Watch your webcam, privacy groups complain about Android apps and more updates.
Welcome to Cyber Security Today. It’s Friday January 10th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
I’m not sure why people put Internet-connected video cameras inside their homes. If the webcams get hacked, they either show a criminal that no one’s home, or if there is someone there, the hacker can spy on them. I’m telling you this because a British man was sentenced to two years in jail in the U.K. this week for hacking into the webcams of women in their residences and recording what they were doing. You know that webcams have a red light indicating recording is going on. But some hacking tools are able to turn that red light off, so you won’t know it’s recording. At the very least you shouldn’t have a webcam or an open laptop connected to the Internet in your bedroom. And use strong passwords for webcams.
When Google created a free mobile operating system called Android it was to fight Apple’s iOS system for iPhones. But where Apple completely controls its operating system and what goes into new phones, Google has less control. The large number of manufacturers that use Android can add a lot of apps and skins before sending phones to retailers. Some of these apps may collect and share user information without your knowledge. So this week Privacy International and 50 other organizations sent a letter to Google’s parent company demanding the giant clamp down on bad pre-installed apps by its partners. Some of these apps are made so they can’t be deleted. Separately a security company called Malwarebytes this week gave an example of bad apps. These are installed on a low-priced Unimax smartphone sold by Assurance Wireless in the U.S. for low-income people under the government’s Lifeline program. One of the offending apps is the phone’s Settings app, and is described as malware. The offending app allows the automatic installation of software without the user’s consent. The software may be safe, but it’s wrong not to ask for user consent. An additional problem is these apps can’t be removed without impairing the ability to use the phone. This problem needs to be faced. Google has to confront phone manufacturers on what they add to the stock version of Android. But also wireless carriers need to do better testing of installed apps before selling phones to customers.
On Wednesday I mentioned that a new version of the Firefox browser was released earlier in the week. Well, on Thursday it was updated because of a bug. So, as of today at least, make sure you’re running version 72.0.1.
IT administrators who use the security-focused version of Linux called Talis should note a new version was released this week. Version 4.2 has important fixes for vulnerabilities.
Finally, do you use the TikTok video-sharing app? If so, make sure it’s on the latest version. Researchers at Check Point Software have discovered bugs that can allow an attacker to hijack your account. The latest version of the app has security updates that prevent that from happening.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA