news220610

FFT news digest Jun 10 2022

Apple

A raft of announcements from Apple, some of them really quite significant.

Security: Apple has a problem with updates; people are reluctant to install them because they often break things. Unfortunately that means security issues are left unfixed. Kudos to Apple for trying to address the problem by separating security and feature updates.

Passwords: Apple has joined the move to kill off passwords. Instead, the idea will be to use a phone or computer together with Face ID or Touch ID as the primary means of authentication. Of course, passwords won't disappear altogether, but there is real progress towards making them much less important than they are today.

Photos: The next major iOS update will make it easier to seek and destroy duplicate photos.

Reference: Apple's keynote address talked about using the top-end iPad Pro as a reference monitor to “review and approve, color grading and compositing”. That would be a pretty cool feature if it comes off.

Webcams: iPhones will soon work as webcams for Macs. That's good - though it would also be good if Apple could address the horrible quality of the cameras built into its Macs.

iOS 16: The next version of the iPhone operating system will include new parental controls, allow users to see WiFi passwords and better protect hidden photos. But it won't work on the iPhone 6s and 7.

macOS: The new version (13) of the Mac operating system is called Ventura. It has a new multitasking manager, a revamped Mail app, and a new interface (and name) for System Preferences.

Threats

Overview: Forbes has an excellent overview of current cybersecurity statistics and trends. Some of it makes for depressing reading, not least that half of US businesses don't have a cybersecurity risk plan and criminals can penetrate 93% of company networks.

Language: 'Language-based attacks' use social engineering to try to gain the trust of victims and, because they use words rather than malicious software, they're devilishly difficult to prevent. Armorblox says they're the new normal in business email compromise and it's essential to have effective checks before any funds are sent anywhere.

Facebook Messenger: A large-scale phishing operation abused Facebook and Messenger to lure millions of users to phishing pages designed to trick them into entering their account credentials and view advertisements. PIXM

Google Forms: Sneaky phishing technique exploits Google Forms by filling in the target's email and using the "Send me a copy of my response" feature. Bill Demirkapi

SMSFactory: An Android app runs up huge bills by dialling premium numbers in the background. It's not available in the Play Store which underlines the importance of taking care where apps come from. Avast

Bluetooth: Academics at the University of California, San Diego, have demonstrated that Bluetooth signals transmitted by modern smartphones (and other devices) have a unique fingerprint that can be used to track them and their owners.

Ukraine

Leading Russian opposition figure, Alexei Navalny, has criticised Google and Facebook parent, Meta, for shutting down advertising in Russia. “The Internet gives us the ability to circumvent censorship. Yet, at the same time, Google and Meta, by shutting down their advertising in Russia, have deprived the opposition of the opportunity to conduct anti-war campaigns, giving a grandiose gift to Putin,” Navalny said in comments posted on his website. Meanwhile, several sites on the dark web are advertising military-grade weapons that they say were sent by the West to help Ukraine in its fight against Russia's invasion forces.

Ransomware

The latest tactic of ransomware gangs is to publish stolen data but hide the name of the victim in an attempt to pressure it into paying. Security firm, KELA, said it had seen multiple groups use this approach. Its report also says the US is the country most targeted by ransomware, followed by the UK, Italy, Germany, Canada and France. KELA recorded a drop in the number of "significant" victims in the first quarter of this year, although another report from Zscaler found there had been an 80% year on year increase.

In brief

Authentication: The increasing use of voice authentication systems will lead to a privacy nightmare because of the availability of 'deep fake' technologies. The problem is that examples of our voices are so widely available that mimicking them is child's play. Wired has a long read.

Propaganda: China is successfully influencing search engine results to shape public perception of its Covid response in Xinjiang. Brookings

Spyware: Israel is lobbying the US to remove export restrictions placed on spyware maker, the NSO Group. We're not holding our breath. Axios

Kids: A US study found that more than two-thirds of the 1,000 most popular iPhone apps directed at children are collecting their information for advertising purposes. Washington Post

Google: Google has agreed to pay $100 million to Illinois residents to settle a class-action lawsuit over a facial recognition features in Google Photos.

Encrypted messaging: Speek! is an interesting new entrant in the encrypted messaging space. It ticks a lot of boxes, not least in that it's easier to set up and use than other peer-to-peer solutions (i.e. those that connect directly without a sever in the middle). We haven't tested it yet, but we'll let you know when we have. TechRepublic

CIA: A New Yorker long-read lays bare the ghastly reality of office life in the CIA's cyberintelligence division and how it led to some of the agency's most sensitive hacking tools being released to the public.

Ideas: in a podcast, two CEOs proposed creating a shareable database to record workers' performance that would follow them between companies, forever. Really. Motherboard

Not so AI: The Nate app bills itself as an “artificial intelligence startup” that uses AI to make online shopping simpler by auto-filling customer information for $1 per transaction. The only problem; instead of AI, most of the work was done by humans in the Philippines. The Information