Security News for the Week Ending July 12, 2019
FBI and DHS Raid State Driver’s License Database Photos
The FBI and DHS/ICE have been obtaining millions of photos from state DMV driver’s license databases. The FBI and DHS have do not feel that they have ask permission to do this.
The FBI conducts 4,000 facial recognition searches a month. While the searches might be to find serious criminals, it also might be used to find petty thiefs.
All that may be required to conduct the search is an email. 21 states allow the these searches absent a court order. There is no federal law allowing or prohibiting this.
ICE does searches in a dozen states where those states DMVs give illegal aliens licenses. Source: ZDNet.
Chinese Authorities Leak 90 Million Records
US companies are not the only ones that have crappy security. This week the Chinese got caught in that net. Jiangsu province, with a population of 80 million left 26 gigabytes of personal data data representing 56 million personal and 33 million business records exposed in an unprotected elastic search server. The internet is equal opportunity. Source: Bleeping Computer.
Will the Chinese or Russians Hack the 2020 Census?
The census used to be conducted on pieces of paper, sent in both directions through the mail. That was very difficult to hack. Unfortunately, it is also very expensive. Given that the results of the Census affects everything from the makeup of Congress to the receipt of Federal road construction dollars, the outcome is very important.
What way to make people trust the government even less than they already do than to screw up that count.
This year, for the first time, the Census is using the Internet and smart phones to electronically collect data. And, since the software is behind schedule, what better way to bring it back on schedule than to reduce testing. After all, what could possibly go wrong. Even Congress is nervous. Of course, the count directly affects their job. Source: The NY Times.
K12.Com Exposes Student Data on 7 Million
Its a sad situation where a breach of the personal data of 7 million students is barely a footnote. In this case, K12’s software is used by 1,100 school districts (maybe yours?) They left a database publicly accessible until notified by researchers. Information compromised included name, email, birthday, gender, authentication keys for accessing the student’s account and other information. Not nuclear launch codes, but still, come on guys. Source: Engadget.
If You Were NOT Paranoid Before …..
Google smart speakers and Google Assistant have been caught eavesdropping without permission – capturing and recording (and handing over to the authorities). Note this is likely NOT exclusively a Google issue. They just got caught. Amazon listens to, they say, about 1.000 clips per shift and has recorded conversations like a child screaming for help and sexual assaults. THESE RECORDINGS ARE LIKELY KEPT FOREVER.
A Dutch news outlet is reporting that it (the news outlet) received more than 1,000 recordings from a Dutch subcontractor who had been hired to transcribe the recordings for Google as part of its language understanding program.
Among the recordings are domestic violence, confidential business calls and even users asking their speakers to play porn on their connected devices.
Of the 1,000 recordings, over 150 did not included the wake word, so 15% of the sessions in this sample should not have been recorded at all.
Google acknowledged that the recordings are legitimate but says that only 0.2 percent of all audio gets transcribed. They also said that the recordings given to the humans were not associated with a user’s account, but the news outlet said that you could hear addresses and other information in the audio, so doing your own association is not hard.
Fundamentally you have two problems here. One is Google listening (or having its vendors listen) to what you ask Google and the other is Google listening and recording stuff it should not record. The first should be reasonably expected; the second is a problem. Source: Threatpost.
by 