Security News

As the coronavirus pandemic accelerates, authorities worldwide are plotting ways to flatten the curve of infection rates using potentially privacy-busting measures such as phone tracking, facial recognition and other tech. In this Threatpost poll, we want your take on whether sacrificing personal privacy for the public good is worth it.

Authorities in the United States and Israel are eyeing ways to use mobile-phone and other location-based data to help control the spread of the new coronavirus COVID-19, raising serious privacy concerns about the practice of using and sharing people's personal data during the time of a global health crisis. The government is mulling this potential compiling of people's personal and location-specific data with the purpose of mapping the spread of infection and using this knowledge to provide solutions to the problem, according to the report.

As many of our federal agencies have already recognized, TikTok is a major security risk to the United States, and it has no place on government devices. TikTok has tried to soothe US fears about censorship and national security risks, including a reported plan to spin TikTok off from its parent company.

US carriers haven't been doing enough to block robocalls, according to the Federal Communications Commission, so its chairman, Ajit Pai, has proposed a set of rules that would force carriers to block robocalls. In November 2018, Pai asked the phone carriers to adopt a technology framework called SHAKEN/STIR to help solve the problem.

Garrison is using ARM processor chips to create a hardware defense against data breaches and malware. Instead of relying on endpoint protection or user training to improve security, the UK-based security company Garrison wants to use hardware to prevent malware infections and data breaches.

Always stay alert to potential security attacks on mobile devices. Aaron Turner, president and chief security officer of Highside, a distributed identity and secure collaboration technology company, said hardened Android devices are preferred over iOS devices, because iOS devices rely on a single-point-of-failure security model and don't allow users to select which encryption roots their device trusts.

Voice commands encoded in ultrasonic waves can, best case scenario, silently activate a phone's digital assistant, and order it to do stuff like read out text messages and make phone calls, we're told. In the video demo below, a handset placed on a table wakes up after the voice assistant is activated by inaudible ultrasonic waves.

Microsoft has a neat web page that helps you get Outlook set up on your phone. Just like Italian security researcher Luca Epifanio, our first thought was, "What if someone decides to put in someone else's phone number and then spam them over and over and over again?".

An eavesdropper doesn't have to be logged into the target device's wireless network to exploit KrØØk. If successful, the miscreant can take repeated snapshots of the device's wireless traffic as if it were on an open and insecure Wi-Fi. These snapshots may contain things like URLs of requested websites, personal information in transit, and so on. When these disassociation packets are received, vulnerable Wi-Fi controllers - made by Broadcom and Cypress, and used in countless computers and gadgets - will overwrite the shared encryption key with the value zero.

The controversial surveillance program that gave the NSA access to the phone call records of millions of Americans has cost US taxpayers $100m - and resulted in just one useful lead over four years. It is perhaps no wonder that the NSA and the FBI has spent years stalling and refusing to hand over any information about the program.