Tag Archives: Technology

Tips and tricks how to improve smartphone battery life

Although not all things were better in the past, mobile phone batteries definitely were. The classic Nokias and Samsungs, which you could use only to make calls, would easily last for up to two weeks in standby mode. Conversely, you’ll be lucky to get a full 24 hours of battery power from one of the latest smartphones. This is due to improved and more powerful components, countless additional functions, and of course the energy consumption of dozens of apps. That said, even the most heavily used smartphones can have a bit longer battery-life if you follow a few simple tricks.

Built-in ways to save some power
A few hours of battery life can be gained by using your phone’s onboard tools. For instance, your screen is an immense consumer of energy. The screensaver should be activated as soon as possible; 30 seconds of waiting time is usually enough. Both Android and iOS offer automatic brightness controls that you should limit to lower maximum levels. One trick in particular helps save power on modern OLED and AMOLED (organic-LED) screens, such as those used on the Samsung S5: Only active pixels consume power; black pixels do not. Background images with large black areas are less draining on the battery than a colorful, bright image – so choose your images wisely.

Control larger data updates manually
Next up for making a big difference are the interfaces to the outside world. Bluetooth, WiFi, and GPS consume a disproportionately high amount of power. If you don’t need to use the smartphone’s wireless connections, deactivate them. In most cases, it’s also possible to throttle the data-connection speed and save power in the process by using UMTS instead of LTE or 3G instead of UMTS. A reduced bandwidth is also more than fine if you’re just checking your emails occasionally. What’s more, push services like email and regularly staying in touch via the Internet really drain the battery. If you collect your emails at the press of a button and also update Facebook manually, your battery will last much longer.

Be discerning about the apps you use
In this respect, apps that are sponsored by ads are also fatal. Compared to paid apps, they communicate more often with the developer to share location data and other information – pushing the charging indicator into the red. Widgets for weather forecasts or audio streaming of Internet radio services are power hungry as well. It’s also worthwhile to deactivate automatic app updates. Downloading an update doesn’t just require a lot of power; the apps constantly checking to see if a new version is available also drains battery. The Google Play Store is configured by default to download app updates automatically.

Double-check app permissions
Depending on your version of iOS or Android, it can become a real game of hide and seek to find out whether apps remain active in the background. Later mobile OS versions make it easier for users to find out which apps are the most power-hungry. In most cases you can also remove the app’s permission to remain active in the background. If the operating system doesn’t reveal any (or very little) information about how power is being consumed, other apps can help. One Touch Battery Saver (Android, free) provides information on how much power apps are consuming and switches off Bluetooth, WiFi, and GPS positioning automatically, according to predefined rules. Other apps like Juice Defender (Android, free) and Tasker (Android, € 4.49) use profiles for specific situations that only allow you to use essential apps and interfaces.

Apple makes it difficult for apps to save power actively. The security model implemented in iOS prevents intervening in other apps’ runtime behavior. As such, most apps primarily supply users with information, based on which they must then decide which apps they want to continue to have running. Battery HD+ (iOS, free) also does a detailed job of helping reveal the most power-hungry apps, as does Battery Doctor Pro (iOS, free). It’s worthwhile checking on a regular basis as even reliable apps suck the battery dry as a result of faulty updates. Scotty Loveless describes in even more detail all the steps for getting maximum life out of iOS devices in the “ultimate guide to solving iOS battery drain.”

The future is just… different
There is little to criticize when it comes to advancements in rechargeable batteries and technology. The memory effect of the past is no longer an issue for standard li-ion and li-polymer batteries, plus they’re charged to perfection using extremely smart charging circuits. The old rule of “only recharge the battery once it’s completely flat” is no longer valid. Modern batteries can and should be connected to the charger as often as possible. Extreme temperatures, however, are still public enemy number one, with heat in particular causing batteries to lose storage capacity rapidly. As such, never leave your smartphone or tablet in direct sunlight or in the car during summer.

And if, despite all of these tips and tricks, some of you find your battery doesn’t pack enough power to keep your smart phone running as long as you’d like, you can always buy an additional battery. These are available in stick form or as a slim gadget for handbag or briefcase. There are also some really stylish rechargeable battery packs out there which additionally serve as smartphone cases.

 

The post Tips and tricks how to improve smartphone battery life appeared first on Avira Blog.

Fixing bugs is hard – Rosetta Flash is back


software is a long chain

 Software is like a very long chain, made of millions of links.

a link of the chainIt’s more or less impossible to check all links individually in detail. a weak linkSome links are weaker than others and make the whole chain vulnerable.
But they’re needles in a huge haystack.

a vulnerability in the chainWhen a vulnerability is found, it’s critical to fix it. CORRECTLY.

patching a vulnerabilitySo, a patch is created…

Of course, you need to apply the patch to keep your software secure! But most people don’t, choosing instead the “Remind me later” option — unaware that they are leaving themselves open to security holes exploitable by malware writers.

Releasing a patch highlights weaknesses

Once the patch is available, the weak link is now highlighted: it now stands out from the millions of other links in the chain.

Whether the vulnerability is documented or not, whether the patch is documented or not, it’s possible to reverse-engineer the patch and see the changes (there are several advanced tools for that). By checking out the changes, one can determine what is actually fixed rather than what should be theoretically prevented to fail.

a new vulnerabilityBy looking closely where the patch was applied, it’s possible that a related and smaller vulnerability which is still not fixed might be easy to find, thanks to the information provided by the patch.

That is, when comparing the changes introduced by the patch, it’s possible to quickly find what was fixed, and by doing this discover a new vulnerability that is still not fixed. And since patches are usually released once a month, it gives a person an easier 0-day, that could stay unpatched for a complete month!

Fixing bugs is hard

We can see the difficulties of releasing a patch: it has to be done fast, reliably, but it also has to cover more than the initial descriptions or test cases.


In a previous blog entry, we looked at how crafting an Adobe Flash file made of alphanumeric characters enabled an attack on many websites. The initial Proof Of Concept only used 0-9A-Za-z characters.

It's actually possible to make a Flash file only made of printable characters.

It’s actually possible to make a Flash file only made of printable characters.

This is what the patched fixed: checking if the flash file is made entirely of these characters.

However, the risk is more significant than the initial PoC: with the same technique it’s easy to craft a file just by letting it finish with another character ‘(‘. Just changing this last character bypasses the filter implemented by the official patch! This new vulnerability remained unpatched for a whole month (8th July -> 12th August) !

Another CVE was assigned to this new vulnerability, which is now patched, but this shows that releasing a patch is a double-edged sword: you give the defenders a new protection layer, but you also highlight a — previously — weak area for the attackers. Fixing bugs is hard.

Here is small chronology

  1. 8th July: the original Rosetta Flash PoC (made only of alphanumeric characters) is public, along with the patch and announcment (CVE-2014-4671).
  2. The patch is not enough! Just by letting the PoC end with “(” the filter is bypassed. This is way too weak.
  3. 12th August: the 2nd patch is released (CVE-2014-5333).

The post Fixing bugs is hard – Rosetta Flash is back appeared first on Avira Blog.

The dangerous side of USB convenience

How many USB devices do you own? At this moment, you probably have one or more of them connected to your computer. USB devices are everywhere, and they come in the form of flash drives, webcams, keyboards, and so on. One of the attractive things about a USB connection is that you just plug in a device and it works. That convenience, while nice to have, presents a real danger.

For years, many computer users have just plugged in USB devices without putting much thought into any vulnerabilities they might present, but hackers have found ways to prey on the carefree nature of USB usage. You may remember the Stuxnet worm that targeted nuclear facilities in Iran. USB flash drives were used to initiate the infections, and this brought a lot of attention to how USB devices could play a key role in IT attacks.

Fast-forward a few years to today and USBs are a hot security topic once again because of details revealed by security researchers about an exploit called BadUSB. Essentially, the BadUSB hack makes it possible to reprogram the firmware on USB devices, which means that they can then be used maliciously. Since the majority of USB devices will just accept any firmware update that they’re offered, it’s really difficult to know if the firmware on your device is secure or not.

