Search This Blog

Showing posts with label Privacy. Show all posts

South Korea Fines Facebook For Sharing Data Without User Consent


South Korea fines social networking giant Facebook for 6.7 billion Won (around $6 million) for sharing user data without their consent. According to PIPC (Personal Information Protection Commission), Facebook has a total userbase of around 18 million users in South Korea. It says FB shared user data of 3.3 million users to third-party companies without user consent. The incident happened from May 2012 to June 2018. Also, PIPC says that it will charge a criminal complaint against the company for violating "personal information laws." 

The shared information includes user names, academic background, work profile, relationship status, and home addresses. The users logged into other third-party apps using their FB credentials but without giving any permission to access personal information. Nonetheless, FB shared its data with the third-party apps the users were using. 

The issue came to notice when a FB user shared their data with a service while logging in with the FB account, but the user's friends didn't, however, unaware that their FB data was also shared. Following the incident, these third-party apps used Facebook's provided information to show customized ads on social media users' profiles. 

According to PIPC, with no user permission, Facebook provided user data to third-party companies and made monetary profits. PIPC also charges FB to store login credentials (with no encryption) without user knowledge and not notify the users while accessing their data. Besides this, it claims that Facebook presented fake and incomplete documents while the legal investigation was ongoing, instead of providing the real documents. 

It affected the inquiry's credibility and caused difficulties in assessing FB's clear violations of rules and laws. For this misdoing, FB was charged for an extra 66 million won. 

The company Facebook, however, claims that it provided full cooperation during PIPC's investigation. FB find PIPC's complaint regrettable; however, it will respond after the commission takes its final decision. 

"The investigation against the US tech giant started in 2018 by the Korea Communication Commission, the country's telecommunication regulator, in the wake of the Cambridge Analytica scandal. The regulator handed the case to PIPC," reports ZDNet.

White House Declares Guidelines to U.S Federal Agencies for AI Applications

The U.S White House has issued guidelines to the U.S federal agencies regarding the AI (Artificial Intelligence) applications produced in the U.S. According to the Director of the Office of Management and Budget (OMB), the notice inspects policies that will overlook a limit allowed by legislation, non-regulatory and regulatory plans to AI apps made and used outside the U.S federal agencies. These OMB guidelines appear after almost two years when the former U.S President Donald Trump signed an executive order for fast-track expansion of Artificial Intelligence in the United States. 

When signing the executive order, President Trump emphasized that it would overlook the launch and ensure that the U.S resources are spent in developing the AI locally. As per the guidelines, the aim is to assure that organizations won't bring out rules or regulations that may restrict AI's growth and innovation. The guidelines also ask agencies to point out challenging, difficult, or other state laws that may affect the launch of AI in the national market. OMB has issued ten principles that federal agencies can use while implementing AI applications. 

The principles were first brought out as a part of the draft memorandum during the start of 2020. The principles include creating a trust for AI among the people with ensuring the privacy and safety of AI users, promote public participation in the application of AI, provide scientific data and information to the public, assuring risk assessment measures accross various agencies, profit maximization while implementing the AI, aim for ways to AI that won't affect the innovation, technology must be safe and reliable, user transparency, promotion of a safe AI system that is secure and companies must share their experience with the AI. 

The White House memo says, "given that many AI applications do not necessarily raise novel issues, the following principles also reflect longstanding Federal regulatory principles and practices that are relevant to promoting the innovative use of AI. Promoting innovation and the growth of AI is a high priority of the U.S. government. Fostering AI innovation and growth through forbearing from new regulation may be appropriate in some cases."

Russian expert told how to figure out surveillance via a webcam

 It is becoming more and more difficult to find out whether you are being followed through a webcam. According to Arseny Shcheltsin, General Director of Digital Platforms, earlier it was used by a special indicator, which showed whether the camera is recording, but now it’s easy to bypass this device.

"The most characteristic signs of tracking are the “freezing” of the computer or phone only when there is an Internet connection, or immediately after switching on,” explained the specialist.

As Shcheltsin noted, the appearance of unknown programs on the device that significantly "slow down" its work should also be alerted. One of the most obvious confirmations that a person is being spied on through a webcam is its spontaneous activation, but today, as the expert clarified, the burning icon near the device's camera may not light up, while it will record what is happening around.

The expert noted that it is worth paying attention to where the potential use of the camera can harm its owner. For example, it is better not to use the phone where the person is not fully dressed — in the locker room, bathroom, etc.

It is also important to keep your computer's antivirus software up-to-date. They should be updated as a new version is released.

Previously, Mr. Shcheltsin reported that intelligence services of various countries are using backdoors to spy on people around the world through Smart TVs.

U.S Elections: Spammers Use Fake Voter Registration Forms To Steal User Data and Banking Credentials

 

As the U.S. presidential elections are approaching, the hacking and spamming attacks related to it are rising. In a similar incident, hackers use fake voter registration forms to steal data of the users who access the fake government sites. The voter registration links work as bait, and if the user clicks it, he is redirected to a fake government website. The hacker then steals personal user data, along with banking credentials sometimes. 

"Whatever the intent behind this particular phishing attack, it should serve as a reminder that human beings -- users, employees, citizens, and voters -- are "soft targets" for malicious actors. This is especially true in turbulent times such as the present -- when fear, confusion, and doubt are surging in the run-up to a historic election that happens to fall in the middle of a catastrophic pandemic," says KnowBe4. These phishing campaigns started in September and are still active. 

Cybersecurity firms KnowBe4 and Proofpoint identified the attacks; they say that these attacks are trying to undermine the U.S. government agency's credibility (U.S. Election Assistance Commission (EAC), which is responsible for generating the voter list. The phishing emails have a simple subject line, and it works because citizens feel that they might be left out from the voting list. The phishing campaign uses hacked WordPress websites to host fake websites operated for luring the users. The sites contain incorrect URLs, and if the user fails to notice it, his data can be susceptible to hackers. According to experts, the hackers use a simple template for phishing attacks, and the fake website looks exactly as same as the original government website. 

According to Proofpoint, these spammers have become more aggressive in their recent attacks. They have changed their strategies and now ask for user's data and along with his banking credentials. "Now, as the U.S. election draws closer, many individuals are confirming their voter registration status. Using messages that suggest voter registration is invalid drives user urgency and uncertainty in an election season. We observed the last news from this actor using voter registration themes sent on October 7, 2020. This suggests that the actor may have already shifted to another type of lure," says Proofpoint.

Spying Malware Attacks Activists and Civil Societies in Egypt


Spying malware "FinSpy" has come back again in Egypt. This time in new campaigns is attacking activists and protestor organizations. Cyber experts have found evidence that the malware is attacking Linus and macOS users. In earlier campaigns, the spyware used to attack Android, Windows, and iOS users. But now, according to researchers, these campaigns are using malware that attacks Linux and macOS systems. FinSpy is a spying malware used for monitoring and surveillance purposes. According to the findings by Amnesty International, the new malware variants can record target's calls, control audio, and video, monitor chats and steal personal data. Law enforcement agencies and government has been using this software since 2011. But in recent findings, the experts identified new variants of the spyware operating since October 2019. The sample "PDF" targets Linux, and the sample "Jabuka.app" targets macOS users; both the samples are FinSpy variants. Researchers announced the samples to the public last week.

According to Amnesty International, "In September 2019, Amnesty International discovered samples of FinFisher's spyware distributed by malicious infrastructure tied to the attacker group, commonly known as NilePhish. Likely to be state-sponsored, these attacks took place amid an unprecedented crackdown on independent civil society and critical voices. Over the years, numerous research reports, including Amnesty International, detailed NilePhish's campaigns of targeting Egyptian civil society organizations." 

About FinSpy 

Enforcement agencies and the government has been using FinSpy since 2011. But through the years, experts have noticed that the spyware has become more creative in its approaches. Amnesty International had published a report in 2019. It covered how phishing campaigns in Egypt were targeting Human Rights organizations, activists, civil societies, and protestor organizations. The campaign was operated by a hacking group called "NilePhish." 

Amnesty reports, "the attacks all bear the same hallmarks and appear to be part of a coordinated campaign to spy on, harass and intimidate their targets." Kaspersky, in 2019, reported that it had observed new variants of spying malware working in Myanmar. Experts say that the new malware variant has infected over a dozen of Android and iOS devices.

Facebook Bans Suspicious Russian Accounts, Says Russian Spy Intelligence Interfering With U.S Presidential Election


Social networking giant Facebook says it terminated three fake account networks that could have been working for Russian intelligence. The intelligence, according to FB, might be leaking suspicious documents before the U.S presidential elections. According to FB, the suspended accounts contained fake users and identities and were suspended for 'coordinated inauthentic behavior.' The company associated all these accounts to Russian intelligence and hackers linked to St. Petersburg organization based in Russia.

The U.S officials accuse the group of meddling with the 2016 U.S presidential elections and votes. As per now, the Russian authorities haven't responded to these allegations. Neither did the Russian foreign aid ministry when asked for the comment regarding the issue. Since the beginning of its rivalry with the U.S, it is common knowledge that Russia has always denied allegations of interference in the U.S. According to Russia, the country doesn't meddle with the domestic policies of the U.S, and it has nothing to do with the presidential elections.
There was no solid proof whether the fake accounts leaked the hacked documents, but suspending these accounts helped us prevent any future leak, says Nathaniel Gleicher, head of security, Facebook. "Our team watches for the threats and trends that we need to be ready for, and one that we are very aware of ... is a hack-and-leak operation, particularly in the next 6-8 weeks. We want to make sure that the accounts are down to prevent their ability to pivot them to facilitate a hack-and-leak around the U.S. election," told Nathaniel to Reuters. 

Reuters reports, "Facebook said the networks were small with only a handful of accounts on its website and photo-sharing service Instagram, some of which posed as independent media outlets and think tanks. The accounts had a combined total of around 97,000 followers. While some of the activity did target audiences in Britain and the United States, the networks were predominantly focused on countries in the Middle East and bordering Russia, such as Syria, Turkey, Ukraine, and Belarus, Facebook said."

Russia is planning to create a working group to protect the digital rights of citizens

The Presidential Council for the Development of Civil Society and Human Rights is planning to create a working group. Its specialists will protect the digital rights of Russians

In Russia, a group will be created whose task will be to protect the digital rights of citizens. This was announced by the head of the Presidential Council for the Development of Civil Society and Human Rights Valery Fadeev.

Members of the working group will try to understand how to minimize the damage from progress in the field of IT technologies, he explained.

According to him, the process of digitalization has not only a positive impact but also a negative one. "Digitalization cannot be stopped, progress, of course, cannot be stopped. As with any powerful technological or technical process, there are always various negative sides, negative aspects, and they accumulate, “ said Fadeev at the round table "Digital threats to human rights".

Negative examples include bullying on social networks and surveillance of people through city surveillance cameras.

"Today there was a message in the media that Anna Kuznetsova filed a lawsuit. The girl conducted an experiment – she bought online from someone for 16 thousand rubles ($213) information about where she was last month, providing her photo. Two days later, she received information from Moscow cameras,” said Mr. Fadeev.

Examples like these show that there is a security problem in the digitalization space. People are no longer protected and cybercriminals take advantage of this. Another problem is a fraud, which has begun to actively manifest itself on the network. Therefore, the main task of the working group is to understand how to minimize the damage from progress in the field of IT technologies.

American IT-businessman of Russian origin says Durov gave data of Telegram to Kremlin

The founder of Telegram Pavel Durov  gave the messenger with the data of all users to the Kremlin because the messenger became an unbearable financial burden, the costs of which exceeded $2-3 million a month, said an American IT businessman of Russian origin, the head of Pi5 Cloud Michael Talan.

"Telegram is a fully cloud-based solution that hosts its systems in three providers: Google, Amazon, and DigitalOcean. According to my calculations, for Pavel Durov, monthly payments on Telegram exceed $2-3 million. For him, this has become an expense that cannot be recouped. Previously, he paid with money from investors TON (Telegram Open Network),” said Talan.

He clarified that Durov had financial problems related to Telegram after the decision of the American Securities and Exchange Commission, which banned the Russian programmer from launching the TON commercial platform.

"I am 100% convinced of this. So if you are still using Telegram in Ukraine, I urge you: delete all correspondence from there and close your account, because now Telegram is a tool of the Kremlin," the American IT businessman addressed the Ukrainians.

It’s important to note that, in early August 2020, Pavel Durov reported that in two countries he was offered to sell part of Telegram, but he refused because the messenger is not sold "either partially or completely". "This will always be our position,” stressed Durov.

It should be noted that the social network VKontakte, created by Pavel Durov, has found a way to circumvent the ban on the use of the social network in Ukraine. The social network mobile application is now working on the territory of Ukraine. At the same time, in order to access the social network from a computer, residents of Ukraine still need to use another VPN.

Earlier, Ukrainian President Zelensky extended a decree banning Russian social networks.

