Apple, a company that prides itself on customer privacy, seems to have been caught with it’s privacy pants down around it’s ankles. It’s collecting user location data when it’s preaching to it’s customers that it’s better than everyone else.
Security researcher Brian Krebs has discovered Apple’s current flagship, the iPhone 11 Pro, continues to share a location data even after the functionality was turned off in iOS 13.
Kerbs on Security »
Apple’s response to Kerbs »
“We do not see any actual security implications,” an Apple engineer wrote in a response to KrebsOnSecurity. “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings” [emphasis added].
Read Brian Krebs’ whole post »
More » The Mac Observer, SiliconAngle, The Next Web, Fast Company, CNET, TechSpot, The Inquirer
They’ve come a long way from the early days of “Don’t be evil”
With Alphabet now well-established, and Google and the Other Bets operating effectively as independent companies, it’s the natural time to simplify our management structure. We’ve never been ones to hold on to management roles when we think there’s a better way to run the company. And Alphabet and Google no longer need two CEOs and a President. Going forward, Sundar will be the CEO of both Google and Alphabet. He will be the executive responsible and accountable for leading Google, and managing Alphabet’s investment in our portfolio of Other Bets. We are deeply committed to Google and Alphabet for the long term, and will remain actively involved as Board members, shareholders and co-founders. In addition, we plan to continue talking with Sundar regularly, especially on topics we’re passionate about!
Read » A letter from Larry and Sergey
NYTimes » How Google’s Founders Slowly Stepped Away From Their Company
The Verge » The rise, disappearance, and retirement of Google co-founders Larry Page and Sergey Brin
ABC News, Seeking Alpha, CNet, Reuters, Axios, The Inquirer
What makes this announcement unique, Plex has structured its deals with studios and other copyrights holders to stream content to, reportedly, over 200 countries.
More » 9to5Mac, MacRumors, Android Authority, The Verge, iPhone in Canada Blog, Mobile Syrup, TechSpot, SlashGear
The Amazon Ring doorbell comes packaged with many security and privacy concerns. And Amazon makes it awfully easy for the local police to violate people’s privacy.
Alfred Ng, writing for CNet »
For more than a year, police departments partnered with Amazon’s Ring unit had access to a map showing where its video doorbells were installed, down to the street they were on, public documents revealed. So while Ring said it didn’t provide police with addresses for the devices, a feature in the map tool let them get extremely close. The feature was removed in July.
The heat maps feature was one of several surveillance tools that Ring told police “should not be shared with the public.” The first Ring police partnership listed started in March 2018, and the video doorbell company had at least 335 police partners by the time it disabled the feature, records show.
Ring, which Amazon purchased for $839 million in February 2018, has now partnered with up to 631 law enforcement agencies in the US, creating a public surveillance tool for police departments through its video doorbells.
Read the whole article on CNet »
» Shreyas Gandlur’s Amazon Ring Video Doorbell Documents
Shreyas Gandlur » Privacy researcher and Student at the University of Illinois at Urbana-Champaign
More » Engadget, Vox, Vice
All versions of Android are at risk and all of the top 500 most popular Android apps are vulnerable.
Zeljka Zorz, writing in HelpNetSecurity »
Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app security company has warned.
“StrandHogg is unique because it enables sophisticated attacks without the need for the device to be rooted. To carry out attacks, the attacker doesn’t need any special permissions on the device. The vulnerability also allows an attacker to masquerade as nearly any app in a highly believable manner,” they noted.
StrandHogg allows attackers to show to users fake login screens and ask for all types of permissions that may ultimately allow them to:
- Read and send SMS messages (including those delivering second authentication factors)
- Phish login credentials
- Make and record phone conversations
- Listen to the user through the microphone
- Take photos through the device’s camera
- Get access to photos, files on the device, location and GPS information,the contacts list, phone logs, etc.
Read the whole article on HelpNetSecurity »
More » The Hacker News, Security Affairs, Security Week, ZDNet
Zack Whittaker, via TechCrunch »
U.S. citizens and lawful permanent residents — also known as green card holders — have been exempt from these checks, the existing rules say.
Now, the proposed rule change to include citizens has drawn ire from one of the largest civil liberties groups in the country.
“Time and again, the government told the public and members of Congress that U.S. citizens would not be required to submit to this intrusive surveillance technology as a condition of traveling,” said Jay Stanley, a senior policy analyst at the American Civil Liberties Union .
“This new notice suggests that the government is reneging on what was already an insufficient promise,” he said.
Read the whole article on TechCrunch »
More » CNN via The Mercury News
Antitrust regulators in the European Union are investigating Google’s data collection practices, according to “exclusive” reporting at Reuters.
Over the last couple of years, European Competition Commissioner Margrethe Vestager has handed down fines totalling more than €8 billion (~ C$11 billion) to Google and ordered it to change its business ways.
Foo Yun Chee, writing for Reuters »
“The Commission has sent out questionnaires as part of a preliminary investigation into Google’s practices relating to Google’s collection and use of data. The preliminary investigation is ongoing,” the EU regulator told Reuters in an email.
Read the whole article on the Reuters web site »
More » The Guardian, CNN, International Business Times, Business Insider, The Mercury News