Wait, do you really think that’s a YouTube URL? Spoofing Links on Facebook


While scrolling on Facebook, how do you decide which link/article should be clicked or opened?

Facebook timeline and Messenger display title, description, thumbnail image and URL of every shared-link, and this information is enough to decide if the content is of your interest or not.

Since Facebook is full of spam, clickbait and fake news articles these days, most users do not click every second link served to them.

But yes, the possibility of opening an article is much higher when the content of your interest comes from a legitimate and authoritative website, like YouTube or Instagram.

However, what if a link shared from a legitimate website lands you into trouble?

Even before links shared on Facebook could not be edited, but to stop the spread of misinformation and false news, the social media giant also removed the ability for Pages to edit title, description, thumbnail image of a link in July 2017.

However, it turns out that—spammers can spoof URLs of the shared-links to trick users into visiting pages they do not expect, redirecting them to phishing or fake news websites with malware or malicious content.


If you are unaware, every time a link is clicked on Facebook, a system called "Link shim" checks that URL against the company's own blacklist of malicious links to avoid phishing and malicious websites.

This means if an attacker is using a new domain for generating spoofed links, it would not be easy for the Link shim system to identify if it is malicious.

Although Link shim also uses machine learning to identify never-seen-before malicious pages by scanning its content, it was found that the protection mechanism could be bypassed by serving non-malicious content explicitly to a Facebook bot based on User-Agent or IP address.

Since there is no way to check the actual URL behind a shared link on Facebook without opening it, there is a little user can do to protect themselves except being vigilant. 



iPhone Apps With Camera Permissions Can Secretly Take Your Photos Without You Noticing !

Are you a proud iPhone owner? If yes, this could freak you out. Trust me!

Your iPhone has a serious privacy concern that allows iOS app developers to take your photographs and record your live video using both front and back camera—all without any notification or your consent.

This alarming privacy concern in Apple's mobile operating system was highlighted by an Austrian developer and Google engineer, Felix Krause, who detailed the issue in his blog post published Wednesday.

Apparently, there is a legitimate reason for many apps, such as Facebook, WhatsApp, and Snapchat, to request access to your camera, in an effort to take a photo within the app.

So, this permissions system is not a bug or a flaw instead it is a feature, and it works exactly in the way Apple has designed it, but any malicious app could take advantage of this feature to silently record users’ activities.

Krause explained that that granting camera permission could enable iOS app developers to access:

· both the front and the back camera of your device,

· photograph and record you at any time the app is in the foreground,

· upload the recorded and captured content immediately, and

· run real-time face detection to read your facial expressions


...and all without warning or alerting you in any way.

Since Apple only requires users to enable camera access one time when they are asked to grant blanket permission to an app and gives free access to the camera without requiring any LED light or notification, Krause explained that a malicious app could leverage this loophole to go far beyond its intended level of access to spy on users.

How to Protect Your Privacy?

There is a little user can do to protect them.

Krause recommended Apple to introduce a way to grant temporary permissions to access the camera, allowing apps to take a picture during a limited period of time, and then revokes it after that.

Another way is to introduce a warning light or notification to the iPhone that informs people when they are being recorded.

Most importantly, do not let any malicious app enter your smartphone. For this, always download apps from an official app store and read reviews left by other users about the app and its developer.

According to Krause, for now, the only practical way to protect yourself is to cover your camera, just like Facebook CEO Mark Zuckerberg and ex-FBI Director James Comey do.

Hackers Could Turn LG Smart Appliances into Remote-Controlled Spy Robot.

If your smart devices are smart enough to make your life easier, then their smart behaviour could also be exploited by hackers to invade your privacy or spy on you, if not secured properly.

Recent research conducted by security researchers at threat prevention firm Check Point highlights privacy concern surrounding smart home devices manufactured by LG.

Check Point researchers discovered a security vulnerability in LG SmartThinQ smart home devices that allowed them to hijack internet-connected devices like refrigerators, ovens, dishwashers, air conditioners, dryers, and washing machines manufactured by LG.

...and what's worse?

Hackers could even remotely take control of LG's Hom-Bot, a camera-equipped robotic vacuum cleaner, and access the live video feed to spy on anything in the device's vicinity.

This hack doesn't even require hacker and targeted device to be on the same network.

Dubbed HomeHack, the vulnerability resides in the mobile app and cloud application used to control LG's SmartThinkQ home appliances, allowing an attacker to remotely gain control of any connected appliance controlled by the app.

This vulnerability could allow hackers to remotely log into the SmartThinQ cloud application and take over the victim's LG account.

Now, hackers can run this tempered app on their rooted smartphone and can set up a proxy which could allow them to intercept the application traffic.

This Is What You Can Do Now:

Researchers disclosed the vulnerability to LG and the device manufacturer issued an update to patch the issue in September.

So, if you own any LG SmartThinQ appliance, you are strongly advised to update the LG SmartThinQ mobile app to the latest version (1.9.23) through Google Play Store, Apple App Store or the LG SmartThinQ settings.

Please do not hesitate to contact The Computer Guyz at our Cape Town or Centurion branches and we will advise and assist wherever we possibly can. Keep in mind that there is no concrete way to prevent these threats, but we make every effort to ensure our clients are protected. Give us a call on 087 001 0511/2 or email contact@tcgcape.co.za

Comments

Popular Posts