OLED panel glut looms as Apple slashes iPhone X production
Neptune's mysterious storm shrinking out of existence
NASA to Send Million-Year-Old Rock Back To Mars
View Image for Google Images extension for Firefox and Chrome
Privacy: Popular ai.type keyboard leaks personal details of 31 million users
07 December 2017, 07:17 | Lucia Cruz
Millions caught in virtual keyboard app data breach
On Tuesday security shop Kromtech released details on a MongoDB database it found unsecured online containing 577GB of data collected by predictive keyboard app AI.type from its over 31 million users. These apps are installed over 1.5 million times per month, Ai.Type boasts on its website.
As well as email addresses, the data also includes full names, exact locations, SIM card numbers and unique IMEI and IMSI numbers and also details of mobile network providers and which version of Android is being used.
While the database discovered to be leaking information collected by AI.type has been secured, the app itself is still collecting the same data.
"Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?"
Bob Diachenko from the Kromtech Security Centre, a part of security company Mackeeper, highlighted the data access asked by the app at the time of installation was "shocking".
For now, the possibility that anyone who download the keyboard apps had all of their phone data exposed publicly online is a "logical" thought, adds Kromtech's Diachenko.
Kromtech said it found no signs that malicious actors ever accessed the exposed files, but hackers have been on the hunt for vulnerable MongoDB databases, wiping them, and demanding a ransom.
Pope urges respect for Jerusalem status quo
It quickly annexed it, declaring the whole of the city as its capital in a move which has not been recognised internationally. Pope Francis called on President Donald Trump to respect the "status quo" and not move the USA embassy to Jerusalem.
"This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user", he rightly pointed out.
However the boss of Ai.Type, whilst he admitted the breach, said that most of the data was not sensitive.
Reports suggest that the data in question, which has been verified by ZDNet, includes full names and email addresses of Ai.type users, as well as dates showing when the cross-platform app was installed. User data from a folder titled "old database' that contained 753,456 records too said to be available online". Except with the wide-ranging permissions keyboards have on Android, including the option to read text messages, view photos and videos and even record audio, combined with the fact that it didn't store user data in a secure storage, you have to wonder just how accurate that is.
Fitusi did confirm that the database has now been shut down and he reportedly said he was "confident" about the company's security. Users of the app may want to think twice about typing any sensitive information while using the app, as it is likely to be sucked up and stored in a server.
Mark James, security specialist at ESET, said the start-up's collection of such a wide range of data was unacceptable.
"Sadly your only choice is do you or don't you want to install it; if the answer is yes then you have accept all the conditions often without realising exactly what it entails; in this case, the amount of data being sent to an unknown uncontrollable server is staggering".
For reasons now unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures. "The database was not configured correctly and thus enabled full access from the internet to all the data being held, making it essentially free for all access", he added.
New contract for Roger Goodell has been signed
All 32 owners unanimously granted the Compensation Committee permission in May to negotiate an extension with Goodell. Goodell has earned more than $200 million since he was elected National Football League commissioner in 2006.
UCLA coach Alford surprised by LiAngelo Ball leaving school
It's about what I can control. "If you're looking for one word, maybe it's surprised because it's nothing that we saw coming". In the tweet, Trump criticized Ball as being ungrateful of what he did for his son and the two other freshmen.
Artist Lubaina Himid wins 2017 Turner Prize
The jury also acknowledged her role as an influential curator and educator who continues to speak urgently to the moment. The jury admired Himid's expansive and exuberant approach to painting which combines satire and a sense of theatre.
Eminem 'Revival' Features Ed Sheeran, Beyonce, Pink
He made a huge impact when he gutted President Trump during the BET Hip-Hop Awards in his freestyle a capella number "The Storm". The band's also featured on the song "Wicked Ways", which appears on the deluxe version of 2013's The Marshall Mathers LP 2 .
Yemen rebels disperse protests demanding slain leader's body
Residents reported heavy bombing, and a United Nations official said at least 25 airstrikes hit the city over the past 24 hours. In a televised speech, Yemeni President Abd-Rabbu Mansour Hadi called on Yemenis to rise up against the Iran-aligned Houthis.