Fido might be man's best friend, but smart devices designed to track pets' movements and activity could be your worst enemy if attackers manage to capitalize on any of the dozen vulnerabilities researchers recently observed in them.
In a May 22 blog post, Kaspersky Lab researchers Roman Unuchek and Roland Sako warn that malicious hackers could exploit flaws found in these IoT products or their corresponding mobile apps to disable the devices' services, cause them to receive and execute commands from an unauthorized party, or perform man-in-middle attacks that intercept transmitted data.Read more
Google is being sued in the high court for as much as £3.2bn for the alleged “clandestine tracking and collation” of personal information from 4.4 million iPhone users in the UK.
The collective action is being led by former Which? director Richard Lloyd over claims Google bypassed the privacy settings of Apple’s Safari browser on iPhones to divide people into categories for advertisers. Lawyers for Lloyd’s campaign group Google You Owe Us told the court information collected by Google included race, physical and mental heath, political leanings, sexuality, social class, financial, shopping habits and location data.Read more
It's starting to feel like everyone in charge of our sensitive data might be incompetent. It's only been a day since Securus, the company that helps police track phones, was apparently hacked. Now, according to security site KrebsOnSecurity, tracking firm LocationSmart leaked real-time location data on its own web site.
LocationSmart aggregates real-time data on the location of subscribers' mobile phones. It's all opt-in, but Krebs reported that anyone could access this information for any AT&T, Sprint, T-Mobile and Verizon phones on the company's web site without a password or any other form of authentication. The vulnerability has been taken offline, said Krebs, but man what a mistake.Read more
Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before.
In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart. The story blew up because a former police sheriff snooped on phone location data without a warrant. The sheriff has pleaded not guilty to charges of unlawful surveillance.Read more
Many people have grown accustomed to talking to their smart devices, asking them to read a text, play a song or set an alarm. But someone else might be secretly talking to them, too.
Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant. Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites.Read more
An advanced type of malware can spy on nearly every Android smartphone function and steal passwords, photos, video, screenshots and data from WhatsApp, Telegram and other apps. "ZooPark" targets subjects in the Middle East and was likely developed by a state actor, according to Kaspersky Lab, which first spotted and identified it.
ZooPark has evolved over four generations, having started as simple malware that could "only" steal device account details and address book contacts. The last generation, however, can monitor and exfiltrate keylogs, clipboard data, browser data.Read more
The National Security Agency collected 534 million records of phone calls and text messages of Americans last year, more than triple gathered in 2016.
The sharp increase from 151 million occurred during the second full year of a new surveillance system established at the spy agency after U.S. lawmakers passed a law in 2015 that sought to limit its ability to collect such records in bulk. The spike in collection of call records coincided with an increase reported on Friday across other surveillance methods, raising questions from some privacy advocates who are concerned about potential government overreach and intrusion into the lives of U.S. citizens.Read more
U.S. prosecutors in New York have been investigating whether Chinese tech company Huawei violated U.S. sanctions in relation to Iran, according to sources familiar with the situation.
Since at least 2016, U.S. authorities have been probing Huawei’s alleged shipping of U.S.-origin products to Iran and other countries in violation of U.S. export and sanctions laws, two of the sources said. News of the Justice Department probe follows a series of U.S. actions aimed at stopping or reducing access by Huawei and Chinese smartphone maker ZTE Corp to the U.S. economy amid allegations the companies could be using their technology to spy on Americans.Read more
Yet another hacker crew has been battering the healthcare industry in recent months.
But rather than just aim for the PCs, its also gotten footholds on the computers controlling X-Ray, MRI and other medical machines, according to a report from Symantec on Thursday. The hacker group, dubbed Orangeworm, is mainly targeting American healthcare organizations, though there are a number of victims worldwide, including in Asia and Europe. But rather than do anything destructive, Orangeworm is likely using leverage on those medical devices to learn more about them as part of an ongoing corporate espionage operation, Symantec said.Read more
The U.S. Department of Homeland Security wants to monitor hundreds of thousands of news sources around the world and compile a database of journalists, editors, foreign correspondents, and bloggers to identify top “media influencers.”
It’s seeking a contractor that can help it monitor traditional news sources as well as social media and identify “any and all” coverage related to the agency or a particular event, according to a request for information released April 3. The data to be collected includes a publication’s “sentiment” as well as geographical spread, top posters, languages, momentum, and circulation. No value for the contract was disclosed.Read more