Privacy Roundup #0065 • December 2011
December 2011 was dominated by the Carrier IQ phone-logging firestorm, a wave of plaintext Chinese password leaks, and the Anonymous raid on Stratfor.
1. Is your smartphone tracking your keystrokes, texts and location?
A researcher's video showing Carrier IQ software logging activity on millions of handsets exploded into a national scandal at the start of the month. AT&T, Sprint and T-Mobile all confirmed the diagnostic tool shipped on their phones, while the company insisted it did not record keystrokes.
2. Carrier IQ, Samsung and HTC all facing class action lawsuits
Within days of the disclosure, plaintiffs filed class actions accusing Carrier IQ and the handset makers of breaching the federal Wiretap Act. The suits argued that users had no way to know the software was intercepting their communications.
3. Facebook begins rolling out Timeline feature
Facebook removed the beta label from Timeline and pushed the redesigned profile to all users this month. Privacy advocates warned that the new layout surfaced years of old posts that people had long assumed were buried and forgotten.
→ cnn.com
4. Twitter bots drown out anti-Kremlin tweets
Thousands of dormant Twitter accounts sprang to life to flood Russian protest hashtags with spam during the disputed parliamentary elections. Researchers traced most of the bots to a single controller account created months earlier.
5. Germans join probe of mobile phone tracker
Bavaria's data protection office wrote to Apple demanding answers about Carrier IQ, opening the European front of the controversy. Regulators in Ireland and Britain signalled that they too would investigate whether the software sat on local handsets.
6. Leaked EU data protection draft shall not pass
A leaked draft of the European Commission's planned data protection regulation circulated through Brussels and beyond. It introduced ideas such as the right to be forgotten and drew immediate complaints that it would burden businesses.
7. Social censorship in India
Telecoms minister Kapil Sibal told Google, Facebook and others to pre-screen user content for material offensive to religious sensitivities. The demand to vet posts before publication alarmed free expression and privacy advocates across the country.
8. Who knows what youhavedownloaded.com?
A website began publishing a searchable archive of file-sharing download histories indexed by IP address. Because addresses are shared and reassigned, the database risked tarring innocent people with downloads they never made.
9. Some facts about Carrier IQ
The EFF published a technical breakdown of how Carrier IQ worked across roughly 150 million phones. It found that on some devices dialer keypresses and text messages were being written to system logs that other apps could read.
→ eff.org
10. Help EFF protect digital innovators
The EFF recounted how its legal help turned Carrier IQ's threat against researcher Trevor Eckhart into a national debate about mobile privacy. The piece argued that without intervention the diagnostic software would have stayed hidden from users.
→ eff.org
11. Exclusive: Iran hijacked US drone, says Iranian engineer
An engineer told the Christian Science Monitor that Iran had captured an RQ-170 stealth drone by spoofing its GPS signal. The claim raised fresh concerns about how easily location systems could be deceived to commandeer machines.
12. Senator Al Franken asks about Carrier IQ, the companies answer
The carriers and handset makers filed written responses to Senator Franken's demands for detail about the logging software. Sprint confirmed it had used the tool on 26 million devices, and Franken said the replies left him still concerned.
13. Analyzing Carrier IQ profiles
The EFF dug into the carrier-supplied profiles that determined exactly what the software collected on each phone. The analysis showed how the same code could behave very differently depending on the configuration pushed to a device.
→ eff.org
14. China Software Developer Network 6 million user data leaked
A text file containing six million CSDN usernames, emails and passwords appeared online, all stored in plain text. It was the largest breach in the history of China's internet at the time and prompted an apology from the site.
15. Tianya, China's biggest online forum, 40 million users data leaked
Tianya confirmed that records for forty million users had leaked, days after the CSDN breach. The forum admitted it had stored early passwords in clear text and urged affected members to change them at once.
16. Anonymous arm says it hacked Stratfor
An AntiSec offshoot of Anonymous breached the security think tank Stratfor over the Christmas period. The attackers stole thousands of client credit card numbers and email addresses and published a confidential subscriber list.
→ npr.org
17. WiFi Protected Setup PIN brute force vulnerability
US-CERT warned that the WPS PIN feature in home routers could be brute forced in hours. The flaw let attackers recover the PIN and the network key, undermining the convenience feature on millions of devices.
18. Hackers breach servers of Japan's Square Enix
Square Enix took its Members fan site offline after discovering that intruders had reached servers holding details for around 1.8 million accounts. The exposed records covered names, email addresses, postal addresses and phone numbers for users in Japan and North America, though the company said no payment data was stored there.
→ phys.org
19. Anonymous hacks SpecialForces.com, posts passwords and credit card data
Anonymous dumped roughly 14,000 passwords and 8,000 credit card numbers stolen from the military and police gear retailer. A company email dated mid-December confirmed the breach as the data spread online.
20. Amnesty International site serving Java exploit
Krebs reported that the Amnesty International UK website had been compromised to serve a Java exploit to visitors. Anyone with an unpatched browser risked silent infection simply by reading the human rights group's pages.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: