Quartz: Google collects Android users’ locations even when location services are disabled. “Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card? Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed.”
Bloomberg: Uber Paid Hackers to Delete Stolen Data on 57 Million People. “Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.”
Lifehacker: The Beginner’s Guide to VPNs . “In trying to puzzle out just what, exactly a virtual private network (VPN) is, it can be helpful to simply take the first word away. That leaves you with ‘private network,’ which seems pretty straightforward. A private network is one that is basically walled off from everyone who doesn’t have permission to access it. Think of your college intranet. Or the CIA servers.”
Motherboard: How a Wi-Fi Pineapple Can Steal Your Data (And How to Protect Yourself From It). “The Wi-Fi Pineapple enables anyone to steal data on public Wi-Fi networks. Here’s how it facilitates two sophisticated network attacks and how to protect yourself against them.” This is a bit technical, but it’s fascinating reading.
Eurekalert: Can social media users prevent use of online information to characterize and target them?. “A new study examines how organizations use information people disclose on social network sites (SNS) to predict their personal characteristics and whether SNS users can successfully block certain information (and how much) to better protect their privacy. A novel analytical tool called a ‘cloaking device’ to prevent the use of specific information and how effective it may be are discussed in an article in Big Data, a peer-reviewed journal from Mary Ann Liebert, Inc., publishers. The article is available free on the Big Data website.”
BetaNews: MediaProjection vulnerability leaves 77 percent of Android phones open to screen and audio recording attacks. “More than three quarters of Android phones are vulnerable to screen and audio recording by attackers. By exploiting the MediaProjection service, an attacker can easily trick a user into granting the relevant rights to a malicious app. Although the vulnerability has been fixed in Android 8 Oreo, users running Lollipop, Marshmallow or Nougat remain at risk. MediaProjection is — by design — able to capture screen activity and audio, and it does have legitimate uses, but by using a technique known as tap-jacking permission can be given for it to be used for more nefarious things.”
Bleeping Computer: Terdot Banking Trojan Grows Into a Sophisticated Threat. “A banking trojan first observed in October 2016 has grown into a sophisticated hacking tool that works primarily as a banking trojan, but could also be used as an infostealer or backdoor. Named Terdot, this new malware is not a widespread threat, just yet. For now, the banking trojan has been seen targeting the customers of Canadian banks, distributed via the Sundown exploit kit and through spam email.”