Android and iOS Versions of Superfish Apps Found to Have Device Tracking Capabilities

Posted on February 27, 2015 by .

Share and Enjoy:
Follow Me on Pinterest More More

The Superfish program and web browser add-on has caused some major concerns for computer users as it has been identified to contain code that can track users on the mobile versions of the application.

Superfish was ousted recently as a malicious program for computers and mobile devices. Lenovo, one of the largest producers of personal computers, made the mistake of bundling the Superfish program with several of their new laptop computers shipped out between September 2014 and December 2014. Since the discovery of Superfish’s malicious actions of exploiting security certificates leading to attackers infiltrating personal data transmitted over the internet, mobile versions of Superfish were found to be just as dangerous.

Superfish in its mobile version for Android and iOS devices was found to have code that poses a risk by the Superfish root certificate allowing attackers to track users and gather transmitted data.

The Superfish app was originally designed to help users shop for furniture or items by taking pictures of desirables and uploading it so Superfish’s servers can identify the image. Computer security researchers have identified recent versions of Superfish to be quite the malicious program in its ability to disrupt security certificates and now expose mobile devices’ unique ID through EXIF data available in photos taken by the device.

There has been much of a debate about the tracking of cell phones and mobile devices over many years. Furthermore, malware programs designed for mobile devices have become extremely sophisticated to the point that tracking a device and data that it may transmit over the internet and networks is a commonplace event for advanced hackers. Through the use of the Superfish mobile app on Android and iOS devices, it seems information on those devices may be pulled and later sold or used by other hackers and cybercrooks.

Deep in the code of the Superfish app on the Android OS and within Superfish’s LikeThat feature on iOS devices, the malicious program may reveal Mac address, CPU frequency, display type and free space to others who are in tuned to collecting Superfish’s stolen information.

The tracking of a device using Superfish may also be another aspect that hackers can determine. Though it has not been fully explored or verified, Superfish could still be a basis for pulling information from mobile devices. Through GPS positioning abilities found in Superfish’s code, iOS devices that have location services enabled could allow others to track the device. On Android versions, the tracking features may not be fully active. However, the transmitting of a user’s position is present within their SFLocatioAPI class, which is another avenue that sneaky hackers could exploit.

In any instance of Superfish being found on a device of any kind, it should be removed. Use of Superfish could make a mobile device vulnerable to many issues, including being tracked or other data compromised.

Popularity: 15%


Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word