FFT news digest Jan 24 2020

Amazin

Stories don't come much juicier than the tangled tale of the world's richest man and the alleged hacking of his iPhone by the de facto ruler of Saudi Arabia. UN human rights experts have called for further investigation into the affair, saying, "the information we have received suggests the possible involvement of the crown prince in surveillance of Mr. Bezos, in an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia." (Bezos owns the Post.) Saudi officials have repeatedly denied claims that a video in a WhatsApp message was responsible for compromising Jeff Bezos' phone. That denial is somewhat undermined by a Wall Street Journal report quoting sources close to the crown prince as saying they were aware of a plan to hack the device. As researchers have pointed out, the existing probe into the affair leaves many questions unanswered. While the full truth may never be known, the affair has illustrated that anyone can be hacked if the attacker is determined - or brazen - enough.

Privacy RIP

The reality of face-recognition has hit home with a New York Times report on a company that has scraped billions of pictures from social media and made them available to law enforcement agencies. Clearview AI has accumulated some three billion photos from platforms including Facebook, Twitter and Instagram. With its technology, it says agencies can match faces even when a photo isn't perfect and it claims a 75% success rate. As the New York Times points out, "Other technology companies capable of building such a tool, like Google, have decided not to because of concerns about the potential for abuse." Twitter has already told Clearview that scraping pictures from the site is explicitly forbidden and has ordered it to stop. In the EU, proposals to ban the use of facial recognition technologies in public areas are being considered. Our own view is that the momentum behind facial recognition means it's here to stay...and the notion of privacy is effectively dead.

Hacking brains

Best-selling historian, Yuval Noah Harari, has reiterated a warning that the human brain is the key prize in a global technology arms race. Harari told the World Economic Forum in Davos that governments and corporations could soon accumulate enough information about us and combine it with computing power to allow our decisions to be predicted, and manipulated. "To hack human beings you need a lot of biological knowledge, a lot of computing power and especially a lot of data. If you have enough...you can hack my body, my brain, my life....We are very close to that point and once you reach it, we have no idea what happens," he said. Arguably, given the amount of information about us that is gathered and processed, we are already at that point. And, as we've argued before, one effect is the gradual erosion of democratic structures that were not designed with these technological capabilities in mind.

Data protection

The next time the UK government asks you to trust it with your data, you might want to ask it how the personal information of 28 million children came to be passed to betting companies. According to the Sunday Times (£) the information was in a Department for Education (DfE) database known as the Learning Record Service which stores data on students over the age of 14 in England, Wales and North Ireland. The database is supposed to be restricted to schools, colleges and local authorities, but the paper says a partner "broke an agreement" and allowed identity verification outfit, GBG, to access it. Its gambling firm clients were then able to use the data for online identity checks and age verification. In a now-deleted blog post, GBG boasted of its "exclusive access to data that can empower businesses to verify and onboard millennials with confidence." The "GBG Education Data Set" is managed and maintained by the UK Government, it said. The Learning Record Service portal was temporarily closed as a result of the breach.

Jobs

Online job hunting is huge and growing so it's not surprising that criminals are using fake listings to trick applicants into sharing personal information. The Internet Crime Complaint Center (IC3) says,“cyber criminals’ emerging use of spoofed websites shows an increased level of complexity. Criminals often lend credibility to their scheme by advertising alongside legitimate employers and job placement firms, enabling them to target victims of all skill and income levels.” IC3 says it's vital job seekers research the hiring company and any named individuals working for it. It also warns against handing over any sensitive personal or financial information until the hiring process is complete. IC3, which is part of the FBI, says the average cost to victims of this scam is $3,000. Above all, the key is not to believe something because you want it to be true - something obviously likely to be true of job seekers.

Lifespan

How long should you expect a product to last? This is the question customers of Sonos and Under Armour have been asking this week. For Sonos, the answer is five years, but there's a wrinkle. It explained to customers that "because Sonos is a system, all products operate on the same software. If modern products remain connected to legacy products after May, they also will not receive software updates and new features." So Sonos users have an unenviable choice; throw away devices that are no longer supported, or stop receiving updates altogether (a bad idea). Following loud protests, Sonos has sought to reassure customers by saying it will "keep them updated with bug fixes and security patches for as long as possible." Under Armour's position is clearer, but not in a good way. It launched three connected fitness devices in 2016 at a bundled price of $400. Subsequently, it lost interest in the idea and the devices disappeared from sale. Now, it's withdrawing the app that supported most of the functionality on them. When it comes to connected devices, it really is a case of buyer beware.

In brief

Another warning about a scam using automated calls about Amazon Prime subscriptions. The aim is to persuade the recipient to provide remote access to their computer. At least £400,000 has been lost as a result. Action Fraud

The UK Information Commissioner’s Office has published a design code that online platforms must meet to protect the privacy of younger users. ICO

Apple dropped plans to support full encryption of iPhone cloud backups after the FBI complained it would harm investigations, according to Reuters. Some elements (e.g. the device keychain) are securely encrypted, meaning Apple has no access to it, but the report does run slightly counter to the pro-privacy stance Apple has taken in public.

Apple is reported to be planning to begin making a low-cost iPhone model as early as next month. Bloomberg says it will look similar to the iPhone 8. It would be the first lower-cost model since the iPhone SE.

"Remote Detonator" is a silly name for a WiFi hotspot, especially if it's on your phone and you're on a plane. Doubly foolish if you refuse to turn it off, as two passengers in Detroit discovered. Detroit Free Press

Updates

Internet Explorer: If you're still using it, here's a good reason not to. It suffers from a critical vulnerability that could allow code to be executed remotely. A patch is being created.

Citrix: First security patches for recently revealed Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability.

Firefox: 72.0.2 is a stability and bug fix release. Among other things, it addresses inconsistent playback performance for fullscreen 1080p videos on some systems.

WordPress: Do check your WordPress plugins are up-to-date. Over 2,000 WordPress sites have been hacked as part of a campaign that redirects visitors to scam sites.

Cisco: Raft of updates includes one to address 'critical' vulnerability in Cisco Firepower Management Center.

Lenovo: Fix for USB-C problems in wide range of ThinkPad laptops.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved