Chinese Surveillance, Facebook Tracking, and More Security News This Week
Credit to Author: Emily Dreyfuss| Date: Sat, 16 Feb 2019 14:00:00 +0000
The US government averted another shutdown when Donald Trump instead opted to declare a national emergency to fund his border wall dreams—a wall which raises huge privacy and security concerns and will cause more problems than it solves. As the country digested the national emergency, cybersecurity workers were still scrambling to clean up the security nightmare wrought by the longest shutdown in history.
Amid all the border wall news this week, you’d be forgiven for missing that the president also signed an executive order creating the American AI Initiative. In an op-ed for WIRED, White House deputy assistant to the president for technology policy Michale Kratsios explained why AI strategy is a security issue. Speaking of AI, to combat the growing threat of deep fakes, a new tool uses the blockchain to monitor video for tampering and manipulation.
A popular electric scooter can be hacked to speed up and stop. One in three Americans has been the victim of severe online harassment. A US Air Force defector allegedly helped Iranians hack America. If Russia really cuts itself off from the internet, as it has threatened, the unintended consequences would be far reaching.
Oh, and it was also Valentine’s Day this week. We hope you didn’t buy an internet-connected sex toy—unless it was one of the few that meets basic privacy and security standards, or you’re really into exhibitionism. Likewise, if you use OKCupid, Coffee Meets Bagel, or Jack'd, look out for some security lapses this months. And make sure you're staying safe on dating apps in general.
The Uyghur Muslim population in China’s Xinjiang providence is under constant surveillance from the Chinese government. Uyghurs are forced to install spyware on their mobile devices, and accept Chinese officials invading their homes to live and observe their families. Hundreds of thousands have reportedly been sent to “re-education camps.” And those who are not interned are being tracked via facial recognition technology by cameras and GPS all over Xinjiang.
This week, a security researcher found that Chinese company SenseNets, which allegedly facilitates that facial recognition tracking, had left a database containing the associated data completely exposed online. The researcher was able to watch as “6.7 million GPS coordinates were recorded,” according to ZDNet, which broke the news. The database revealed how the government tracks Uyghurs throughout their day, noting the names of locations they frequent, as well as GPS coordinates, all matched to highly personal information like name, date of birth, sex, home address, official identification card number, and more.
Before realizing what he had stumbled across, the researcher alerted SenseNets that its server was exposed. The company then locked it down. “He now regrets helping the company secure its oppression tool,” ZDNet reports.
According to former employees, Facebook tracks users it worries pose a threat to the company via their mobile apps. CNBC reports that the program is known as BOLO, short for “Be on the look out.” BOLO is a list of Facebook account holders who have made threats against the company or its employees. Security guards at Facebook offices are informed to watch out for these individuals, and other security personnel are, according to what the former employees told CNBC, empowered to monitor their location using the GPS tracking on their Facebook apps. That latter fact is what security consultants said sets Facebook apart from other companies that maintain similar threat lists. One of the former employees called the program “very Big Brother-esque."
A Texas man who had been banned from owning guns for a period of two years, owing to a history of domestic violence, was found by police with a partially printed 3-D AR-15 rifle and a list of politicians he allegedly planned to kill. The cops arrested him. It was a clear example, authorities said, of criminals attempting to circumvent the law and legal background checks by building weapons rather than buying them—a potential popularized by gun-rights activist Cody Wilson, who WIRED has been following for years, and who was arrested on charges of child sexual assault last year.
After the 2015 passage of the Iranian nuclear deal, under which Iran promised to destroy much of its nuclear program, president Barack Obama’s White House and the rest of the world were hopeful that Iran’s nuclear ambitions would be kept in check. Then last year president Trump backed the US out of the deal, and now The New York Times reports that his administration is “reviving” a secretive program to sabotage Iran’s weapons. Those efforts began under the presidency of George W Bush, and was continued by Obama until Iran’s nuclear activity severely waned after the 2015 nuclear accord. With the accord abandoned, the US is apparently accelerating its sabotage. The Times reports that in the last two months, “two Iranian attempts to launch satellites have failed within minutes.”
Ever wonder, sitting in a college class as someone asks a less-than-brilliant question, how some of the students around you managed to get in? A current student at Stanford recently figured out that since 2015 any Stanford student who has requested to access their own admissions information under the Family Educational Rights and Privacy Act (FERPA) could, if they tweaked the URL on their own data, view that of other admitted students. This error would let students reach each other’s admissions essays, see their test scores, ethnicity, and even whether they had applied for financial aid. The security flaw, as reported by Stanford’s student newspaper The Stanford Daily, was found in the third-party system the school uses to host scanned admissions documents. The school has now closed the breach, and will be telling 93 students that their information was compromised.
https://www.wired.com/category/security/feed/