Security News

The Ministry of Defence has published a data strategy that calls on the British armed forces to make better use of its "Enduring strategic asset" - by spying on social media and dobbing in dissenters to local councils. In a move bound to fuel tinfoil hat-wearing conspiracy theorists, the MoD's Data Strategy for Defence document [PDF] published this week says the military ought to be carrying out "Automated scanning of social media platforms" to detect "Change in population sentiment."

The FinSpy surveillance kit has been driven from its hiding place following an eight-month investigation by Kaspersky researchers. One day researchers stumbled across a Burmese-language website that hosted both the trojanized installers as well as samples of FinSpy for Android.

Network-attached storage maker QNAP has patched its QVR video management system against two critical-severity issues that could be exploited to run arbitrary commands. QNAP promotes its QVR software as a professional solution that allows real-time video monitoring, recording, playback, and alarm notifications when coupled with supported IP cameras.

Drivers working for Amazon Delivery Service Partners are increasingly under constant surveillance for safe driving, monitored by artificial intelligence which awards them a score and generates voice reminders for safe driving. Drivers who spoke to Vice's Motherboard complained the tech is too sensitive, often wrong and making their jobs miserable - and not to mention, taking money out of their paycheck.

More details about a now-patched vulnerability in Comcast's XR11 voice remotes have emerged, which would have made it easy for a threat actor to intercept radio frequency communications between the remote and the set-top box, effectively turning the remote into a surveillance device. The XR11 remotes are some of the most common around, with more than 18 million scattered across homes in the U.S. A man-in-the-middle attack conducted by researchers at Guardicore, dubbed "WarezTheRemote," allowed the team to listen in on conversations from up to 65 feet away.

FTC has banned stalkerware maker Spyfone and CEO Scott Zuckerman from the surveillance business after failing to protect customers' devices from hackers and sharing info on their location and activity. "Today, the Federal Trade Commission banned SpyFone and its CEO Scott Zuckerman from the surveillance business over allegations that the stalkerware app company secretly harvested and shared data on people's physical movements, phone use, and online activities through a hidden device hack," the FTC said today.

Surveillance tech company sues Police Digital Service over 'flawed' scoring of bids on £18m contract
A company is suing the Police Digital Service over a framework worth up to £18m after losing a bid to provide a mass surveillance platform, claiming police managers broke laws on the awarding of public contracts. Excession Technologies Ltd is suing the organisation formerly known as the Police ICT Company on the grounds that it broke the Defence and Security Public Contracts Regulations after allegedly misunderstanding Excession's platform was capable of doing.

Vice has an article about how data brokers sell access to the Internet backbone. It's useful for cybersecurity forensics, but can also be used for things like tracing VPN activity.

The China-based surveillance equipment manufacturer accused of being linked to the human rights abuse of the Uyghur ethnic minority in Xinjiang has denied any wrongdoing in a heated exchange with the UK's Surveillance Camera Commissioner. Eye-catchingly, Hikvision's denials came in a series of letters published by Surveillance Camera Commissioner Professor Fraser Sampson on the GOV.UK website.

Operated by Chinese smart device company ThroughTek, Kalay is pitched as a cloud-based solution for vendors of home automation devices, including security cameras, smart locks, video doorphones, smart power plugs, and even personal cloud storage hardware such as NAS devices. As you can see, the idea is that instead of creating their own protocol, setting up their own servers and building their own home automation service, home device makers can build the Kalay software into their own firmware, and use the existing Kalay network so their customers can manage and access the devices.