![\"20160225](\"https:\/\/images.techhive.com\/images\/article\/2016\/02\/20160225-stock-mwc-ericsson-booth-security-locks-100647686-large.jpg\")
The world of security is getting super weird. And the solutions may be even weirder than the threats.<\/p>\nEl a\u00f1o que viene, nuestros tel\u00e9fonos y computadoras ser\u00e1n la base para una carrera de armamentos entre extra\u00f1as amenazas nuevas y extra\u00f1as innovaciones en ciberseguridad.<\/p>\n
The world of security is getting super weird. And the solutions may be even weirder than the threats.<\/p>\n
I\u00a0told you last week<\/a>\u00a0that some of the biggest companies in technology have been caught deliberately introducing potential vulnerabilities into mobile operating systems and making no effort to inform users.<\/p>\n One of those was introduced into Android by Google. In that case, Android had been caught transmitting location data that didn\u2019t require the GPS system in a phone, or even an installed SIM card. Google claimed that it never stored or used the data, and it later ended the practice.<\/p>\n Tracking is a real problem for mobile apps, and this problem is underappreciated in considerations around BYOD policies.<\/p>\n Yale University Law School\u2019s Privacy Lab and the France-based nonprofit Exodus Privacy have\u00a0documented<\/a>\u00a0that more than 75% of the more than 300 Android apps they looked at contained trackers of one kind or another, which mostly exist for advertising, behavioral analytics or location tracking.<\/p>\n Most of that location tracking relies on accessing GPS information, which requires user opt-in. But now, researchers at Princeton University\u00a0have demonstrated<\/a>\u00a0a potential privacy breach by creating an app called PinMe, which harvests location information on a smartphone without using GPS information.<\/p>\n In general, our belief that turning off the location feature of phones protected us from location snoops has been invalidated.<\/p>\n In fact, many of our assumptions around security are being challenged by new facts. Take two-factor authentication, for example.<\/p>\n A report last month by Javelin Strategy & Research\u00a0claimed<\/a>\u00a0that current applications of multi-factor authentication are \u201cbeing undermined.\u201d Two- or multi-factor authentication is also underutilized by enterprises, with just over one-third using \u201ctwo or more factors to secure access to their data and systems.\u201d<\/p>\n So we can\u2019t trust two-factor authentication like we used to, and even if we could it\u2019s wildly underutilized.<\/p>\n But surely we can trust Apple devices, right? Apple has a sterling reputation for strong security. Or, I should say, \u201chad\u201d such a reputation.<\/p>\n Apple apologized and issued a patch this week for a\u00a0major security flaw<\/a>that enabled anyone with physical access to an Apple computer running macOS High Sierra to gain full access without even using a password (by simply using \u201croot\u201d as the username<\/a>).<\/p>\n Apple fixed the flaw. But the fact that it existed at all is new and weird and challenges our beliefs about Apple\u2019s security cred.<\/p>\n Apple\u2019s new Face ID authentication has been\u00a0defeated by researchers<\/a>, and some security experts\u00a0refuse to use it<\/a>. The methods for overcoming Face ID range from simply finding someone who looks similar to creating a realistic mask to fool it. Cybercriminals are going to be building and wearing masks, apparently.<\/p>\n