A researcher has flagged a bug in Google's Nest Cam and Dropcam Pro security cameras that allows an attacker within Bluetooth range to stop either device from recording.
Bluetooth range, of course, is exactly where a burglar would be when planning to ransack a home, and with attack code now publicly available, an intruder could knock Google's security cameras off a wireless network for 90 seconds. That mightn't sound so severe, but since the camera is designed to only store recorded footage in the cloud, the loss of connectivity means the device loses its surveillance capabilities for this period.Read more
A partnership between the secret-spilling group and Google, Microsoft, and Apple has already hit its first road block. Last week, WikiLeaks promised it would share the technical details and code of the hacking tools that the CIA has allegedly developed against Google, Apple, Microsoft and other tech companies.
This week, after days of waiting, the secret-spilling site finally made initial contact with the companies. But WikiLeaks founder Julian Assange's attempt to help these major tech companies find out exactly what bugs and vulnerabilities the CIA is or was allegedly taking advantage of, and then plug the holes, is not going very smoothly for now.Read more
Social media companies Facebook Inc, Alphabet Inc and Twitter Inc will have to amend their terms of service for European users within a month or face the risk of fines, a European Commission official said on Friday. U.S. technology companies have faced tight scrutiny in Europe for the way they do business, from privacy to how quickly they remove illegal or threatening content.
The Commission and European consumer protection authorities will "take action to make sure social media companies comply with EU consumer rules," the official said. Germany, the most populous EU state, said this week it planned a new law calling for social networks such as Facebook to remove slanderous or threatening online postings quickly or face fines of up to 50 million euros ($53 million).Read more
Fei-Fei Li, chief scientist of artificial intelligence and machine learning at Google Cloud, came on stage at Google’s Next Cloud conference today to talk about the current and next-generation applications of AI that Google’s working on.
These technologies will make a difference in self-driving cars and healthcare, sure, but also Snapchat’s filters and Google Photos’ search capabilities. But the big highlight came when she announced a new way to allow software to parse video. This new “Video Intelligence API” was demoed onstage, and it offered the kind of “whoa” moment you expect from a Google keynote.Read more
Tech giants Apple, Samsung and Microsoft have broken their silence on the latest leak from WikiLeaks that revealed the CIA hacked into their products for surveillance purposes. Apple claimed to have previously addressed the vulnerabilities in their operating system, iOS, revealed in Tuesday’s ‘Vault 7’ leak from WikiLeaks.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” the company said in a statement, urging customers to update to the latest version of iOS to ensure they have the most recent security updates.Read more
Security doom-monger ESET has let off a warning about a threat that it once warned about and has now come to its dreadful fruition. ESET says that some Android banking malware that it recently found on Google Play is back in the wild and is back targeting banks.
It explains that the source code for the malware was released a couple of months ago - we are surprised that it has taken this long to come out, to be honest - and says that it was worth the wait, in a way. The malware was distributed via Google Play as a trojanized version of a legitimate weather forecast application Good Weather. It could lock and unlock infected devices remotely, as well as intercept text messages.Read more
Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory. The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day disclosure deadline policy Google Project Zero publicly disclosed the the bug Monday.
“As part of MS16-074, some of the bugs were indeed fixed, such as the EMR_STRETCHBLT record, which the original proof-of-concept image relied on. However, we’ve discovered that not all of the DIB-related problems are gone,” wrote Google engineer Mateusz Jurczyk in a technical description of the vulnerability.Read more
Researchers here at the RSA Conference demonstrated a way a hacker can bypass enterprise mobility management sandboxing tools known as Android for Work that are designed to segregate work and personal data on Android devices.
Researchers showed how two separate malicious apps can circumvent Android’s multiuser framework designed to secure a work profile from a personal profile on a single device. The prerequisite of the attacks hinge on a targeted victim downloading apps in their personal profile that grants attackers heightened privileges over the device’s Accessibility Services and Notification permissions in both work and personal profiles.Read more
As our ability to create AI grows, it's important that we assess how it behaves in different situations. DeepMind, Google's AI division in London, has been concerned with one aspect in particular: what happens when two or more AI have similar or conflicting goals.
The team wanted a test similar to the "Prisoner's Dilemma," a popular game that pits two suspects against one another. In this scenario, you're given a choice: testify against the other person and you'll go free, while they have to serve three years. If you both say yes independently, however, you'll serve two years in jail. It's a dilemma without a simple answer.Read more
In reality, however, the age of instant messaging, cloud storage and collaboration features means that there isn't really any need for sending attachments by mail in the first place, and given that even with legitimate intent, they create multiple copies which clog up servers, businesses still operating this way need to rethink their approach anyway.Read more