Story 2016-07-30

Pregnancy-tracking app exposes sensitive personal information

in mobile on (#1NZKC)
Consumer Reports Labs tested Glow, a very popular menstrual cycle/fertility-tracking app, and found that the app's designers had made a number of fundamental errors in the security and privacy design of the app, which would make it easy for stalkers or griefers to take over the app, change users' passwords, spy on them, steal their identities, and access extremely intimate data about the millions of women and their partners who use the app.

According to Consumer Reports, "The ability to link accounts opened the way to the first vulnerability we found. It was a startling one. ... We discovered that as soon as a user sent the request to another user, their accounts were linked and the requesting user could see much of the other account's data— without the other account having to do anything.

The owner of the second account would receive an email saying that another user had made the request, but it didn’t matter if that email got stuck in a spam folder or was never opened. The second user did not have to acknowledge or accept the invitation. As long as second account wasn’t already linked with another one, the first person who requested linking of the account instantly gained access to the account's data.

Even worse, using the app-security software researchers were able to change any user’s password without knowing the old password. The request for the old password was just for show, like a door lock with the deadbolt missing. It gave the appearance of security, but it didn’t offer real protection against a malicious user.

AT&T raises data caps for U-Verse and GigaPower to 1TB per month

in mobile on (#1NZJ6)
AT&T announced on Friday that the company will be providing 1TB of data a month to U-Verse customers, at speeds up to 300 megabits per second starting August 21st. This should be enough data to stream more than 13 hours of HD video content per day.

AT&T will, however, charge customers if they go over their monthly allowance. For $10, customers can get an additional 50GB of data during the current billing cycle. According to the company, the maximum monthly overage charge is $100, which works out to 500GB of additional data. Customers will not be charged overage fees during the month they initially break through the data cap. In the following month, customers will receive warnings when they hit 65-percent, 90-percent, and 100-percent overages, but won’t see overage charges on their bill.

To bypass all this data limit mess, U-Verse customers without DirecTV or the U-Verse TV service can get unlimited data in the home for an additional $30 a month. Cheryl Choy, VP of data and voice products, said that these customers can switch to the unlimited plan anytime they want, even during the middle of a billing cycle.