This is KRACK - it isn't glamorous, or cool, or kid's stuff. It's a serious Wi-fi vulnerability, and it can kill your devices and steal your data. KRACK affects everybody - and only you can prevent forest fires. I mean only you can take the steps necessary to guard your devices against the KRACK attack.
Earlier this month it was revealed that Android handset-maker OnePlus was collecting large amounts of users' data, both without explicit permission and without making it clear it was doing so. While the data is said to be used for analytical purposes, it included plenty of personally identifiable information. Understandably, OnePlus users have been more than a little upset about this, but the company has now come forward to address concerns and reveal changes to their collection policy.
Equifax's massive data breach - which put the personal information of nearly 150 million Americans at risk - doesn't really seem like it can get much worse. Of course, we're learning today that making such a challenge is a foolish thing indeed, as it has gotten worse. How bad is it? That depends on how you feel about potentially being exposed to malware.
When Google announced the Pixel 2 smartphones, it also announced its response to Amazon's growing dominance in the smart home speaker market. While the Google Home Max was designed to appeal to audiophiles, the Google Home Mini was meant for those looking into more affordable ways to fill their homes with Google Assistant devices. Unfortunately, it seems that for what is claimed to be a small percentage of new owners of the Home Mini, that affordability came at the price of privacy because of a hardware issue that made the small speaker record everything 24/7 and send those to Google.
WhatsApp, despite its claims to privacy and end-to-end encryption, has never really recovered from the scandals that plagued it, especially after its acquisition by Facebook. This recently discovered vulnerability doesn't help it either, especially when it can, amusingly or not, be used to establish infidelity. All that from an exploit that allows others to see your online and last seen status, which can eventually be correlated to your sleeping patterns and who you might be chatting with.
An Amazon S3 repository left publicly accessible has leaked about 47GB of medical data, the sum total of which includes 315,363 PDF files. The discovery was made by Kromtech Security Researchers, who estimated the medical documents pertain to at least 150,000 patients. Among the leaked data are blood test results, personal info such as patient name and home addresses, plus information on the doctors and their case management notes.
Some OnePlus users are again raising privacy concerns over OxygenOS's telemetry tracking, namely that some of the data being gathered makes it possible to connect the user with the data. Discussions about this tracking were first raised in summer 2016, but caught public attention in a bigger way recently when security researcher Christopher Moore published a detailed breakdown of the data collection on his website.
Mattel has revealed that it has cancelled its planned Internet of Things smart hub for kids. The device, called Aristotle, brought about concerns from privacy advocates over the amount of data it could potentially gather about the kids who used it. The company issued a statement yesterday saying that an internal review of the plans to launch the device spurred the decision to cancel it.
Uber's iPhone app has a special permission (entitlement) that has some privacy experts upset. Security researcher Will Strafach recently made the entitlement public in the form of a tweet, and Uber has since confirmed it in a roundabout way, saying that it is used to improve the way the app renders on the Apple Watch.
Equifax announced today that 2.5-million previously uncounted US-based victims were "potentially impacted" by their data breach. While Equifax continues to call them "customers", the vast majority of these users were victimized by the credit company itself, seeking out and purchasing their personal info before holding it in a series of insecure web-connected locations. Thus far the Equifax data breach puts 145.5-MILLION US citizens in the "potentially impacted" category.
DJI has rolled out a new option for drone operators, offering privacy-minded pilots a way to take their aircraft completely offline. The update, dubbed the DJI Local Data Mode, was announced back in August. It's targeted at enterprise users and government agencies, who might want the usefulness of a drone but at the same time demand the security guarantee that the data it's collecting isn't being uploaded to the internet.
Sirin Labs' FINNEY device was announced this week as the world's first blockchain smartphone. Inside the data provided by the company (Sirin Labs) we've gotten a fair idea of what could work, what will be difficult, and what will be downright impossible to accomplish. This is a realistic look at what's going to happen with this device and the rest of the FINNEY device family in the near future.
