Manipur Engineer Enters Facebook’s “Hall Of Fame 2019” By Discovering a Privacy Breach Bug



Zonel Sougaijam, a 22-year-old civil engineer, was recently honoured by Facebook for discovering a WhatsApp bug that violated the privacy of a user.

Mr. Sougaijam told PTI, in the wake of discovering the bug, that he had reported the issue to the Bug Bounty Program of the Facebook, which manages infringement of privacy matters, in March.

“During a voice call through WhatsApp, the bug used to allow the caller to upgrade it to a video call without the authorisation and knowledge of the receiver. The caller was then able to see what the other person was doing, violating the privacy of the receiver,” he said.

Zonel Sougaijam, the 22-year-old civil engineer

His report was hence acknowledged by the Facebook Security Team the immediate next day and its technical department fixed the bug under 15-20 days. The social media giant then proceeded to award him with a bounty of $5000 at the same time incorporating him in the 'Facebook Hall of Fame 2019', for detecting the WhatsApp bug.

Sougaijam's name is right now at the 16th position in a rundown of 94 people, in the 'Facebook Hall of Fame' for the current year.

Facebook had obtained Instagram in 2012 and WhatsApp in 2014. The organization has been entangled in data privacy concerns and political ramifications of its calculations throughout the most recent couple of years.



OTP Theft on the Rise in Bengaluru; Many IT Employees Fall Victim


Numerous IT employees fall victim to a new type of OTP theft currently on the rise in Bengaluru. No culprit has been caught so far as lakhs of rupees go stolen via the utilization of this technique.

This theft stands diverse as contrasted with the rest as here, an individual calling posing like a bank employee requests from the victim to provide with them their card number and CVV so as to update or review their debit or credit card.

And the 'unsuspecting victim' does not realize that any person would at present need an OTP to complete any exchange, in this way the scamster then says the victim will get a SMS, which would need to be sent back to the sender.

And such SMSes while not containing any intelligible content obviously, are in encoded shape.  Acting like links when the victims tap on them, the incoming SMS is consequently sent to the scamster's phone, which at that point completes the cash exchange — utilizing the OTP from the victim's record.

 “The thefts were initially of relatively small amounts of ₹5,000-10,000. However, of late, larger amounts ranging from ₹50,000 to up to a few lakhs have been stolen. We have not been able to apprehend anyone yet. The victims also include several IT employees,” says a cybercrime personnel further adding that such cases came to light about 2-3 months ago.


India as a country has not taken privacy seriously. Most of the time, most hackers are able to find out the bank you are banking with,” says Harsha Halvi, co-founder of TBG Labs, “OTP theft is more a privacy matter than a technological one. Perpetrators often gain the victim’s trust by dropping a name for reference, which would make the victim trust them. After that finding information about the victim’s bank is also quite easy,” he added later.

Although Halvi later recommends that since it is not possible to build up a product\software as a safeguard against this as there are many apps that request access to SMSes, the solution to this problem will only begin to emerge if the users are increasingly mindful and don't offer authorization to get to SMSes, at that point the developers will be compelled to change their strategy.

In this way, it proposed to the users, when accepting such calls, to check with the customer care numbers of their banks in order to smoothly avoid from being entrapped in such wreckage.


New Laws in NZ Give Rise To Invasion Of Privacy



As indicated by new custom rules that became effective on Monday, travellers who decline to surrender their passwords, codes, encryption keys and other data empowering access to electronic devices could be fined up to $5,000 in New Zealand.

The new rules are the consequences of the updated Customs and Excise Act 2018 law, which was brought into effect on Monday, set out new rules for officers who direct the  'Digital strip-searches' and determines that access to personal technology must be given over also.


The Civil rights advocates are particularly outraged at the sudden change, saying that it was a grave breach of security and did little to protect the boarders.

Customs Spokesperson Terry Brown when approached with respect to the matter said that while it might appear to be obtrusive, the new law gives a 'delicate balance' between somebody's rights and the law. As it is a document by-record search on the travellers’ phone, they aren't going into 'the cloud' and just analysing the phone while it's on flight mode.

Mr Brown added further that officers would just request that somebody give their own passwords in the event that they trust they have a reason to presume a wrongdoing.

