Cyberlaw

The Google Pixel 4's Soli Radar feature is authorized for use in only certain geographies as it uses the 60 GHz frequency band. Those wanting to use the Motion Sense features can now do so irrespective of the region by taking advantage of a hidden debug feature. However, this requires unlocking the bootloader and enabling root access.

Popular video app TikTok was purchased by Chinese company ByteDance Technology Co. in 2017 and has since accumulated over 500 million active users. However, ByteDance has recently been placed under investigation by the Committee on Foreign Investment in the United States (CFIUS) over concerns over its handling of the personal data of its 25 million American users as well as its apparent censorship over content incongruent with the Chinese state's version of reality, including strife in Hong Kong and pro-LGBT content.

Wandera, a security research firm, has found malware in 17 apps on the Apple App Store. The apps use a clicker trojan module to generate fraudulent web traffic in the background, likely to pump up ad revenue for specific websites. The apps passed through Apple's stringent review process because they connected to a remote server to execute the fraudulent activity rather than having malware embedded directly in their code.

Lilu (also known as Lilocked) is a relatively new ransomware that is specifically targeting Linux servers. The ransomware has been infecting systems since mid-July and has so far attacked at least 6700 systems. Lilu targets specific file types (like HTML, PHP, and image files) and alters their file extension to ".lilocked." The ransomware also leaves a note instructing affected users to access an Onion site and pay either 0.03 BTC or US $325 to decrypt file affected files.

An oversight by Apple caused an old security bug to be reintroduced with iOS 12.4. While the bug had been patched in iOS 12.3, the exploit is present in the latest operating system from Apple and can be used for jailbreaking on compatible devices. On the flip side, the security hole presents new risks; the bug can be used by malicious parties to hack into an iPhone or iPad running 12.4.

The Samsung Galaxy Note 10 phones were released almost two weeks ago but before then, they were preceded by an incessant in-flow of leaks and rumors. Here. we review those leaks to see which ones turned out to be true or, well, utter tripe.

According to employees familiar with the practice, Facebook has been hiring outside contractors to listen to and transcribe user audio. While Facebook claims the transcriptions were done to improve the voice-to-text transcription features of its Messenger app, the company's data use policy makes no mention of humans listening to or transcribing audio.

A new report by security experts at Check Point Research demonstrates a glaring vulnerability in modern DSLR cameras: Photo Transfer Protocol. Worse yet, the researchers were able to exploit vulnerabilities in PTP/IP, which transfers photos from a DSLR to a computer wirelessly. This allowed the researchers to infect a nearby DSLR wirelessly and encrypt all of the camera's photos.

iOS 13 will bring a few new features to iPhones upon its release later this year, several of which are focused on protecting user privacy. One such update will block background processes from collecting user data, something that several messaging apps like WhatsApp Facebook Messenger apparently rely on for receiving VoIP calls.

A new publication by Microsoft's Threat Intelligence Center points out an increasingly popular avenue used for cyber attacks: the Internet of Things (IoT). The publication states that researchers discovered a new attack that exploited vulnerabilities in simple IoT devices like a printer and a VOIP phone to access an enterprise network.

The European Competition Commission has fined Qualcomm €242 million after it found evidence that the largest US smartphone chip maker has indulged in practices that prevented companies such as Icera from effectively competing in making 3G UMTS baseband chipsets between 2009 and 2011. Qualcomm, on its part, has refuted the allegations and said that it would appeal against the ECC ruling.

DuckDuckGo, the privacy-focused search engine, has added a few new features to its mapping service. These include improved local searches, support for a Dark Mode, and more. The features were added through Apple's MapKit JS framework, which DuckDuckGo started using in January of this year. DuckDuckGo stated that it remains committed to protecting user privacy and has put into place practices to prevent the sharing of personal information with Apple Maps or any other service.

WhatsApp and Telegram are popular secure messaging apps that feature end-to-end encryption to keep messages safe. Even still, the apps have a glaring backdoor that could allow attackers to alter media files sent through the apps. Both apps can store media to publicly accessible file directories, which leaves them vulnerable to manipulation.

As impressive as it may be, the US$5 billion fine that Facebook could be subjected to — after the review of this settlement by the Department of Justice — only accounts for 9 percent of the revenue obtained by the company in 2018. According to some senators and Congress members, this is not enough to get Facebook back in line.

The Belgian news outlet VRT NWS claims to have gained access to audio recordings made as a result of Google Assistant 'listening' to user speech or activity. The recordings were leaked to VRT by a Google subcontractor. This apparent evidence suggests that the search giant allows these workers access to information that would have remained private were it not for the presence of the Assistant.

Kali Linux is now compatible with the Raspberry Pi 4. Currently, the distro is only available as a 32-bit OS, but Offensive Security is planning on releasing a 64-bit version soon. In the meantime, security aficionados who have a spare Raspberry Pi 4 lying around can head over to the Kali Linux site and download the distro image.