That said, any malware introduced via USB can be detected, depending on the payload. It is why we can consider #BadUSB as being a means to install malware on a machine rather than being a specific virus or malware itself.

Because of the insidious way in which this hack works, protecting yourself from it is really difficult at this point. One of the most logical things that you can do is to make sure that the USB devices that you use have remained only in your possession. USB flash drives in particular tend to get passed between people on a regular basis, but based on this new information, that’s not always such a good idea.

The post The dangerous side of USB convenience appeared first on Avira Blog.

Airplane WiFi – Secure surfing or danger for onboard electronics?

The “fasten your seatbelts” signs turn off and you can finally recline, fold down the tray table, and switch on your notebook or tablet. Many airlines now even offer WiFi access in the cabin, so you can surf the Internet, post to Facebook, and write emails without restriction. Hard to believe, given that it wasn’t long ago that you couldn’t even leave your cell phone switched on during the flight. So, is it safe and secure to use WiFi and portable devices? There are two major aspects to this question:

  • First, whether airplane systems are secure, even though WiFi radio waves are used to communicate and passengers have access to the digital infrastructure aboard the airplane.
  • And second, whether passengers’ devices are also safe and secure, as they share the airplane WiFi network with all other users in the cabin.

Hacking airplane systems

A clear answer can be given to the first question, at least at the moment: Yes, the airplane is still safe and secure. The radio waves are irrelevant to the onboard electronics in terms of power and frequency, as the cockpit and internal technology have to be able to cope with completely different types of possible interference. In addition, there is no potential risk of airplane systems being hacked into. Every airplane manufacturer separates the in-flight entertainment and WiFi systems from the critical airplane systems. Furthermore, they use data and signal formats to communicate, which are incompatible with Ethernet; they also don’t use the TCP/IP protocol. Frequently, additional security functions are integrated into the systems, such as specific transmitter restrictions and extremely strict time intervals, within which data must be exchanged between communication partners. And even if there was a widespread failure of the electronics system, irrespective of what measures are taken to deal with it, all flight-critical systems have a mechanical backup – cable controls and hydraulic systems instead of servos and electronic actuators.

This doesn’t mean, however, that airplanes are immune to potential security loopholes. Researchers are repeatedly discovering weaknesses in various systems, such as those involved in satellite communications, which could theoretically be exploited. By exploiting this bug, false positioning data can be transmitted to the airplane while in flight causing a change of course; however, other experts have given the all-clear. Even if a person were able to exploit this security loophole, the pilots themselves could just simply make a course correction. Other means of communication are available in each passenger airplane which allow verification of positioning data and flight plans. On top of this, the flight-control center would also spot each course change and alarm the pilots.

The statistical probability of mounting such attacks successfully is far below the other typical causes of failure, technical or human error, which are also rare. Airplane manufacturers also want to save costs and are trying wherever possible to integrate standard IT components that transfer and process data using standard IT formats.

Airline operators have set out countless operational cases where digital data would improve services, shorten ground times, and resultingly save costs. Whether over the short term or long term, manufacturers will eventually meet these requests and integrate an ever greater amount of standard IT equipment into airplanes. Hopefully the security measures will be tightened to meet the aviation industry’s more stringent requirements.

Security measures above the clouds

So how about the information on your notebook or tablet? WiFi access aboard an airplane is just like a standard public hotspot – no difference from the one in the airport or at Starbucks. Those who use the WiFi network share the wireless network with all other users. Whether airplane manufacturers integrate specific security measures in their switches and routers is information that currently only they know. For this reason exactly, the same security measures that are also suitable at Starbucks or in the airport should apply: Either you encrypt all data traffic using a virtual private network (VPN), which companies usually install on professional users’ devices anyway, or you encrypt each app’s data. In the case of email, this can be done using encryption programs like Pretty Good Privacy (PGP), EnigMail or GnuPG. For browser-based communications, it can be achieved using Secure Sockets Layer (SSL) technology, usually identifiable by the little padlock icon in the address bar. Plug-ins for many browsers can also take care of this automatically if required, such as HTTPS Everywhere for Firefox and Chrome. Naturally, the internal firewall should be enabled on each device and the latest version of a security software solution such as Avira Antivirus Pro, Avira Internet Security Suite or Avira Free Antivirus should also be installed and active.

 

The post Airplane WiFi – Secure surfing or danger for onboard electronics? appeared first on Avira Blog.

Leave your credit cards at home; Apple Pay lets you buy things with your phone

source: CNET.com

In the wake of the Target, and now Home Depot, security breaches, Apple Pay wants to provide a safer way to make a purchase.

Nestled in-between this week’s announcements of the iPhone 6 and the Apple Watch, Apple CEO Tim Cook announced a new mobile payment system called Apple Pay. New iPhone and Apple Watch owners can leave their credit and debit cards at home because the devices come with a chip that lets them tap-to-pay at major retailers.

When you are in one of 220,000 participating stores, like McDonald’s, Walgreens, Disney, or Macy’s, you use the magic of near-field communication (NFC) to hold your phone by a terminal to pay. It also requires that you place your finger over a sensor to verify your fingerprint. The Apple Watch works the same way, without the added security of the fingerprint, and syncs to your iPhone 5, iPhone 5c, and iPhone 5s. The payment system will work with American Express, Mastercard, and Visa.

Sounds pretty good. But, Google Wallet, PayPal and other NFC systems have failed to really take off; will Apple give us a better way? I asked mobile malware analyst Filip Chytrý to share his thoughts about the security of Apple Pay.

Deborah: From a security perspective, what do you think about Apple Pay?

Filip: I have some concerns. Communications between your device or watch is through Bluetooth, and we have already seen many incidences of intercepted communication between two devices using a man-in-the-middle attack. Generally, anytime you use a pay system there is communication between the phone or watch over Bluetooth. This communication works over a much longer distance than NFC, so payment interception would be easier.

Deborah: I understand the convenience of paying with Apple Pay, but how is this more secure than paying with a credit card?

Filip: Apple says, that “Each transaction is authorized with a one-time unique number, and instead of using the security code from the back of your card, Apple Pay creates a “dynamic security code” to securely validate each transaction.“ It really depends on the type of encryption which is used, but I have to admit this sounds pretty cool, but who knows how long it’s going to take to decrypt this system.

Deborah: It has to be better than the magnetic stripe cards that are still widely used in the USA. Credit card companies have given their customers until 2015 to make the transition to EMV cards using smartchip technology. These cards are supposed to help increase security and reduce fraud. Isn’t that good enough?

Filip: Generally, Apple Pay sounds like it is better secured than the current magnetic stripe cards. NFC payments are just tags which can be easily copied, but magnetic stripes are even worse. A PIN number adds an extra layer which is good, but Apple Pay might provide an even better way in future.

Deborah: Other than the basic security concerns, what happens when your phone battery dies (this will happen to me when I am on a deserted rural highway and need to fill up with gas) or you spill your coffee on it before you can pay, or you break your finger and it’s in a cast?

Filip: Those are real world problems that can’t be solved by Apple. ;) But you’re an Android user, right? Didn’t you have a Nexus 4?

Deborah: Yes, I did. Until I accidentally went in the swimming pool with it. :(

Filip: Not even avast! Mobile Security can protect you from that! But still, you will find this hilarious.

Read more about Apple Pay.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our business products.

Your holidays start on the Internet: tips for booking vacations online

Everything is possible online nowadays: reading newspapers, ordering books and clothes, flirting, checking out recipes – and of course booking vacations online. Hotel comparison sites are immensely popular, every airlines offer online booking services, and instead of combing through endless travel-agency brochures, you now simply visit Expedia, Opodo or Travelocity. While it’s all very easy and convenient, it isn’t without its risks. Whether it’s a dodgy low-cost website which goes bust before your vacation starts or a seemingly harmless invoice attached to an email which is infected with a virus – at Avira we find that a little caution goes a long way.

