Weekly Cybersecurity News

Welcome to the latest weekly cybersecurity news by Malloc. Here we bring you and discuss the latest events in the world of digital privacy and security, focusing on mobile security. According to the latest report by CDD, Smart TVs and the Streaming industry collect a lot of user data without their consent using sophisticated tracking techniques. It has further raised concerns about the impact of targeted advertising on society and has raised alarm over the use of generative AI in advertising. In another analysis conducted by Cybernews, it has been found that the new Google Pixel smartphones transmit personal information such as location and phone numbers to Google without user consent. Google has defended these practices, arguing that they are necessary for device functionality, but this has raised significant privacy concerns and has even raised fears of remote control capabilities. Similarly, while Apple touts and takes pride in its stance on preserving user privacy, it has been quietly collaborating with law enforcement agencies through its Collaboration Summit at its headquarters, focusing on the use of Apple products for surveillance and policing, which is detrimental to user privacy and security.

To know about these developments and other important news, read the article below.

Smart TVs are like “a digital Trojan Horse” in people’s homes:

A report by the Center for Digital Democracy (CDD) describes the smart TV and streaming industry as a "digital Trojan Horse," highlighting significant privacy concerns associated with the data harvesting practices of connected TVs (CTVs). The 48-page report argues that streaming services and smart TV manufacturers have created a "surveillance system" that uses sophisticated tracking techniques to target viewers for advertising, undermining consumer privacy. It calls for investigations by the Federal Trade Commission (FTC) and Federal Communications Commission (FCC) due to concerns about misleading privacy policies and the potential discriminatory impacts of targeted advertising, particularly on communities of color. The report also raises alarms about the use of generative AI in advertising, which could enhance the personalization of ads and the collection of sensitive data, urging for stricter regulations to protect consumer rights.

Source: arsTechnica

Apple Sells Privacy To Consumers. But It’s Quietly Helping Police Use iPhones For Surveillance:

Apple has been quietly collaborating with law enforcement through its Global Police Summit, held annually at its Cupertino headquarters. This summit, attended by police representatives from various countries, focuses on how to utilize Apple products—like the iPhone, Vision Pro, and CarPlay—for surveillance and policing tasks. Despite Apple’s public commitment to privacy and a historically confrontational stance towards law enforcement, the company has increased its partnerships with police agencies, developing projects and applications tailored to their needs. The latest summit, occurring in October 2023 just before a major police conference, emphasized the practical use of Apple technologies in law enforcement. However, the future of the summit is uncertain after the resignation of Gary Oldham, who led these initiatives, leaving police agencies hoping for its revival.

Source: Forbes

Who owns your shiny new Pixel 9 phone? You can’t say no to Google’s surveillance:

Google's new Pixel 9 Pro XL smartphone frequently transmits personally identifiable information (PII) such as location, email, and phone number to Google without user consent. Research indicated that the phone sends data packets to Google every 15 minutes and attempts to access various services, including those related to facial recognition and device management, raising fears of remote control capabilities. The analysis conducted by Cybernews included monitoring the phone's web traffic after gaining root access, which exposed the extent of data transmission and the potential privacy risks associated with the device. While Google defends these practices as necessary for legitimate services and emphasizes user control over permissions, the analysts highlight the ongoing tension between innovative technology and user privacy rights, suggesting that while the benefits of the device may be significant, the implications for user control and surveillance are troubling.

Source: CyberNews

Google Ordered to Open up Android’s Play Store:

A federal judge ruled in favor of Epic Games in its lawsuit against Google, declaring the Google Play Store an illegal monopoly. The ruling mandates Google to allow rival third-party app stores access to its Play Store and to stop requiring developers to use Google Play Billing, starting November 1, 2024. Additionally, the decision prohibits various anti-competitive practices, enhancing developer freedoms regarding payment methods and app pricing. Although Epic will have oversight on certain safety measures Google wishes to enforce, the judge's ruling opens the Android ecosystem to potential competition from alternative app stores. Google plans to appeal the decision, which may delay its implementation.

Source: How-To-Geek

Google Is Rolling Out These Three Anti-Theft Features for Androids:

Google is rolling out three new anti-theft features for Android devices running version 10 and newer that enhance data security in the event of theft. The features include Theft Detection Lock, which uses AI to lock the phone if it detects suspicious motion indicative of theft; Remote Lock, allowing users to lock their phones remotely even if they forget their Google Account password; and Offline Device Lock, which automatically locks the phone if it has been offline for a prolonged period. While these features do not prevent theft, they significantly help protect personal data from unauthorized access.

Source: Life Hacker

iPhone Privacy Warning—iOS 18 Mirroring Bug Could Expose Your Data:

Security researchers have issued a warning about a significant privacy bug in Apple's iOS 18 and macOS 15.0, identified through the new iPhone Mirroring feature, which could inadvertently expose personal applications from employees' iPhones to their corporate IT departments. This flaw poses risks of revealing sensitive information, such as VPNs in restrictive countries or health-related apps, raising potential legal liabilities and privacy violations for companies. While the immediate impact may be minimal for conscientious users, security experts advise against using iPhone Mirroring on work devices until a patch is released, which Apple has acknowledged and is working to address.

Source: Forbes

iPhone 'VoiceOver' Feature Could Read Passwords Aloud:

There is a potential privacy concern with the iPhone's 'VoiceOver' feature, which is designed to assist visually impaired users by reading out text, including passwords. This capability raises alarms about the possibility of sensitive information being inadvertently disclosed in public or shared environments, highlighting the need for increased awareness and potential enhancements to privacy controls. Users are encouraged to be cautious when using VoiceOver in situations where their passwords could be overheard.

Source: Dark Reading

‘Pig butchering’ trading apps found on Google Play, App Store:

Fake trading apps associated with "pig butchering" scams have been identified on Google Play and Apple's App Store, where they misled victims into investing in non-existent trading platforms that presented fabricated returns. Disguised as financial tools and news aggregators, these apps garnered thousands of downloads before being removed by the respective stores. Researchers from Group-IB revealed that the fraudsters employed social engineering tactics, grooming victims through dating apps and requesting sensitive documents to enhance credibility while perpetrating the scam. Following the apps' removal, the schemes transitioned to phishing websites, prompting experts to advise caution and thorough research before engaging with any investment platforms.

Source: BleepingComputer

Qualcomm urges device makers to push patches after 'targeted' exploitation:

Qualcomm has released 20 firmware patches for its chipsets, addressing a critical vulnerability, CVE-2024-43047, which has been actively exploited and poses considerable security risks, as reported by Google's Project Zero and Amnesty International. This vulnerability, along with others, particularly impacts Snapdragon 660 and newer models as well as multiple 5G modems and Wi-Fi/Bluetooth components. Qualcomm has urged device manufacturers to implement these patches urgently, especially given the potential for targeted attacks using spyware. Among the other vulnerabilities patched, one has a critical severity rating of 9.8, although it has not yet been exploited. The company emphasizes the importance of timely updates to safeguard devices against these vulnerabilities and ongoing threats.

Source: The Register

Telegram hosts ‘underground markets’ for Southeast Asian crime gangs, UN says:

A recent report by the United Nations highlights how the messaging app Telegram has become a significant platform for organized crime in Southeast Asia, facilitating large-scale illicit activities such as the sale of stolen data, cybercrime tools, and money laundering services. This shift has raised concerns about user data security and the app's role in enabling transnational crime networks, particularly Chinese syndicates. The report comes amid increased scrutiny of Telegram following the arrest of its CEO, Pavel Durov, for permitting criminal activity on the platform. The UNODC estimates that the regional crime industry generates between $27.4 billion and $36.5 billion annually, indicating the growing sophistication and profitability of these criminal operations.

Source: CNN