An industrial consultant firm, Grail Insights, has released the results of a survey-based study on public attitudes towards 'big tech' companies, their effects on consumer privacy and the role national authorities should adopt in the matter. They show that 62% of respondents believe that the government needs to step in when these corporations gain "too much power".

The trade restrictions that Japan has just announced will make it harder for companies such as Samsung and LG to buy various materials used in both chips and smartphones. The list of these materials includes resist, hydrogen fluoride, and fluorinated polyimide. Starting July 4, local companies will need the government's approval to export such materials to South Korea.

A leading cyber-security firm has uncovered a brazen Chinese-affiliated 7-year-long attack against telecommunications companies across the globe, compromising Call Detail Records (CDRs) and allowing collection of call meta-data for intelligence actions against targets.

According to a U.S. Office of Inspector General report published Tuesday, a cyberattack on NASA's Jet Propulsion Laboratory in April 2018 was due to a severe lack of security oversight. The attack was made possible via an unauthorized Raspberry Pi that was connected to JPL's network without any knowledge of the security team. Additionally, a lack of proper network segmentation allowed the hackers to access NASA's Deep Space Network, which is responsible for managing interplanetary missions.

Microsoft 365 for Campaigns is a new service intended to safeguard election campaigns from bad actors of various kinds. It is part of the Redmond company's Defending Democracy Program, and offers enterprise-level security to those covered by its subscriptions. Currently, it is available for US$5 per user per month.

Although ZTE is also affected by various bans similar to those imposed by the US on Huawei, this Chinese brand seems to be doing all right in Spain. Yesterday, Orange and its Chinese partner have shown various 5G applications at the Global 5G Event and the European Conference on Networks and Communications (EuCNC) in Valencia.

The Samsung NC10-14GB netbook that was sold at an auction for a staggering US$1,345,000 is a 2008 model that runs Windows XP SP3 and comes loaded with 6 pieces of malware that have caused damages of over US$95 billion, namely ILOVEYOU, MyDoom, SoBig, WannaCry, BlackEnergy, and DarkTequila.

Despite massive business embargoes levied against it by the United States Government, Huawei seems to be rolling along. The Chinese company has reportedly shipped one million smartphones running its custom HongMeng OS to testers through China and Asia. The OS is slated for public release this fall.

ARM's recent announcement to cut ties with Huawei may leave the Chinese dragon in a lurch. While Huawei manufactures its own custom processors, they are built on ARM's architecture. Should ARM revoke Huawei's ability to use this architecture, Huawei has few options outside of developing its own CPU architecture to continue its electronics business.

A recent survey run by Blind shed some light on what various tech employees think of Apple and the App Store. Apple's own employees largely believe the company doesn't hold a monopoly on iOS app distribution, but other companies (namely Qualcomm and Spotify) believe that Apple's App Store constitutes a monopoly. The survey comes as a response to a recent Supreme Court ruling upholding the validity of a lawsuit filed against Apple for monopolistic practices.

A recently discovered hack has exposed the personal contact information of millions of Instagram users, including some prominent influencers and celebrities. The hackers attacked an Amazon Web Services-hosted database owned by Chtrbox, a Mumbai-based marketing firm. Chtrbox had built out the database to broaden their network of potential contract marketers on Instagram. The worst part? The database didn't even have a password.

Given the trouble that Huawei has been having lately, it is not surprising to find out that the Chinese giant is already working on a Google Android replacement. Media reports confirm that HongMeng OS is in the trial phase already and if the Android ban stays in place, this will become the firmware of choice for new Huawei handsets.

A flaw discovered in Google's Bluetooth Low Energy Titan Security Keys leaves a hole open for potential attackers. Under certain circumstances and with proper timing, an attacker could potentially hijack the Bluetooth pairing process used by the Titan to log into a user's account. Google has offered to replace affected Titan Security Keys free of charge.

The legal battle between Samsung and Huawei that involves multiple patent infringement cases seems to be finally reaching its end — at least for the time being. After settling their lawsuits in the US earlier this year, the two tech giants are now burying the hatchet in China as well, according to the local press.

A flaw in Intel's modern CPU architectures can be used in a new attack. Dubbed "ZombieLoad," the vulnerability is similar to the Spectre and Meltdown bugs that haunted the PC market last year. ZombieLoad uses a similar flaw in Intel CPUs' speculative execution processes to access and leak data, including passwords, keys, and sensitive data.

The HDMI Licensing Administrator, Inc. has sent a DMCA takedown notice to GitHubber 'Glenwing' for posting detailed specifications of all versions of the HDMI standard, which are apparently copyrighted and confidential, on his personal GitHub page. Glenwing claims that he only used publicly available documents to educate people on the capabilities of HDMI and not for any malicious intent.

Microsoft has unveiled ElectionGuard, a software development kit (SDK) intended to make e-voting technology more secure. This open-source, encryption-enabled kit is intended to improve the polling systems to which it is applied. It will become available to polling officials via GitHub from the summer of 2019.

