Businesses

Uber's iOS App Had Secret Permissions That Allowed It to Copy Your Phone Screen, Researchers Say (gizmodo.com) 91

To improve functionality between Uber's app and the Apple Watch, Apple allowed Uber to use a powerful tool that could record a user's iPhone screen, even if Uber's app was only running in the background, security researchers told news outlet Gizmodo. From a report: After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app. The screen recording capability comes from what's called an "entitlement" -- a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay. This particular entitlement, however, was intended to improve memory management for the Apple Watch. The entitlement isn't common and would require Apple's explicit permission to use, the researchers explained. Will Strafach, a security researcher and CEO of Sudo Security Group, said he couldn't find any other apps with the entitlement live on the App Store. "It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature," Strafach said. "Considering Uber's past privacy issues I am very curious how they convinced Apple to allow this."
AI

Toymaker Mattel Cancels AI Babysitter After Privacy Complaints (theverge.com) 45

An anonymous reader shares a report: Toymaker Mattel has shelved plans to build an "all-in-one voice-controlled smart baby monitor," after complaints about the device were raised by privacy advocates and child psychologists. According to a report from The Washington Post, the company said in a statement that the device, named Aristotle, did not "fully align with Mattel's new technology strategy" and would not be "[brought] to the marketplace." Aristotle was unveiled back in January this year by Mattel's Nabi brand. It combined the smart speaker and digital assistant functionality of Amazon's Echo with a connected camera that acted as a baby monitor. But the Aristotle was intended to be a much more active presence in children's lives than an Echo speaker, with Mattel claiming it would read them bedtime stories, soothe them if they cried in the night, and even teach them their ABCs. A petition asking Mattel not to release the Aristotle gained more than 15,000 signatories.
Government

Russian Hackers Exploited Kaspersky Antivirus To Steal NSA Data on US Cyber Defense: WSJ (wsj.com) 223

An NSA contractor brought home highly classified documents that detailed how the U.S. penetrates foreign computer networks and defends against cyberattacks. The contractor used Kaspersky antivirus on his home computer, which hackers working for the Russian government exploited to steal the documents, the WSJ reported on Thursday (the link could be paywalled; alternative source), citing multiple people with knowledge of the matter. From the report: The hackers appear to have targeted the contractor after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said. The theft, which hasn't been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S. The incident occurred in 2015 but wasn't discovered until spring of last year, said the people familiar with the matter. Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said. Ahead of the publication of WSJ report, Kaspersky founder Eugene Kaspersky tweeted, "New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats."
AI

Mattel's New Baby Monitor Uses AI To Soothe Babies and Lawmakers Aren't Happy About It (washingtonpost.com) 131

Mattel has a new kid-focused smart hub called Aristotle, which can switch on a night light if it hears a baby crying to soothe the child (Warning: source may be paywalled; alternative source). The device is also designed to keep changing its activities, even to the point where it can help a preteen with homework, learning about the child along the way. Given the privacy concerns, lawmakers are worried that the always-on device could build an "in-depth profile of children and their family." Jezebel reports: The $299 Aristotle is similar in spirit to the Amazon Echo, only the scope of its features is much broader -- and scarier. Last week, Senator Ed Markey and Representative Joe Barton sent a letter to Mattel CEO Margaret Giorgiadis about their issues with the tablet, which tracks things like kids' eating and sleeping habits when they're young, and adapts to answering their questions about long division and sex or whatever as they grow up. According to nabi, the Mattel brand that developed the device, the Aristotle is meant to "provide parents with a platform that simplifies parenting, while helping them nurture, teach, and protect their young ones." Not everyone is on board. But Markey and Barton aren't the only ones squicked by Aristotle's capabilities. Buzzfeed reports that privacy experts, parents and child psychologists are also concerned that the device "encourages babies to form bonds with inanimate objects and use information it collects for targeted advertising," so much so that a petition has been launched to prevent it from going to market.

Slashdot Top Deals