Tech Friday

posted by Brian Thomas - 

  • Apple now tracks your emails and phone calls to "prevent fraud":
  • Apple recently added a new provision to their iTunes Store & Privacy policy which says that devices will receive a score based on the number of phone calls made and emails sent
  • The new system was quietly added as part of the new iOS 12 update
  • It reads: "To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase. The submissions are designed so Apple cannot learn the real values on your device. The scores are stored for a fixed time on our servers."
  • According to Apple, the data used to compute the score, including the number of phone calls you've made, is only stored on the phone
  • The data that gets sent to Apple is only the numeric score and it's encrypted in transit
  • Apple said they use "the company’s standard privacy abstracting techniques and retained only for a limited period, without any way to work backward from the score to user behavior. No calls, emails, or other abstractions of that data are shared with Apple." 
  • Apple claims that it's impossible to reverse engineer the score to understand user behavior and that the score isn't used for targeted advertising, it's simply a fraud-prevention measure.
  • As of this writing, it's not possible to view your trust score on your phone, but Apple says users can request any of their data at any time here: https://privacy.apple.com/
  • Facebook recently announced a similar rating system
  • VentureBeat has recently noted that this new privacy policy applies to Apple TV too
  • A smartphone microphone and speakers can be used to eavesdrop:
    • Researchers at Cornell have reported a new way to capture data such as passwords using the microphone and speakers in a smartphone
    • They call it an "active acoustic side-channel attack"
    • In this attack, speakers are used to emit inaudible acoustic signals below the human hearing range while the echo is recorded via the microphones
    • This effectively creates a sonar system that can be used to capture user interaction with the device
    • This allows a victim's finger movements to be tracked
    • The Cornell study found that the number of unlock patterns that an attacker must try on a Samsung S4 phone can be reduced by up to 70% 
    • They also reported that their approach can be applied to other applications and device types
    • Cornell indicated that this is a new type of security vulnerability
    • You can read the paper here: https://arxiv.org/abs/1808.10250
  • Malware on IoT devices has skyrocketed 273% since 2017:
    • IoT devices are often an attractive and easy target for hackers. They’re always on, connected to the internet and often inherently insecure
    • Kaspersky Labs reported that IoT malware infections have exceeded 120,000
    • They have found 121,588 modifications of malware targeted at "smart" devices in the first half of 2018, a 273% increase!
    • Brute-forcing of passwords is used in 93% of attacks, the remainder rely on well-known exploits to access the devices
    • 60% of the hacked devices were routers, and the rest are a laundry list of devices
    • The FBI recently warned home users of the dangers of unsecured devices
    • David Emm, principal security researcher at Kaspersky said, "For those people who think that IoT devices don’t seem powerful enough to attract the attention of cyber-criminals, and that won’t become targets for malicious activities, this research should serve as a wake-up call. Some smart gadget manufacturers are still not paying enough attention to the security of their products, and it’s vital that this changes — and that security is implemented at the design stage, rather than considered as an afterthought"
    • You should think long and hard about bringing IoT devices that are not absolutely necessary into your home
    • If you do use IoT devices, you must change the default password and install any firmware updates!
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here