Featured: Privacy News Online – Week of August 21st, 2020
How the government legally tracks your smartphone use with the Anomaly Six SDKSome of the apps on your smartphone could be sending information back to the government. The Wall Street Journal reports that the US government is actively tracking smartphones through a software development kit, or SDK, which is bundled with many popular apps. This SDK was added by a government contractor called Anomaly Six and this type of tracking is technically legal because it’s being done through a third party. The worst part about this news is that we still don’t know which specific apps are working with Anomaly Six.
Read more: https://www.privateinternetaccess.com/blog/how-the-government-legally-tracks-your-smartphone-use-with-the-anomaly-six-sdk/
New Jersey Supreme Court rules that passcodes aren’t protected by Fifth AmendmentThe top court in New Jersey has decided that those in the Garden State can be compelled by the court to unlock their phones. New Jersey joins Virginia and Massachusetts as states that don’t believe the Fifth Amendment applies to phone passcodes. There are just as many states that have ruled the other way, though. It doesn’t look like we’ll have a uniform interpretation of the Fifth Amendment at the federal level for a while.
Read more: https://www.privateinternetaccess.com/blog/new-jersey-supreme-court-rules-that-passcodes-arent-protected-by-fifth-amendment/
Court finds UK police use of facial recognition technology breaches privacy rights, data protection laws and equality laws
Police misuse of facial recognition technology has been dealt a blow in the UK. Privacy advocates were recently vindicated when an appeals court agreed that facial recognition technology breaches certain rights and laws. The case was brought by a human rights organization called Liberty and represents a major victory for privacy from law enforcement in the UK. Hopefully other countries can pass or enforce facial recognition laws to stop the misuse of this technology before it ends up being used on the streets.
PNO wants to know! Do you think police should be allowed to use facial recognition technology?
Read more: https://www.privateinternetaccess.com/blog/court-finds-uk-police-use-of-facial-recognition-technology-breaches-privacy-rights-data-protection-laws-and-equality-laws/
More Privacy News This Week:
Instagram faces $500 billion lawsuit for gathering facial biometrics data without consentA class action lawsuit has been filed in Illinois against Facebook, alleging that Instagram uses facial biometrics data from uploaded photos and videos without consent. While those that use Instagram give up certain privacy rights when they use the platform, the issue is that a picture that includes the face of your friend who hasn’t given consent to Facebook or Instagram could be used for facial recognition data. If that sounds familiar, it’s because Facebook previously had to pay a 650 million dollar fine for doing the same thing with Facebook pictures.
Read more: https://www.privateinternetaccess.com/blog/instagram-faces-500-billion-lawsuit-for-gathering-facial-biometrics-data-without-consent/
New attack can decrypt 4G (LTE) calls to eavesdrop on conversations
A new attack that researchers are calling ReVoLTE (revolt-y) lets hackers eavesdrop on your phone calls made over 4G LTE. Usually, those calls are encrypted, but a security gap in 4G towers lets attackers decrypt conversations. This security vulnerability has a fix that can be implemented but there are likely still 4G networks that are vulnerable. Good thing the security researchers actually released an app so you can check if your 4G provider has fixed this revolting attack vector yet.
Read more: https://revolte-attack.net/
TikTok found to have tracked Android users’ MAC addresses until late last yearTikTok tracked Android users with consent and in defiance of Google’s policies for over fifteen months. MAC addresses are a unique identifying number tied to every internet connected device, not just Macbooks. TikTok used a bug in Android phones to be able to read the MAC addresses of devices that had TikTok installed and send that information back to China. This unique identifier is used for ad tracking and is considered to be personal data by many privacy laws around the world. TikTok has yet to comment directly on this wide scale privacy violation.
Clearview AI will no longer sell its facial recognition software in Canada, according to government privacy officials investigating the company.Government officials from Quebec, British Columbia, and Alberta provinces continue to investigate Clearview AI and Royal Canadian Mounted Police use of its facial recognition software despite Clearview’s exit.
The NSA and FBI have released details about new Russian malware for Linux DrovorubThe rootkit attacks through the kernel then makes itself persistent and undetectable where it is then able to exfiltrate data. The name Drovorub means woodcutter in Russian. The NSA and FBI released an advisory on their site last week which was very technically detailed.
XCSSET Malware targets macOS by infecting Xcode developer projects
XCSSET is another new malware discovered by Trend Micro targets Mac devices and the developers that use them. This malware can also exfiltrate data and was seen specifically targeting Skype, Evernote, WeChat, and Telegram among others. The malware is also capable of encrypting data and displaying a ransom note, turning it into ransomware.