The latest viral sensation to come out of the Internet is undoubtedly FaceApp. Downloaded on a mobile device, FaceApp takes control of your camera, snaps a picture of you and then proceeds to age you… it is a sensation that I just cannot wrap my head around. I didn’t think we wanted to see ourselves old and wrinkly, but thanks to a few celebrities, we now need to know what we would look like 50 or 60 years from now. While it sounds fun and like any other viral app, SnapChat, etc… FaceApp has posed a privacy concern for everyone that uses it. While many security offices have begun warning employees of the privacy implications, it wasn’t before many – including a number of security clearance holders – had already used the app.
There are users who will think, “it’s just my face, what’s the big deal?” The problem with that thought process is it’s NOT just your face. It is more than just one piece of the puzzle.
Social Engineering at its Finest
The ability to log into websites, connect to WiFi and order items online has become so easy. The de facto process by which hackers are stealing personal data these days is through social engineering. Social engineering is a method of gathering personal data from a user while posing as a trusted source or through human interactions. When signing up for FaceApp, you give them access to your entire photo library. You can also take pictures within the app for immediate uploading. What does this have to do with social engineering?
Situational Awareness and Infosec
This article is being posted on ClearanceJobs.com and is primarily aimed at individuals who are looking for or currently maintaining a government clearance. It is crucial, as a cleared individual, that we do not participate in any online activity that could be a threat to our standing with the US Government or jeopardize our clearance status. FaceApp’s parent company, Wireless Labs, is a Russian owned entity. The current state of affairs between our country and Russia being what they are, should be the first red flag when contemplating downloading FaceApp simply so you can make yourself look older and share it with your friends.
Situational awareness is key and the elements of Information Security (Infosec) should be taken into consideration. By definition, InfoSec is the practice of protecting information by mitigating information risks. Risk management plays a big role in InfoSec, and we all have a responsibility to mitigate any risks we can and avoiding them completely where possible. The more we can reduce the probability of unauthorized disclosure, corruption or modification of our private data, the better.
Unfortunately, the technology we live with and its demand for our private data is ever increasing. As a cybersecurity professional and member of the cleared government space for over 20 years, it is my opinion that we should do all we can to avoid utilizing apps such as FaceApp. The risk far outweighs the fleeting entertainment it may provide.