Why You Should Be Skeptical of Security Apps in the Cloud
The “Cloud” for most people has become an integral part of our daily lives. It’s everywhere, yet many people couldn’t tell you what the cloud really is if you asked them. It’s just there.
In a nutshell, the cloud could be defined as “an internet server you don’t own, yet hosts your data”. All this means is you’re using Software As a Service (SAAS), and someone else has developed the application, hosts it on their server, and you use it, or maybe even pay for it via subscription (like Ring or Canary).
Yet all too often, when we really closely inspect these services or applications we tend to find flaws, or sometimes downright intentional abuse, that leads to exposing more of our personal data than we would like. In the case of many apps for home or personal use, we can choose to accept some loss of privacy in exchange for the free or bundled software and storage. However, in the business world this is rarely tolerated, and in some cases it’s against the law.
For a fantastic example of this abuse, the Electronic Frontier Foundation has published an excellent article about Ring and its application that exposes multiple abuses of privacy. The biggest takeaway from the article for us was that Ring appears to be using pinned certificates in a way that prevented data security experts from analyzing encrypted traffic generated from the application itself. Now imagine an app from a state sponsored corporate entity like Huawei sending images, stored files, GPS data, voice recordings, or video from your phone or tablet to some server in another country. See how big the risk is?
Click the link below to read the full article, but this summary puts it best:
“Ring claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system.”
Posted in: Company NewsLeave a Comment (0) →