Many problems with online booking stem from legal issues. In some instances, the difference between provider, organizer or contracting party is not clear to the customer. In case of questions and complaints, it is important to know whom to contact. Whether you can even make any claims and how easy that is differs immensely depending on the location of the company you signed the contract with. On top of that, costs often aren’t as transparent as they could and should be, with hidden additional transfer costs or trip-cancellation insurance suddenly selected on the final page before the last confirmation click without it ever being mentioned beforehand.

Low-cost portal or not, no operator offers its services for free. The cheaper the offer, the greater the risk that the small print conceals hidden costs. Free hotel room? Perhaps a minimum stay is involved, or you need to pay service and agency costs. Extremely cheap flight and accommodation? There may be compulsory shopping trips planned involving visits to carpet makers, jewelers, and leather factories.

Internet transactions always involve risks – even if they have become safer over the years. You should always transfer money over an encrypted connection. For that, the online travel agent has to offer a SSL-secured Web session. Operators usually make a specific point of mentioning this at the virtual checkout, but you can also tell the session is encrypted by the little padlock icon or the different color of the Web browser’s address bar. This type of encryption is extremely secure and cannot be cracked without a reasonable amount of effort – effectively meaning no risk is involved.

However, other risks are beyond the user’s control. Hackers often manage to crack the websites of legitimate online travel operators. In 2005 the Japanese tour operator Club Tourism had to admit that hackers had stolen the information of over 90,000 customers. In 2009 a website in the USA which government officials use to book travel was compromised. And only in April 2013 Traveltainment, a subsidiary of the Amadeus Group, had to concede that hackers had broken into its servers and stolen the personal details, including payment information, of an unknown number of customers. This theft caused harm when customers opened their emails containing phishing software which the thieves were able to send as they knew the customers’ email addresses and booking details. A comprehensive security software solution like Avira Antivirus Pro offers protection against such attacks and should therefore be a staple on every computer.

The post Your holidays start on the Internet: tips for booking vacations online appeared first on Avira Blog.

Are all data breaches created equal?

Companies both small and large have had to deal with a lot of hacker headaches recently, and for many people, news about these data breaches has caused them to change how they interact with the companies that have been affected. Not only is this bad for business for the companies, but it’s also embarrassing.

Even though revealing this information can make life difficult for the companies, it still makes sense that the public should always know about it, right? Well, maybe not. At least that’s what some executives have been saying lately.

It might come as no surprise that corporate executives would be the ones saying that not all data breaches need to be disclosed, but there are a couple different ways to look at this as a consumer that we’re going to focus on.

Tell me everything – In this situation, no matter what the hackers were able to get access to, you want to know about it. This could be sensitive data related to your password or credit card number, or it could be data about the company that’s not related to you.

Just tell me when it’s serious – Under this scenario, you’d only be notified when hackers access sensitive data about you that could be used to cause problems. Data breaches that don’t have a direct bearing on you or your privacy would not be publicly disclosed.

Which one of these options do you personally prefer? Disclosure might be the rule, but with the constant barrage of attacks that many companies have to deal with, some consumers might say that ignorance is bliss to some extent and the companies need to address their security issues privately unless there’s the chance that sensitive customer data has been compromised.

We’d love to hear your thinking on this matter in the comments section.

The post Are all data breaches created equal? appeared first on Avira Blog.

Science @ Avira, the ITES project

It is well known that classical computer architectures were not designed with security in mind. We intend to change that. The ITES project is creating a system purposefully built for high-security environments.

The current ITES system deploys verified compartments via Virtual Machines for different tasks. A compartment contains an operating system and the required programs (e.g. email client). Each compartment has restricted permissions that are unique. For example the browser compartment does not have access to the business plan, so if an exploited browser is running on a different OS than the email client, which has access to critical information, the impact of an attack is reduced.

ites

 

 

 

Our goal in the ITES research project has been to extend the compartments system to identify hacked Virtual Machines and start countermeasures. We identify hacked machines by observing them with different sensors (user-space hooking, memory forensics and VMI – Virtual Machine Introspection).

After gathering information about the current situation in Virtual Machines, a central component will classify the state of the machines into ‘trustworthy’ or ‘suspicious’. Depending on the decision, the machine can be stopped, analyzed, repaired or restored from a snapshot.

The goal of a scientific project is to learn by building a „Demonstrator“ (an Alpha Prototype) – it is not to create a product. The operating system is split into several compartments with Antivirus (AV) technology and hypervisor sensors attached.

However, many of the pioneering technologies we developed to build Demonstrator are or will soon be integrated into our internal processes. One of our backend systems in the Virus Lab at Avira is now classifying samples for our customers based on this new technology.

Classification

Identifying malicious files is the Virus Lab’s first task when encountering unknown software.
Three methods are usually deployed to identify malicious code.

1. Static

This is Avira’s traditional forte and is how we’ve been identifying malicious code for years. Malware is, for example, identified by exact hash, fuzzy hash, byte patterns, structural generics, or by an AI while the engine complements the analysis by gathering behavioral patterns. It is not part of the ITES project.

2. Dynamic

Dynamic analysis monitors the behavior of malware. You can do it on the end-user’s system (behavior analysis performed by the AV software) or using specific analysis systems (e.g. Analysis Sandbox like Cuckoosandbox or our internal cloud-enabled Autodumper tool).

Depending on the type of the malware, we will have to monitor it in different ways. By monitoring the User-Space API, we are able to detect the Dropper of malware. Sensors in Kernel Space or below are required to identify rootkits. Kernel space sensors are drivers, and you get those with your AV software.

They will have a different (less detailed) point of view, but cannot be easily tricked by the malware in the User-Space API. Monitoring the OS from outside of the Virtual Machine is even better. One existing tool that does this is Volatility. It uses a memory snapshot of a real machine or a virtual machine and checks for anomalies in the OS data structures. As a part of the ITES project, we integrated Volatility into a Cuckoo Sandbox and use it as a second sensor.

A disadvantage of Volatility is that it only uses a snapshot, so it is possible to observe the effects of the infection, but not the process of the system being infected. Additionally User-Space events are not observed at an acceptable level of quality.

Virtual Machine Introspection (VMI) takes this approach to the next level and is currently being researched by the RUB (Ruhr University Bochum) & IFIS (Institute For Internet Security) as part of the ITES project. By monitoring the system through the hypervisor we could achieve a similar perspective as with Volatility, but without having to create snapshots. Soon we will know what granularity of data will be possible.

3. Reputation

Having a cloud service and large databases on our backend servers, it is possible to identify specific spread patterns that are typical for malware. Suspicious patterns can be defined by scripts. Rules might look like

  • If a user is running a sample, which has not been seen by the cloud yet, and is strangely packed:  trigger a warning
  • If a computer executed an unknown file, after the user visited a suspiscious page on a freehoster, and the computer is running an outdated PDF reader program: trigger a warning

You get the idea. The ITES project does not cover this area.

There will be more blog posts covering the details soon.

TL;DR

Avira is investing into scientific research to deliver superior protection to our customers.

For Science,
Thorsten Sick

Sponsored_by_Federal_Ministry_of_Education_and_Research

The post Science @ Avira, the ITES project appeared first on Avira Blog.

Two-factor authentication – Extensive protection

“As a user, there is little one can do” is a statement often heard, followed closely by “everything was better offline”. However, there are in fact many possibilities to protect access to your data without having to be a technically gifted user.

The two-factor authentication enables extensive protection without neglecting usability. Its fancy name comes from the way it validates one’s identity: by verifying something s/he knows and something s/he has.

How does this work?

Users have login credentials to a website, usually consisting of an email address and a password. Anyone who tries to log in with this data, would be routed to another page where they must once again verify their identity with the secondary verification method This often is a temporarily valid code sent via SMS to a previously defined number, similarly to the mobile banking TAN procedure. Access to the data is only permitted following successful entry of this code. In the event of a data theft, the thief doesn’t have access to the victim’s cell phone (2nd factor) and the stolen information is thus worthless. The hackers won’t be able to access the account.

Some vendors offer additional ways to complete the extra verification: via hardware tokens (USB crypto devices, SSL certificates, e.a.); QR codes, which are scanned with a smartphone and generate a one-time code, are in the meantime also broadly available. There are thus several possibilities for better safeguarding access without making it complicated and laborious.

We believe that the combination of a virus-free system and strong passwords, changed on a regular basis and used for that sole service, is vital. The two-factor authentication provides an additional major security bonus for one’s own data. Even if your account data has been stolen, your data is worthless for the hacker without the corresponding 2nd authentication method.

All the famous & common services offer two-factor authentication these days and we strongly encourage you to activate them too.

The post Two-factor authentication – Extensive protection appeared first on Avira Blog.

Geotagging: what your photos reveal about where you live

A recent project out of the University of Florida entitled I know where your cat lives highlights how easy it is to identify people’s home address based on the pictures of their cats, uploaded to popular photo sharing platforms such as Instagram or Flickr.

I know where your cat lives

Researchers from the University of Florida located, with an accuracy of 7.8 meters, the exact place where pictures tagged with the word “cat” were shot.

They started by extracting metadata (including the latitude and longitude of where the picture was taken) from a sample of 1 million images, accessible from publicly available APIs from popular photo-sharing websites. The photos were then run through clustering algorithms with the help of a supercomputer. The researchers then created a website, where cat images were superimposed with GoogleMaps, pinpointing their exact location. Well, that’s just purrfect…

I know where your cat will be 24 hours from now

Okay, chances are even you don’t know that (much less your cat). But that’s where the technology is heading. Two years ago, a team from Birmingham University developed an algorithm that successfully detected where a test sample of people were going to be 24 hours in advance… How did they do it? By combining information on where they’d been (think of every time you checked into Foursquare) with the past movements of contacts in their Smartphone’s address book.

How your address finds its way into your pictures

When taking a picture, information is stored in the form of Exif tags. These detail the camera’s model, the image’s resolution in pixels, the time/date the picture was taken… This type of metadata is typically fairly innocuous. However as Smartphones now include in-built GPS, Exif tags frequently include the longitude and latitude as well. This functionality is referred to as Geotagging.

How to disable geotagging on your Smartphones

As your GPS is necessary for certain applications we’re just going how to show you how to remove geotagging when taking pictures.

If you’re an Android user:

  1. Access your phone’s camera application
  2. Select “Store location” on the left hand side, below “color effect”
  3. Switch off the geotagging

If you’re an iPhone user:

  1. Go to settings
  2. Select “Privacy”
  3. Select “Location Services”
  4. Find “Camera app” and switch it off

How to remove geotags from existing pictures

To remove geotags from all your pictures, you can do so with free software.

  • For Windows users:

Try Microsoft Pro Photo Tools version 2. This free tool enables you to easily edit or delete Exif tags from your digital photographs, including the GPS location.

It is also possible on Windows to remove Exif tags manually without installing additional software. For an overview of the process with step-by-step screenshots, please visit: www.technorms.com/38749/remove-personal-exif-information-from-digital-photos

  • For Mac users:

Try SmallImage or ImageOptim. Both tools are free and offer an easy drag-and-drop functionality for removing Exif tags.

Conclusion

Although privacy concerns over metadata is not new, the project I know where your cat lives did a great job of raising awareness for the problem. We recommend that you think carefully about what information you’re going to share (many users contacted the researchers at the university of Florida and asked them to upload their cat’s pictures and location to their map). If you are uncomfortable with sharing your location, please be sure to remove the Exif tags.

P.S. Avira developed a free tool to prevent companies for tracking your web activities. If you would like to learn more, please visit: www.avira.com/en/avira-browser-safety-lp

The post Geotagging: what your photos reveal about where you live appeared first on Avira Blog.