TikTok Files Lawsuit Against the U.S. Government Over Ban of Its Application


Tiktok has confirmed that it is going to sue the U.S. government for banning the use of Tiktok application in the United States. However, the Lawsuit will not ensure the Chinese company's future in the U.S. market even if it wins. The company claims that it has been trying to agree with Donald Trump administration's concerns and has been trying to reach a consensus for one year. Instead of entering a general agreement, the U.S. government is not paying attention to this issue, says TikTok. According to the company, the administration is not willing to offer any opportunities to resolve the problems.


Reuter reports, "it was not immediately clear which court TikTok plans to file its lawsuit. The company had previously said it was exploring its legal options, and its employees were also preparing their own lawsuit. While TikTok is best known for its anodyne videos of people dancing and going viral among teenagers, U.S. officials have expressed concerns that information on users could be passed on to China's communist government."

Tiktok says that to safeguard fair treatment of its users' and justice, it has no other option than to challenge the Trump administration in the court. Earlier this month, Trump had banned financial dealings with Tiktok, owned by ByteDance and WeChat, owned by Tencent. According to him, these Chinese apps could be a threat to U.S. national security, economy, and trade affairs. According to the administration, TikTok stores a large amount of user data, including internet usage, browser history, network data, and location.

The Chinese Communist Party can exploit this data and use it for extortion purposes, blackmail, cyberattacks, and even espionage acts. "TikTok did not specify which court it planned to tap for its lawsuit, but this move would not stop the company from being compelled to relinquish its U.S. operations, which was laid out under Trump's second executive order issued on August 14 and was not subject to judicial review," reports ZDNet. In response, TikTok says that it modified its user policies to deal with the issue, bringing new measures to prevent misinformation and ensure user privacy.

Here's how to Ensure Data Security Using FShred App


Users are well aware of the fact that while deleting photos, videos, files, or any other form of data on their Android, it doesn't get deleted in an irrecoverable manner and can be recovered in a number of ways using recovery tools. Although regaining access to a deleted file might be rewarding in many scenarios, the rest of the time users would prefer a once and for all deletion of the same to ensure data safety.

In the sphere of Data security, continually rising unwanted activities of unauthorized users call for the creation of something that can protect users against data breaches and cyberattacks destroying their sensitive data. Users need their data to be erased in a manner that no recovery tool can undo it.

How can it be done?

When users have no intention to retrieve their deleted data by any means, data eraser apps come into play. These apps help users delete their sensitive data in ways that make it irrevocable from their Android devices. It proves to be of significant service when users plan to sell their smartphone or just share it with someone as it could mean a serious threat to their important data.

FShred is a user-friendly app that makes use of data sanitization methods that overwrite data on both, internal and external storage of Android phone to permanently delete the deleted files from the internal storage, it does so by overwriting all available space with random data. What does that mean? It's a process that replaces all the deleted files (Photos, videos, etc) with purposeless bytes sent by a random generator; by overwriting the occupied space, it effectively ensures the deletion of that data beyond recovery.

Developed by Emile Gee, FShred is one amazing tool that would allow you easily wipe all your sensitive data using advanced shredder algorithms, it shreds your data and recovers valuable storage space on your Android device.

The app has undergone various tests with file recovery tools such as GT File Recovery and none of the applications were successful in recovering the deleted data. Additionally, the app contains no in-app purchases or advertisements and is completely free and handy for users.

For Privacy and Safety, Disable these features from your Google Assistance


It's difficult to imagine life without Google and every day the search engine gets more involved and intricate in our lives. One of its features - the Google Assistant is used quite extensively by masses to make their life easier and tasks swifter.

Google Assistant is an Artificial Intelligence virtual assistant developed by Google that can be availed from your smartphone and smart devices. A very efficient digital assistant that can hold two-way conversations, as Google says, "Meet your Google Assistant. Ask it questions. Tell them to do things. It's your own personal Google, always ready to help whenever you need it." 

 "Meet your Google Assistant. Ask it questions. Tell them to do things. It's your own personal Google, always ready to help whenever you need it." 

But since it is connected with almost all of your smart devices and able to listen and record you always, it's imperative to be concerned over privacy and thus there are few tips that you should consider to make your Google assistant more safe and private-
  
Change Voice Recording Settings

 Only recently Google updated their voice recording privacy settings and you can now opt-in or opt-out for the voice recording to be saved and shared with their human analyzers. So, definitely check out these settings in the Your Data in the Assistant then Audio Recordings and set them as you like but the recordings saved previously should also be looked into- you can choose to delete them manually or set how long can Google keep them.

