Apple To Restrict Facebook, WhatsApp Voice Calling Feature To Prevent Background Data Collection

By: Inc42

To protect the privacy of its users and keep major apps from accessing microphone data in the background, Apple has announced that it would be rolling out an update to mobile operating system iOS to restrict apps such as Facebook’s Messenger, WhatsApp and other communication apps from making voice calls over the internet in the background.

According to a report in The Information, apps are able to run calls in the background when using an iPhone even when the app has not been opened. This means such messaging and calling apps can be used at a faster pace, but it also lets them collect data in the background, without the user being aware of such an activity, while a voice call is active and running.

Apple will restrict the background access for apps while users are connected to internet calls. Apple’s move is likely to have repercussions on both Messenger and WhatsApp, however, whether it affects Telegram, Skype and other platforms is as yet unknown. It is likely to have a major impact on the development of WhatsApp, which uses internet calling for voice and video calls, which it claims are end-to-end encrypted.

However, this is not the first security weakpoint found in WhatsApp’s internet-based calls. In May, it fixed a massive data vulnerability that left its over 1.5 Bn users at risk from malicious spyware. The data vulnerability which could have led to breaches and unauthorised malware installation has seemingly been present on WhatsApp for a number of years.

More: https://inc42.com/buzz/apple-to-restrict-facebook-whatsapp-voice-calls-to-block-data-access/

28 Million Android Phones Exposed To ‘Eye-Opening’ Attack Risk

By: Davey Winder

New research has revealed the truly shocking state of Android phone security. The source of that security problem may well come as a surprise: antivirus apps designed to protect devices and users. Researchers at testing specialists Comparitech found that apps with more than 28 million installs between them were presenting attack paths and opportunities to threat actors looking to exploit vulnerabilities on the Android platform.

In total, Comparitech put 21 separate Android antivirus apps to the test over the course of many weeks. Some 47% of them failed in one way or other. Three apps contained serious security flaws, including a critical vulnerability exposing the address books of users which laid the details of an estimated million contacts bare. Another vulnerability made one app “very easy to disable remotely” by an attacker.

And that’s before I’ve even mentioned the apps that were unable to detect a virus used during the testing process, or how nearly all of them were found to be tracking their users according to the Comparitech researchers.

“Comparitech spent weeks testing popular free Android antivirus apps,” Aaron Phillips, a Comparitech researcher reported, “we looked for flaws in the way each vendor handles privacy, security, and advertising. The results were eye-opening.”

Comparitech’s senior security researcher, Khaled Sakr, took responsibility for the testing itself, looking at each application, its effectiveness, web management dashboard and any back-end services. The apps were also scrutinized for dangerous permissions and trackers embedded within them.

More: https://www.forbes.com/sites/daveywinder/2019/08/03/28-million-android-phones-exposed-to-eye-opening-attack-risk/amp/

Apple Suspends Listening to Siri Queries Amid Privacy Outcry

By: Mark Gurman

Apple Inc. said on Thursday it is suspending its global internal program for “grading” a portion of user Siri commands after some consumers raised concerns about the program.

The Cupertino, California-based technology giant employs people that listen to less than 1% of Siri commands in order to improve the voice-based digital assistant. Concerns over technology companies listening to and analyzing what is spoken to voice assistants started to be raised after Bloomberg News first reported that Amazon.com Inc. and Apple had teams analyzing recordings earlier this year. Last week, the Guardian reported that Apple contractors said that they often hear sex, drug deals and confidential medical information.

“We are committed to delivering a great Siri experience while protecting user privacy,” Apple said in a statement. “While we conduct a thorough review, we are suspending Siri grading globally. Additionally, as part of a future software update, users will have the ability to choose to participate in grading.”

The company’s move comes the same week that a German regulator temporarily stopped Google employees and contractors from transcribing home assistant voice recordings in the European Union after whistleblowers said some recordings contained sensitive information. A Hamburg agency said Aug. 1 that Google agreed to a three-month stoppage while it investigates whether the practice complies with the EU’s General Data Protection Regulation.

More: https://www.bloomberg.com/news/articles/2019-08-02/apple-suspends-listening-to-siri-commands-after-privacy-outcry

2018 Data Breaches: The List No One Wanted To Make

By: PYMNTS

So far this year (and there’s still one more day), Verizon reported that there have been 2,216 confirmed data breaches across 65 countries. Even more disturbing, perhaps, is that 68 percent of those breaches took months for the breached companies to discover. If that’s not disturbing enough, 28 percent of those incidents were perpetuated by insiders. More than half of those breaches by outsiders were done by members of organized crime.

According to the report, cybercrime touched nearly every sector throughout 2018, including those that may seem less obvious, like education or manufacturing — and for one obvious reason: the money. There were a few noteworthy headliners. For example, MarriottFacebook and a database marketing firm by the name of Exactis exposed the records of roughly 300 million people. So, as we turn the page to 2019, a year that will no doubt see more of the same, here’s another look at those that made The Best Of The Worst Things To Happen In 2018 list.

