Mobile apps come under the security microscope as research groups report major vulnerabilities.
Laura HautalaFormer Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
ExpertiseE-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking.Credentials
2022 Eddie Award for a single article in consumer technology
This is turning out to be the week you learned your smartphone apps can be exploited by hackers. Three separate research groups revealed app security flaws that could turn Apple and Samsung devices into cyberintruders' playthings -- allowing them to take control of your phones' cameras, microphones and GPS while stealing all your personal information and listening to your phone calls.
The only good news is that the attacks would have to be aimed at specific phones, and attackers are unlikely to target everyday people. The really, really bad news? German researchers last month found flaws that could affect every phone.
That's right: there's a vulnerability for everyone.
A flaw in the Swift keyboard that comes preinstalled on Samsung devices could leave 600 million phones vulnerable, security company NowSecure said Wednesday. The keyboard can't be uninstalled, and replacing it with another keyboard app won't fix the problem.
Researchers at Indiana University found that iOS apps containing malware could easily get past Apple's scrutiny and onto its App Store.
"The researchers found email addresses, passwords, health records and other sensitive information of app users, which may be easily stolen and often manipulated," spokesman Oliver Kuch said in a statement last month.
Ryan Disraeli, a cofounder and vice president of fraud services at security company TeleSign, said the reality isn't as dire as these reports suggest. Yes, attacks could happen, but "they're not necessarily random attacks that will just hit anyone. There's certainly targeted attacks on people who are valuable to hack."
So ask yourself, are you a celebrity? A CEO? A contractor with access to superclassified government documents (hello, Edward Snowden)?
If not, hackers would probably need some other really good reason to attack your smartphone, Disraeli said.
Consumers should also ask themselves what, specifically, hackers might want from them. "Nobody cares about hacking photos from my phone," Disraeli pointed out. "They want a celebrity."
Correction, 5:06 p.m. PT: An earlier version of this story misstated Ryan Disraeli's job title. He's a co-founder and vice president of fraud services at TeleSign.