 Turn off Continued Conversation

 Under the Continued Conversation feature your Google Assistant can listen for another follow up question without you saying 'Hey, Google'. Though the feature can be useful it can allow your device to listen in when you're not interacting with the assistant and simply asking a question to someone else. 

 May want to keep the camera disable when not in use

If you're using a Google-enabled smart display it's best to keep the camera disabled when not in use. It might become tedious to switch it on and off every time you make a video call but it's better than to keep it on always. 

 Google Activity Controls 

Google Assistant gathers up information from other apps you use from the Google account for better performance. If you like you can control the amount and type of information that your Google Assistance can access for privacy concerns. You can also opt for auto-delete and intervals for which data can be kept.

Facebook is testing Instagrams' new messaging app, Threads with Automated Data Sharing


Facebook's team is working on a companion app for Instagram, called "Threads", which will automatically share your location, battery, a movement to a close group of friends.


It is much like a messenger application and the company plans to rival snapchat, an app that also caters to close friends and sharing updates. Though Snapchat has been standing as a good alternative for Facebook and Instagram with much more engagement with young people, Threads could be a game-changer.

The Instagram team was itself working on Direct, a messaging app since 2017 but they closed the project in May. But after the acquisition by Facebook, the team was transferred to the Facebook Messenger team and Threads could be the prized outcome.

 The Verge reported, "Threads will regularly update your status, giving your friends a real-time view of information about your location, speed, and more. At the moment, Threads does not display your real-time location — instead, it might say something like a friend is 'on the move'." 

Though the core of the messaging app will be that "messaging", where friends can text, and even see status updates made on Instagram and can manually update the status on Threads but it does not dispute the privacy concerns over the automated data sharing. 

Concerns over privacy and data 

Facebook is testing Automated data sharing on Instagrams' companion app Threads and if successful we could see it applied to other Facebook apps too. Privacy, of course, is a big concern with automatic updates and does need to be concerned over but what's more interesting is how Facebook could use this data. After Mark Zuckerberg's pivot over privacy and data, Facebook has become more private and a loss but with this new automated data sharing, users can become layman and habitual of sharing their updates.

“You change your behavior if you’re constantly being looked at,” said Siân Brooke, a researcher at Oxford Internet Institute "If you know people see where you are, what you’re consuming, you’ll change what you’re doing, change what is normal in a group.”

And thus the data mining cycle will resume where data could be tracked by the app and sold.

A City In Colorado Attacked, Forced to Pay $45,000 Ransom


Lafayette city from Colorado had to pay a ransom amount worth $45,000 for decryption of files that were encrypted in July, as the City was unable to restore the data from the backup. The town was attacked on 27th July, and the ransomware cyberattack affected people's smartphones, emails, and payment services. During the attack, the City didn't offer any explanation about what caused the problems. It asked its people to call 911 or emergency services if they were facing trouble with the outage. After a few days of the incident, Lafayette informed the citizens that the town had suffered a cyberattack. All the systems were encrypted by the hackers, which caused the outage problem.


The City managed to recover the lost financial data, but it had to pay a ransom of $45,000 to hackers (anonymous) for retrieving data. The recipient of the payment, an unknown identity, has offered a decryption software in return for the refund. The town on its official website says, "system servers and computers are currently being cared for and rebuilt. Once complete, data will be restored to the system, and operations will resume. No permanent damage to hardware has been identified. While core City operations continue, online payment systems have not resumed. At this time, the City is unable to estimate a timeline that all systems will be back up and running."

The city Mayor Harkens decided not to reveal the attacker's identity to the people as it might compromise their negotiation terms. As per the reports, neither user data nor the credit card credentials was stolen. The mayor has advised townpeople to stay wary of any suspicious activity in their accounts.

The Lafayette town must be lucky as the hackers demanded a minimal amount of ransom in return. According to experts, in cases like these, the ransom demand can go from a hundred thousand to millions of dollars. "System servers and computers are currently being cleaned and rebuilt. Once complete, data will be restored to the system, and operations will resume. No permanent damage to hardware has been identified," says the town's website.

The Russian Federation leads in the number of users monitored via smartphones


In the first six months of 2020, the number of gadgets with Stalker software in Russia increased by 28% compared to the same period in 2019.

"This probably happened because as a result of self-isolation, many people began to spend much more time at home,” said Viktor Chebyshev, an expert on mobile threats at Kaspersky Lab.

He explained that such programs are often installed to spy on their loved ones, allowing them to access the contents of a mobile device, as well as to spy on a person through a smartphone camera in real-time. They are often used by initiators of domestic violence. All Stalker software is not free.

"There have always been jealous spouses and those who just want to look into someone else's life, and the development of IT has given such people additional opportunities," said Andrey Arsentiev, head of Analytics and special projects at InfoWatch Group.

According to Kaspersky Lab, the number of users on whose mobile devices Stalkerware is installed is increasing not only in Russia. In Europe, such programs are most often found in German, Italian and British users.

It is interesting to note that the anti-stalker software coalition was formed in November 2019. It was named Coalition Against Stalkerware. In addition to Kaspersky Lab, it includes 20 organizations. One part of them works in the field of information security, the other helps victims of domestic violence. The coalition is working to raise awareness among people about the threat of stalker software, as well as to counter the crimes that are committed using such programs. 

An IT expert at the Russian State Duma Explains Data Risks of Using VPN


"To prevent hackers from getting personal data of users, users don't need to use a VPN connection in their daily life", said Yevgeny Lifshits, a member of the expert council of the State Duma Committee on Information Policy, Information Technology and Communications.

He explained that a VPN is a virtual network that is supposed to protect the user's personal data from hackers. It is assumed that using this network allows users to maintain network privacy. However, according to the expert, VPN services carry more danger than protection.According to Lifshits, such services are not needed in everyday life.

"Sometimes VPN services are necessary for work to transfer commercial data. In everyday life, they have no value."

According to the expert, if a person does not commit crimes that he wants to hide with a VPN, then he does not need to protect himself.  Otherwise, passwords may end up in the hands of hackers.

"A user installing a VPN believes that he has secured himself, but the service provider may allow a data leak,” said Lifshitz. 

According to him, if the VPN service is unreliable, hackers can get passwords and other personal data of the user. The expert noted that now there are thousands of companies offering a secure connection and an ordinary person can make a mistake with the choice of a reliable one.

Earlier it was reported that the personal data of 20 million users of free VPN services were publicly available on the Internet. Experts found on the open server email addresses, smartphone model data, passwords, IP addresses, home addresses, device IDs, and other information with a total volume of 1.2 terabytes. It is noted that the leak occurred from networks such as UFO VPN, Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN. Some of them have millions of downloads from Google Play and the App Store and high ratings.

Australia: TikTok Undergoing Scrutiny Over Data Security Concerns


Chinese video-sharing social networking platform, TikTok is undergoing scrutinization in Australia over data security and privacy concerns, according to the government sources. 

TikTok is a free app where users can post a minute long videos of short dances, lip-sync, and comedy using a multitude of creative tools at their disposal. The platform differs from other social media platforms in ways where it allows navigation through videos by scrolling up and down instead of usual tapping or swiping. 

Recently, the Bytedance owned, TikTok became a hot topic of discussion in both the offices of Home Affairs as well as Attorney-General; reportedly, the issue of privacy concerns drew more attention in the wake of the video-sharing giant opening an office in Australia. 

Lately, the platform had been making headlines for 'national security concerns'  which was one of the major reasons for Prime Minister Scott Morrison to examine TikTok, he stated that if there will be a need to take more actions than what the government had already been taking, then they won't be shy about it. 

Meanwhile, the inquiries carried out by Labor Senator Jenny McAllister put forth a need to scrutinize the app further, given a total of 1.6 million Australians were on TikTok. 

In conversation with ABC radio, she told, "Some of these approaches to moderating content might be inconsistent with Australian values," 

"For example, removing material about Tiananmen Square, or deprioritizing material about Hong Kong protests," she added. 

In a letter to Australian politicians, Lee Hunter,  general manager for TikTok Australia said, it's "critical you understand that we are independent and not aligned with any government, political party or ideology."

Apple catches TikTok spying on million of iPhone users globally


Apple announced its latest OS iOS14 at this year's WWDC and during the beta testing for the same, the tech giant caught TikTok recording user's cut-paste data and whatever the user was typing on their keyboard.


The new alert on iOS14 lets the user know if any app is pasting from the clipboard and if they are reading from the cut-paste data. This alert leads to TikTok's reveal. This alert was added based on the research by German software engineer Tommy Mysk in February; he discovered that every app installed on an iPhone or iPad can access clipboard data. And thus Apple added this new banner alert in its latest OS.

Soon after the update, many users started complaining about the issue, “Hey @tiktok_us, why do you paste from my clipboard every time I type a LETTER in your comment box?” wrote @MaxelAmador actor and podcast host on Twitter. “Shout out to iOS 14 for shining a light on this HUGE invasion of privacy.” Though many other apps like Accu Weather, Call of Duty Mobile, and even Google News can read clipboard data it seems strange as to why TikTok would need to do so.

After finding this glitch, Apple released a patch and fixing the issue, even TikTok said in March that it would stop the practice but it seems like they are still snooping on user's data.

In response, the social media app stated, “For TikTok, this was triggered by a feature designed to identify repetitive, spammy behavior. We have already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion”. 

The clipboard tool in iOS helps the user to copy text and images and paste them on another app, the glitch leads to apps access this data, making it quite worrisome. And all this data could be accessed without the user's consent. Apple should be appalled for this expose but another pressing question remains- should the Android community be worried about the same?

Hackers can now spy on your conversations via a simple house bulb


What if hackers can spy and record your conversation without a digital device? What if your conversations could be retrieved by a simple, dumb bygone old-fashioned light bulb? Well, it might so be true.


Researchers from the Ben-Gurion University of the Negev and the Weizmann Institute of Science in Israel have been researching on sound waves as a means for eves dropping by studying the effect of these waves on objects and they successfully discovered a method of retrieving conversations through a simple light bulb from as far as 25 meters.

When we think of a privacy breach, it tends to come from android devices or hacked accounts or in some cases devices like Alexa or Google Home or Siri but these researchers don’t even need to plant a device much than implant a malware. They just need a clear vision of a bulb from less than 25 meters, bizarre isn’t it?

They called this method "Lamphone" – a side-channel attack for eavesdropping sound. But there are some major limitations; first, the need of a clear view of the bulb, if the bulb is even slightly obscured by a curtain or a lampshade- the method won’t work then the light bulb concerned should meet the requirements in the aspect of the thickness of glass or output of light and lastly, the quality of the sounds picked up will depend on the proximity of people to the bulb and loudness of their conversation.

How does it work? 

Even with its drawbacks, there’s no doubt Lamphone is a genius method for spying conversations from afar. The researchers say they analyze the bulb’s frequency reaction to sound via a remote electro-optical sensor. The electro-optical sensor is attached to a telescope that views the bulb. The sensor picks up the vibrations on the surface of the bulb that occurred by changes in air pressure caused by the sound waves, an analog to digital converter converts the electrical signals to digital.
“We analyze a hanging bulb’s response to sound via an electro-optical sensor and learn how to isolate the audio signal from the optical signal. Based on our analysis, we develop an algorithm to recover sound from the optical measurements obtained from the vibrations of a light bulb and captured by the electro-optical sensor”, writes the researchers. 

Lamphone can be used to recover human speech (can be identified by Google Cloud Speech API) and singing (can be identified by Shazam and SoundHound).

Singapore’s Move to Facilitate Contact Tracing Amidst the Covid-19 Pandemic Rejected by Its Residents


While each country is attempting to stymie the outbreak of the disastrous coronavirus in different ways, Singapore attempted the same perhaps it wasn't a plan well thought off as the country attempted to come up with an inventive and a profoundly technological solution to battle the everyday rising cases of the virus.

Their arrangement included developing a wearable device that would be issued to each resident as an approach to facilitate contact tracing in the midst of the COVID-19 pandemic, however, the move, unfortunately, wasn't well-received by the citizens as it started an open objection with respect to their worries about their privacy.

An online petition titled “Singapore says 'No' to wearable devices for COVID-19 contact tracing", has thus to date, garnered in excess of 17,500 signatures.

The online petition describes the usage of such devices as "conspicuous encroachments upon our privileges to protection, individual space, and opportunity of development".

In words of Wilson Low, who started the petition on June 5, "All that is stopping the Singapore government from becoming a surveillance state is the advent and mandating the compulsory usage of such a wearable device. What comes next would be laws that state these devices must not be turned off [or] remain on a person at all times -- thus, sealing our fate as a police state.”

Singapore's Minister-in-Charge of the Smart Nation Initiative and Minister for Foreign Affairs, Vivian Balakrishnan, said during a parliament session Friday that while the government had introduced a contact tracing app earlier, TraceTogether, a wearable device was essential as it would not rely upon somebody possessing a smartphone.

His team however is developing and would “soon roll out a portable wearable device" keeping in mind the existing issues with the application, which didn't function well on Apple devices as the iOS operating system would suspend Bluetooth scanning when the app was running in the background.

He said that if the devices are proved to work viably, then they may be issued to each resident in Singapore, yet didn't expressly say that the government would make it obligatory for everybody to utilize it.

Wilson, however, was very determined upon proving his point as he wrote, “Even if we're not, we recognize the potential creation of a two-tiered society -- those who wear the devices versus [those] do who do not -- therein, and an open pass to engage in yet another form of prejudice and societal stratification.”

Later including, "The only thing that stops this device from potentially being allowed to track citizens' movements 24 by 7 are: if the wearable device runs out of power; if a counter-measure device that broadcasts a jamming signal masking the device's whereabouts; or if the person chooses to live 'off the grid' in total isolation, away from others and outside of any smartphone or device effective range.”

Numerous different residents also came to his support as they very openly expressed their concerns with respect to the potential execution of wearable devices, further taking to Balakrishnan's Facebook page to ask the legislature against taking this course.

One user Ian Chionh went so far as to accusing the government of utilizing the coronavirus as "an excuse" to put a tracking device on all residents on Facebook.

Wilson had likewise referenced something similar to these worries adding that "The government looks to the COVID-19 pandemic as the perfect excuse to realize what it has always envisioned for us, this country's populace: to surveil us with impunity, to track us without any technological inhibitions, and maintain a form of movement monitoring on each of us at all times and places. And to do so by decreeing it compulsory for all law-abiding persons to become 'recipients'."

Aside from TraceTogether, the Singapore government utilizes an advanced digital check-in tool, SafeEntry, to facilitate its contact tracing efforts.

The system gathers visitors' very own data, either through QR codes or barcode scans whenever they enter a venue, like supermarkets and workplaces. Information gathered through SafeEntry is retained for 25 days, just like TraceTogether's data retention policy.

The TraceTogether app was updated just the previous week to incorporate the registration of passports numbers for travelers visiting Singapore and barcode scans to support SafeEntry.

The nation however has begun with easing the restrictions, initially set up to check the spread of the virus - in phases as more and more businesses wish to resume with their operations over the following month.

TV Equipment Used To Eavesdrop On Sensitive Satellite Communications


With just £270 ($300) of home television equipment an Oxford University-based security researcher caught terabytes of real-world satellite traffic including sensitive information from “some of the world’s largest organizations.”

The news comes as the number of satellites in the orbit is said to have an increment from around 2,000 today to more than 15,000 by 2030. James Pavur, a Rhodes Scholar and DPhil student at Oxford will detail the attack in a session at the Black Hat security conference toward the beginning of August.

Alongside it Pavur will demonstrate that, "under the right conditions" attackers can easily hijack active meetings by means of the satellite link, a session overview revealed.

While full details of the attack won't be uncovered until the Black Hat conference, a 2019 conference paper published by Pavur gives a 'sneak peek' into a small part of the challenges of security in the satellite communications space.

It seems to all come down into the absence of encryption-in-transit for satellite-based broadband communications.

The May 2019 paper (“Secrets in the Sky: On Privacy and Infrastructure Security in DVB-S Satellite Broadband“) notes: “Satellite transmissions cover vast distances and are subject to speed-of-light latency effects and packet loss which can impair the function of encryption schemes designed for high-reliability terrestrial environments (e.g. by requiring re-transmission of corrupted key materials). Moreover, satellites themselves are limited in terms of computing capabilities, and any on-board cryptographic operation risks trading off with other mission functionality.”

It additionally uncovers how a small portion of the eavesdropping in was led utilizing a “75 cm, flat-panel satellite receiver dish and a TBS-6983 DVB-S receiver….configured to receive Ku-band transmissions between 10,700 MHz and 12,750 MHz”

Pavur grabbed sensitive communications using tools costing less than $300, including a Selfsat H30D Satellite Dish, a TBS 6983 Satellite PCI-E, and a three-meter coaxial cable.

Pavur even focuses on the Digital Video Broadcasting-Satellite (DVB-S) and DVB-S rendition 2 protocols, which transmit information in MPEG-TS format. The paper includes: "A collection of Python utilities… was used to analyze each of these transponders for signs of DVB-based internet transmissions.”

The 2018 experiment takes note of that through manual review of the intercepted traffic, the security researchers distinguished "[traffic] flows associated with electrical power generation facilities”

“Vulnerable systems administration pages and FTP servers were publicly routable from the open internet. This means that an attacker could sniff a session token from a satellite connection, open a web browser, and log in to the plant’s control panel…”

Alongside further details on the attack, Pavur will at Black Hat present an “open-source tool which individual customers can use to encrypt their traffic without requiring ISP involvement.”