WEST HAVEN — A University of New Haven (UNH) cyber forensics group has exposed a laundry list of security flaws in the Android smartphone platform that could affect as many as 968 million users.
UNH’s Cyber Forensics Research & Education Group (cFREG) exposed the security issues via five videos uploaded to its YouTube account (youtube.com/unhcfreg) in mid-September. The videos covered instances of security flaws, breaches of privacy and vulnerabilities in over a dozen chat, dating and social media apps on the Android platform including OKCupid, Instagram and Meet Me.
As demonstrated in the cFREG videos, the group tested the vulnerabilities on a Windows test network with an Android phone, allowing the group to monitor all sent and received traffic. Chats, photos and personal communications between two mobile devices were shown as being recorded and stored on the test network unencrypted, along with passwords and other private information. The companies behind each app involved in the trials have been contacted by cFREG about the group’s findings, which follow tests last spring that found security flaws in the WhatsApp text-messaging app.
cFREG was established in fall 2013 as part of UNH’s Department of Electrical and Computer Engineering and Computer Science to research digital forensics, security and privacy issues. The group includes students Daniel Walnycky of Orange, Jason Moore of Branford and Armindo Rodrigues of Bethel. cFREG encourages smartphone users to learn how to run their own security checks.