Operating Systems

OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users (bleepingcomputer.com) 164

An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Software

Symantec CEO: Source Code Reviews Pose Unacceptable Risk (reuters.com) 172

In an exclusive report from Reuters, Symantec's CEO says it is no longer allowing governments to review the source code of its software because of fears the agreements would compromise the security of its products. From the report: Tech companies have been under increasing pressure to allow the Russian government to examine source code, the closely guarded inner workings of software, in exchange for approvals to sell products in Russia. Symantec's decision highlights a growing tension for U.S. technology companies that must weigh their role as protectors of U.S. cybersecurity as they pursue business with some of Washington's adversaries, including Russia and China, according to security experts. While Symantec once allowed the reviews, Clark said that he now sees the security threats as too great. At a time of increased nation-state hacking, Symantec concluded the risk of losing customer confidence by allowing reviews was not worth the business the company could win, he said.
Security

Equifax Increases Number of Britons Affected By Data Breach To 700,000 (telegraph.co.uk) 58

phalse phace writes: You know those 400,000 Britons that were exposed in Equifax's data breach? Well, it turns out the number is actually closer to 700,000. The Telegraph reports: "Equifax has just admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised. The company originally estimated that the number of people affected in the UK was 'fewer than 400,000.' But on Tuesday night it emerged that cyber criminals had targeted 15.2 million records in the UK. It said 693,665 people could have had their data exposed, including email addresses, passwords, driving license numbers, phone numbers. The stolen data included partial credit card details of less than 15,000 customers."
Cellphones

Security, Privacy Focused Librem 5 Linux Smartphone Successfully Crowdfunded (softpedia.com) 82

prisoninmate shares a report from Softpedia: Believe it or not, Purism's Librem 5 security and privacy-focused smartphone has been successfully crowdfunded a few hours ago when it reached and even passed its goal of $1.5 million, with 13 days left. Librem 5 wants to be an open source and truly free mobile phone designed with security and privacy in mind, powered by a GNU/Linux operating system based on Debian GNU/Linux and running only Open Source software apps on top of a popular desktop environment like KDE Plasma Mobile or GNOME Shell. Featuring a 5-inch screen, Librem 5 is compatible with 2G, 3G, 4G, GSM, UMTS, and LTE mobile networks. Under the hood, it uses an i.MX 6 or i.MX 8 processor with separate baseband modem to offer you the protection you need in today's communication challenges, where you're being monitored by lots of government agencies.
Transportation

Dutch Government Confirms Plan To Ban New Petrol, Diesel Cars By 2030 (electrek.co) 349

An anonymous reader quotes a report from Electrek: Today, the new Dutch government presented its detailed plan for the coming years and it includes making all new cars emission-free by 2030 -- virtually banning petrol- and diesel-powered cars in favor of battery-powered vehicles. The four coalition parties have been negotiating their plans since the election in March and now after over 200 days, they have finally released the plan they agreed upon. NL Times posted all the main points of the plan and in "transportation," it includes: By 2030 all cars in the Netherlands must be emission free. While some local publications are reporting "all cars," we are told that it would be for "all new cars" as it is the case for the countries with similar bans under consideration. The potential for the ban has been under consideration in the country since last year. The year 2025, like in Norway, has been mentioned, but they apparently decided for the less ambitious goal of 2030.
Privacy

Amazon Is Reportedly Building a Doorbell That Lets Drivers Into Your House (cnbc.com) 203

According to CNBC, Amazon is working with Phrame, a maker of smart license plates that allow items to be delivered to a car's trunk, to build a smart doorbell that would give delivery drivers one-time access to a person's home to drop off items. From the report: Phrame's product fits around a license plate and contains a secure box that holds the keys to the car. Users unlock the box with their smartphone, and can grant access to others -- such as delivery drivers -- remotely. The new initiatives are part of Amazon's effort to go beyond convenience and fix problems associated with unattended delivery. As more consumers shop online and have their packages shipped to their homes, valuable items are often left unattended for hours. Web retailers are dealing with products getting damaged by bad weather as well as the rise of so-called porch pirates, who steal items from doorsteps. Amazon also has an incentive to reduce the number of lost packages, as they can be costly.
Government

North Korean Hackers Stole U.S.-South Korean Military Plans, Lawmaker Says (nytimes.com) 110

North Korean hackers stole a vast cache of data, including classified wartime contingency plans jointly drawn by the United States and South Korea, when they breached the computer network of the South Korean military last year, a South Korean lawmaker said Tuesday (alternative source). From a report: One of the plans included the South Korean military's plan to remove the North Korean leader, Kim Jong-un, referred to as a "decapitation" plan, should war break out on the Korean Peninsula, the lawmaker, Rhee Cheol-hee, told reporters. Mr. Rhee, a member of the governing Democratic Party who serves on the defense committee of the National Assembly, said he only recently learned of the scale of the North Korean hacking attack, which was first discovered in September last year. It was not known whether any of the military's top secrets were leaked, although Mr. Rhee said that nearly 300 lower-classification confidential documents were stolen. The military has not yet identified nearly 80 percent of the 235 gigabytes of leaked data, he said.
Movies

It's Illegal to Pirate Films in Iran, Unless You're the Government (vice.com) 35

An anonymous reader shares a report: While legal "pirating" exists in Iran, six administrators of the Iranian pirate movie site TinyMoviez have been arrested by Iranian authorities. This was a website the Iranian national broadcaster had used to download and nationally air movies in the past. The exact date of the arrests are unknown, but Tehran's Prosecutor General announced the arrests on September 26, 2017. The website is still online, but users haven't been able to download content from it since September 19, 2017. Now TinyMoviez administrators are finding themselves on the wrong side of Iran's odd and often pirating friendly copyright laws. Iran's copyright law is a quagmire when it comes to understanding what rights exists for creators of an original piece of work, and what rights exist for those wanting to re-distribute original works, such as movies. Meanwhile, Article 8 gives the government broad powers to reproduce work that is not its own. This means that the government is exempt from Article 23, which criminalizes the theft of another's work.
Microsoft

PSA: Microsoft Is Using Cortana To Read Your Private Skype Conversations (betanews.com) 180

BrianFagioli shares a report from BetaNews: With Cortana's in-context assistance, it's easier to keep your conversations going by having Cortana suggest useful information based on your chat, like restaurant options or movie reviews. And if you're in a time crunch? Cortana also suggests smart replies, allowing you to respond to any message quickly and easily -- without typing a thing," says The Skype Team. The team further says, "Cortana can also help you organize your day -- no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled. So, whether you're talking about weekend plans or an important work appointment, nothing will slip through the cracks."

So, here's the deal, folks. In order for this magical "in-context" technology to work, Cortana is constantly reading your private conversations. If you use Skype on mobile to discuss private matters with your friends or family, Cortana is constantly analyzing what you type. Talking about secret business plans with a colleague? Yup, Microsoft's assistant is reading those too. Don't misunderstand -- I am not saying Microsoft has malicious intent by adding Cortana to Skype; the company could have good intentions. With that said, there is the potential for abuse. Microsoft could use Cortana's analysis to spy on you for things like advertising or worse, and that stinks. Is it really worth the risk to have smart replies and suggested calendar entries? I don't know about you, but I'd rather not have my Skype conversations read by Microsoft.

Slashdot Top Deals