Privacy News Online | Weekly Review: August 21, 2020
Featured: Privacy News Online – Week of August 21st, 2020
How the government legally tracks your smartphone use with the Anomaly Six SDK
Some of the apps on your smartphone could be sending information back to the government. The Wall Street Journal reports that the US government is actively tracking smartphones through a software development kit, or SDK, which is bundled with many popular apps. This SDK was added by a government contractor called Anomaly Six and this type of tracking is technically legal because it’s being done through a third party. The worst part about this news is that we still don’t know which specific apps are working with Anomaly Six.
New Jersey Supreme Court rules that passcodes aren’t protected by Fifth Amendment
The top court in New Jersey has decided that those in the Garden State can be compelled by the court to unlock their phones. New Jersey joins Virginia and Massachusetts as states that don’t believe the Fifth Amendment applies to phone passcodes. There are just as many states that have ruled the other way, though. It doesn’t look like we’ll have a uniform interpretation of the Fifth Amendment at the federal level for a while.
Court finds UK police use of facial recognition technology breaches privacy rights, data protection laws and equality laws
Police misuse of facial recognition technology has been dealt a blow in the UK. Privacy advocates were recently vindicated when an appeals court agreed that facial recognition technology breaches certain rights and laws. The case was brought by a human rights organization called Liberty and represents a major victory for privacy from law enforcement in the UK. Hopefully other countries can pass or enforce facial recognition laws to stop the misuse of this technology before it ends up being used on the streets.
PNO wants to know! Do you think police should be allowed to use facial recognition technology?
More Privacy News This Week:
Instagram faces $500 billion lawsuit for gathering facial biometrics data without consent
A class action lawsuit has been filed in Illinois against Facebook, alleging that Instagram uses facial biometrics data from uploaded photos and videos without consent. While those that use Instagram give up certain privacy rights when they use the platform, the issue is that a picture that includes the face of your friend who hasn’t given consent to Facebook or Instagram could be used for facial recognition data. If that sounds familiar, it’s because Facebook previously had to pay a 650 million dollar fine for doing the same thing with Facebook pictures.
New attack can decrypt 4G (LTE) calls to eavesdrop on conversations
A new attack that researchers are calling ReVoLTE (revolt-y) lets hackers eavesdrop on your phone calls made over 4G LTE. Usually, those calls are encrypted, but a security gap in 4G towers lets attackers decrypt conversations. This security vulnerability has a fix that can be implemented but there are likely still 4G networks that are vulnerable. Good thing the security researchers actually released an app so you can check if your 4G provider has fixed this revolting attack vector yet.
TikTok found to have tracked Android users’ MAC addresses until late last year
TikTok tracked Android users with consent and in defiance of Google’s policies for over fifteen months. MAC addresses are a unique identifying number tied to every internet connected device, not just Macbooks. TikTok used a bug in Android phones to be able to read the MAC addresses of devices that had TikTok installed and send that information back to China. This unique identifier is used for ad tracking and is considered to be personal data by many privacy laws around the world. TikTok has yet to comment directly on this wide scale privacy violation.
The NSA and FBI have released details about new Russian malware for Linux Drovorub
The rootkit attacks through the kernel then makes itself persistent and undetectable where it is then able to exfiltrate data. The name Drovorub means woodcutter in Russian. The NSA and FBI released an advisory on their site last week which was very technically detailed.
XCSSET Malware targets macOS by infecting Xcode developer projects
XCSSET is another new malware discovered by Trend Micro targets Mac devices and the developers that use them. This malware can also exfiltrate data and was seen specifically targeting Skype, Evernote, WeChat, and Telegram among others. The malware is also capable of encrypting data and displaying a ransom note, turning it into ransomware.
Brought to you by Private Internet Access
Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.
Sign up now and get 2 months of VPN service FREE!
Special thanks to Intego
Thank you to Josh Long, our cybersecurity correspondent from Intego, makers of award-winning security software.
Save on Intego’s world-class protection software for Mac/Windows