AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – February 27, 2019

1 More Internal Facebook Documents Leak Online, Revealing How Facebook Planned to Sell User Data

On Friday, more internal emails started trickling out. Nearly 100 new pages, first reported by Computer Weekly, include court filings and internal discussions by Facebook employees, including CEO Mark Zuckerberg, about how to charge developers for access to Facebook users’ data, how to make more money off gaming apps, special access to Facebook data for whitelisted partners, and an emergency breach of some kind that appeared to involve Zuckerberg’s Facebook account. While it’s previously been reported that Facebook considered selling user data, these emails reveal exactly what they wanted to charge for: instant personalization, showing who was friends with who, and “coefficient”—Facebook’s term for rating which of your friends you care about the most.

 

2 United Airlines And Delta Confirm That Their Premium Economy Screens Have Cameras

Following Singapore Airlines and American Airlines passengers’ privacy concerns over cameras spotted in seat-back entertainment displays, United Airlines and Delta have confirmed to BuzzFeed News that some of their screens also include camera lenses. The displays with cameras embedded are found in the airlines’ premium economy class, available on select international routes. Both United and Delta said that the cameras were included by the manufacturer of the entertainment systems, Panasonic, and are not active. A United spokesperson told BuzzFeed News that cameras are “a standard feature that manufacturers of the system have included for possible future purposes such as video conferencing” and the airline has “no plans to use them in the future.”

 

3 'Thunderclap' Flaws Expose Computers to Attacks via Peripheral Devices

Researchers have disclosed the details of an attack method that can allow a malicious actor to take control of a computer and gain access to sensitive data by connecting a specially crafted device to its Thunderbolt port. The attack, dubbed Thunderclap, involves a series of vulnerabilities that can be exploited via Thunderbolt, a hardware interface created by Apple and Intel for connecting peripheral devices to a computer. The security holes were discovered by a team of researchers from Rice University in the United States, University of Cambridge in the United Kingdom, and SRI International. The flaws impact a vast majority of the laptops and desktop computers made by Apple since 2011. However, Thunderbolt 3 is often supported via USB Type-C ports, which means that computers designed to run Windows and Linux can be vulnerable as well. The researchers noted that exploitation is also possible through devices connected via PCI Express or chips directly soldered to the targeted computer’s motherboard.

 

4 Google Enhances Google Play Protect on Android, but Is It Enough?

Google has made changes to Google Play Protect in order to better protect Android users from malicious apps. Will these protections, though, be enough? Google Play Protect is a feature that launched in 2017 that aims to protect Android users from unwanted and malicious apps found in the Google Play store and through third parties. In a blog entry posted today, Google stated that Google Play Protect is a scanning engine that runs in the background that looks for malicious apps uploaded to the Play Store and protects over 2 billion devices every day.

 

5 Holes in 4G and 5G Networks Could Let Hackers Track Your Location

Over the past 18 months, revelations about wireless carriers selling smartphone location data to third parties have forced telecoms to promise reform. Worryingly, but perhaps not surprisingly, these user protections have been slow to actually materialize. Even if carriers shape up, though, an attacker can still track a smartphone's location and snoop on phone calls thanks to newly discovered flaws in 4G and even 5G protocols. A group of researchers from Purdue University and the University of Iowa will present their findings Tuesday at the Network and Distributed System Security Symposium in San Diego. They note that their discoveries, first reported by TechCrunch, are particularly concerning since the 5G standard was specifically developed to better protect against these types of attacks.

Related Posts