Advanced Search
Content Type: Examples
In February 2019, an anonymous tip-off to Computer Sweden revealed that a database containing recordings of 170,000 hours of calls made to the Vårdguiden 1177 non-emergency healthcare advice line was left without encryption or password protection on an open web server provided by Voice Integrate Nordic AB. After the breach was discovered, MedHelp, which runs the 1177 service, shut the server down and found that 55 call files had been illegally downloaded from seven different IP addresses. Nine…
Content Type: Examples
As part of its planning for the 2020 Olympic Games, due to be held in Tokyo, Japan approved a law that would allow the government to conduct a survey to identify vulnerable Internet of Things devices. The National Institute of Information and Communications Technology staff who carry out the survey, who will be supervised by the Ministry of Internal Affairs and Communications, are required to follow strict rules in attempting to hack into these devices: they are only allowed to use default…
Content Type: Examples
In January 2019 Twitter revealed that it had discovered a security flaw in that meant that Android users who updated the email address linked to their account between November 2014 and January 2019 had inadvertently turned off the "protected" setting on their accounts so that their tweets could have been exposed publicly. The company said it was alerting the affected users and publishing the error because it wanted to be sure of reaching the users it could not identify in its internal…
Content Type: Examples
In November 2018 the UK Information Commissioner's Office fined Uber's European operation £385,000 for inadequate security that permitted a November 2016 data breach affecting nearly 3 million British users and 82,000 drivers. In the 2016 breach, attackers obtained credentials that allowed them to access Uber's cloud servers and download 16 large files that held the records of 35 million Uber users worldwide. These included passengers' full names, phone numbers, email addresses, and sign-up…
Content Type: Examples
It was already known that law enforcement agencies can track phones to within 500 metres if they show service providers a warrant, but in January 2019, it became clear that the same real-time location data was being sold to a wide range of third parties, including car salesmen, property managers, bail bondsmen, and bounty hunters. The latter in turn would track any phone for private individuals for a few hundred dollars. At least one company, Microbilt, is selling these phone geolocation…
Content Type: Examples
In November 2018, the criminal hacker group 3ve found a new way of exploiting security weaknesses in the Border Gateway Protocol that allowed them to take control of IP addresses belonging to the US Air Force and other reputable organisations; the result was to net them $29 million in fraudulent advertising revenue. The scheme involved a thousand servers that impersonated human beings viewing ads on bogus pages run by 3ve; to camouflage the origins of the traffic the page requests were…
Content Type: Examples
A November 2018 breach of a government-funded resettlement agency's database in South Korea allowed hackers, believed to be North Korean state security officials, to copy the personal information belonging to 997 North Koreans living in South Korea. Escaping to South Korea is considered an act of treason in North Korea, and those who leave North Korea without permission may be sentenced to prison or hard labour while their families are penalised financially. Previous attempts to attack escapees…
Content Type: Examples
The miniature security camera maker Ring, which was acquired by Amazon in 2017 for a reported $1 billion, has a history of inadequate oversight of the data collected by those cameras on behalf of its customers. In 2016, it reportedly granted virtually unlimited access to its Ukraine-based research and development team to a folder on Amazon's S3 cloud service that held, unencrypted, every video Ring cameras around the world had recorded in order to compensate for weaknesses in its facial and…
Content Type: Examples
In January 2019, the security researcher Justin Paine discovered that the California-based voice over IP provider Voipo had left exposed an unprotected database containing tens of gigabytes of call logs, other internal documents, and customer text messages, including password resets and two-factor authentication codes, all dated between May 2015 and January 8, 2019. The material could have given an attacker deep access to the company's systems. When Paine contacted the company's chief…
Content Type: Examples
In 2016, Jamie Siminoff, the CEO of the miniature security camera company Ring, emailed his employees information them that the company would adopt a new mission to fight crime by using consumer electronics. The company, which Amazon acquired in 2018, sells its cameras with a social app, "Neighbors", which allows customers to watch their own property and share information about alleged criminality and suspicious individuals with the rest of the people on their block. Ring's hyper-connected…
Content Type: Examples
