AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/10/2021

American Heart Association study confirms Apple’s MagSafe tech poses a risk to cardiac devices

What just happened? Apple has already warned users with fitted medical devices to be careful where they place their iPhone 12, and now the American Heart Association (AHA) has shown why people should heed this advice. The AHA’s study also suggests the handsets pose a bigger risk than older iPhones, something Apple claimed isn’t the case. Back in January, Apple said that its latest flagship and MagSafe accessories should be kept a safe distance from pacemakers, implantable cardioverter-defibrillators (ICD), and other implants that might respond to magnets and radios. Apple writes in its support document that the iPhone 12 series should remain at least six inches away from the medical devices in question and more than twelve inches if wirelessly charging. The AHA said “select devices” from Medtronic, Abbott, and Boston Scientific were found to have “magnetic susceptibility.” The organization confirmed Apple products with MagSafe technology could cause interference to the cardiac devices when placed over the skin or are in very close proximity.

 

Ford, Chevy and Jeep among automakers hardest hit by chip shortage

The ongoing semiconductor shortage has hit the tech sector especially hard, but it’s not just gadget and computer makers that are feeling the squeeze. Automakers have also had to scale back production in response to the silicon shortage.  According to a recent report from Automotive News (via Car and Driver), it is estimated that as of May 2021, Ford has taken nearly 110,000 F-Series trucks out of production. Jeep, meanwhile, has nixed an estimated 98,584 Cherokees and Chevrolet has made an estimated 81,833 fewer Equinox SUVs than originally planned.  Per Car and Driver, the industry is somewhat responsible for the current situation. When factories started shutting down and new-car sales slowed during the early days of the Covid-19 pandemic in the first half of 2021, many automakers canceled orders for microchips destined for future builds. Customers in other industries took advantage of the excess chipmaking capacity, and now, automakers are struggling to re-secure the silicon they need for things like onboard computers and infotainment systems for new vehicles.

 

Apple Health adds the ability to share data with doctors and family members

The Apple Health app is getting a handful of new features in iOS 15, including a Sharing option that allows users to send their own health data to doctors and family members, and receive real-time notifications about their loved ones. All of the info is encrypted so that even Apple can’t access it, and users have control over who sees what. In terms of doctor’s visits, Sharing is designed to help users provide information they might otherwise forget, such as sleep and exercise data. On a personal level, the feature should be of particular interest to folks taking care of elderly family members.

 

Apple and Google Go All In On Digital Car Keys

Apple today announced expanded support for digital car keys in iOS 15 during its WWDC keynote. Combined with Google’s recent Android announcements at its own developers conference, it’s clear that the big transition to digital car keys will begin in earnest later this fall. While Apple first announced support for digital car keys last year, today the company expanded its efforts with new updates coming to Wallet in iOS 15 that will allow iPhones to connect to nearby cars via UWB. The addition of support for UWB mirrors a similar announcement Google made during Google I/O that regarding support for digital car keys via UWB or NFC depending on the specific model of car in Android 12.

 

Ring refuses to say how many users had video footage obtained by police

Ring gets a lot of criticism, not just for its massive surveillance network of home video doorbells and its problematic privacy and security practices, but also for giving that doorbell footage to law enforcement. While Ring is making moves towards transparency, the company refuses to disclose how many users had their data given to police. The video doorbell maker, acquired by Amazon in 2018, has partnerships with at least 1,800 U.S. police departments (and growing) that can request camera footage from Ring doorbells. Prior to a change this week, any police department that Ring partnered with could privately request doorbell camera footage from Ring customers for an active investigation. Ring will now let its police partners publicly request video footage from users through its Neighbors app. The change ostensibly gives Ring users more control when police can access their doorbell footage, but ignores privacy concerns that police can access users’ footage without a warrant.

 

The blurry boundaries between nation-state actors and the cybercrime underground

When it comes to attributing malicious cyber activity, there are two buckets by which actors generally fall in: “financially-motivated” or “nation-state.” The former is ultimately interested in money, while the latter is more concerned with obtaining or exploiting sensitive information to gain an advantage over a government or commercial entity. For the past decade, defenders could generally discern whether attackers fit into each of the previously mentioned buckets by examining tools, infrastructure, techniques and/or processes. Now, as cybercriminal work becomes increasingly lucrative due to the amount of money or information that could be acquired, the border between those buckets is eroding. The lines between nation-state objectives and financially-motivated cybercrime have continued to blur as the relationship between profit and espionage has grown, particularly within the cybercrime underground.

 

Not So Fastly: Global Outage Highlights Cloud Challenges

Content delivery network Fastly says its global outage on Tuesday was caused by a software bug. While discovered and fixed quickly, the vulnerability nevertheless disrupted access for many internet users around the world for part of the day.  The outage has led some IT experts to caution that while cloud-based services are cost-effective and provide greater reliability and uptime – and many times security – they can also become single points of failure if they go down, unless users have backup approaches in place. Fastly has apologized for the breach and provided a first glimpse at what went wrong. Infrastructure expert David Warburton says the outage is a reminder that the internet was built to be decentralized, so that if systems failed, communications would carry on regardless.

Related Posts