Do you have a flashlight app on your smart phone? This person says you're screwed if you do.

Thanks, Bob.

Has this guy been vetted... telling the truth?

It seems that the Apple Store and Google Play Store would not allow these things to be downloaded, once the truth got out.

A level 5 (big kahuna) guy at Apple's help forum says:

Apple provides a flashlight app in ios 7.x. Scroll up from the bottom of the screen tap the flashlight.

The design of ios prevents apps from getting to data in other apps.  It's called sand boxing.

I seem to recall reports that flash light like apps are tracking, displaying ads, and not acting nice.  However with sand boxing provided by ios, no app can trash your ipad nor get data from another app.  Look at your permission to see what you allowed. Delete all the non-Apple flashlight apps.

Robert

---

---

Again, Robert says:

I suggest you use the built in flashlight app.  Delete the others.

I think the page is trying to link the iPad to other devices.  Tells lots of problems with Android devices to get you worried.

Here what the link says.

"What about Apple iPhone and iPad or Microsoft WindowsPhone flashlight apps?

The flashlight app pre-installed on the Apple iPhone appears to be safe.

However in both the iTunes store and on the Windows Phone app store, 3rd party flashlight apps access various hardware ports. The ports they access while they are running includes Webcam, Location Services, using your GPS and other coarse location based internet. In addition, they use your internet connection.

The good news is that on these two operating systems apps like this cannot hide in the background.
The bad news is when you run downloaded Flashlight Apps on these two platforms, they are still building up a profile on users including your location, and are able to send and receive information over the internet – totally unnecessary for a flashlight."

You have to allow the app access to gps.

I never got around to installing a flashlight app on my latest phone. No need to cause the 6" home screen is bright enough to substitute for a flashlight app.

And it is dangerous to click on online ads now. Here is a good article that will make you want to never click on an online ad again.

The article at CNN

A snippet from the article:

Quote :

"Malvertising" has hit Amazon (AMZN, Tech30), Answers.com, Dictionary.com, Examiner.com, The Jerusalem Post, Last.fm, The Pirate Bay, The Times of Israel, Yahoo (YHOO, Tech30) and YouTube this year.

And it's blowing up. The number of malicious ads has nearly doubled every year since 2011, according to data from security firm RiskIQ. Its researchers have discovered 432,374 of them so far this year.

Bash bug could be worse than Heartbleed': 'Catastrophic' flaw may threaten the security of millions of internet-connected devices
Bug poses a threat to devices using Unix-based operating systems
It includes Linux used in many devices such as cars and cameras
It can also affect Android, Windows, IBM and Apple Mac OS X machines
Bug, also called 'Shellshock', may let hackers take control of devices
Solution is to update every vulnerable device with a software patch
Some patches have already been released, but are still 'incomplete'
By ELLIE ZOLFAGHARIFARD and VICTORIA WOOLLASTON FOR MAILONLINE
PUBLISHED: 09:23 EST, 25 September 2014 | UPDATED: 11:39 EST, 25 September 2014

556
shares
134
View comments
Warnings have been issued about a 'catastrophic' security flaw affecting one of the most important interfaces powering the web.
Known as the 'Bash' bug, the flaw could be 'bigger than Heartbleed' which put every computer user at risk earlier this year.
Experts claim the bug may pose a serious threat to computers using Unix-based operating systems including Linux and Apple's Mac OS X - and in turn, could spread to all internet-connected devices.
Errata security researcher Robert Graham tweeted (pictured) an example of how the bug can be exploited, and how code can be added, to websites on Macs running OSX. He warned that Bash is 'probably a bigger deal than Heartbleed' because it could threaten the security of millions of websites
+3
Errata security researcher Robert Graham tweeted (pictured) an example of how the bug can be exploited, and how code can be added, to websites on Macs running OSX. He warned that Bash is 'probably a bigger deal than Heartbleed' because it could threaten the security of millions of websites
HOW WILL YOU BE AFFECTED?
The bug makes all Apple Mac computers, around half of all websites and most internet connected home appliances vulnerable.
The danger is that it can run in the background, without a user ever knowing. And once it does, a hacker will be able to take control of your device.
For instance, the bug could be used to read or send emails, copy banking data, turn on a webcam or listen in on a computer's microphone.
Essentially, this means if your computer will do something without asking for a password, then someone using the bug can also do the same.
Anyone using these devices will need to include a 'patch' update to the software as soon as it is released. As well as computers, the public is being warned they may need to update their internet-connected devices, such as smart locks, separately.
Bash is the software used to control the command prompt on many Unix computers, and the bug can exploit it to take complete control of a system.
Linux is used in everything from cars to cameras, as well as the Raspberry Pi, and the bug could also affect Android, Windows and IBM machines.
‘The impact is very severe, it’s not overstating it to say it’s a more serious bug than Heartbleed,’ Professor Tim Watson, Director of the Cyber at Warwick University told MailOnline.
‘The primary way this is going to be exploited is through the web… a hacker can use the bug to put malicious things on the website or to steal information, like banking details.’
The bug, which also goes by the name 'Shellshock', could potentially allow hackers to gain access to every internet-enabled device in a person's home using something as innocuous as a smart lightbulb.
The danger with this, in particular, is that once it has access to an internet-connected device it can jump onto others. This includes smart locks that open front doors.
RELATED ARTICLES


Read more: http://www.dailymail.co.uk/sciencetech/article-2769514/Bash-bug-worse-Heartbleed-Catastrophic-flaw-threaten-security-millions-internet-connected-devices.html#ixzz3GMHLagk4
Follow us: @MailOnline on Twitter | DailyMail on Facebook

Bash stands for Bourne Again Shell. It is what's called a command-line shell that lets users control software programs and features. Commands are sent to these programs by typing text into a particular area of code. This code is typically restricted to programmers, but the Bash bug leaves it open to attack from anyone
Bash does not require users to rush change their passwords, but it does provide another way for hackers to take control of computers and devices.
'The method of exploiting this issue is also far simpler. You can just cut and paste a line of code and get good results,' according to Dan Guido, chief executive of a cybersecurity firm Trail of Bits.
Its potential to disrupt Apple Mac computers, which uses the Bash software, is of particular concern, experts warned.
WHAT IS THE BASH BUG AND HOW DOES IT WORK?
Bash stands for Bourne Again Shell. It is what's called a command-line shell that lets users control software programs and features.
Commands are sent to these programs by typing text into a particular area of code.
This area is typically restricted to programmers and website owners, but the Bash bug leaves it open to attack from anyone.
For example, Mac OS X users can run it by from their Terminal, as can people running devices on the Linux operating system.
Windows is not affected in the same way, but if a hacker exploits malicious code through the flaw, they could gain access to any device, in theory, including PCs.
The bug is said to have existed for 25 years, and was discovered by Linux expert Stéphane Chazelas.
As an example, the Apache web server runs Bash in the background to carry out tasks, including processing personal data entered into online form.
A hacker who exploits Bash could send a request for the information, and then add malicious code to the server to send the user to other sites, or to install a virus on their computer.
Once the hacker has access, they could launch an attack on every visitor that users the site - and users could be none the wiser.
According to experts, there haven't been any reports of real-word attacks, but that doesn't mean they won't ever be affected, nor does it mean they haven't happened in the past, without being detected.
Reports are suggesting Apple has patched the flaw that explicitly affects the terminal on its Mac software, but the firm has not officially confirmed this.
The responsibility to fix the flaw lies with the website owners, meaning everyday users can't do anything to protect themselves.
Website owners, especially running on Linux-based servers, are being told to check and patch their systems immediately.
The Heartbleed flaw in Open SSL encryption affected millions of sites earlier this year. By comparison, Heartbleed only allowed hackers to spy on computers; not take control of them
The Heartbleed flaw in Open SSL encryption affected millions of sites earlier this year. By comparison, Heartbleed only allowed hackers to spy on computers; not take control of them
The only solution is to update every device that is vulnerable with a patch. And this can only be done by website or server owners.
Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, warned the bug was rated a '10' for severity, meaning it has maximum impact.
He also rated it 'low' for complexity of exploitation, meaning it is relatively easy for hackers to launch attacks.
'Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera,' Mr Beardsley said.
'Anybody with systems using Bash needs to deploy the patch immediately.'
‘While antivirus software and firewalls are the basic line of defence for most organisations, they’re not going to be able to stop the attackers getting in this way,’ said Ross Brewer, vice president at Log Rhythm.
US-CERT advised computer users to obtain operating systems updates from software makers.
It said that Linux providers including Red Hat had already prepared them, but it did not mention an update for OS X. Apple representatives could not be reached.
Tavis Ormandy, a Google security researcher, said via Twitter that the patches seemed 'incomplete.'
However, Mr Ormandy could not be reached to elaborate, but several security experts said a brief technical comment provided on Twitter raised concerns.


Read more: http://www.dailymail.co.uk/sciencetech/article-2769514/Bash-bug-worse-Heartbleed-Catastrophic-flaw-threaten-security-millions-internet-connected-devices.html#ixzz3GMINmWlJ
Follow us: @MailOnline on Twitter | DailyMail on Facebook

I had an app that checked for Heartbleed vulnerability when I visited websites. I had to email Pensacola Beach SRIA several times before they patched their server.

Maybe they'll come out with a tool like that for BASH.

Eric wrote:

Thanks, Bob.

Has this guy been vetted... telling the truth?

It seems that the Apple Store and Google Play Store would not allow these things to be downloaded, once the truth got out.

That was my first thought as well, E... seems as though we were on to something. From snopes:

Quote :

Quote :

Claim: Flashlight apps are secretly tracking users' data and sending the information to cybercriminals.

MIXTURE:
FALSE: Flashlight apps pose a higher risk to data security than other apps.

TRUE: One specific flashlight app was cited by the FTC for selling data to advertisers.
Examples: [Collected via e-mail, September 2014]

Is this one true or not? Flashlight apps are sending info off your cellphone to china, India, and Russia.

I just read an alarming warning about flashlight apps for android. As both I and my daughters have these apps, I was looking to see if this report is accurate.

Heard a gentleman talk about flashlight apps sending your information to foreign governments in China and Russia and India. Once installed they can spy on your activities. Is there any truth to this? It was on Fox News

Origins: On 1 October 2014, cybersecurity company Snoopwall released a "threat assessment report" discussing flashlight apps for Android devices and security threats they may pose. According to Snoopwall (who recommends using their flashlight instead of competitors' apps) the list of
permissions required by most flashlight apps is proof that the apps' makers are harvesting data and sending it abroad to cybercriminals.

A single flashlight app developer settled a complaint with the FTC over data collection policies in 2013. But the current anxiety over flashlight apps appears to have been prompted by the publicity surrounding the release of Snoopwalls' app rather than any specific breach of data security.

Flashlight apps are no riskier than any other app. Versions of Android verified by Google ensure that apps are pre-screened for malware, reducing the risk of malicious mobile software. No reports have surfaced indicating flashlight apps are sending user data to cybercriminals in any country. All third party apps (including flashlights) pose the risk of hidden malware if their developers are not on the up-and-up.

Last updated: 2 October 2014

http://www.snopes.com/computer/internet/flashlight.asp