Tag Archive: safety security & privacy


Google Glass

Google has quietly patched a Glass security exploit that could have allowed hackers to take control of the wearable by showing it a QR code, the researcher who identified the flaw tells SlashGear. The exploit, discovered by Marc Rogers, Principal Security Researcher at Lookout Mobile Security, took advantage of Glass’ streamlined setup process that saw the camera automatically – and transparently to the wearer – spot QR codes in images and use them to trigger WiFi connections and other configurations. By creating malicious codes, and hiding them in images, Rogers was able to get Glass to connect to a compromised network, show details of all network traffic from the wearable, and even take full remote control. The exploit – which we referred to in our June interview with Rogers, though without specific details as Google and Lookout were still addressing the fix at the time – has been fixed as of Glass firmware XE6, released on June 4.

Read the full story at Slashgear.

Android Crying

If you’re using Google’s “back up my data” feature for Android, the passwords to the Wi-Fi networks you access from your smartphone or tablet are available in plaintext to anyone with access to the data. And as a bug report submitted by an employee of the Electronic Frontier Foundation (EFF) on July 12 suggests, that leaves them wide open to harvesting by agencies like the NSA or the FBI. “The ‘Back up my data’ option in Android is very convenient,” wrote Micah Lee, staff technologist at the EFF. “However, it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.” The Backup Manager app stores Android device settings in Google’s cloud, associated with the user account paired with the device; the Backup Manager interface is part of the core Android application API as well, so it can be used by other Android apps.

Read the full story at Ars Technica.

Google Drive

Google has begun experimenting with encrypting Google Drive files, a privacy-protective move that could curb attempts by the U.S. and other governments to gain access to users’ stored files. Two sources told CNET that the Mountain View, Calif.-based company is actively testing encryption to armor files on its cloud-based file storage and synchronization service. One source who is familiar with the project said a small percentage of Google Drive files is currently encrypted. The move could differentiate Google from other Silicon Valley companies that have been the subject of ongoing scrutiny after classified National Security Agency slides revealed the existence of government computer software named PRISM. The utility collates data that the companies are required to provide under the Foreign Intelligence Surveillance Act – unless, crucially, it’s encrypted and the government doesn’t possess the key.

Read the full story at CNET.

Apple

Apple’s developer website has been down for days, and the company has just confirmed in an email that “an intruder” attempted to access personal information from its registered developers. In the email sent to its developers, Apple writes that “sensitive personal information was encrypted and cannot be accessed.” But despite the claim that no sensitive information was stolen, Apple warns that some developers may have had their names, mailing addresses, and email addresses accessed in the breach. During the downtime, Apple indicated that the site was undergoing maintenance, but did not address malicious activity – leading some developers to question if the site had been hacked. As Neowin reported on Saturday, some developers indicated on Twitter that they had received password reset emails from Apple, fueling speculation that the site had been compromised.

Read the full story at The Verge.

Two thirds of Facebook users have taken a voluntary break from the site for several weeks or more, citing reasons ranging from “excessive gossip or drama from their friends” to “concerns about privacy”, according to new research. But much as its critics might like to think otherwise, the world’s most popular social network is showing no signs of losing its audience. The most common reason stated for taking a break is that users are too busy, following by “just wasn’t interested” and that it’s a “waste of time”. According to a new survey published by the US Pew Research Center, only 4% of Facebook users cited privacy issues, with just 1% saying they did not like to share their lives via Facebook. Only 2% said they preferred to communicate face to face.

Read the full story at The Guardian.

%d bloggers like this: