My Weekly RoundUp #99
Big changes in Apple, and some issue for the NASA…
It’s the middle of the night. Do you know who your iPhone is talking to?
Apple says, “What happens on your iPhone stays on your iPhone.” Our privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week.https://www.washingtonpost.com/technology/2019/05/28/its-middle-night-do-you-know-who-your-iphone-is-talking/?utm_term=.59204eceb89d
Google’s new reCAPTCHA has a dark side
For many years, this has been one of the predominant ways that reCaptcha—the Google-run internet bot detector—has determined whether a user is a bot or not. But last fall, Google launched a new version of the tool, with the goal of eliminating that annoying user experience entirely. Now, when you enter a form on a website that’s using reCaptcha V3, you won’t see the “I’m not a robot” checkbox, nor will you have to prove you know what a cat looks like. Instead, you won’t see anything at all.https://www.fastcompany.com/90369697/googles-new-recaptcha-has-a-dark-side
Facebook Must Explain What it’s Doing With Your Phone Number
Like many others, PI were alarmed at recent reports that Facebook have been making mobile phone numbers (which users believed to be) provided for the express purpose of “two-factor authentication” (2FA) both searchable, and a target for advertising by default.https://privacyinternational.org/report/3025/facebook-must-explain-what-its-doing-your-phone-number-update
One of the myriad ways Facebook displays targeted adverts to users is through so-called “Custom Audiences”. These “custom audiences” are lists of contact details, including phone numbers and email addresses, uploaded by advertisers. Facebook then matches this “custom audience” with the details they hold, to target adverts at accounts associated with this contact information.
Jony Ive Is Leaving Apple
The man who designed the iMac, the iPod, the iPhone—and even the Apple Store—is leaving Apple. Jony Ive announced in an interview with the Financial Times on Thursday that he was departing the company after more than two decades to start LoveFrom, a creative agency that will count Apple as its first client. The transition will start later this year, and LoveFrom will formally launch in 2020.https://www.wired.com/story/jony-ive-leaves-apple/
The Rise and Fall of Visual Basic
For programming in 1988, QuickBASIC was magical. You could write code without clunky line numbers, catch syntax errors as you type, and launch your program straight from the development environment, no command-line nonsense required.https://medium.com/young-coder/the-rise-and-fall-of-visual-basic-f422252349a6
New Excel vulnerability puts 120 million users at risk
The vulnerability will allow hackers to use Power Query to launch a remote Dynamic Data Exchange attack into an Excel spreadsheet. Not only that, but the vulnerability will also allow hackers to launch more sophisticated attacks involving malwares that can compromise the user’s machine as soon as the spreadsheet is opened.https://www.mimecast.com/blog/2019/06/exploit-using-microsoft-excel-power-query-for-remote-dde-execution-discovered/
Hackers Squatted on Primary NASA Networks for 10 Months, Exfiltrated Data from 23 Files
Unknown hackers used a Raspberry Pi attached without authorisation to a NASA network at its Jet Propulsion Laboratory (JPL) to infiltrate — then move laterally across —NASA networks; exfiltrating 500MB of data, unnoticed, from 23 NASA files over a 10 month period.https://www.cbronline.com/news/nasa-network-hackers-raspberry-pi
The news is among the bleaker revelations for NASA’s security team in an damning security audit by the NASA Office of Inspector General (OIG) published this week, which reveals that the unknown attacker went on to successfully access two of the three primary JPL networks.
ENISA Transforms to European Union Agency for Cybersecurity
The EU Cybersecurity Act came into force on June 27, 2019. The temporary European Union Agency for Network and Information Security (ENISA) has been replaced by the permanently mandated European Union Agency for Cybersecurity — same people, same place, but with a new name, a budget increased from €11 million to €23 million over a period of five years, and staffing levels allowed to rise by 50%.https://www.securityweek.com/enisa-transforms-european-union-agency-cybersecurity
With additional resources comes additional requirements. Key among these is involvement in a new EU Cybersecurity Certification Framework. “ENISA will have market related tasks,” commented the agency’s executive director, Udo Helmbrecht, “notably by preparing ‘European cybersecurity certification schemes’ that will serve as the basis for certification of ICT products, processes and services.”
Tesla 3 navigation system fooled with GPS spoofing
Cybersecurity researchers have fooled the Tesla Model 3’s automatic navigation system into rapidly braking and taking a wrong turn on the highway.https://nakedsecurity.sophos.com/2019/06/27/researchers-fool-tesla-3-navigation-system-with-gps-spoofing/
Israeli firm Regulus Cyber spoofed signals from the Global Navigation Satellite System (GNSS), fooling the Tesla vehicle into thinking it was at the wrong location. The spoofing attack caused the car to decelerate rapidly, and created rapid lane-changing suggestions. It also made the car signal unnecessarily and try to exit the highway at the wrong place, according to the company’s report.