A vulnerability in Amadeus, the customer reservation system used by 144 of the world's airlines, was only superficially patched after a team reported the vulnerability in 2018. As a result, an attacker could alter online strangers' Passenger Name Records, which contain all the details of the passengers and flights, and are used by government security agencies to check against the no-fly list. Bug hunter Noam Rotem discovered that a web script hosted by individual airlines accepts passengers'…
Content Type: Examples
In December 2018, the security researchers at 0DayAllDay discovered that the encryption keys hard-coded into the firmware inside the Guardzilla indoor wireless security system were protected by a ten-year-old, easily cracked algorithm. Because all the devices used the same keys, anyone could use the keys to log into the company's Amazon-hosted storage service and gain access to the customer data uploaded there. Although the researchers had notified the company in September, they had received no…
Content Type: Examples
In December 2018 Facebook revealed that over a 12-day period in September a software bug may have wrongly allowed about 1,500 third-party apps to access 6.8 million users' photos, including some that people began uploading to the social network but didn't go on to finish posting. EPIC executive director Marc Rotenberg said the incident offered more evidence that Facebook has violated the terms of its 2011 agreement with the US Federal Trade Commission. In May, Facebook suspended some 200 games…
Content Type: Examples
In December 2018, a hacker made more than 50,000 internet-connected printers worldwide print out flyers asking everyone to subscribe to the YouTube channel belonging to PewDiePie, whose real name is Felix Kjellberg. PewDiePie, who has had the most subscribers on YouTube since 2013, was in danger of losing his top ranking to the channel belonging to Bollywood record label T-Series. His fan TheHackerGiraffe used the IoT search engine Shodan to find open printers using the open source Printer…
Content Type: Examples
In February 2019, a faulty firmware update meant that Nike's latest $350 Adapt BB self-lacing shoes could not pair with the app that allows owners to adjust their tightness, customise the lights, and check remaining battery life. Because the shoes have no physical laces, the error effectively made the shoes unwearable.
https://arstechnica.com/gadgets/2019/02/my-left-shoe-wont-even-reboot-faulty-app-bricks-nike-smart-sneakers/
Writer: Ron Amadeo
Publication: Ars Technica
Content Type: Examples
In February 2019, publicity led the gay dating app Jack'd, which claimed to have more than 5 million users and was ranked among the top four gay social apps on both Apple and Android, to close a security flaw that meant that photos users uploaded to share in private chat sessions were accessible to the open web via the app's Amazon Web Services S3 bucket. Location and other metadata about users was also accessible. The company had been told of the security flaw a year earlier by researcher…
Content Type: Examples
In February 2019, the cybersecurity company Trend Micro found that at least 29 beauty and photo editing apps that had been downloaded more than 4 million times from Google's Play Store included code that pushed full-screen ads for fraudulent or pornography content or that directed users to phishing sites by making them believe they had won a contest. A second group of camera apps that claimed to improve photos actually uploaded them to a remote server controlled by the app developer and then…
Content Type: Examples
In November 2018, a security researcher found that the location-tracking children's watch MiSafe's Kid Watcher Plus, originally released in 2015, neither encrypted nor secured the children's accounts, allowing him to track their movements, secretly listen in to their activities, and spoof calls to the watch from their parents. The watches include a GPS system and a 2G mobile data connection so parents can monitor, via a smartphone app, their children's whereabouts and be alerted if the child…
Content Type: Examples
By January 2019, more than 100 million women worldwide were using smartphone apps that began as period-tracking apps but were beginning to branch out into tracking other types of health data - and also to broaden their use of the data they collect in search or profit. Unlike medical establishments and personnel, apps do not have to meet the privacy standards of laws such as the US Health Insurance Portability and Accountability Act. Some persist in asking for more detail; others, such as…
Content Type: Examples
Facebook has taken down 65 accounts, 161 pages, dozens of groups and four Instagram accounts, which were ran by Archimedes Group, an Israeli political consulting and lobbying firm that aimed at disrupting elections in various countries.
Archimedes was mostly active in Sub-Saharan Africa but also some part of Southeast Asia and Latin America. According to Facebook, the accounts taken down were attempting to influence people in Nigeria, Senegal, Togo, Angola, Niger and Tunisia. But the most…
Content Type: Examples
Similar to the European Commission’s investigation and the stand-alone German and Italian investigations into Amazon’s anti-competitive behaviour, Austria is now investigating whether Amazon is exploiting its market dominance in relation to other retailers that use its website as a marketplace.
