Most mobile app users blindly trust that the apps they download from app stores are safe and secure. But that isn’t the case.
Douglas Maughan, who heads up the Department of Homeland Security’s Science and Technology division, tells FOX Business that most mobile apps aren’t vetted.
“Mobile applications are put out on the app store [but] they’re not really checked,” he says. “When people download applications most people don’t know what they are downloading. They don’t know what’s in that software.”
Maughan says users are playing an increasingly important role in the country’s cybersecurity defense, but the more smart devices that proliferate the market, the bigger the target.
“Things we call smart devices also can be insecure devices. They’ll share information and other kinds of things. Insecure apps aren’t just a national security risk. It puts user privacy on the line in a major way.”
FOX Business got an exclusive behind-the-scenes look at a “war room” created at this week’s RSA Conference in San Francisco.
Percy Tucker, senior manager of systems engineering at RSA, gave FOX Business an inside look at how exposed user data is when connected to a Wi-Fi network. Tucker says users assume everything they do on their phones is automatically protected, “I think there’s a trust factor....if they download the app from a trusted source such as Apple or Google they assume that everything is good. That those apps have been vetted.”
But Tucker says even when apps require password authentication, or a thumbprint to access, everything done on that app can be seen -- if that app doesn’t have proper security.
“If a user is on their laptop and they are doing something under an unencrypted protocol we can actually visually reconstruct exactly what they are seeing.” Tucker says that includes emails, web pages, attachments – even phone calls made over Wi-Fi. “If it’s an email we can actually visually reconstruct it the same way you would have seen it on your laptop or on your phone.”
Tucker says last year at the conference they could see people checking their security cameras at home using popular home monitoring apps.
“We saw a lot of activity, people checking their video cams at home, their backyards, front doors, everything in their house. We might not know who you are ... but we can see inside your house.”
One popular dating app, Tinder, was accessed on the network. Tucker says they couldn’t see specific usernames and passwords, but once the users were in and connected to Wi-Fi they could see all the profiles and activity.
“We didn’t know who you were but we could see what your tastes were – whether you were swiping left or swiping right.”
DHS’s Maughan says raising awareness and educating users could have a big national security impact: “I think if we could do a better job of educating our users I think that might actually help and slow down some of the attacks.”