Saturday, December 2, 2023

AccuWeather found Sending User Location Details Even if Location Sharing Turned Off

Security researcher Will Strafach identified that famous Weather App AccuWeather sending geolocation data to third party data mining firm.

He intercepted the traffic with the latest version of AccuWeather from his iPhone and it appears Wi-Fi router name and its unique MAC address to the servers of data monetization even if the App not permitted for sharing location OR even when the user has switched off location sharing.

Also Read Israeli company that can hack any iPhone

If you don’t provide permission to access GPS information, still it can manage to send your Wi-Fi router name and BSSID to Revealmobile, and they have access to less precise location data relating to your device’s whereabouts says Strafach.

At the point when the location is empowered, it sends the down-to-the-meter exact directions of the client, including pace and latitude, back to the data mining firm.Says ZDNet.

ZDNet finds that data mining firm isn’t an immediate publicizer however instead helps give data to advertisers.Reveal in a brochure says that it turns the location data commencing of these apps into what it claims to be “meaningful audience knowledge.”

Also read  Unlock iPhone with Siri – Without password

Reveal has stated that the SDK could be misconstrued, and they assure that no reverse engineering of locations was ever conducted by any information they gathered, nor was that the intent.

“In the future, AccuWeather plans to use data through Reveal Mobile for audience segmentation and analysis, to build a greater audience understanding and create more contextually relevant and helpful experiences for users and for advertisers,” said David Mitchell, AccuWeather’s executive vice president of emerging platforms, on the call with ZDNet.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles