
The government have launched their new NHS Track and Trace app, making use of the technology developed jointly by Google and Apple and deployed into modern handsets at the start of the outbreak.
Read moreIT Services Consultants for you and your business.
The government have launched their new NHS Track and Trace app, making use of the technology developed jointly by Google and Apple and deployed into modern handsets at the start of the outbreak.
Read moreYou can’t have helped but see the FaceApp images appearing on people’s social media, photos edited by AI to make them look older, younger or to swap genders.
You’ve probably also heard that the app is stealing your data in the background and uploading it to Russian servers.
We take a look at the app and dig into what it’s actually doing with your data.
FaceApp is available on Android and iPhone, the website is https://www.faceapp.com
Privacy policy is https://www.faceapp.com/privacy
FaceApp was first released in 2017.
The app is available as a free download, with limited functionality, and a pro version with more filters to use.
FaceApp uses AI to manipulate images, making the subject look older, younger, add a smile and so on.
A tweet from an app developer suggested that FaceApp was uploading massive quantities of photos from users phones without their permission, this was later quoted in an article on 9TO5Mac and other publications, unfortunately they didn’t actually check if the facts were true.
So just to help clear things up, the app is NOT stealing your data, well not in any way that Apple and Google are already doing.
The app will upload images to their servers, but only the ones you send for the AI to edit. No background uploading takes place, and only the individual photos you select are sent.
Using cloud servers to process the images will help keep the app size down, increase the speed of the image AI processing and helps keep their AI technology away from prying eyes.
The servers your photos are sent to appear to be based in America, although the company that makes FaceApp is based in Russia. This is not uncommon, as server costs and reliability in America are likely to be better than Russian based server.
The company states that most photos are removed from their servers after 48 hours. Like many other companies, they have a term that states any images sent to their servers may be used by them, royalty-free. Some may find it worrying that their photos might be used to promote this app, but this is not an unusual term in such situations. Twitter has similar terms in their usage T&C’s for example.
It’s likely that the images you send for processing are being used to help improve the AI technology used. Some have suggested this could be used to improve facial recognition algorithms, but In a statement to the BBC the firm’s chief executive, Yaroslav Goncharov, said “No, we don’t use photos for facial recognition training, Only for editing pictures.”
A French security researcher looked into what the app did when you used it, the technical details can be read in his twitter thread here: https://twitter.com/fs0c131y/status/1151270788357603328
There’s an article on the BBC News website where they test the app using some well known celebrities, such as Arnold Schwarzenegger, Morgan Freeman and Sir Ian McKellen – you can judge for yourself the quality of the results.
Two vulnerabilities have been identified and made public that exploit the flaws identified in Intel processors. Read more
Intel have announced a flaw in their processors that will effect millions of computers running Intel chips from over the past decade, on Windows, Linux and MacOS computers. Read more
Apple’s latest OS for Mac has been shipped with a major security hole that renders it venerable to access by anyone at the console, including access to your supposedly secure passwords in the Keychain. Read more
Back in the 1970’s a ‘neat little self-replicating automata’ was released on the ARPANET (the predecessor of today’s internet) that was called “the creeper“. Not a virus in the way we think of them today, it was more of a test of code and concept, the only ‘payload’ was a line of code reading “I’m the creeper: catch me if you can”. In the following years, code would be written that became the basis of several types of virus; Worms, Trojan, Boot Sector and Malware.
The early viruses were intended to test concepts or as jokes and went out of their way to protect users data. In the late 1980’s that changed, IBM wrote a program to detect the first encrypted virus and clean an infected system, but didn’t release that to the public until a second version of the virus began to spread on the BBS systems of the day. And so began the battle between the virus writers and the anti-virus writers.
Jump to today and we have many different types of computer virus and many many different viruses in each type. Viruses have become big business for criminals, with nearly all viruses designed to generate income for the coder or their superiors. The latest ransomware viruses can generate large payouts by infecting many smaller users, this is a better business model than infecting a smaller number of large companies and helps keep the virus out of the media and so out of public attention.
Microsoft Windows was the most popular operating system in the 1990’s and as a result it became the biggest target for virus writers. This spawned the urban myth that only Windows based computers could get viruses, but that’s not the case.
The first ‘wild’ virus to spread was purely an Apple-based virus. Apple and Linux based computers have seen a recent rise in the number of viruses intended to infect them. The same goes for mobile phones and devices, Android, Apple’s iPhone and even the old Nokia phones and Windows Mobile are all susceptible to virus infection.
The rise of IoT devices, like smart TV’s, fridges, thermostats and so on have not gone unnoticed. Several recent ‘botnets’ have been shown to be comprised of a large number of infected smart home devices. Hackers have exploited the often poor security on smart devices, and the fact that many don’t get post-sales software updates to take control of them. Often the hackers are after the processing power for attacking other networks or running malware that won’t immediately be noticed by the device owner, though there have been instances of devices being specifically targeted to spy on users, making use of cameras and listening devices.
As an individual you may think that you’re too small to have to worry about antivirus, wrong. It’s a lot easier for virus writer to target a large number of small unprotected users than it is for them to target fewer, better protected companies.
Home users need to consider all the devices on their home network, from computers to smart devices like lights and speakers. These devices are all potential targets. It’s sensible to protect your home network at the point of entry (your broadband) and then further protect devices that can go outside your home network (smartphones, tablets etc) as well as devices that hold particularly valuable information, such as banking information, passwords for any internet accounts, and your photos.
As a company, you should be using a multi-layered security plan with a reputable antivirus application as a part of that plan. You should never use just a single product or technology, as no one product can guarantee 100% virus detection.
A company should look at perimeter and internal security, preventing hackers getting in from the internet and stopping any devices that become infected away from your network bypassing that security.
Data security is essential, both backing up and encrypting the information. Under data security laws you are required to protect any information that could identify an individual (a customer, employee or supplier for example)
We can design and implement a security solution that suits you or your businesses needs. We can help protect all your IT assets regardless of where they are and how they are used. We can assess your existing data security and give you a report identifying good and bad practices.
It seems like only yesterday we were all being told about the Heartbleed vulnerability in OpenSSL, and how to avoid affected sites until they had been fixed, then there was the Shellshock or Bashdoor vulnerability that meant the servers running your favourite websites were being broken into, you may even have heard of the Poodle attack that could allow an attacker to break into your SSL 3 connection, and now Freak, exploring another SSL vulnerability, albeit one that this time was practically imposed on you. Read more