There’s a decent chance you’re part of Oracle’s next big business. Not selling products to you, but selling you as a product. That’s the idea behind the Oracle Data Cloud, a massive pool of information about consumers and companies. The tech titan has put it together by tracking people across the web and buying data from a variety of sources. People who have their data included may not even know that they’ve opted in for that data collection. There’s no big red button that someone has to click in order to be a part of the company’s data collection machine. Instead, its base of user data is fed by a network of third parties. The Data Cloud is primarily fed by three types of sources: publishers, like Forbes and Edmunds, retail loyalty programs, and traditional data brokers like Experian and IHS. All of that adds up to a database of 5 billion consumer profiles, fed by 15 million data sources. Not every profile corresponds to a unique person — people can have multiple profiles — but Oracle has information on billions of people, according to Eric Roza, the vice president of Data Cloud. Using data science techniques, Oracle works to match activity from one browser to others, so companies can make sure the same ads get shown to people on their smartphones, tablets, and computers. Oracle sees Data Cloud as a key part of its future. The service is being used to help advertisers and publishers better target ads, and it’s attractive to businesses because it’s not tied to a major advertising platform like Google’s or Facebook’s. The Data Cloud also forms the foundation of machine learning features inside other Oracle software. One of the challenges for companies doing machine learning is getting data sets that are large enough to build accurate models, and Data Cloud can help solve that problem. But the benefits are mostly borne by Oracle’s business customers, who stand to make more money as a result of using Data Cloud enhanced services. The boon to consumers whose data are being used is less defined. Oracle isn’t alone in this sort of tracking. There are dozens of companies that exist for the sole purpose of collecting consumer data and then reselling that to other businesses. Google, Facebook, Microsoft, and other tech titans have made big money from accumulating customer data and using it to sell ads. But what makes the Data Cloud different from something like Google’s ad business is that consumers might not know their behavior is being stored for resale, or how broadly it’s shared. Just because someone visits a page on Forbes doesn’t mean they’d expect that information to influence a marketing campaign on a radically different website, but that’s what the Data Cloud enables. Partners feeding data into Oracle’s Data Cloud must agree they have user permission to collect information. But acquiring that permission is as simple as burying a few sentences deep in a privacy policy. While some might call out Oracle Data Cloud by name, most don’t. “Typically, because these things are quite common practice now, there’s a more generalized statement [like] some version of ‘we use this data to inform our own advertising, and select third-party partners,'” Roza said. Users can opt out from the data collection in a variety of ways, according to Roza. Oracle allows people to install a special cookie in each of the browsers they use to prevent tracking. Deleting the cookie or using a new browser would erase that protection, however. Some publishers may allow customers to opt out of data sharing, and advertising industry groups also support opting out. But actually knowing whether or not you’re included in the Data Cloud is the first part of the battle. And that’s not the easiest thing to figure out. Meanwhile, Oracle is continuing to pour money into the business and tout it to customers. The company has spent billions on acquisitions to build the Data Cloud, which was created through bringing companies like BlueKai, Datalogix, and Moat into the fold. The post Oracle's next big business is selling your info appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/oracles-next-big-business-is-selling-your-info/
0 Comments
The handlers of the open source HandBrake video transcoder are warning anyone who recently downloaded the Mac version of the software that they’re likely infected with malware. HandBrake warned users on Saturday of a compromise of one of its mirror download servers, and said anyone who grabbed the software between May 2 and May 6 could have also downloaded a variant of the OSX.PROTON Trojan onto their Mac system. “Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan,” said an advisory. “You have 50/50 chance if you’ve downloaded HandBrake during this period.” Apple, however, has since pushed out a XProtect signature preventing any new infections. HandBrake, meanwhile, advises its users to also change all passwords in their OSX KeyChain or passwords stored in their browsers. HandBrake is free software that is used to convert video from a variety of formats to a supported codec. There are Windows, Mac and Linux versions. The warning was for the Mac version. The handlers advise verifying the SHA1 or SHA256 sum of the file before running it. The bad SHA checksums are:
“If you see a process called ‘Activity_agent’ in the OSX Activity Monitor application, you are infected,” the advisory said. Proton is a remote access Trojan, or RAT, sold in Russian underground forums. Researchers at Sixgill published an analysis of the Mac malware, which is used to spy on the victim’s activities; it can monitor keystrokes, upload files to remote machines, download files from the web, steal screenshots and connected directly via SSH or a remote admin tool such as VNC. “The malware is shipped with genuine Apple code-signing signatures,” the Sixgill report said. “This means the author of Proton RAT somehow got through the rigorous filtration process Apple places on MAC OS developers of third-party software, and obtained genuine certifications for his program.” The price, according to the researchers, is steep at around 100 Bitcoin ($163,600 today). Patrick Wardle, a Mac security expert, said on the Objective-See blog on Saturday that the Proton variant has zero coverage on VirusTotal by antimalware engines. Wardle said that when the infected HandBrake app runs, it asks via a phony authentication popup for the user’s credentials. “If the user is tricked into providing a user name and password, the malware will install itself,” Wardle said, adding that the credentials allow the malware to elevate privileges. By compromising the HandBrake mirror, the attackers were able to follow the road map provided by the other Mac malware such as KeRanger, which infected legitimate apps. HandBrake also provided instructions for removing the Trojan from the Terminal application. “The Download Mirror Server is going to be completely rebuilt from scratch so downloads may be a bit slower than usual while the primary picks up the load,” HandBrake said. “During this time, old versions of HandBrake will not be available.” The post HandBrake for Mac Compromised with Proton Spyware appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/handbrake-for-mac-compromised-with-proton-spyware/ Location, location, location … you’ve heard it many times before but not when it comes to a ransomware deciding a ransom amount. Fatboy, a ransomware-as-a-service, is believed to be the first ransomware that automatically adjusts the ransom amount based on a victim’s location. Just when you think you’ve heard every conceivable ransomware demand – not just ransoms paid in bitcoins or other cryptocurrencies like Monero, or paid in iTunes or Amazon gift cards, ransomware which costs nothing for decryption as long as you infect two other people, or even ransomware that demands a high score on a shooter game before decrypting drives – now there’s a ransomware that charges victims based on the Big Mac Index. “Fatboy” is a new ransomware-as-a-service (RaaS) product discovered on Exploit, a Russian-language forum frequented by cybercriminals. Analysts at the threat intelligence firm Recorded Future said the ransom demand is not one set amount for all, but charges based on international exchange rates as it automatically adjusts the ransom demand based on where the victim lives. “The Fatboy ransomware is dynamic in the way it targets its victims; the amount of ransom demanded is determined by the victim’s location,” Recorded Future explained. “Fatboy uses a payment scheme based on The Economist’s Big Mac Index (cited as the ‘McDonald’s Index’ in the product description), meaning that victims in areas with a higher cost of living will be charged more to have their data decrypted.” The Big Mac Index was created 31 years ago to show how wealthy a nation is, if its currency is overvalued or undervalued, based on the prices of a Big Mac in that country. The Economist gives this example: “The average price of a Big Mac in America in January 2017 was $5.06; in China it was only $2.83 at market exchange rates. So the ‘raw’ Big Mac index says that the yuan was undervalued by 44% at that time.” So, in the case of Fatboy, the victim’s IP address is used to determine their country and then the ransom demand is automatically adjusted based on the cost of a Big Mac in that country. But the author of Fatboy is not exactly getting rich with this malware scheme; it first appeared in the forum on March 24 and analysts believed the author has earned roughly $5,321 since February. Wannabe cyber crooks who buy the Fatboy RaaS platform deal directly with the malware author via Jabber for “extended help” instead of a third-party vendor. The author urged people to take part in a “limited partnership.” Those who do get paid “instantly” when a victim coughs up the ransom, which Recorded Future says “adds another level of transparency to this partnership.” Other than customizing the malware with a sliding scale ransom demand, there is nothing particularly new about Fatboy. The ransomware is similar to others; it targets Windows machines, scans all disks and network folders, supports over 5,000 file extensions, inserts a ransom note after files have been encrypted, automatically decrypts after a person bows to extortion and pays, and then deletes from the system. Despite warnings by the malware author about using third-party tools to restore files encrypted by Fatboy, security researcher Michael Gillespie suggested he “might be able to help” if victims contacted him. That was back in March when the ransomware first started being detected; at this time, Fatboy can be detected by a decent amount of various antivirus solutions. The post Local cost of a Big Mac decides ransom amount for Fatboy ransomware appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/local-cost-of-a-big-mac-decides-ransom-amount-for-fatboy-ransomware/ During the past two years, U.S. Customs and Border Patrol has targeted ever larger numbers of travelers’ smartphones and laptops for searches as they cross the border into the country. U.S. courts have generally upheld a so-called border search exception to the Constitution’s Fourth Amendment, allowing CBP to search electronic devices without a court-ordered warrant. In April, a group of lawmakers introduced legislation to require warrants to search devices owned by U.S. citizens and other legal residents, but for now, the law allows for warrantless device searches. It’s worth noting, however, that the odds of CBP searching any single traveler’s device are tiny, although they may increase if the traveler fits certain profiles. Even with increased device searches during the past two years, CBP still only checks the devices of a fraction of 1 percent of all people crossing the U.S. border. Still, travelers concerned about their privacy can take steps to protect their data as they cross the U.S. border. They should remember the old Boy Scout motto: Be prepared. The best way to avoid sharing personal or confidential information with CBP agents as you cross the border is to scrub your devices before you travel, some privacy experts say. While it’s difficult to fight a CBP search when you’re being questioned, there’s no requirement that your smartphone or laptop be loaded up with your data. Consider removing sensitive data from your devices by storing it in the cloud or on another device that stays home. “People should never lie to a CBP agent,” said Esha Bhandari, a staff attorney with the American Civil Liberties Union’s Speech, Privacy, and Technology Project “If they’re asked a question, they should answer truthfully. But there’s no requirement you carry your data with you when you cross the border.” If you don’t want CBP searching your work email, consider temporarily removing your email app from your smartphone. A cursory CBP search of your phone isn’t likely to discover what apps you’ve recently removed. Also, consider keeping your devices off as you’re going through customs. If your smartphone is powered up, log out of apps that contain personal data. If a CBP agent asks you to unlock your smartphone or laptop, you can refuse, but there are consequences. If you’re not a U.S. resident, CBP could prevent you from entering the country. If you’re a U.S. resident, CBP could hold you for several hours, and they could seize your device. A seizure could lead to a forensic search of your device, and CBP may not return it for months, the Electronic Frontier Foundation noted in a recent advice document for travelers. CBP can detain you for refusing to allow a search but “we’re talking a matter of hours, certainly not an overnight detention,” Bhandari said. “There doesn’t seem to be a bright-line rule, but we’re talking hours, not days.” Ultimately, if you’re a legal U.S. resident, CBP shouldn’t prevent you from entering the country, even if you refuse to allow the device search, Bhandari said. Still, expect to have your device seized if you refuse to unlock it. Travelers will often have to choose, she said. “Would they rather turn over their password and have a quick search vs. refusing and having their device seized?” she added. Finally, there’s been some discussion among technologies about using a separate encryption scheme for sensitive files on laptops or smartphones. While there’s no real consensus, some privacy experts suggest that having a separate encrypted section of your hard drive may raise a red flag for CBP agents. It may be safer to store those files on another device or in the cloud. The post How to prevent your data from being searched at the U.S. border appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/how-to-prevent-your-data-from-being-searched-at-the-u-s-border/ Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware. The HandBrake development team posted a security warning on the project’s website and support forum on Saturday, alerting Mac users who downloaded and installed the program from May 2 to May 6 to check their computers for malware. The attackers compromised only a download mirror hosted under download.handbrake.fr, with the primary download server remaining unaffected. Because of this, users who downloaded HandBrake-1.0.7.dmg during the period in question have a 50/50 chance of having received a malicious version of the file, the HandBreak team said. Users of HandBrake 1.0 and later who upgraded to version 1.0.7 through the program’s built-in update mechanism shouldn’t be affected, because the updater verifies the program’s digital signature and wouldn’t have accepted the malicious file. Users of version 0.10.5 and earlier who used the built-in updater and all users who downloaded the program manually during those five days might be affected, so they should check their systems. According to an analysis by Patrick Wardle, director of security research at Synack, the trojanized version of HandBrake distributed from the compromised mirror contained a new version of the Proton malware for macOS. Proton is a remote access tool (RAT) sold on cybercrime forums since earlier this year. It has all of the features typically found in such programs: keylogging, remote access via SSH or VNC, and the ability to execute shell commands as root, grab webcam and desktop screen shots, steal files and more. In order to obtain admin privileges, the malicious HandBrake installer asked victims for their password under the guise of installing additional video codecs, Wardle said. The Trojan software installs itself as a program called activity_agent.app and sets up a Launch Agent called fr.handbrake.activity_agent.plist to start it every time the user logs in. The HandBrake forum announcement contains manual removal instructions and advises users who find the malware on their Macs to change all of the passwords stored in their macOS keychains or browsers. This is just the latest in a growing string of attacks over the past few years in which attackers compromised software update or distribution mechanisms. Last week Microsoft warned of a software supply chain attack in which a group of hackers compromised the software update infrastructure of an unnamed editing tool and used it to distribute malware to select victims: mainly organizations from the financial and payment processing industries. “This generic technique of targeting self-updating software and their infrastructure has played a part in a series of high-profile attacks, such as unrelated incidents targeting Altair Technologies’ EvLog update process, the auto-update mechanism for South Korean software SimDisk, and the update server used by ESTsoft’s ALZip compression application,” the Microsoft researchers said in a blog post. This is not the first time Mac users have been targeted through such attacks either. The macOS version of the popular Transmission BitTorrent client distributed from the project’s official website was found to contain malware on two separate occasions last year. One way to compromise software distribution servers is to steal login credentials from developers or other users who maintain the server infrastructure for software projects. Therefore, it came as no surprise when earlier this year security researchers detected a sophisticated spear-phishing attack targeting open source developers present on GitHub. The targeted emails distributed an information stealing program called Dimnie. The post Supply chain attack on HandBrake video converter app hits Mac users appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/supply-chain-attack-on-handbrake-video-converter-app-hits-mac-users/ Aaron Gach wasn’t expecting U.S. Customs and Border Protection agents to demand to search his smartphone when he returned to San Fransisco from Belgium in February. The artist and magician, a U.S. citizen, had just attended an art event near Brussels and was targeted for advanced screening by CBP after his flight landed in the U.S. During a series of questions from CBP agents (“Did you pack your bag yourself?”), they repeatedly asked to search his smartphone, Gach said. “Do you understand that if you choose not to unlock your phone we may need to detain your other personal effects?” one agent told him, according to a description of the encounter that Gach posted online. Gach, who travels frequently, was shocked and surprised by the demand to search his device, he said in an interview. He initially resisted, saying a search would violate his privacy, but eventually relented by unlocking his phone for the agents, who then took the phone out of his sight for about 10 minutes. Gach, working with the American Civil Liberties Union to protest the search, “felt pretty coerced” into turning over the phone, he said. “On the whole, I find that situation pretty upsetting.” Why resist the search? The Fourth Amendment of the U.S. Constitution, protecting residents against unreasonable searches and seizures is “pretty clear,” he said. “Either you have rights, or you don’t have rights,” Gach added. “Standing up for your rights is not an admission of guilt or innocence.” Gach’s position is echoed by digital rights groups like the ACLU and the Electronic Frontier Foundation. Under current guidelines, CBP can search a device without “any suspicion” of a crime and with no court-ordered warrant, said Esha Bhandari, a staff attorney with the ACLU Speech, Privacy, and Technology Project. “We think that’s a Fourth Amendment violation,” she said. “They can essentially conduct these searches in a suspicionless manner for no reason at all.” But CBP and the U.S. Supreme Court see fewer Fourth Amendment protections for people, including U.S. citizens, when they’re crossing into the country. As the EFF notes, the Supreme Court allows for a “border search exception” to normal search warrant requirements because the government has an interest in protecting the “integrity of the border” by enforcing immigration and customs laws. CBP defends the device searches, saying the agency inspects the electronic devices of a tiny percentage of people coming into the U.S. every year. The device searches are just one piece of information the CBP uses to evaluate travelers, a CBP spokeswoman said. “Keeping America safe and enforcing our nation’s laws in an increasingly digital world depends on our ability to lawfully examine all materials entering the U.S.,” the spokeswoman said by email. “CBP’s electronic searches affect less than one hundredth of one percent of travelers.” Device searches often help to show travelers’ intentions while they’re in the U.S., she added. The searches “are critical to the detection of evidence relating to terrorism and other national security