Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Experts. Show all posts

Experts Warn Criminals Could Exploit Jogging Apps for Targeting People

 

Experts caution that users of running apps should heighten their privacy settings to thwart potential stalkers and other malicious actors from accessing sensitive information regarding their activities. 

While platforms like Strava enable joggers and hikers to share route details and performance metrics with friends and followers, tech company Altia raises concerns about the possibility of criminals constructing a detailed profile of users' routines, including their start and end points, potentially exposing their home addresses. Altia advises users to review their security settings, ensuring that sensitive information isn't shared publicly by default and recommending a switch to private settings if necessary.

Highlighting the surge in stalking and harassment offenses, Altia underscores the significance of safeguarding personal data on fitness apps. These apps, utilizing GPS technology, can meticulously track users' movements, map out their routes, and gather various performance metrics, including pace, time, elevation gain, heart rate, and calories burned. 

With the popularity of apps like Strava soaring during the pandemic, Altia urges users to be vigilant, especially professionals in sensitive fields like security, law enforcement, banking, or the legal sector, who may inadvertently expose confidential information through their running activity.

Altia emphasizes the importance of maximizing app security settings and exercising caution regarding followers' activities and interactions. Users are advised to scrutinize their followers and assess whether their engagement seems genuine, as potential criminals could exploit the data for various purposes, including identifying secure or restricted locations like workplaces. 

By prioritizing privacy settings and remaining vigilant, users can mitigate the risk of their data falling into the wrong hands while enjoying the benefits of fitness-tracking apps safely.

Cyberattack Strikes Australian Energy Software Company Energy One

 

Energy One, an Australian company specializing in software solutions and services for the energy industry, has fallen victim to a cyber assault.

In an announcement made on Monday, the company revealed that the breach was identified on August 18 and had repercussions for certain internal systems both in Australia and the United Kingdom.

“As part of its work to ensure customer security, Energy One has disabled some links between its corporate and customer-facing systems,” Energy One said.

Energy One is actively engaged in an inquiry to ascertain the extent of the impact on customer-related systems and personal data. The organization is also committed to tracing the initial point of intrusion employed by the attacker.

Though detailed specifics about the attack are presently undisclosed, the company's official statement strongly suggests the possibility of a deliberate ransomware attack.

To facilitate the investigation, cybersecurity specialists have been enlisted, and competent authorities in both Australia and the UK have been informed about the incident.

According to a recent report by Searchlight Cyber, a British threat intelligence firm, malevolent actors have been peddling opportunities for initial access into energy sector enterprises globally, with prices ranging from $20 to $2,500.

Perpetrators of cybercrime can exploit various avenues, including Remote Desktop Protocol (RDP) access, compromised login credentials, and vulnerabilities in devices like Fortinet products.

TikTok has Grown Into a Global Giant, United States has Threatened to Rein it in

 

This summer was a period of economic uncertainty for much of the tech industry, resulting in a drop in bitcoin prices, hundreds of layoffs, and a hiring freeze. It was also the summer that US regulators crossed the aisle to reach an agreement: it was time for stricter rules for the video platform TikTok. 

TikTok has been the focus of rare bipartisan calls for regulation and investigation since Buzzfeed reported in June that employees of TikTok's Chinese parent company ByteDance had access to US consumer data. When the FBI director, Christopher Wray, called Chinese espionage the "greatest long-term threat to our nation's... economic vitality" in July, those inquiries became more pressing.

“If you are an American adult, it is more likely than not that China has stolen your personal data,” Wray said. “We’ve now reached the point where the FBI is opening a new China-related counterintelligence case about every 10 hours.”

The China question

TikTok is a relatively new player in the arena of massive global social media platforms, but it has already piqued the interest of European regulators. New laws in the UK and the EU concerning child safety and general internet safety have compelled the company to become more transparent about how it operates and how content spreads on its platform.

In the United States, efforts to rein in the video platform have only recently gained traction, though there is little doubt that the round of regulatory pressure is warranted. With 1 billion users, the platform, which uses an algorithmic feed to push short-form videos to users, has had its fair share of misinformation, data privacy concerns, and child safety concerns.

The app's connection to China is one of the issues that US lawmakers are most publicly focused on.   TikTok has consistently stated that the data of its US users is stored in Virginia data centers and backed up in Singapore. In June, the company announced that all US user data would be routed through Oracle servers in the United States.

However, recordings of TikTok executives obtained by BuzzFeed News indicate that ByteDance employees based in China accessed US user data multiple times between September 2021 and January 2022. “Everything is seen in China,” one TikTok employee reportedly said in a meeting.

On June 23, a bipartisan group of five senators proposed a new bill that would prohibit companies from sending American users' data to "high risk foreign countries." In July, Senators Mark Warner and Marco Rubio asked the Federal Trade Commission (FTC) to investigate TikTok.

“TikTok, their parent company ByteDance, and other China-based tech companies are required by Chinese law to share their information with the Communist party,” Warner said. “Allowing access to American data, down to biometrics such as face prints and voiceprints, poses a great risk to not only individual privacy but to national security.”

Brendan Carr, the FCC's senior Republican commissioner, said the BuzzFeed News story marked a watershed moment in lawmakers' thinking about TikTok. “What really changed things was it wasn’t people theorizing or government officials saying stuff in talking points that you weren’t really sure if there was any there, there. This was a report that had internal communications and leaked audio of internal meetings … that just blew the doors off of all of [TikTok’s] representations about how it handled data and showed it to be gaslighting.”

Carr, who has advocated for Google and Apple to remove TikTok from their stores, said the revelations made TikTok's national security concerns more real than ever before and brought people from different political parties together.

TikTok claims that US lawmakers' concerns about national security are exaggerated and that the platform does not share user data with the Chinese government. "Neither would we if asked," company spokesperson Maureen Shanahan said.

Shanahan stated that the company has been open about its efforts to limit employees' access to US user data, and the BuzzFeed News report demonstrates that TikTok is "doing what it said it would do."

“In 2021, TikTok engaged consultants to help assess how to limit data access to US user data,” Shanahan said in a statement. “In the 80 leaked meetings, there were 14 statements indicating that engineers in China had access to US data … It is unfortunate that BuzzFeed cherry-picked quotes from meetings about those very efforts and failed to provide adequate context.”

“Like many global companies, TikTok has engineering teams around the world,” Shanahan said. “We employ access controls like encryption and security monitoring to secure user data, and the access approval process is overseen by our US-based security team.”

Bigger than China

Experts contacted by the Guardian did not question China's cybersecurity threat to the US. However, some expressed concern that regulators' focus on TikTok's China connection would divert attention away from other pressing issues, such as TikTok's algorithm and how much user data the company collects, stores, and shares with other US entities.

There is little information available about the amount of user data TikTok collects and shares with entities in the United States. Even Oracle, the company TikTok hired to audit its algorithms and data privacy policies in order to reassure lawmakers that the platform is free of Chinese influence, has been accused of keeping dossiers on 5 million people worldwide. There are currently no federal regulations in place to safeguard such information.

“The China question to me is almost a red herring because there’s so little being done to protect user privacy generally in the US,” said Sara Collins, a senior policy counsel at the non-profit public interest group Public Knowledge. “The thing I would be concerned about is the same stuff that we’re concerned about with Facebook or with Google. It’s their data privacy practices, what they’re doing with that data, how they’re monetizing it, and what adverse effects are there on users.”

A federal privacy bill currently being debated in Congress could begin to address these concerns. According to Collins, whose employer Public Knowledge works on content moderation and regulation issues, the American Data Privacy and Protection Act (ADPPA) would "actually create a privacy framework for all these companies that would affect TikTok and its business model." (TikTok has made donations to Public Knowledge.)
 
In the meantime, states are taking control of the situation. California passed a landmark child-only safety bill that would require platforms like TikTok and Instagram to vet any products geared toward children before releasing them, as well as to implement privacy safeguards for younger users by default.

Marc Faddoul, co-director of Tracking Exposed, an organization that tracks how TikTok's algorithm works, believes that congressional leaders' focus on the platform's China connections misses the mark when it comes to pressing for more information about the app's algorithm.

“To me, what’s missing from regulators’ radars is that the biggest leverage point in disseminating content online is the mechanics of algorithmic promotion and algorithmic demotion because taking down an individual piece of content, especially if it has already been spread, does little to mitigate the potential harm,” Faddoul said. Those opaque mechanisms, he argued, pose “the biggest threat in terms of interference in internal politics or popular opinion”.

There isn't much information available about how the algorithm decides which content to promote to the top of each person's For You Page. However, in many cases, that content has proven to have real-world implications. Domestic extremists, for example, used TikTok to promote violence and call on their followers to bring guns to the US Capitol in the run-up to the January 6 riots, according to a Department of Homeland Security intelligence document. According to the document, the platform is also rife with violent extremist content.

TikTok says it uses “a combination of technology and thousands of safety professionals” to identify and remove videos that violate its policies. AB Obi-Okoye, a spokesman for the company, said TikTok will continue those efforts, factchecking content in over 30 languages.

“Factchecking is just one component of how we moderate content,” Obi-Okoye continued. “We use a combination of publicly available information as well as the information we receive from our factchecking partners to help us assess content.”

It's also critical to understand how TikTok's algorithm works, according to Faddoul. As the Guardian first reported, the company has previously directed its moderators to censor certain posts, including those mentioning Tiananmen Square or Tibetan independence, according to Faddoul. Obi-Okoye stated that those policies were outdated and no longer in use.  “Today, we take a nuanced approach to moderation, including building out a global team with deep industry experience and working with external content and safety advisory councils,” Obi-Okoye said.

Is there too much or too little oversight?

While experts and lawmakers agree that more regulation is needed, there is significant disagreement about how much regulatory scrutiny TikTok has historically received, especially in comparison to players such as Facebook, Twitter, and Google.

Carr, the FCC commissioner, attributes some of the apparent lack of focus on TikTok to a politicization of the debate after Donald Trump signed an executive order in 2020 requiring ByteDance to sell or spin off its US TikTok business. (That order has since been revoked by Joe Biden.)

Because of TikTok's ties to China, he believes the threats it poses are in a different category than those posed by Facebook and Google. And, in comparison to other Chinese-based tech companies like Huawei and ZTE, TikTok has "largely skated and avoided having to account for some very serious national security concerns," according to Carr.