Then again, Thomas Beagle the Council for Civil Liberties spokesperson, says -

 “The law is an unjustified invasion of privacy because customs don't have to provide a reason for the search. They don't have to tell you what the cause of that suspicion is, there's no way to challenge it. Any 'serious criminal' wouldn't store incriminating information on their digital devices - they would rather store it online, where customs can't access.”

All things considered, in a news release, the New Zealand Customs Service said the law would help outskirt consistence and bolster the national economy. It guaranteed the public that it would "rarely notice much difference at the border, with existing provisions reconfirmed or clarified."


Flaw In the Amazon Echo; Allows Hackers to Listen In To Users’ Conversations





Security researchers from the Chinese tech giant Tencent as of late discovered a rather serious vulnerability in Amazon Echo. The vulnerability is termed serious on the grounds that it enables programmers to furtively tune in to users' conversations without their knowledge.

The researchers in a presentation which was given at the DEF CON security conference, named ' Breaking Smart Speakers: We are Listening to you,' and precisely explained as to how they could assemble a doctored Echo speaker and utilize that to gain access to other Echo devices.

'After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping. When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker.'

Researchers utilized Amazon's Home Audio Daemon, which the device uses to communicate with other Echo devices on a similar Wireless connection, to ultimately control the users' speakers. Through which they could quietly record conversations or even play random sounds.

The attack though, is the first one that the researchers have distinguished a noteworthy security defect in a well-known smart speaker such as the Amazon Echo. The researchers have since informed Amazon of this security imperfection and the firm said it issued a software patch to the users' in July. They likewise note that it requires access to a physical Echo device.


In any case, Amazon and the researchers both warn that the technique distinguished is extremely modern and in all probability is easy for any average hacker to carry out. 'Customers do not need to take any action as their devices have been automatically updated with security fixes,' says an Amazon spokesperson.

Yet, some have brought up that the attack could also be carried out in regions where there are multiple Echo devices being utilized on the same network, the simplest example of it are the Hotels or Restaurants.

Nonetheless prior this year, researchers from University of California, Berkeley too recognized a defect where hackers could not only control prominent voice assistants such as, Alexa, Siri and Google Assistant but could also slip indiscernible voice commands into audio recordings which could further direct a voice assistant to do a wide range of things, that range from taking pictures to launching websites and making phone calls.


Kelly Brooks personal photos leaked online

US sitcom 'One Big Happy' star Kelly Brooks has become a target of hackers for the second time after a set of 24 nude photos of her were posted online by hackers.

The photos show the actress in various intimate poses in her bedroom. Kelly had fallen victim to a celebrity hacking scandal last year also in which thousands of photos of various celebrities were posted online in one of the biggest scandals of such kind.

Her ex-fiancee David McIntosh also features in the photos. The last time Kelly fell prey to such activity, 34 of her private photos had been posted online.

Prior to all the scandals, Kelly had tweeted, "The only nude photos you'll see of me are the ones that I leak and the ones my head is superimposed on!"

Southwest General notifies patients of privacy breach

Southwest General Health Center is notifying over 480 patients who were part of an obstetrics study that a binder containing their private information is missing, according to local news report.

The binder which has been missing since December 5 contains information gathered between April and October 2013.

It includes patient names, date of birth, medical record numbers and clinical information.  Southwest General said no Social Security numbers and financial information were involved in this privacy breach.

The hospital tried to find the missing binder.  However, they are not able to locate it.

They also apologized to its patients and said they have implemented some procedures to prevent this type of incident from reoccurring in future.

ANZ inadvertently sent Bank Statement of customers to 2 year old kid


Privacy Breach:

The Australia and New Zealand (ANZ) Bank has inadvertently sent the bank statements of customers holding hundreds of dollars to a two year old kid.

The kid Joel Morrison who has his own saving account of about $200 received those statements in the mail after his mom Stacey Morrison requested details of her own spending.

The ANZ requested Stacey to return the statements. However, she first informed the account holders in question and they are all disappointed with the incident.

ANZ Spokesperson told TVNZ that they have launched an investigation to find out how it happened.  He said their "inquiries point to it being a handling error at a printer".

The bank replied to those client who asked what could have happened if the details fallen into wrong hands that it didn't contains any sensitive data that put their accounts at risk.