Page 24 - AT

P. 24

A24 technology
Tuesday 24 december 2019
Report: Popular UAE chat app ToTok a government spy tool

NEW YORK (AP) — A chat As with many apps, ToTok
app that quickly became requests location informa-
popular in the United Arab tion, purportedly to pro-
Emirates for communicat- vide accurate weather
ing with friends and fam- forecasts, according to the
ily is actually a spying tool Times. It also requests ac-
used by the government to cess to a phone's contacts,
track its users, according to supposedly to help users
a newspaper report. connect with friends. The
The government uses ToTok app also has access to mi-
to track conversations, lo- crophones, cameras, cal-
cations, images and other endar and other data.
data of those who install A security expert who said
the app on their phones, he analyzed the app for
The New York Times re- the Times, Patrick Wardle,
ported, citing U.S. officials said that ToTok "does what
familiar with a classified in- it claims to do" as a com-
telligence assessment and munications app, which is
the newspaper's own inves- the "genius" of the app if it
tigation. is being used as a spy tool.
The Emirates has long "No exploits, no backdoors,
blocked Apple's FaceTime, no malware," he wrote
Facebook's WhatsApp and in a blog post. The app is
other calling apps. able to gain insights on us-
Emirati media has been In this Oct. 27, 2013 file photo, a worker looks at his mobile phone at the newly opened Al Mak- ers through common func-
playing up ToTok as an al- toum International Airport in Dubai, United Arab Emirates. tions.
ternative for expatriates Associated Press In a blog post Monday,
living in the country to call ToTok did not respond di-
home to their loved ones sheikhdoms on the Arabian ists and others. as a way to give the gov- rectly to Sunday's Times re-
for free. Peninsula. Zero days exploits can be ernment free access to port, but said that with "ref-
The Times says ToTok is a Government surveillance in expensive to obtain on the personal information, as erence to the rumors circu-
few months old and has the Emirates is prolific, and black market because they millions of users are willingly lated today about ToTok,"
been downloaded millions the Emirates long has been represent software vulner- downloading and installing the one goal of the app's
of times, with most of its us- suspected of using so- abilities for which fixes have the app on their phones creators was to create a
ers in the Emirates, a U.S.- called "zero day" exploits to yet to be developed. and blindly giving permis- reliable, easy-to-use com-
allied federation of seven target human rights activ- The Times described ToTok sion to enable features. munications platform. q

Researcher: Data on 267 million Facebook users exposed

By FRANK BAJAK "scraped" it from public users without their knowl-
AP Technology Writer Facebook pages or by edge or consent.
A Ukrainian security re- somehow obtaining privi- Diachenko said he had
searcher reported find- leged access to the ser- not determined when the
ing a database with the vice. Scraping is automat- data was collected. He
names, phone numbers ed data-harvesting done said all the records had
and unique user IDs of by bots. A small fraction time stamps from January
more than 267 million of the database include to June 2019 but that it was
Facebook users — nearly details on Vietnam-based unclear who generated
all U.S.-based — on the users. them. Security experts say
open internet. That data Diachenko said he did not the affected Facebook
was likely harvested by share the database with users are at higher risk of
criminals, said researcher Facebook, which did not being targeted by spam,
Bob Diachenko, an inde- directly confirm the finding. password-stealing phishing
pendent security consul- In a statement, the social attacks and identity theft
tant in Kyiv. In this Aug. 11, 2019, file photo an iPhone displays a Facebook network said it was inves- attempts. The information
The database, which page in New Orleans. tigating the issue and that can be cross-referenced
Diachenko discovered Associated Press the finding "likely" involved with physical and email
with a search engine, was information obtained be- addresses and other data
freely accessible online for covered it so it may have The researcher provided fore Facebook took un- obtained in other data
at least 10 days beginning been shared among on- the AP with a 10-record specified data-protection breaches. Facebook user
Dec. 4, he said. He noti- line thieves. sample from the database measures in recent years. IDs are unique numbers
fied the internet provider He first reported the find- and the IDs — and two In 2018, the social media gi- associated with individual
where it was hosted when ing Thursday in partnership phone numbers that were ant disabled a feature that accounts.
he found it on Dec. 14; five with the U.K. tech news answered — checked out allowed users to search In September, the news site
days later it was no longer website Comparitech, against real Facebook us- for one another via phone TechCrunch reported that
available. which editor Paul Bischoff ers. number following revela- Facebook IDs and phone
Diachenko said someone said has been helping write The evidence suggests the tions that the political firm numbers for more than 400
downloaded the data- up Diachenko's discoveries data was collected illegal- Cambridge Analytica had million users were similarly
base to a hacker forum of unsecured databases ly, most likely by criminals accessed information on found exposed online by a
two days before he dis- for about a year. in Vietnam who may have up to 87 million Facebook researcher.q

19 20 21 22 23 24 25 26 27 28 29