Skip to main content

Consumer Reports Finds Serious Security Flaws In Fertility App Glow

By

The fertility-tracking app Glow collects detailed information about users’ bodies and sex lives, and one thing that may not occur to users is the possibility that their data could be compromised. No, not just if someone swiped their phone or broke into their account: our colleagues down the hall at Consumer Reports discovered some serious security flaws in the app, which Glow has now fixed.

People who are very interested in privacy and technology and users of Glow will want to read the whole rundown of what was wrong and how the team discovered it, but here’s a basic overview of the three security problems, which have now been fixed.

Open invitation: Women using the app to avoid or achieve pregnancy might find it useful to let their partners in to view their accounts. The problem with this is that Glow made it a little too easy to connect accounts: a malicious user could add him- or herself to an account without the woman granting them permission to do so, and have access to some very personal data without her even knowing.

TMI on the forums: Posts on the app’s forums had more data embedded in them than displayed to users, which included the user’s full name, birthdate, e-mail address, location, and some recent information from her health log.

Consumer Reports was easily able to access this information using a computer as a wireless access point, meaning that any malicious person who sets up a WiFi hotspot to gobble up unwitting users’ data could scoop up this data, which is enough to commit identity theft or harassment.

Changing a user’s password: If someone wants to seize control of another person’s fertility-tracking account, it’s easy to do: a malicious password-changer simply has to take the code generated when changing the password on a dummy account, then fill in the target’s details.

While the site asks for an account’s old password when sending in an honest password change request, you don’t actually need that old password to change the new ones. It would be possible to easily change passwords for multiple users this way.

Glow users should have received a notification telling them to update the app and change their passwords, and to unlink their account from any partner accounts that are connected, then reconnect them.

A company representative told Consumer Reports that it doesn’t know of any data or accounts that were compromised in this way, and Glow didn’t know about it until Consumer Reports alerted it to the problem.

Just keep this in mind: what are you typing into your favorite apps, and how do you know that it’s secure?

Glow Pregnancy App Exposed Women to Privacy Threats, Consumer Reports Finds [Consumer Reports]


by Laura Northrup via Consumerist

Comments

Post a Comment

Popular posts from this blog

Chrysler Deletes Its Dating Apps, Decides To Remain Single For Now

By
They say you can’t have a healthy relationship until you’re happy with yourself. That appears to be the new mantra for Fiat Chrysler: After several attempts to woo General Motors and more recently Volkswagen , the carmaker’s top executive says he plans to ditch his lovelorn ways to concentrate on his company’s bottom line.  Bloomberg reports that CEO Sergio Marchionne has turned his focus to eliminating FCA’s debt rather than eliminating its single status. Marchionne has set a goal of erasing FCA’s debt by 2019, the same year he’s set to retire. To do that, he says the company needs to do a little work on itself. “We need to be very careful that we don’t start unrealistic dreams about consolidation as we are on our way to achieve historically important results and a debt-free position,” Marchionne told investors at the carmaker’s annual meeting in Amsterdam, as reported by Bloomberg. “We are not at a point of time to discuss any alliance.” Yes, you heard that right: The man w...
Post a Comment
Read more

Study Claims 43% Of “Wild” Salmon In Stores & Restaurants Isn’t Wild At All

By
That wild salmon entrée calling to you from the menu at dinner might not be all it’s advertised. In fact a new study released Wednesday found evidence of mislabeling in nearly half of all salmon sold in restaurants and grocery stores.  The study [ PDF ] from international environmental advocacy group, Oceana, analyzed 82 salmon samples from restaurants and grocery stores, finding that 43% of the products were mislabeled. DNA testing confirmed that 69% of the mislabeled product consisted of farmed Atlantic salmon being sold as wild-caught product. According to the report, consumers satisfying their salmon craving in restaurants are misled about 67% of the time, while those who buy their seafood in a grocery store are misled 20% of the time. “Americans might love salmon, but as our study reveals, they may be falling victim to a bait and switch,” Beth Lowell, senior campaign director at Oceana, said . “When consumers opt for wild-caught U.S. salmon, they don’t expect to get a far...
Post a Comment
Read more

Introduction to Biology (IX Biology Notes Chapter 01)

By
Science: Our universe operates under certain principles. For understanding of these principles, the experiments are done and observations are made; on the basis of which logical conclusions are drawn. Such a study is called "Science". In brief science is the knowledge based on experiments and observations. Biology: The Scientific study of living organisms is called Biology. The word biology is derived from two Greek words "bios" meaning life and "logos" meaning thought, discourse, reasoning or study. It means that all aspects of life and every type of living organism are discussed in biology. Branches of Biology: Biology is divided into following branches: Morphology The study of form and structure of living organisms is called morphology. It can be further divided into following two parts: 1. The study of external parts of living organism is called external morphology. 2. The study of internal parts of living organism is calle...
Post a Comment
Read more