Call for smart home devices to bake in privacy safeguards for kids

A new research report has raised concerns about how in-home smart devices such as AI virtual voice assistants, smart appliances, and security and monitoring technologies could be gathering and sharing children’s data. It calls for new privacy measures to safeguard kids and make sure age appropriate design code is included with home automation technologies. The report, entitled Home Life Data and Children’s Privacy, is the work of Dr Veronica Barassi of Goldsmiths, University of London, who leads a research project at the university investigating the impact of big data and AI on family life. Barassi wants the UK’s data protection agency to launch a review of what she terms “home life data” — meaning the information harvested by smart in-home devices that can end up messily mixing adult data with kids’ information — to consider its impact on children’s privacy, and “put this concept at the heart of future
Continue reading "Call for smart home devices to bake in privacy safeguards for kids"

Surveillance camera vulnerability could allow hackers to spy on and alter recordings

In newly published research, security firm Tenable reveals how popular video surveillance camera software could be manipulated, allowing would-be attackers the ability to view, disable or otherwise manipulate video footage. The vulnerability, which researchers fittingly dubbed “Peekaboo,” affects software created by NUUO, a surveillance system software maker with clients including hospitals, banks and schools around the globe. The vulnerability works via a stack buffer overflow, overwhelming the targeted software and opening the door for remote code execution. That loophole means that an attacker could remotely access and take over accounts with no authorization, even taking over networked cameras connected to the target device. “This is particularly devastating because not only is an attacker able to control the NVR [camera] but the credentials for all the cameras connected to the NVR are stored in plaintext on disk,” Tenable writes. Tenable provides more details on potential exploits tested with one
Continue reading "Surveillance camera vulnerability could allow hackers to spy on and alter recordings"

Five security settings in iOS 12 you should change right now

iOS 12, Apple’s latest mobile software for iPhone and iPad, is finally out. The new software packs in a bunch of new security and privacy features you’ve probably already heard about. Here’s what you need to do to take advantage of the new settings and lock down your device.

1. Turn on USB Restricted Mode to make hacking more difficult

This difficult-to-find new feature prevents any accessories from connecting to your device — like USB cables and headphones — when your iPhone or iPad has been locked for more than an hour. That prevents police and hackers alike from using tools to bypass your lock screen passcode and get your data. Go to Settings > Touch ID & Passcode and type in your passcode. Then, scroll down and ensure that USB Accessories are not permitted on the lock screen, so make sure the setting is Off.

2. Make sure automatic
Continue reading "Five security settings in iOS 12 you should change right now"

UK’s mass surveillance regime violated human rights law, finds ECHR

In another blow to the UK government’s record on bulk data handling for intelligence purposes the European Court of Human Rights (ECHR) has ruled that state surveillance practices violated human rights law. Arguments against the UK intelligence agencies’ bulk collection and data sharing practices were heard by the court in November last year. In today’s ruling the ECHR has ruled that only some aspects of the UK’s surveillance regime violate human rights law. So it’s not all bad news for the government — which has faced a barrage of legal actions (and quite a few black marks against its spying practices in recent years) ever since its love affair with mass surveillance was revealed and denounced by NSA whistleblower Edward Snowden, back in 2013. The judgement reinforces a sense that the government has been seeking to push as close to the legal line as possible on surveillance, and sometimes stepping
Continue reading "UK’s mass surveillance regime violated human rights law, finds ECHR"

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Most modern computers, even devices with disk encryption, are vulnerable to a new attack that can steal sensitive data in a matter of minutes, new research says. In new findings published Wednesday, F-Secure said that none of the existing firmware security measures in every laptop it tested “does a good enough job” of preventing data theft. F-Secure principal security consultant Olle Segerdahl told TechCrunch that the vulnerabilities put “nearly all” laptops and desktops — both Windows and Mac users — at risk. The new exploit is built on the foundations of a traditional cold boot attack, which hackers have long used to steal data from a shut-down computer. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But Segerdahl and his colleague Pasi Saarinen found a way to disable the overwriting process, making a cold boot attack possible again. “It takes some
Continue reading "Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data"

Apple, AT&T, Amazon, Google among tech giants called to Senate Commerce Committee

If you weren’t done watching tech giants get grilled by lawmakers, mark your calendar for September 26 in what’s expected to be another riveting round of questioning. Policy chiefs from AT&T and Charter, along with senior executives at Apple, Amazon, Google and Twitter will face questions from the Senate Commerce Committee later this month about how each company approaches safeguards to consumer privacy. The tech and telco companies will be asked to “discuss possible approaches to safeguarding privacy more effectively,” among other things. Noticeably absent is Facebook; though the committee says the witness list is subject to change. Committee chairman Sen. John Thune ssaid the hearing will allow the companies to “explain their approaches to privacy, how they plan to address new requirements from the European Union and California, and what Congress can do to promote clear privacy expectations without hurting innovation.” Beyond that, it’s not clear exactly what the
Continue reading "Apple, AT&T, Amazon, Google among tech giants called to Senate Commerce Committee"

Integrate.ai pulls in $30M to help businesses make better customer-centric decisions

Helping businesses bring more firepower to the fight against AI-fuelled disruptors is the name of the game for Integrate.ai, a Canadian startup that’s announcing a $30M Series A today. The round is led by Portag3 Ventures . Other VCs include Georgian Partners, Real Ventures, plus other (unnamed) individual investors also participating. The funding will be used for a big push in the U.S. market. Integrate.ai’s early focus has been on retail banking, retail and telcos, says founder Steve Irvine, along with some startups which have data but aren’t necessarily awash with AI expertise to throw at it. (Not least because tech giants continue to hoover up talent.) Its SaaS platform targets consumer-centric businesses — offering to plug paying customers into a range of AI technologies and techniques to optimize their decision-making so they can respond more savvily to their customers. Aka turning “high volume consumer funnels”
Continue reading "Integrate.ai pulls in $30M to help businesses make better customer-centric decisions"

The best security and privacy features in iOS 12 and macOS Mojave

September is Apple hardware season, where we expect new iPhones, a new Apple Watch and more. But what makes the good stuff run is the software within. First revealed earlier this year at the company’s annual WWDC developer event in June, iOS 12 and macOS Mojave focus on a running theme: security and privacy for the masses. Ahead of Wednesday big reveal, here’s all the good stuff to look out for.

macOS Mojave

macOS Mojave will be the sixth iteration of the Mac operating system, named after a location in California where Apple is based. It comes with dark mode, file stacks, and group FaceTime calls.

Safari now prevents browser fingerprinting and cross-site tracking

What does it do? Safari will use a new “intelligent tracking prevention” feature to prevent advertisers from following you from site to site. Even social networks like Facebook know which sites you visit because so
more iPhone Event 2018 coverage
Continue reading "The best security and privacy features in iOS 12 and macOS Mojave"

Google back in court arguing against a global ‘right to be forgotten’

Google’s lawyers are in Europe’s top court today arguing against applying the region’s so-called ‘right to be forgotten’ ruling globally domains, rather only geo-limiting delistings to European sub-domains (as it does now). The original rtbf ruling was also a European Court of Justice (ECJ) decision. Back in 2014 the court ruled search engines must respect Europeans’ privacy rights, and — on request — remove erroneous, irrelevant and/or outdated information about a private citizen. Google was not at all happy with the judgement, and kicked off a major lobbying effort against it — enlisting help from free speech champions like Wikipedia’s Jimmy Wales. But it also complied with the ruling, after a fashion (after all, it is EU law) — applying delistings on local domains but not across Google.com. Which means there’s a trivial workaround for circumventing EU law. That has displeased European data protection agencies — who say Google
Continue reading "Google back in court arguing against a global ‘right to be forgotten’"

Dozens of popular iPhone apps caught sending user location data to monetization firms

A group of security researchers say dozens of popular iPhone apps are quietly sharing the location data of “tens of millions of mobile devices” with third-party data monetization firms. Almost all require access to a user’s location data to work properly, like weather and fitness apps, but share that data often as a way to generate revenue for free-to-download apps. In many cases, the apps send precise locations and other sensitive, identifiable data “at all times, constantly,” and often with “little to no mention” that location data will be shared with third-parties, say security researchers at the GuardianApp project. “I believe people should be able to use any app they wish on their phone without fear that granting access to sensitive data may mean that this data will be quietly sent off to some entity who they do not know and do not have any desire to do business with,”
Continue reading "Dozens of popular iPhone apps caught sending user location data to monetization firms"

A top-tier app in Apple’s Mac App Store will steal your browser history

A popular top-tier app in Apple’s Mac App Store was found pilfering browser histories from anyone who downloads it. Yet still, at the time of writing, the rogue app — Adware Doctor — stands as the number one grossing paid app in the app store’s utilities categories. But Apple was warned weeks ago and did nothing to pull the app offline. As of publication, the app is still in the store. We’re not linking to it for that reason. Apple’s walled garden approach to Mac and iPhone security is almost entirely based on the inability to install apps outside the app store, which Apple monitors closely. While it’s not unheard of to hear of dangerous apps slipping into Google’s Play store, it’s nearly unheard of for Apple to face the same fate. Any app that doesn’t meet the company’s strict security and sometimes moral criteria will be rejected, and
Continue reading "A top-tier app in Apple’s Mac App Store will steal your browser history"

Former Facebook security chief says creating election chaos is still easy

As someone who’s had a years-long front-row seat to Russia’s efforts to influence U.S. politics, former Facebook Chief Security Officer Alex Stamos has a pretty solid read on what we can expect from the 2018 midterms. Stamos left the company last month to work on cybersecurity education at Stanford. “If there’s no foreign interference during the midterms, it’s not because we did a great job,” Stamos said in an interview with TechCrunch at Disrupt SF on Thursday. “It’s because our adversaries decided to [show] a little forbearance, which is unfortunate.” As Stamos sees it, there is an alternative reality in which the U.S. electorate would be better off heading into its next major nationwide voting day, but critical steps haven’t been taken. “As a society, we have not responded to the 2016 election in the way that would’ve been necessary to have a more trustworthy midterms,” he
Continue reading "Former Facebook security chief says creating election chaos is still easy"

Salesforce research: Yep, consumers are worried about their data

Recent headlines at TechCrunch and elsewhere have been filled with news about data breaches, data misuse and other data-related scandals. But has that actually affected how consumers think about their personal data? A new report from Salesforce Reserach sheds some light on this question. In a survey of 6,723 individuals globally, Salesforce found that 59 percent of of respondents believe their personal information is vulnerable to security breach, while 54 percent believe that the companies with that data don’t have their best interests in mind. Respondents also said that these feelings will affect their choices as consumers — for example, 86 percent said that if they trust a company, they’re more likely to share their experiences, and that number goes up to 91 percent among millennials and Gen Zers. The findings seem similar to (if more general than research from Pew showing that Americans have become more cautious and and
salesforce research chart
Continue reading "Salesforce research: Yep, consumers are worried about their data"

Tencent to tighten age verification checks for gamers amid government crackdown

Chinese Internet giant Tencent has announced it’s bringing in a new system of age checks to its video games which will be linked to a national public security database — in an effort to reliably identify minors so it can limit how long children can play its games. The new real name-based registration system will initially be mandated for new players of its popular Honour of Kings fantasy multiplayer role-playing battle game. It will be introduced around September 15, according to Reuters. Tencent said the planned ID verification system — which Bloomberg couches as equivalent to a police ID check — is the first of its kind in the Chinese gaming industry, and claimed it will enable it to accurately identify underaged players and impose existing play time restrictions. Last July Tencent said it would impose a playtime maximum of one hour per day for children up to aged 12,
Continue reading "Tencent to tighten age verification checks for gamers amid government crackdown"

Myki raises $4M Series A to decentralize identity management for enterprises

Myki, a startup based between Beirut and New York which offers both a consumer and enterprise identity management solution to store sensitive information offline, today announced at TechCrunch Disrupt in San Francisco that it’s raised a $4 million Series A to scale its operations. The round was led by Dubai-based VC BECO Capital with participation from Beirut-based LEAP Ventures and B&Y Venture Partners, all of which are returning investors. Myki plans to expand its U.S. operations with its “decentralised Identity Management” solution for enterprise. Priscilla Elora Sharuk, who co-founded the startup with Antoine Vincent Jabberer in 2015, said: “Online security and data privacy is not a privilege, it is a right, and that is why at Myki we empower our users with the tools to securely manage their digital identity.” Myki actually launched on the TechCrunch Disrupt Battlefield stage in September of 2016, and has since gone
Continue reading "Myki raises $4M Series A to decentralize identity management for enterprises"

Highlights from the Senate Intelligence hearing with Facebook and Twitter

Another day, another political grilling for social media platform giants. The Senate Intelligence Committee’s fourth hearing took place this morning, with Facebook COO Sheryl Sandberg and Twitter CEO Jack Dorsey present to take questions as U.S. lawmakers continue to probe how foreign influence operations are playing out on Internet platforms — and eye up potential future policy interventions.  During the session US lawmakers voiced concerns about “who owns” data they couched as “rapidly becoming me”. An uncomfortable conflation for platforms whose business is human surveillance. They also flagged the risk of more episodes of data manipulation intended to incite violence, such as has been seen in Myanmar — and Facebook especially was pressed to commit to having both a legal and moral obligation towards its users. The value of consumer data was also raised, with committee vice chair, Sen. Mark Warner, suggesting platforms should actively convey that value
Continue reading "Highlights from the Senate Intelligence hearing with Facebook and Twitter"

Uber gets better about safety with ride checks and address anonymization

On the heels of the rape and murder of a Didi ride-hailing passenger in China, Uber has announced some new features to ensure safety for both the passenger and the driver. The first is what Uber calls Ride Check, which activates if the driver’s smartphone senses a possible crash. Ride Check will also activate if the GPS sensor in the driver’s phone notices there’s an abnormally long or unexpected stop during the trip. “They can let us know through the app that all is well, or take other actions like using the emergency button or reporting the issue to Uber’s critical safety line,” Uber CEO Dara Khosrowshahi wrote in a blog post today. “We expect to expand this technology to additional scenarios in the future.” Additionally, Uber is no longer requiring drivers to fiddle with their phones at the beginning and end of the trip. Considering hands-free driving
Continue reading "Uber gets better about safety with ride checks and address anonymization"

AnchorFree, maker of Hotspot Shield, raises $295 million in new funding

AnchorFree, a maker of a popular virtual private networking app, has raised $295 million in a new round of funding, the company announced Wednesday. The Redwood City, Calif.-based app maker’s flagship app Hotspot Shield ranks as one of the most popular VPN apps on the market. The app, based on a freemium model, allows users across the world tunnel their internet connections through AnchorFree’s servers, which masks users’ browsing histories from their internet providers and allows those under oppressive regimes evade state-level censorship. The app has 650 million users in 190 countries, the company said, and also has a business-focused offering. The funding was led by WndrCo, a holding company focusing on consumer tech businesses, in addition to Accel Partners, 8VC, SignalFire, and Green Bay Ventures, among others. “The WndrCo team brings deep operational experience in launching and scaling global tech products, and we look forward to working closely with
Continue reading "AnchorFree, maker of Hotspot Shield, raises $295 million in new funding"

Google rebuked by Senate Intelligence Committee for not sending Page or Pichai to testify

Alphabet’s decision to decline to send its CEO Larry Page to today’s Senate Intelligence Committee hearing — to answer questions about what social media platforms are doing to thwart foreign influence operations intended to sow political division in the U.S. — has earned it a stinging rebuke from the committee’s vice chair, Sen. Mark Warner. “I’m deeply disappointed that Google – one of the most influential digital platforms in the world – chose not to send its own top corporate leadership to engage this committee,” said Warner in his opening remarks, after praising Facebook and Twitter for agreeing to send their COO and CEO respectively. Alphabet offered its SVP of global affairs and chief legal officer, Kent Walker, to testify in front of lawmakers but declined to send CEO Page or Google CEO Sundar Pichai . Committee chairman, Richard Burr, was slightly less stinging in his opening remarks but also professed himself
Continue reading "Google rebuked by Senate Intelligence Committee for not sending Page or Pichai to testify"

Facebook users becoming more cautious and critical, says Pew

Ahead of Facebook COO Sheryl Sandberg testifying before Congress later today, where she will be questioned alongside Twitter CEO Jack Dorsey as US lawmakers wrestle with how to regulate social media platforms (and even just to get bums on seats, given Google’s Larry Page declined to attend), the Pew Research Center has published new research suggesting Americans have become more cautious and critical in their use of Facebook over the past year. It’s certainly been a year of scandals for the social media behemoth, which started 2018 already on the back foot already in the wake of Kremlin-backed election interference revelations — and with Mark Zuckerberg saying his annual personal mission for the new year would be the embarrassingly unfun challenge of “fixing Facebook”. Since then things have only got worse, with a major global scandal kicking off in March after fresh revelations about the Cambridge Analytica data misuse sandal
Continue reading "Facebook users becoming more cautious and critical, says Pew"