News Bites for Friday May 25, 2018
FCC Investigates Securus
Now that LocationSmart who’s data was used illegally by a Sheriff to track other law enforcement officers and was then hacked is out of the closet, their somewhat shady but possibly completely legal business practices are no longer in the shadows and the FCC has begun an investigation. We shall see if the FCC does anything – stay tuned. They say that they are working to verify that their data was always used with people’s consent. If it was, I bet the consent was pretty subtle (Source: Ars Technica).
Comcast/Xfinity Web Site Leaks Customer Info
A bug in Comcast’s Xfinity web site that customers use to set up their Internet connection leaks customer address and WiFi network name and password, which, apparently, Comcast stores unencrypted. All it takes is the account number and the house number of the street address. IF the customer is providing his own router, then Comcast does not know that information and would not be able to leak it. The “bug” will return the user’s address and password, among other info, even if the service has previously been activated. Comcast says that there is nothing more important than their customer’s security; they removed the feature from their web site after they were told about it (Source: ZDNet).
Apple Allows Users To See Their Own Data on Eve of GDPR
Two days before the law forced them to, Apple has debuted a new web site called PRIVACY.APPLE.COM . Right now it only works where they have to do it or face a fine of up to $9 billion. That is a pretty good motivator. Apple says it will be available later in other places. Among the data that you will be able to see is :
- App Store, iTunes Store, iBook Store, and Apple Music activity
- Apple ID account and device information
- Apple online store and retail store activity
- AppleCare support history, repair requests, and more
- Game Center activity
- iCloud bookmarks and Reading List
- iCloud Calendars and Reminders
- iCloud Contacts
- iCloud Notes
- Maps Report an Issue
- Marketing subscriptions, downloads and other activity
- Other data
Source: Cult of Mac
Chinese Hackers Find Over a Dozen Bugs in BMW Cars
Chinese security researchers have disclosed 14 vulnerabilities in a host of BMW vehicles including the 3 series, 5 series, 7 series, i series and X series.
4 flaws require physical access; another 4 can be exploited with indirect physical access. Some of them can be exploited remotely via the entertainment system, the telematics system while others exist in the head unit.
Some of the bugs can be patched “over the air”, but others require the owner to bring the car into the dealer to fix.
One thought. Given these researchers work for the Chinese government, how many vulnerabilities did they find and not tell us about? That is not a far fetched scenario (Source: The Hacker News).