fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

Army Wants to Automate Base Access With Facial Recognition

The Army wants to make sure drivers entering bases through automated checkpoints are, in fact, who they claim to be, and is developing a new biometric camera system to assist.

The military branch issued a call on its Small Business Innovation Research, or SBIR, broad agency announcement—a contract vehicle used for working with small businesses on phased, iterative development programs—seeking early-stage design for a camera system able to pull usable images of drivers approaching checkpoints and matching those photos against a facial biometric database.

Source: Army Wants to Automate Base Access With Facial Recognition at Drive-Thru Checkpoints – Nextgov

Apple Is Rejecting Apps That Use Third-Party Code For Alleged Privacy Infractions

Apple started rejecting app updates on Thursday that conflict with its App Tracking Tracking Transparency (ATT) framework.

ATT prohibits user tracking without explicit consent and bans developers from using fingerprinting to try and identify a device or user.

Developers using a software development kit from the mobile attribution firm Adjust received a rejection message from Apple stating that their app “uses algorithmically converted device and usage data to create a unique identifier in order to track the user” or so called device “fingerprinting.”

Source: Apple Is Rejecting Apps That Use Third-Party Code For Alleged Privacy Infractions | AdExchanger

Drivers To Be Given Real-Time “Risk Scores” Using Embedded Telematic Surveillance Sensors

Today’s cars have at least 100 built-in (telematic) sensors which permanently monitor speed, engine temperature and braking processes while collecting a variety of other data.

A new whitepaper by Cognizant, titled “The New Auto Insurance Ecosystem: Telematics, Mobility and the Connected Car” reveals that real reason behind machine-to-machine (M2M) communication, or telematics in new cars is to more precisely assess risk.

A driver must connect their smartphone through a vehicle’s proprietary Bluetooth network, which records and stores each phone’s MAC address. The vehicle’s proprietary infotainment system also stores each and every phone call made or received. This creates a real privacy risks – auto dealers could download all that information without the drivers knowledge when they bring their car in for repairs or inspections. It is also not hard to imagine law enforcement having access to all that data if warranted.

Full article: Drivers To Be Given Real-Time “Risk Scores” Using Embedded Telematic Surveillance Sensors | MassPrivateI

Data on 533 million Facebook users leaked on hacking forum

A threat actor has published the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum.

The leaked data includes information that users posted on their profiles. Information leaked today includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and anything else users might have entered in their profiles.

Furthermore, the database also contains phone numbers for all users, information that is not always public for most profiles.

Source: Phone numbers for 533 million Facebook users leaked on hacking forum | The Record by Recorded Future

UK may force Facebook services to allow backdoor police access

UK Ministers are considering forcing Facebook to implement a backdoor to allow security agencies and police to read the contents of messages sent across its Messenger, WhatsApp and Instagram chat services.

“End-to-end encryption poses an unacceptable risk to user safety and society. It would prevent any access to messaging content and severely erode tech companies’ ability to tackle the most serious illegal content on their own platforms, including child abuse and terrorism,” they said.

Source: UK may force Facebook services to allow backdoor police access | Technology | The Guardian

Software vendors would have to disclose breaches to U.S. government users under new order

A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a cybersecurity breach, according to a draft seen by Reuters.

A National Security Council spokeswoman said no decision has been made on the final content of the executive order. The order could be released as early as next week.

The proposed order would adopt measures long sought by security experts, including requiring multi-factor authentication and encryption of data inside federal agencies.

Source: Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft | Reuters

Smartphones share our data every four and a half minutes

Android handsets and iPhones share data with their respective companies on average every 4½ minutes, with data being sent back even when idle in a pocket or handbag, according to a new academic study.

The study, which was published by Prof Doug Leith at Trinity’s Connect Centre, claimed iPhones offered no greater privacy than Google devices.

However, the study noted that Google handsets collected “a notably larger volume of handset data than Apple” with 1MB of data being sent from idle Google Pixel handsets every 12 hours, compared with 52KB sent from the iPhone.

Source: Smartphones share our data every four and a half minutes, says study

Bavarian DPA Declares Use E-mail Marketing Service Prohibited without Assessment and Supplementary Measures

The state Data Protection Authority of Bavaria declared the use of U.S. e-mail marketing service Mailchimp by a fashion magazine (acting as controller) in Bavaria impermissible due to non-compliance with Schrems II mitigation steps in relation to the transfer of e-mail addresses to Mailchimp in the U.S.

Mailchimp provided e-mail newsletter services to the controller, which had used Mailchimp’s e-mail marketing service only twice, to send newsletters to customers. Controller relied on EU Standard Contractual Clauses for the transfer of e-mail addresses from Germany to the U.S., in order to make use of e-mail marketing services directed to German customers by Mailchimp on its behalf.

The Bavarian DPA took the position that as an e-mail marketing service, “there are at least indications” that Mailchimp could qualify as an “electronic communication service provider” under U.S. surveillance law (i.e., FISA 702) and, therefore, “the transfer could only be permissible by taking supplementary measures, if suitable.” In the Bavarian DPA’s view, the controller had failed to assess the risk and implement supplementary measures for the transfer of EU personal data to Mailchimp in the U.S.

Source: Bavarian DPA Declares Transfers to E-mail Marketing Service Prohibited Due to Lack of Controller’s Assessment and Supplementary Measures

Tesla’s video footage of drivers raises safety and privacy concerns

Cars are increasingly equipped with cameras to monitor driver behavior, but Tesla’s use of the technology raises safety and privacy questions. Driver monitoring systems help ensure motorists are paying attention to the road when using automated features that don’t require their hands on the wheel.

Most of these systems use infrared cameras to track the driver’s head position or eye movements.

Tesla, on the other hand, is recording and transmitting video footage of occupants to help engineers further develop its self-driving technology. What’s worse, the automaker is not using the in-car cameras to keep passengers safe. Tesla’s in-car camera is turned off by default, but owners have the option to activate it. But any time video is being recorded, it can be accessed later, including by police, insurance companies, regulators and bad actors.

Source: Tesla’s video footage of drivers raises safety and privacy concerns – Axios

TikTok Doesn’t Pose Overt Threat to U.S. National Security

A new study by university cybersecurity researchers found that the computer code underlying the TikTok app doesn’t pose an overt national security threat to the U.S., which had been a concern of the Trump administration.

Released Monday by the University of Toronto cybersecurity group Citizen Lab, the report comes after government officials in multiple countries, including in the administration of former President Donald Trump, suggested the popular Chinese-owned short-video app could aid Beijing in spying overseas.

Citizen Lab, which releases regular reports on censorship and surveillance by Chinese social media apps, found no evidence of “overtly malicious behavior” after a technical analysis of TikTok, which is owned by Beijing-based ByteDance Ltd.

Source: TikTok Doesn’t Pose Overt Threat to U.S. National Security, Researchers Say – WSJ

>