March 26, 2019

Tech giants back bill that privacy advocates claim is toothless

By Lisa Vaas

Washington state is on the road to passing a privacy bill that tech giants think is great and that the American Civil Liberties Union (ACLU) thinks is toothless.

Shankar Narayan, director of the Washington ACLU’s Technology and Liberty Project, clashed with the bill’s sponsor, Washington State Senator Reuven Carlyle, on Thursday during a panel discussion that featured privacy and antitrust experts.

That panel was hosted by the Seattle media organization Crosscut. As Crosscut reports, Carlyle has said that his proposed bill, which will address how companies collect and share internet users’ data, borrows best practices from the privacy bills we now have: the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA).

The proposed bill recently cleared the Washington State Senate and is now being considered in the State House.

A global, de facto standard?

In January, the bill’s backer, Sen. Carlyle, said the law is designed to take best practices for collecting and sharing users’ data “from around the world.”

The proposed law could have repercussions that spread far beyond the state. Microsoft President Brad Smith – who’s recently been calling for laws about the use of facial recognition and stumping for this Washington bill – recently said that he believes the law could become a de facto standard globally, given that it would rule tech giants such as Microsoft and Amazon, which are both based in Washington.

Read more at https://nakedsecurity.sophos.com/2019/03/26/tech-giants-back-bill-that-privacy-advocates-claim-is-toothless/

Family tracking app spilled pics, names and real-time location data

By Danny Bradbury

A journalist/researcher team has managed to get a highly sensitive database taken down after the mobile app vendor responsible for it failed to acknowledge the problem. The Family Locator app was publishing the real-time location data of 238,000 users for anyone to see.

The app tracks the real-time location of anyone registered on it, enabling families to figure out where their children are, for example. It contains features including geofencing, to tell you when family members reach and leave pre-defined locations.

The app’s FollowMe feature allows you to get up-to-date status on all family members. Did little Johnny reach school? Did mum make it to work ok? And so on. It sounds like a way to ensure that your family is safe, but this app did precisely the opposite.

An insecure MongoDB database, hosted in the cloud, stored real-time, unencrypted location data about all registered members. Anyone who found the database via a search engine like Shodan could see not only the user’s real-time location, but also their profile photo, name, email address, and password. Attackers could also see the name of the places that were geofenced according to their account.

This means that anyone checking out this family safety database could easily see what your 13-year-old daughter looked like, where she lives, where she goes to school, and the route she takes to get there every morning.

Read more at https://nakedsecurity.sophos.com/2019/03/26/journalist-researchers-shut-down-record-spewing-location-tracking-database/

Medtronic cardiac implants can be hacked, FDA issues alert

By John E Dunn

The US Food and Drug Administration (FDA) has issued a warning about two dangerous security flaws affecting a number of implantable heart defibrillators and home monitoring systems manufactured by medical device giant Medtronic.

According to an alert put out last week, the flaws affect all models from 20 product families of Implantable Cardioverter Defibrillators (ICDs), which are placed inside patients’ bodies to automatically counteract life-threatening cardiac arrhythmias.

Discovered by a team of researchers in the Netherlands and the UK, the problem is with the inhouse wireless technology, Conexus, which the ICDs use for telemetry, configuration and to retrieve device info.

The vulnerabilities

The first flaw, identified as CVE-2019-6538, is that Conexus wireless protocol has no authentication or authorization, which means that when the device’s radio is turned on, attackers can take control of the communication.

Having done so, there is nothing to stop them from reconfiguring an ICD device with potentially life-threatening settings.

The second flaw, CVE-2019-6540, is that the Conexus protocol doesn’t use any form of wireless encryption, so that attackers nearby can sniff out sensitive data going to and from the device.

Read more at https://nakedsecurity.sophos.com/2019/03/25/medtronic-cardiac-implants-can-be-hacked-fda-issues-alert/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.


Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation