Friday Five: 1/4 Edition
Brazil gets a data protection authority, hacking Face ID, and how CIOs are getting ready for 2019's challenges - catch up with the week's infosec news with this roundup!
1. Hackers hijack thousands of Chromecasts to warn of latest security bug by Zack Whittaker
Perhaps the biggest news this week – a fairly quiet one on the infosec front, especially compared to last January’s Meltdown/Spectre bonanza) – was that legions of Chromecast users had their devices taken over to highlight a flaw in Google's Chromecast and the router it connects to. Google told reporters the issue technically stemmed from router settings that make internet of things devices available to the public. It's apparently a years old issue, first being found in 2014, then again in 2016.
2. Apple Phone Phishing Scams Getting Better by Brian Krebs
Krebs has news on a nifty new Apple phishing scam that tricks users into thinking the company is actually calling them. Not only does the call display Apple's logo, agddress, and legitimate Apple phone number, the call also gets indexed in the iPhone's recent calls list as coming from the legitimate Apple Support line. As Krebs notes the fascinating thing here is that Apple devices can't differentiate calls from Apple from calls trying to impersonate the tech company. While a well-informed person may think twice about picking up or calling back – why would Apple be calling you in the first place? – some may be none the wiser.
3. Brazilian government to create data protection authority by Angelica Mari
Brazil will indeed gets its own data protection authority. According to Angelica Mari, reporting for ZDNet, a provisional measure calling for the creation of a "National Authority for Personal Data Protection" was released last Friday. There was temporarily cause for concern earlier this summer when Brazilian President Michel Temer vetoed a provision of the country's General Data Privacy Law, signed in August, that would establish an independent data protection authority. Ultimately an authority had to created in order to implement the new legislation though and an executive order filed by Temer, shortly before the end of his term, will do this.
4. Cyber Researcher Pulls Public Talk on Hacking Apple's Face ID by Reuters' Jim Finkle, Stephen Nellis
Interesting news here via Reuters via the New York Times on a cybersecurity researcher who was scheduled to present research on cracking Apple's Face ID but who canceled it at the request of his employer. According to the report a China-based researcher was slated to present his research at Black Hat Asia in a few months but canceled the talk at the behest of Ant Financial, his employer, likely because the company's Alipay payment system is compatible with Face ID. If legitimate the research could cast a pall over Face ID, biometric technology that's used on tens of millions of iPhones worldwide.
5. Good Privacy Requires Tech, Cultural Change by Kim S. Nash
The Wall Street Journal's Kim S. Nash checks in with CIOs on how to best combat privacy/cybersecurity concerns in 2019. It’s worth reading the article, linked below, to see what each company is doing to lay the groundwork. The gist? Organizations will need to be more transparent about what they're doing with users' data, keep ahead of emerging threats, and comply with evolving regulations in the New Year.