Let’s talk Yandex

VOA News (can’t really say I have heard that name before) recently shared a video talking about Yandex taxi system and it’s situation in Lithuania. The news got caught by international Social Media pages, promoting and spreading messages about Lithuania. 

The video shows a regular taxi driver in Vilnius, the capital city, telling how he knows more than anybody else in the city because people like to talk, and how people are looking for the cheapest means of travelling comfortably, not caring about anything else. Report then shows how polarised the taxi market is, and ends up with that Yandex, a Russian-based taxi services provider, has been banned because “it’s a Russian provider, who takes private user data, without permission, and sends it back to Russia” – this sentence is said in front of a camera by the vice-minister of National Defence and cut short. Of course, then few comments from random regular people are taken, 2 of them speaking in Russian and saying, it’s Russophobia and it’s banned only because it’s Russian, and 2 people in English saying that yeah, they would never download the Yandex app. 

Interesting, isn’t it?

The real situation, or at least publicly available confirmed information, is more complicated than a 2-minute video circling internet.

First of all, who’s Yandex? It’s one of the largest technology and innovation companies in Russia, specialising in internet and mobile applications in e-commerce, market research and information. The branch which was opened in Lithuania was called Yandex. Taxi, which was supposed to only provide transport services.

One of the most interesting aspects of the app was that it, with or without any visible permissions could access to extensive sensitive user data, including contacts, controlling calls, take over received notifications and messages, as well as access any content stored in the device memory. 

National cybersecurity centre of Lithuania alerted all citizens to not to use the Yandex.Taxi application or any related app in July 2018, after they have revealed connections between the company and Russian intelligence services.

The most interesting connection is that Yandex arrived to Lithuania under the Dutch flag, even though the all IT section of the company is based in Russia. And, to some surprise, 51% of the company stocks, through bank “Sberbank”, is in the hands of the Russian government. After initial reports on suspicious behaviour, the cyber security specialists revealed that all information collected through the mobile app was forwarded to 11 IP addresses, 10 from them were located in Russia, also proving, that the app is always active in the phone’s background – it never shuts down. 

It was proved, that the app can access and control camera, recorders, messages, calls without any special permissions and without the user noticing, any time, any place. Which is something from Orwell’s novel. 

To answer the obvious concerns, yes, every device that is connected to the internet or one’s phone in any significant or not way can be used for recording data about the person or is already used for that, for the market, security, or governmental purposes. There is no possible way around it, only to turn to a life without internet, which nobody wants or even imagines of doing anymore. Therefore, personal privacy and security is extremely important, and not only because some nudes are going to leak.

Access to personal devices are easily exploited like bots or vessels to store more sophisticated malware, distributing cyber attacks, or just physically detonating bombs. It can be used for anything of the wildest cyber-imagination. 

Therefore, even taxi app, secretly accessing features that should not be used by a taxi app, becomes suspicious enemy, and rightly so. Doesn’t matter, if it’s coming from US, Russia or Switzerland.

That’s it for today.

Stay awake, and keep away from trolls!

Cartoon credits @ Liza Donnelly

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.