Ring Security Cam Snooping, Location Tracking, and More Security News This Week

Credit to Author: Emily Dreyfuss| Date: Sat, 12 Jan 2019 17:40:24 +0000

Another week, another crypto heist. This time, Ethereum Classic was the target, when hackers stole around $1.1 million worth of coins by taking over 51-percent of the currency’s network.

Another familiar blunder came this week when it was revealed that technologically challenged convicted criminal Paul Manafort had yet another problem using basic tech. This time, he and his lawyers failed to appropriately redact documents sent to the court, unwittingly revealing that special counsel Robert Mueller believes Manafort shared 2016 polling data with a known Russian spy during the campaign.

Speaking of Mueller, Garrett Graff lays out his to-do list for 2019.

Terrorists are using niche chat apps meant for gamers and business people. Your old tweets gave away a lot more location data than you thought. Carriers keep saying they’ll stop selling that location data, but they continue to do it anyway. Iranian hackers appear to be on a massive global hacking spree using DNS hijacking to nab all sorts of data.

But it’s not all bad news. Yubico will finally make a Yubikey—that amazing password-replacing authenticator—that works with your iPhone.

That’s not all. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Building off initial reports from the Information, the Intercept reports this week that customers who own the Ring surveillance doorbell may have had strangers watching their videos. The site's sources say Amazon gave “unfettered” access to its customers’ feeds to researchers in the Ukraine. On top of this, Ring apparently gave engineers access to some customers’ live Ring feeds. All an engineer would reportedly need to watch a specific live customer feed was a person’s email address. A Ring spokesperson denied that claim.

Motherboard reporter Joseph Cox released a bombshell report earlier this week, revealing that after giving a bounty hunter $300, the person was able to locate Cox’s phone. Cox learned that AT&T, T-Mobile, and Sprint were selling location data on their customers to third parties, and that data was landing in the hands of bounty hunters who used it to track most phones in the US. This exposed the fact that though carriers insist they don’t sell location tracking data to third parties, they, uh, still do. The revelation prompted calls for a federal investigation.

Last week, politicians and celebrities in Germany were doxxed, their intimate information splashing out for all to see. This week, a 20-year-old hacker in the town of Hesse admitted to the Christmas advent-calendar-themed hack.

Dozens of .gov websites are currently insecure or inaccessible, thanks to lapsed Transport Layer Security certificates owing to the government shutdown. Netcraft reports that this includes sites for NASA, the US Court of Appeals, and the Department of Justice. Many certificates lapsed because the personnel needed to renew them are currently furloughed. Until the government shutdown ends, be careful with information you send on government websites, especially those that have payment portals or remote access services.

https://www.wired.com/category/security/feed/