Search
Content type: Examples
A study of 17 Android mobile contact tracing apps from 17 different countries found that most government-sponsored contact tracing apps are insecure and risk exposing users’ privacy and data. The researchers used the presence or absence of six basic hardening techniques: name obfuscation (just one app of the 17), string encryption (29%), asset/resource encryption (6%), class encryption (6%), root detection (41%), and emulator detection (18%) as indicators of the overall level of in-app security…
Content type: Case Study
Como is one of the most advanced cities in Italy in the use of facial recognition technology (FRT). An investigation for the Italian Wired magazine published in June 2020 exposed how the system had been bought, installed and tested for months with little transparency and despite the lack of a clear legal framework.
The investigation was entirely based on tools available to everyone, such as Freedom of Information requests (FOI requests. Similar to PI’s campaign 'Unmasking policing, inc', it…
Content type: Examples
A detailed analysis of Pakistan’s app, which was developed by the Ministry of IT and Telecom and the National Information Technology Board and which offers dashboards for each province and state, self-assessment tools, and popup hygiene reminders, finds a number of security issues. Among them: the app uses hard-coded credentials, which it sends insecurely, to communicate with the government server, and it downloads the exact coordinates of infected people in order to provide a map of their…
Content type: Examples
Excluded groups such as sex workers and asylum seekers are being left behind in the UK’s COVID-19 response as control measures amplify existing health inequalities and put life-saving advice and care further out of reach.
The closure of services and some GP registrations, a lack of access to technology, distrust and fear of authorities, unsuitable or insecure accommodation, and reduced income are among the many challenges facing people in vulnerable circumstances in England.
Doctors of…
Content type: Examples
As part of its planning for the 2020 Olympic Games, due to be held in Tokyo, Japan approved a law that would allow the government to conduct a survey to identify vulnerable Internet of Things devices. The National Institute of Information and Communications Technology staff who carry out the survey, who will be supervised by the Ministry of Internal Affairs and Communications, are required to follow strict rules in attempting to hack into these devices: they are only allowed to use default…
Content type: Examples
In May 2018, UK-based security researcher Robert Wiggins discovered that the mobile app TeenSafe, marketed as a secure app for iOS and Android, was storing data it collected on servers hosted on Amazon's cloud without a password and openly accessible. The app lets parents monitor their children's text messages, location, browsing history, and apps, as well as who they called and when, and does not require parents to obtain their children's consent. The insecurely stored 10,200 records included…
Content type: Examples
At the 2016 Usenix Workshop on Offensive Technologies, researchers from the University of Michigan presented the results of tests that showed that industrial vehicles - a 2006 semi-trailer and a 2001 school bus - were subject to the same security flaws as had already been found in domestic cars. Via digital signals sent within a big truck's internal network, the researchers were able to change the truck's instrument panel readout, trigger unintended acceleration, and even disable part of the…
Content type: Examples
In March 2016, a hacker group identifying itself as Anonymous Philippines defaced the website of the Philippine Commission on the Elections (Comelec), leaving a message that accused Comelec of not doing enough to secure the voting machines due to be used in the general election the following month. That same day, LulzSec Piliphinas, a different but related hacker group, posted online a link to a 338GB database it claimed was the entire electoral register of 54.36 million Filipinos. Trend Micro…
Content type: Examples
Facebook has come under fire after leaked documents revealed the social media site has been targeting potentially vulnerable children.
The allegations suggest the company is gathering information on young people who “need a confidence boost” to facilitate predatory advertising practices.
Confidential documents obtained by The Australian reportedly show how Facebook can exploit the moods and insecurities of teenagers using the platform for the benefit of advertisers.…
Content type: Case Study
Invisible and insecure infrastructure is facilitating data exploitation
Many technologies, including those that are critical to our day-to-day lives do not protect our privacy or security. One reason for this is that the standards which govern our modern internet infrastructure do not prioritise security which is imperative to protect privacy.
What happened?
An example of this is Wi-Fi, which is now on its sixth major revision (802.11ad). Wi-Fi was always designed to be a verbose in…
Content type: Case Study
For those concerned by reporting of Facebook’s exploitation of user data to generate sensitive insights into its users, it is worth taking note of WeChat, a Chinese super-app whose success has made it the envy of Western technology giants, including Facebook. WeChat has more than 900 million users. It serves as a portal for nearly every variety of connected activity in China. Approximately 30% of all time Chinese users spend on the mobile internet centers around…