Tech Tea, Top Headlines 11/23/2020: iOS Covid Apps Are A Privacy Mess

Research Shows iOS Covid Apps Are A Privacy Mess

“Jonathan Albright, director of the Digital Forensics Initiative at the Tow Center for Digital Journalism, recently released analysis he did into 493 COVID-19 related iOS apps across dozens of countries. The results are…not great, and highlight how such apps routinely hoover up far more data than they need to, including unneeded access to cameras and microphones, your photo gallery, your contacts, and far more location data than is needed. Much of this data then winds up in the adtech ecosystem for profit, where it winds up in the hands of third parties.”

T-Mobile Is Adding A 988 Number To Instantly Connect Customers To Mental Health Services

“Back in July of 2019, the FCC unanimously voted to make 988 the standard number to call for the NSPL. While the deadline for mobile carriers to add this in is set at July 2022, T-Mobile has announced that it has pushed out the new number for its customers now.”

China’s Surveillance State Sucks Up Data. U.S. Tech Is Key to Sorting It

“Chips made by Intel and Nvidia, U.S. semiconductor companies, have powered the complex since it opened in 2016. By 2019, at a time when reports said that Beijing was using advanced technology to imprison and track Xinjiang’s mostly Muslim minorities, new U.S.-made chips helped it join the list of the world’s fastest supercomputers. Both Intel and Nvidia say they were unaware of what they called misuse of their technology.”

GoDaddy Employees Used In Attacks On Multiple Cryptocurrency Services

“In the early morning hours of Nov. 18 Central European Time (CET), cyptocurrency mining service NiceHash disccovered that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting email and web traffic for the site. NiceHash froze all customer funds for roughly 24 hours until it was able to verify that its domain settings had been changed back to their original settings.”

VIDEO: Weak Cooler Design: PlayStation 5 Thermals, Power, & Noise Testing

Still Waiting for Drone Deliveries

“When jurisdictions across the United States responded to the COVID-19 epidemic with broad lockdown orders in March and April, home delivery services lacked the manpower to keep up with the explosion in demand. Stores and companies such as Instacart went on hiring sprees[…] You know what might have made things a bit easier? Drones. It has taken years for the Federal Aviation Administration (FAA) to allow the use of unmanned aerial devices for commercial delivery. Over the course of a decade, we’ve gone from a complete ban to slow, heavily regulated, and restricted initial testing.”

Data Stuffing Attack Nabbed Around 300,000 Spotify Accounts

According to vpnMentor, the team that found the database, this wasn’t the result of a breach on Spotify’s part at all. In fact, the origins of the user data and how it was obtained remain unknown. But wherever it came from, the blog explains, these login details were subjected to what’s known as “credential stuffing”: a type of attack where a huge volume of emails and passwords are fed into various (usually popular) websites and apps en masse. If any accounts are caught using the same login credentials between whatever site they originated from and the one being stuffed, the hacker(s) can get easy access to the service in question—in this case, Spotify.”

Leave a Reply

Your email address will not be published.