This week a division of the United Nations announced its new social distancing app designed to help alert people when they get too close to another person during the ongoing coronavirus pandemic. Motherboard has found that the app, called 1point5, is barely functional, and an independent researcher highlighted how the app may be largely ineffective due to how it informs users when they are near any other device which uses Bluetooth, rather than only mobile phones, which a human is presumably carrying in their pocket. The news highlights the haphazard roll-out of various different apps and technologies that are supposed to help during the pandemic, including those from governments.
A hacker bribed a Roblox worker to gain access to the back end customer support panel of the massively popular online video game, giving them the ability to lookup personal information on over 100 million active monthly users and grant virtual in-game currency. With this access, the hacker could see users’ email address, as well as change passwords, remove two-factor authentication from their accounts, ban users, and more, according to the hacker and screenshots of the internal system. The screenshots shared with Motherboard include the personal information of some of the most high profile users on the platform.
President Donald Trump on Friday issued an executive order barring federal agencies and companies under U.S. jurisdiction from installing foreign-owned equipment in the electric sector that might pose “an unacceptable risk to national security.” The sweeping directive authorizes Trump’s energy secretary, Dan Brouillette, to work with U.S. national security agencies and the energy industry to vet equipment before it gets installed, and to identify vulnerable gear already in place. It is the latest move by the administration to clamp down on foreign-sourced software and hardware, following an order last year covering U.S. companies’ procurement of telecommunications gear.
Last week, a security researcher published a proof-of-concept Chrome extension that turns Chrome browsers into proxy bots, allowing hackers to navigate the web using an infected user’s identity. The tool, named CursedChrome, was created by security researcher Matthew Bryant, and released on GitHub as an open-source project. Under the hood, CursedChrome has two different parts — a client-side component (the Chrome extension itself) and a server-side counterpart (a control panel where all CursedChrome bots report). Once the extension has been installed on a few browsers, the attacker can log into the CursedChrome control panel and establish a connection to each infected host. The link between the extension and the control panel is a simple WebSocket connection that works as a classic HTTP reverse proxy.
The US Federal Communications Commission (FCC) today issued an order saying that it will no longer warn robocallers before fining them for harassing consumers and violating the law. Today’s order also extends the timeframe within which the FCC can penalize robocallers for Telephone Consumer Protection Act (TCPA) and spoofing calls violations, and increases the penalties for intentional unlawful robocalls. “Robocall scam operators don’t need a warning these days to know what they are doing is illegal, and this FCC has long disliked the statutory requirement to grant them mulligans,” FCC Chairman Ajit Pai said today.