matters, human and bulk cash smuggling, contraband, and child pornography,” she said. While CBP searches the devices of far less than 1 percent of travelers crossing the U.S. border, the number of searches has ballooned in the last two years. In CBP’s fiscal year 2015, the agency searched just 8,503 devices during 383.2 million border crossings. But in fiscal year 2016, the number of device searches jumped to 19,033, and in the first six months of FY2017, CBP searched 14,993 devices, putting the agency on pace to search nearly 30,000 devices during the year. Separately, the U.S. Department of Homeland Security has talked about demanding social media passwords as part of President Donald Trump’s plan for advanced security checks for visa applicants from some Muslim-majority countries. The Department of State is also considering a plan to ask some visa applicants for the social media user names, email addresses, and phone numbers (although not for social media passwords) that they’ve used for the past five years. Some U.S. lawmakers have questioned the CBP’s device searches. In April, a bipartisan group of four lawmakers introduced the Protecting Data at the Border Act, which would require the agency to get a court-ordered warrant to search the electronic devices of U.S. citizens and legal residents like green-card holders. It’s unclear, however, how a warrant process would work with travelers exiting an airplane or crossing the U.S. border in an automobile. But U.S. residents shouldn’t give up their privacy when crossing the border, the sponsors said. “Americans’ Constitutional rights shouldn’t disappear at the border,” said Senator Ron Wyden, an Oregon Democrat and sponsor of the bill. “By requiring a warrant to search Americans’ devices and prohibiting unreasonable delay, this bill makes sure that border agents are focused on criminals and terrorists instead of wasting their time thumbing through innocent Americans’ personal photos and other data.” Gach, the artist whose smartphone was searched in February, supports legislation that would require a search warrant. “Right now, there’s just sort of a blanket authorization, and you have no idea what exactly they’re searching,” he said. The post US device searches at borders ignite resistance appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/us-device-searches-at-borders-ignite-resistance/ PC vendors this week will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack. Intel on Friday released a new notice urging clients to take steps to secure their systems. The chipmaker has also released a downloadable tool that can help IT administrators and users discover whether a machine they own has the vulnerability. In addition, vendors including Fujitsu, HP and Lenovo have released lists showing which products are affected and when the patches will roll out. The products include laptops from Lenovo’s ThinkPad line and HP’s EliteBook series, along with servers, and desktops. Some of the patches are slated to come in June. Computers running enterprise management features found in Intel-based firmware from the past eight years will have the bug. Specifically, the vulnerability resides in past versions of Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability. Fortunately, the vulnerability can only be exploited if these features have been enabled, according to security firm Embedi, which uncovered the bug. These enterprise features were designed to help businesses remotely manage, track and repair huge fleets of connected computers, including retail checkout systems, digital signs, and PCs. However, Intel’s firmware bug could allow a hacker to take over the PCs and devices that use these remote management technologies, the chipmaker said. In March, Intel learned about the vulnerability from a researcher at Embedi, a security product provider. On Friday, Embedi released more technical details about the Intel firmware bug, saying it could be exploited to remotely control a machine’s mouse and keyboard and even turn the computer on or off. “Which means, you can remotely load, execute any program to the target system,” Embedi said. The vulnerability also bypasses the machine’s authentication processes, so no knowledge of the password is needed, Embedi said. Until the patch becomes available, Intel is recommending users manually apply temporary fixes to address the threat. Users can also contact Intel’s customer support. The post Patch to fix Intel-based PCs with enterprise bug rolls out this week appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/patch-to-fix-intel-based-pcs-with-enterprise-bug-rolls-out-this-week/ As my company continues to move enterprise applications to the cloud, the latest development presents a security opportunity. We are giving up our on-premises Microsoft Exchange email in favor of the Microsoft Office 365 service. With the transition, we might be able to curtail the common employee practice of communicating and storing sensitive business-related data in email. I am encouraging the IT organization to tighten security by implementing controls that were either not available in our on-premises deployment or never implemented. The first order of business is a cleanup of accounts and distribution lists. We have hundreds of email-enabled distribution lists, and too many of them are available to the world. We should be able to cut down the number of lists and set rules about who can use them. For example, one list that includes all members of the customer support team has been available to anyone, though only internal employees have a need for it. Customers will have access to a separate support distribution list that will integrate with Salesforce to automatically generate a support ticket. We will also restrict to managers the ability to send to “all.” Too many people use the “all” alias to send messages that most employees perceive as spam. That’s a problem in a growing company. Then there’s auto-forwarding. Doing it internally is one thing (having your mail go to a co-worker while you’re on vacation, for example), but auto-forwarding to personal email accounts simply increases the potential for data loss. Now we can disable auto-forwarding for some employees or restrict the domains they can auto-forward mail to. Another issue involves the devices users access email on. I don’t want them to install the Outlook client on non-corporate computers. This could be especially risky on public computers, such as in hotel lobbies, because the mail will stay on the device after log-off. We will try to circumvent that risk by requiring that employees use our corporate single sign-on (SSO) solution to log into Outlook. One plus is that our SSO uses multifactor authentication, but it also can be configured to restrict Outlook access to one device (presumably the corporate-issued device). Another way to restrict access is to issue a machine certificate to the corporate PC and configure Office 365 to allow connections only from machines with valid certificates. Eventually we will deploy a robust third-party mobile device management application to employees who use their phones for business purposes. Until then, we will use the built-in mobile device policies that come with Office 365. These include password requirements, device timeout, encryption, brute-force protection, restrictions against jailbroken devices and the ability to selectively wipe phones (corporate mail only) when a user leaves the company. We’ll use what Microsoft calls “MailTips” to help with data loss prevention. For instance, if a user creates an email containing sensitive data, such as a credit card number, MailTips will send a warning that that is a bad practice. Similar warnings will be issued when users try to send emails to a distribution list that contains an external user. We will also prevent users from pulling in webmail to Outlook. It’s best to ban that activity outright because we just can’t vouch for the integrity of those personal messages, and we also don’t want to store it on corporate devices. Finally, we will (of course) enable any and all malware and spam protection. I’ve always said that if my company is going to get hacked, it will most likely result from someone clicking on something in an email. Anything I can do to block malicious emails is well worth the effort. This includes blocking certain email attachments, such as executable files and scripts, that are typically associated with malware. We will also continue to enforce Sender Policy Framework (SPF), which validates the IP address of the email sender. There are other more advanced configuration options that Microsoft offers that we will evaluate and deploy, so long as they don’t impact our ability to conduct business. The last thing I want is to implement so many restrictions that legitimate email is prevented from reaching its destination. As always in this job, it’s all about finding that balance of security and usability. This week’s journal is written by a real security manager, “Mathias Thurman,” whose name and employer have been disguised for obvious reasons. Contact him at [email protected]. Click here for more security articles. The post Email, email, in the cloud appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/email-email-in-the-cloud/ ![]() Almost a year after app developer SilverPush vowed to kill its privacy-threatening software that used inaudible sound embedded into TV commercials to covertly track phone users, the technology is more popular than ever, with more than 200 Android apps that have been downloaded millions of times from the official Google Play market, according to a recently published research paper. As of January, there were 234 Android apps that were created using SilverPush’s publicly available software developer kit, according to the paper, which was published by researchers from Technische Universitat Braunschweig in Germany. That represents a dramatic increase in the number of Android apps known to use the creepy audio tracking scheme. In April 2015, there were only five such apps. The apps silently listen for ultrasonic sounds that marketers use as high-tech beacons to indicate when a phone user is viewing a TV commercial or other type of targeted audio. A representative sample of just five of the 234 apps have been downloaded from 2.25 million to 11.1 million times, according to the researchers, citing official Google Play figures. None of them discloses the tracking capabilities in their privacy policies. ![]()
Enlarge / Five of the 234 apps that were built using the SilverPush SDK
“The example of SilverPush highlights how easily this technology can be used to spy on users,” Erwin Quiring, one of the researchers, wrote in an e-mail. “In this way, they can track the TV viewing habits of users precisely even with traditional broadcasting technologies. In our research paper, we identified three further privacy risks that can occur with this technology, e.g., tracking locations, behavior devices, and even the de-anonymization of Tor users.” SilverPush founder Hitesh Chawla said the finding surprised him because his company abandoned the ad-tracking business in late 2015. “We respect consumer privacy and would not want to build our business foundation where the privacy is questionable,” he told Ars. “Even when we were live, our SDK was not present in more than 10 to 12 apps. So there is no chance that our presence in 234 apps is possible. Every time a new handset gets activated with our SDK, we get a ping on our server. We have not received any activation for six months now.” The researchers, however, stand by the figure and say that all 234 apps positively contain the SilverPush SDK. That means phones that have the apps installed are silently listening for ultrasonic sounds without the knowledge or consent of their owners. While the researchers were unable to find any beacons in TV audio, they compared successful detections with finding a needle in a hay stack and left open the possibility such beacons are actively being embedded into TV audio. Even if they’re not actively used, the growth in apps signals the practice could become widespread in the near future. The results were drawn from a corpus of 1.3 million Android apps submitted to the VirusTotal file scanning service, and as a result they shed no light on how prevalent audio beaconing may be in apps running on iOS devices from Apple. A Google representative said that the privacy policies enforced on all apps available in the Play market require developers to “comprehensively disclose how an app collects, uses and shares user data, including the types of parties with whom it’s shared.” The representative didn’t respond to a follow-up question asking why none of five apps cited in the research findings disclosed the SilverPush functions. At the time this post went live, all five apps remained available in Play. The beacons are frequencies from 18kHz to 20kHz, a range that is inaudible to most humans but can be reliably detected by most phone microphones. By embedding them into audio, marketers can track the whereabouts of shoppers as they move throughout a large department store. Promoters using other companies’ audio-beacon technologies can also use them to push ads or coupons to people who are near a certain store or service. The researchers said two services—Shopkick and Lisnr—use ultrasonic beaconing for legitimate purposes such as these, and they disclose the tracking prominently. The tracking can also be used for purposes that are decidedly less ethical. Advertisers, for example, may use the beacons with no disclosure at all to measure how often a particular TV ad is viewed. The technology can also be covertly used to perform cross-device tracking that allows marketers to tie a single person to the multiple media devices she uses. The researchers said the beacons could similarly be used to identify people using the Tor anonymity service. This paper was published at the 2nd annual IEEE European Symposium on Security and Privacy and was presented last week in Paris, France. In the paper, the researchers wrote:
The 234 detected apps contain SilverPush functionality alongside their normal content. Many were developed for large companies such as McDonald’s and Krispy Kreme. At the moment, there are a limited set of countermeasures to prevent such tracking. For people using version 6.0 or higher, they can disable an app’s access to the device microphone. This is a good practice to follow in general, although it may prevent useful features such as voice-to-text from working. It’s also a good idea to limit the number of installed apps. Longer term, antivirus providers may be able to add features that detect the tracking during routine scans of installed apps. Another long-term solution is to lobby government regulators, Google, Apple, and other companies to strictly enforce clear and prominent disclosure of all ultrasonic-based tracking. Post updated to add sentences in last paragraph about Android app permissions. The post More Android Phones Than Ever Are Covertly Listening For Inaudible Sounds In Ads appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/more-android-phones-than-ever-are-covertly-listening-for-inaudible-sounds-in-ads/ Ransomware is big business and it appears as if malware developers are trying out a number of new features in different types of ransomware to make attacks more effective and profitable. The 2017 Verizon DBIR confirmed the trend that many experts noted of ransomware as a booming malware business, and the real world provides plenty of supporting evidence. It has gone so far that threat actors have been able to use fake ransomware to scare victims into paying. More recently, Fatboy, a ransomware-as-a-service (Raas) option that can dynamically change ransom prices based on the Big Mac index. According to threat intelligence provider Recorded Future, based in Somerville, Mass., this means “victims in areas with a higher cost of living will be charged more to have their data decrypted.” Ken Spinner, vice president of global field engineering at Varonis, said dynamic pricing in new types of ransomware was inevitable. “If we continue to think about ransomware as a business, then it makes absolute sense that they would know the types of people, industries and locations that would pay and how much they would be willing to pay — the victim sweet spot,” Spinner told SearchSecurity. “Some RaaS offerings even automate the price based on the Big Mac index, like Fatboy, and this in turn helps them to make their RaaS offerings more appealing to would-be criminal subscribers.” Ilia Kolochenko, CEO of High-Tech Bridge, a web application security testing company based in Geneva, said the ransomware-as-a-service model will continue to grow. “Many cybercriminals don’t want, or simply don’t have enough skills, to do all the administrative work involved in ransomware — billing, support, money laundering, etc. With the RaaS model, even a kid can successfully receive payments from the victims without bothering about anything but hacking user machines,” Kolochenko told SearchSecurity. “There is nothing sophisticated in the RaaS model, it’s just about making this type of cybercrime more accessible and affordable. This is a sign that the cybercrime industry is maturing, like a legitimate business.” Ransomware innovationThere has also been a number of types of ransomware to try innovative new features, such as offering the decryption key in exchange for the victim spreading the infection to others and deleting the decryptor if researchers attempt to sandbox or study the malware. Researchers also found CryptFile2, an updated version of the CryptoMix ransomware that changes file extensions of encrypted files to avoid detection and make decryption more difficult. Travis Smith, principal security research engineer at Tripwire, said the level of innovation in new types of ransomware could be because ransomware is, by design, intended to be discovered quickly which means more samples are available to be inspected by defenders. “That being said, many of the innovations that ransomware is adopting have been used by other malwares for quite some time. For example, sandbox detection and malware as a service have been leveraged by other campaigns long before being used by ransomware,” Smith told SearchSecurity. “There are valid reasons why malware authors are spending time putting these features in. Many ransomware families have been reverse engineered by white-hat researchers and had their decryption keys released to the public for free.” Tim Prendergast, CEO at Evident.io, a cloud infrastructure security company based in Pleasanton, Calif., said what sets ransomware apart is that “there’s no attempt to acquire any intelligence or restricted data; it’s all about profits,” and the innovation in the space reflects that. “Unfortunately it has proven to be a lucrative activity. Therefore, the profit motive is driving some major technology developments. We’re seeing more attacks across a broader scope of targets; even non-profits, churches, and small governments aren’t safe,” Prendergast told SearchSecurity, adding that while “the cloud has long [been] thought to be a safer haven, but it is far from immune.” New types of ransomware; same security measuresWhile the ransomware space may change and ransomware developers may innovate, experts noted that the best ways to combat ransomware are still relatively unchanged. Smith said if a company is infected with ransomware, “the best option is to rely on valid backups to get your data back.” “However, training users on safe and secure internet habits will go a long way in preventative maintenance against ransomware. Most infections will come in via a malicious link or attachment. Raising awareness around this type of attack path is critical for avoiding not only ransomware, but any other malware family,” Smith said. “The Google Docs phishing campaign from earlier this week is a great learning tool for the masses to teach them the dangers of clicking on unsolicited links.” Morgan Gerhart, vice president of marketing at Imperva, warned that a major component of the cost of ransomware isn’t the ransom, “It’s the disruption and downtime.” “Theoretically, if you can recover your data in real time, the backup is effective. Most people can’t. And even a few hours of downtime is hugely disruptive to an enterprise,” Gerhart told SearchSecurity. “We believe the most effective solution is to monitor the data in real time to detect when it’s being accessed by ransomware so you can stop the attack.” Spinner said the proactive approach is with a defense in depth. “Organizations need to look between the endpoints and the backups at the … actual data that is at risk. First, they need to restrict access to data on a need to know basis to reduce the attack footprint. Next, organizations need to monitor, alert and stop suspicious behavior as it’s happening with user behavior analytics (UBA),” Spinner said. “Ransomware, no matter how innovative, will never perfectly imitate the normal behavior of the user it is infecting. UBA is a sure fire way to find and stop an attack in progress.” The post New types of ransomware innovate to find opportunity appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/new-types-of-ransomware-innovate-to-find-opportunity/ |
ABOUT USFree, secure collections for I.T recycling and CESG approved data erasure for individuals, businesses and large-scale projects. I.T Asset Disposal | Computer Recycling | Re-marketing & Cashback | Secure Data Erasure. Archives
May 2017
Categories |