have an anti-virus Windows has a build in AV called Windows Defender. You can find Defender by going to the search bar and typing "Windows Defender".

Steps to take after the Vtech Hack

In the last week the figures released from toymaker VTech surrounding the massive hack they have suffered is startling. The worst part about this hack is it shows that children are not immune to cyber crime. It is important to first realise the scale of this attack and just how many children have been affected worldwide. Below are statistics detailing how many individuals data has been leaked and in what countries along with if the data was that of an adult or a child. As you can see from the statistics below I have highlighted Ireland, the only reason for this is that I am Irish.

Country                         Parent Accounts                             Child Profiles

United States                  2,212,863                                             2,894,091

France                             868,650                                                1,173,497

United Kingdom             560,487                                                727,155

Germany                         390,985                                                508,806

Canada                            237,949                                                316,482

Others                             168,394                                                223,943

Spain                               115,155                                                138,847

Belgium                          102,119                                                133,179

Netherlands                    100,828                                                124,730

Republic of Ireland      40,244                                                  55,102

Latin America                28,105                                                  36,716

Australia                        18,151                                                   23,096

Denmark                        4,504                                                     5,547

Luxembourg                  4,190                                                     5,014

New Zealand                 1,585                                                     2,304

What I find the most frighting about all of this is that a particular VTech service known as Kid Connect was hacked and the information stolen. You may ask why is this frighting and I am going to explain why. Kid Connect is set-up to allow parents and their kids to communicate. That information includes kids head-shots and chat logs between parents and children. Most, if not all, of these cases, the logs, pictures, and recordings can be traced back to specific usernames, allowing anyone in possession of the hacked data to identify the people chatting as well as those in the pictures.

This may lead to a lot more unforeseen problems down the road but as it stands is just a very uncomfortable situation for parents to be in, and yet again starkly highlights the dangers for children in the digital age.

If you have been affected by this attack you might want to know what steps do you need to take now.

Luckily for you its coming up to Christmas so the VTech spin doctors are in full flight trying to somehow roll out reassuring and efficient damage control to save what's left of the companies reputation. In response to the attacks they have posted a very detailed breakdown of all of the events and the VTech response that can be found here. If you just want the main points I have pulled them out and you can find the below. 

What kind of information are stored in the database?

Parent account information including name, email address, secret question and answer for password retrieval, IP address, mailing address, download history and encrypted password.
Kids profiles include name, genders and birthdates.
Encrypted Learning Lodge’s contents including, Kid Connect’s profile photos, undelivered Kid Connect messages, bulletin board postings and Learning Lodge content (ebooks, apps, games etc).
Download sales report logs.
Progress logs to track kids games, for parents’ reference.
It does not contain any credit card information. VTech does not process nor store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway.
It does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).

Was any credit card information stolen?

No, our Learning Lodge website database does not contain any credit card information and VTech does not process or store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway.

Why do you need this customer information?

Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products. Customers need to set up an account for such transactions. The information is used to identify the customer and track their downloads. As customer safety and privacy are of utmost importance to us, we are making all necessary adjustments to our system security, which will include only storing such information as is required for our customers to download and enjoy our services. All other information will be deleted from our servers.

Is there anything I can do to better protect myself?

Whilst all personal customer passwords are encrypted, even encrypted data can be susceptible to skilled hackers, so we are advising you to immediately change your passwords on any other sites that may use the same email, secret question and answer, and password combination.

What is VTech doing to protect data stored on Kid Connect?

The Kid Connect service has been temporarily suspended. We are reviewing our security protocols and will delete all unsent messages before we restart the service.

How can I change my password or delete my Learning Lodge account and personal data stored on your servers?

As an precautionary measure, we have temporarily suspended Learning Lodge and Kid Connect service along with a number of other websites to conduct a thorough security assessment and whilst we implement additional security protocols. We will advise our customers of further action when the websites are ready to be reactivated.

When can we expect that Learning Lodge will be online again? Should I then register again?

We are working as fast as possible to resume our service. We will advise our customers of further action when the websites are ready to be reactivated.

Is it safe for my kids to play with the toys with Learning Lodge app? Could the hacker reach my kids through the devices, trace their activity or location?

Our investigation to date suggests the breach is on the server, not on the device itself. There is no evidence to suggest the toys are not safe at this time. We will continue to investigate and share more information as it becomes available.

Has there been any customer data found leaked on the internet?

We have no evidence that any of the data has been used or distributed criminally. Whilst all personal customer passwords are encrypted, even encrypted data can be susceptible to skilled hackers, so we are advising you to immediately change your passwords on any other sites that may use the same email, secret question and answer, and password combination.