Fortnite fans, beware – that Android app might be too good to be true

25 Jun 2018

Person playing Fortnite. Image: Lenscap Photography/Shutterstock

With the cultural phenomenon that is Fortnite set to hit Android soon, players caught up in the hype are being snared by fake apps infecting their devices with malware.

The big talking point this week in the world of infosec concerned the increasingly popular Google Home device.

Now officially launched in Ireland, the device drew criticism from security experts for a bug that leaked the device’s location to an accuracy of just a few metres.

Security researcher at Tripwire, Craig Young, found an authentication weakness that leaks user location data in both the Google Home and Chromecast devices. He said the attack works by requesting a list of nearby wireless networks from the Google device and then sending that list to Google’s geolocation directory services.

Meanwhile, on the cybersecurity jobs front, 100 roles were announced for Cork at Forcepoint as part of an investment running across three years, with the bulk of the new roles in cloud and endpoint software engineering to be created during the first year of operations.

Eager Fortnite players snared by fake apps on Google Play Store

Echoing stories prior to the launch of the Pokémon Go app on mobile devices, the upcoming launch of Fortnite on Android is seeing some players letting their guard down and downloading apps they think is an early version of the game.

The only problem is, as Malwarebytes has pointed out, nearly all of these apps are created by scammers looking to take advantage of the hype surrounding the runaway gaming success.

With security on the Google Play Store increasing of late, people are falling for claims on YouTube that links included in the description are ones for the actual Fortnite game. The reality, of course, is that they are not linking to the Play Store and are actually malicious files, going so far as to include some realistic app icons and even the Epic Games logo.

Through there, it asks for verification to prove “you’r [sic] not a bot” and subsequently promising you a way to unlock the game by downloading another app. The obvious advice to anyone is to stay away from such bogus apps until the game officially launches.

Flightradar24 on the end of a data breach

One of the nerdier and enjoyable pursuits on the internet is Flightradar24, a service that lets you track what aircraft are flying the skies in real time.

The company behind the service has now confirmed it was the victim of a data breach that affected one of its servers, according to The Register.

Users registered prior to 16 March 2016 were notified of the breach via email and that hackers may have access to their email addresses and hashes associated with their accounts.

The company said on its forum: “The security breach was limited to one server and it was promptly shut down once the intrusion attempt had been ascertained. An email has been sent to users with affected accounts.

“Please note that no payment information has been compromised. Flightradar24 neither handles nor stores payment information.”

In accordance with GDPR, the Swedish-based company informed its national data protection authority about the incident.

Younger people are responsible for the most workplace breaches

The stereotype that older people are less familiar with technology and therefore more liable to cause a data breach appear to have been proven wrong based on findings in a new survey conducted for Centrify by Censuswide.

The study sought the views of 1,000 workers aged between 18 and 24, and 500 decision-makers in UK organisations, to find how security, privacy and online behaviour at work impacts the lives of younger employees and the companies that they work for.

While password-sharing tops the list (56pc) as to what keeps decision-makers awake at night, 29pc of younger workers revealed they are in charge when it comes to password changes, with their employers leaving it to them to decide when they need one.

Furthermore, 15pc of them admit to freely sharing passwords with colleagues, and when asked about how social media activity use might affect their employer, 18pc freely admit that their posts could compromise employers’ security and privacy policies.

“While it’s clear that employers are concerned about this new generation entering the workforce – and see them as a potential risk to both the business and brand – these same companies are perhaps guilty of not putting in place the right security processes, policies and technologies,” said Centrify’s CTO of EMEA, Barry Scott.

Person playing Fortnite. Image: Lenscap Photography/Shutterstock

Colm Gorey was a senior journalist with Silicon Republic