Following up on a promise to combat cheating in Apex Legends more than ever, developer Respawn announced in a blot post today that the company has banned over 770,000 players for cheating so far. The company also banned over 4,000 spam accounts in the past 20 days alone.

Six apps from Chinese developer DO Global have been found to secretly collect user data and send it to Chinese servers. While these apps have now been removed, this issue has once again turned a spotlight on a serious privacy problem that continues to plague the Google Play Store: unwarranted app permissions.

The security analyst responsible for dismantling the WannaCry malware that crippled tens of thousands of computer systems (including many used in government services) pleaded guilty to two counts of writing malware used in banking attacks. Marcus Hutchins, who discovered the kill-switch that finally resolved WannaCry, will face up to 10 years in jail and up to $500,000 in fines.

A new series by the New York Times investigating privacy has uncovered a Google database known internally as SensorVault. Police have been able to access the database to help identify suspects based on their movements recorded in SensorVault.

Julian Assange has finally been arrested after spending seven years at the Ecuadorian embassy in London. The founder of WikiLeaks has been arrested for breaching bail conditions relating to allegations of rape and sexual assault in Sweden and for his part in WikiLeaks publishing material supplied by Chelsea Manning in 2010. Assange could face up to five years imprisonment in the US.

In a new partnership announced today, Purism and Private Internet Access (PIA) have announced that the companies will develop a specialized VPN service for the Librem 13 and Librem 15 laptops as well as the Librem 5 smartphone. The VPN will be backed into PureOS and the Librem 5 out-of-the-box and aims to continue both Purism's and PIA's mission of protecting user data and privacy.

Office Depot, Inc. and Support.com, Inc. have agreed to pay a combined total of US$35 million to the US Federal Trade Commission (FTC) after being accused of tricking customers into paying for unnecessary computer repair services. Support.com has been involved in a similar scareware scandal before, in conjunction with AOL’s Computer Checkup service.

In response to the massive media attention around Operation ShadowHammer yesterday, Asus has released a fix for the affected software (Asus Live Update Utility) to patch the security holes used in the attack. The company also released a tool that allows users to check their systems for any traces of the malware. Links to both the online tool and instructions on updating the Live Update Utility are included below.

Kaspersky Labs earlier today wrote about an attack they discovered in January that compromised Asus' Live Update Utility. The attack affected 57,000 Kaspersky customers and may have hit as many as 500,000 computers around the world. Dubbed "Operation ShadowHammer," the attack injected a Trojan into the Live Update Utility and used authentic Asus software certificates to install itself onto targeted systems.

Some users of the Nokia 7 Plus have reported that their phones are sending data to Chinese servers without permission, a direct violation of GDPR laws. This data includes IMEI's, serial numbers, and location, all of which are considered personal data and can be used to track and identify users. HMD Global has confirmed the claims.

Due to a security oversight made by some Facebook employees, certain Facebook apps have been inadvertently logging user passwords as plain text on internal company servers. While still secured against outside intrusion, between 200 and 600 million user passwords were visible and searchable by about 20,000 employees at Facebook.

There have always been rumors that Huawei was working on its own OS. Those have now been confirmed by the company, with Huawei CEO Richard Yu affirming that the Chinese monolith has a working mobile OS all geared up and ready to go, just in case.

The US Department of Justice, in conjunction with the US Attorney’s Office for the Southern District of New York, has announced the arrest of Konstantin Ignatov, the so-called “leader” of the supposedly fraudulent OneCoin cryptocurrency. Ignatov has been detained on a charge of wire fraud, and he is accused of cheating investors out of billions of dollars.

Ghidra, the NSA's own reverse-engineering software, is now open source and freely available for download. The Agency voluntarily open-sourced the decompiler in an effort to benefit the cybersecurity community. Ghidra is a software decompiler that allows users to more easily see how a computer executes a program and is finely-tuned to be more user-friendly.

The Canadian government has moved ahead with extradition proceedings in regard to the case of Meng Wanzhou, the CFO of Huawei. The executive will be back in court on March 6 to find out the date for her extradition hearing. The news will undoubtedly infuriate the Chinese government, which has been insisting on Meng Wanzhou’s release.

A popular dating app, Coffee Meets Bagel, has revealed that it has suffered from a major data breach. Apparently, over 6.1 million accounts were affected by the hacks, which took place in late 2017 and again in May 2018. Coffee Meets Bagel users were informed of the cyber attack on the worst day possible for those looking for love: Valentine’s Day.

Vox Media, the parent company of tech news outlet The Verge, has issued multiple copyright claims on videos criticizing its widely maligned PC building tutorial video. Using YouTube's copyright claim system, Vox lodged copyright strikes against several different channels that made criticism or parody videos of the tutorial. YouTube issued a copyright strike against some of the channels in question before reversing the decision, citing fair use under the DMCA.