The Austrian regulator said it would examine terms and conditions under which the U.S. online giant grants Austrian vendors access to its marketplace.
In a statement, it said “[T]here is a suspicion…
Content Type: Examples
The European Commission, EU’s antitrust watchdog, is nearing a decision on its investigation into Amazon. According to a report in Seeking Alpha, EU Competition Chief Margrethe Vestager said the Commission gathered “a lot of data” in its investigation into Amazon. The report noted the EU sent out 1,500 questionnaires to businesses as part of the investigation.
Sources: https://www.competitionpolicyinternational.com/eu-vestager-closes-in-on-amazon-investigation/ and https://www.…
Content Type: Examples
On April 16th 2019, Italy’s antitrust authority said that it had launched a probe into five Amazon companies for possible abuse of dominant market position in e-commerce and logistical services. The companies being looked into include Amazon Services Europe, Amazon Europe Core, Amazon EU, Amazon Italia Services, and Amazon Italia Logistica. In comments sent via e-mail, Amazon said “We are fully cooperating with the Authority.” The Authority said the probe would be wrapped up by April 15th, 2020…
Content Type: Examples
Following Ms. Vestager’s investigation into Amazon and its own sector enquiry into online price comparison services in October 2017, in June 2018 the German Federal Cartel Office (“Bundeskartellamt”) claimed that it “received a lot of complaints” and is said to be “looking at the role and market power of Amazon” with regards to Amazon’s hybrid function. (Nicholas Hirst, MLEX, 27 June 2018, Amazon’s ‘hybrid function’ catches eye of German antitrust enforcers.) Germany is Amazon’s…
Content Type: Examples
Reports that Amazon is planning on launching a free ad-supported music service caused Spotify’s (the Swedish audio streaming platform) shares to fall 4% on Monday, April 15th. And, on April 18th, Amazon published a blog post where it announced that launch of Amazon’s free music-streaming service in the US. The ad-supported free service became available exclusively through Alexa, Amazon’s voice assistant programmed into Echo devices. It has been reported thatthe Alexa only launch…
Content Type: Examples
In September 2018, EU’s antitrust watchdog, the European Commission, launched a preliminary investigation into how the platform uses data about merchants. Margrethe Vestager, EU Competition Commissioner said that the informal probe concerns the e-commerce group’s dual role as a competitor while simultaneously acting as a host to third-party merchants, who sell goods on Amazon’s websites. “The question here is about the data,” Ms. Vestager said.
The Amazon marketplace investigation follows up…
Content Type: Examples
Amazon has been accused of treating its UK warehouse staff like robots. Between 2015 and 2018, ambulances were called out close to 600 times to Amazon’s UK warehouses. A Freedom of Information request to ambulance services from the GMB union revealed 115 call-outs to Amazon’s site in Rugeley, near Birmingham, including three related to pregnancy or maternity related problems and three for major trauma. At least 1800 people work year-round at the Rugeley warehouse and more than 2000 more can…
Content Type: Examples
On 10 April 2019, an investigation by Bloomberg, disclosed that thousands of Amazon employees around the world are listening in on Amazon Echo users. In order to help improve the Alexa digital assistant powering its line of Echo speakers, the team listens to voice recordings captured in Echo owners’ homes and offices. The recordings are transcribed, annotated and then fed back into the software to help Alexa’s understanding of human speech. In marketing materials, Amazon says Alexa “…
Content Type: Examples
In yet another murder case, a New Hampshire judge ordered Amazon to turn over two days of Amazon Echo recordings in a double murder case in November 2018.
Prosecutors believe that recordings from an Amazon Echo in the Farmington home where two women were murdered in January 2017 may yield further clues as to who their killer might be. Though the Echo was seized when police secured the crime scene, the recordings are stored on Amazon servers.
Timothy Verrill, of Dover, New Hampshire, was…
Content Type: Examples
In 2015, James Bates (of Arkansas, United States) was charged with first-degree murder in the death of Victor Collins. Collins was found floating face down in Bates’ hot tub in November 2015, police said. Amazon Echo entered the murder case because someone present on the night of Collins’ death recalled hearing music streaming through the device. It was widely reported that Amazon fought the prosecution’s request to hand over data recorded by the device that night. Eventually, the argument…