Facebook

Facebook’s 2018 regarding the stewardship of user data and privacy was one it would like to soon forget. The most eye-catching — and headline-generating — of those lapses was the Cambridge Analytica scandal, which saw the data of 87 million Facebook users end up in the hands of a political consultancy.

That incident, however, is not why Facebook makes this list. While the intricacies of how exactly Cambridge Analytica gathered the data are still somewhat contested, no one is disputing that it got access to customer data that it wasn’t supposed to have.

Facebook makes this list due to its late-September revelation that roughly 50 million of its users had their data exposed through an attack on its network. The social media giant found that attackers were able to take control of user accounts through a function within the platform’s code, according to reports. In the aftermath of the breach, about 90 million Facebook users had to log out while Facebook fixed the vulnerability and consulted the authorities.

More: https://www.pymnts.com/news/security-and-risk/2018/data-breach-user-account-card-retail-hack/

Privacy a Key Concern for Telecoms and Consumers

By: Kacy Zurkus

Two recently published surveys about the telecom industry revealed that privacy as it relates to security and the internet of things (IoT) has become a top concern for both businesses and consumers.

Allot Telco’s security trends report for 2018’s third quarter found that 50% of consumers polled were concerned about loss of privacy or a cyber-attack. Additionally, 72% of the consumers surveyed stated that they were willing to pay a monthly fee, averaging at $5.26, for an IoT security service, and 16% of those who would buy security services would make that investment in their internet service providers (ISPs).

More than 1,200 consumers across 10 different countries participated in the survey, which found that “to improve the security posture of homes and connected devices, the following must occur: Security at the device level must improve and security must be delivered at the network level.”

Similar sentiments were mirrored in the recent 2018 Annual Industry Survey, published by Telecoms.com, which showed that 75% of the 1,500 executives from global telecom industries who participated in the survey said that privacy was the key concern of consumers living in a highly connected smart home, followed by identity theft, fraud and vandalism through hacking into connected devices.

More: https://www.infosecurity-magazine.com/news/privacy-key-concern-for-telecoms/

Mobile phones Worried about being bugged? Don’t keep your phone in the microwave

By: Alex Hern

 Under surveillance ... Tory MP Steve Baker. Photograph: Ben Stansall/AFP/Getty Images
Under surveillance … Tory MP Steve Baker. Photograph: Ben Stansall/AFP/Getty Images

While the unusual technique reportedly employed by the MP Steve Baker does work, there are easier ways to ensure your privacy

We have all had conversations that made us want to destroy our phones in rage, but that is not why Theresa May’s nemesis, the Brexiter MP Steve Baker, apparently put his in the microwave.

According to reports, Baker – who led the campaign last week to trigger a vote of no confidence in the Tory leader – is paranoid about surveillance and keeps his phone in the microwave overnight to avoid being “bugged”.

To be fair to Baker, he is right – at least about the microwave. The metallic mesh on the door of a typical oven forms a Faraday cage on the outside of the cooker, preventing the energetic microwaves from cooking you as they cook your meal. Put a phone in there and the barrier will work just as well to prevent any signals getting in or out. If you are really concerned, 30 seconds at 800W will definitely prevent any further eavesdropping for good (and may destroy your kitchen, too).

But there are more convenient ways of achieving the same end. For £20, you can buy a “Faraday bag” – a small pouch with the same mesh built in – allowing you to achieve signal blackout while keeping your microwave free for reheating last night’s dinner. Even better for Baker, the bag in question is made in Britain, thus ensuring continued supply in the event of a no-deal Brexit.

 

More: https://www.theguardian.com/technology/shortcuts/2018/nov/26/worried-about-being-bugged-dont-keep-phone-microwave-steve-baker-privacy

Privacy is human right: Satya Nadella

By: IndUS Business Journal

London– Microsoft CEO Satya Nadella has called on technology companies to defend users’ privacy as human right, urging firms and governments to collectively work together to protect the most vulnerable section in society.

Speaking at an event “Future Decoded” here on Thursday, Nadella applauded the European Union’s General Data Protection Regulation (GDPR) as first step towards securing data privacy, The Registrar reported.

“All of us will have to think about the digital experiences we create to treat privacy as a human right,” Nadella was quoted as saying.

“GDPR as a piece of legislation, a piece of regulation is a great start and we’ve done a lot of hard work to become compliant with GDPR,” Nadella added, adding that the companies need to develop ethical standards around Artificial Intelligence (AI).

Nadella said that 54 Azure Cloud regions worldwide is “more than any other provider”.

According to him, underwater data centres will play a key role in expanding Microsoft’s Cloud computing platform.

Under its “Project Natick”, Mictosoft has already deployed a 40-foot data centre pod on the seafloor off the coast of Scotland.

“Since 50 per cent of the world’s population lives close to water bodies, we think this is the way we want to think about future data centre expansion,” Nadella said.

Microsoft also unveiled an AI report titled “Maximising the AI Opportunity” for businesses.

The company announced at the event that the health agency NHS Scotland will deploy Office 365 to all of its 161,000 employees, moving away from a complicated organisation that included more than 100 separate computer systems.

More: http://indusbusinessjournal.com/2018/11/privacy-is-human-right-satya-nadella/

3 Out of 4 Employees Pose a Security Risk

By: Steve Zurier

New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.

Despite concerted efforts by many US organizations to improve security awareness among users, a new study shows they still have a long way to go.

Some 75% of respondents today pose a moderate or severe risk to their company’s data, according to MediaPRO’s third annual State of Privacy and Security Awareness Report, and 85% of finance workers show some lack of data security and privacy knowledge.

Tom Pendergast, chief security and privacy strategist at security awareness and training provider MediaPRO, says the firm surveyed more than 1,000 employees across the United States to quantify the state of privacy and security awareness in 2018. More people fell into the risk category this year than in 2017 – and that number had nearly doubled since the inaugural survey, he says.

“The overall results revealed a trend we weren’t happy to see, that employees performed worse across the board compared to the previous year,” Pendergast says. “While I think there’s a certain amount of security fatigue from news of all the attacks, if in five years I don’t see significant change I will be surprised. There’s both a cultural a business awareness of the need to do good work in this area.”

MediaPRO based its study on a variety of questions that focus on real-world scenarios, such as correctly identifying personal information, logging on to public Wi-Fi networks, and spotting phishing emails. Based on the percentage of privacy and security-aware behaviors, respondents were assigned to one of three risk profiles: risk, novice, or hero.

Here’s a thumbnail of some other notable findings:

1. Employee performance was worse this year across all eight industry verticals measured. Respondents did much worse in identifying malware warning signs, knowing how to spot a phishing email and social media safety.

More: https://www.darkreading.com/endpoint/privacy/3-out-of-4-employees-pose-a-security-risk/d/d-id/1333037

Facebook and Google use ‘dark patterns’ around privacy settings, report says

By: BBC NEWS Technology

Facebook, Google and Microsoft push users away from privacy-friendly options on their services in an “unethical” way, according to a report by the Norwegian Consumer Council.

It studied the privacy settings of the firms and found a series of “dark patterns”, including intrusive default settings and misleading wording.

The firms gave users “an illusion of control”, its report suggested.

Both Google and Facebook said user privacy was important to them.

The report – Deceived by Design – was based on user tests which took place in April and May, when all three firms were making changes to their privacy policies to be in compliance with the EU’s General Data Protection Regulation (GDPR).

Illusion

It found examples of

  • privacy-friendly choices being hidden away
  • take-it-or-leave it choices
  • privacy-intrusive defaults with a longer process for users who want privacy-friendly options
  • some privacy settings being obscured
  • pop-ups compelling users to make certain choices, while key information is omitted or downplayed
  • no option to postpone decisions
  • threats of loss of functionality or deletion of the user account if certain settings not chosen

For example, Facebook warns anyone who wishes to disable facial recognition that doing so means that the firm “won’t be able to use this technology if a stranger uses your photo to impersonate you”.

The report concluded that users are often given the illusion of control through their privacy settings, when they are not getting it.

“Facebook gives the user an impression of control over use of third party data to show ads, while it turns out that the control is much more limited than it initially appears,” the report said.

More: https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/amp/technology-44642569

Mobile-Phone Malware Is Rising. Blame Spies.

By: Robert McMillan

Spies are increasingly hacking into the smartphones of political opponents and dissidents around the world, security researchers say, giving them access to data far more sensitive than what most people keep on personal computers.

Mobile-security firm Lookout Inc. counted 22 phone-hacking efforts in the first five months of this year that appeared to be government-backed. Most targeted political opponents in developing nations, Lookout said. The company’s researchers identified just two such efforts in all of 2015.

The increase is being driven by the proliferation both of low-cost smartphones and of companies selling spyware and hacking tools to access them, said Claudio Guarnieri, a security researcher with the human-rights group Amnesty International. Most hacking efforts now target mobile phones, Mr. Guarnieri said, while in 2015 the majority still involved personal computers.

“It is one thing to compromise someone’s computer,” said Mike Murray, Lookout’s vice president of security research. “It’s another thing to have a listening device that they carry around with them 24 hours a day,”

The government-sponsored surveillance of mobile phones comes as more hackers of all stripes gain access to the devices. Turned against their owners, the phones can become powerful espionage tools, researchers say. Spies can monitor a user’s contacts, communications, travel history and even their financial transactions.

The trend pits outfits that craft spyware tools against the cybersecurity companies and device makers trying to defend user privacy. Apple Inc.and Alphabet Inc.’s Google both say they are committed to keeping their devices secure. But researchers say malicious software often exploits known bugs on phones that haven’t been patched and hackers also sneak malicious software into app stores. Antivirus vendors such as McAfee Inc. and Symantec Inc. see mobile-device protection as an important market for future sales.

The tools and expertise needed to create malicious software for mobile phones have become more common and less expensive, said Raj Samani, McAfee’s chief scientist. As a result, close to 11% of mobile-phones world-wide had some sort of infection in the fourth quarter of 2017, McAfee said, up from about 7.5% during the same period of 2015.

More: https://www.wsj.com/articles/mobile-phone-malware-is-rising-blame-spies-1528369200