Privacy & Security FAQ: Week Ending November 19th, 20241. What happened with T-Mobile and Chinese hackers?

Chinese hackers, suspected of ties to Chinese intelligence, infiltrated T-Mobile as part of a larger cyberespionage operation. This attack targeted telecom companies to gather intelligence on high-value targets. While T-Mobile claims no significant impact on their systems or customer data, the breach raises concerns about the security of telecommunications networks and the potential for surveillance.

Google is rolling out an AI-powered scam call detection feature for Android phones, starting with Pixel 6 and newer models. This feature analyzes real-time conversation patterns to detect potential scams and alerts users through audio, haptic, and visual warnings. The system operates entirely on the device, ensuring privacy by not storing or transmitting call data externally.

India's competition watchdog fined Meta $25.4 million and ordered WhatsApp to stop sharing user data with other Meta units for advertising for five years. This action stems from WhatsApp's 2021 privacy policy update, which mandated data sharing with Meta companies without an opt-out option. The watchdog deemed this practice as an abuse of Meta's dominant position and coercive towards users.

Legal documents from a US lawsuit between NSO Group and WhatsApp revealed that NSO Group, not their government clients, directly install and extract information from phones targeted by their Pegasus spyware. This contradicts NSO's claims that clients solely operate the spyware. The revelation raises concerns about the control and accountability of NSO Group's powerful surveillance technology.

ChatGPT's desktop app for macOS can now read code from developer-focused apps like VS Code, Xcode, and TextEdit. This integration allows developers to directly send code snippets to ChatGPT for analysis and assistance without manual copy-pasting. While it currently lacks the ability to write code directly into apps, this feature marks a step towards streamlined AI assistance in coding workflows.

DeFlock is an open-source project utilizing Open Street Map to map the locations of automated license plate readers (ALPRs) worldwide. Concerned about the proliferation of these surveillance devices, the project encourages crowdsourced reporting of ALPR locations, including details like camera direction. You can contribute to this initiative by reporting ALPRs in your area on the DeFlock website: https://deflock.me/report.

Internal emails revealed that the US Secret Service debated the need for warrants when using location data from smartphone apps. Some officials argued that users' acceptance of app terms of service implied consent for data sharing, even if those terms didn't explicitly mention sharing with law enforcement. This raised concerns about government agencies accessing private location data without proper legal authorization.

How can you enhance your privacy and security?

• For secure communication: Consider using encrypted messaging apps like Signal or Session.
• Protect against phone fraud: Be wary of suspicious calls and consider enabling Google's AI-powered scam call detection.
• Control data sharing: Scrutinize app permissions and privacy policies before granting access to personal information.
• Support privacy initiatives: Contribute to projects like DeFlock and advocate for stronger data protection laws.
• Stay informed: Follow reputable sources for news on privacy and security issues to make informed decisions about your digital life.

EPISODE 217

If you drive a car you'll want to listen out for the sixth story in our update this week. We tell you how you can even join in the fun!
On the day after 45 people were sentenced to prison by the Chinese authorities for pro-democracy activities in Hong Kong we get confirmation that the Chinese have broken into T-Mobile.
Google gives a gift that could stop phone fraud in its tracks, but only if you have a Pixel 6 or later phone.
India slaps Meta for coercive activities related to customer data sharing.
Then Meta slaps NSO group for lying about who controls their phone spyware.
ChatGPT can now read from some of the more popular coding applications on Apple Macs taking AI a further step closer to helping engineers where they work.
One man decides to create a project map all the Flock brand automated license plate readers near his home and finds out that people all over the world want to add their own readers, creating a global initiative.
And finally an example of invited by inference. And why "You gave it to the app. so you gave it to us" actually is not right at all.
Let's put it on a map.

Find the full transcript to this podcast here.

The team discusses the week's IT Privacy and Security Update and offers a different perspective.

Enjoy!

Episode 216

In this week's update we move from alarming outfits to stormy data sharing.
We start with retailers are eyeing thread-thin tech to tackle shoplifting and then move to Cyber-criminals stealing private data by pretending to be the police.
Then that iPhone the police took off you when your paid for shirt set off the alarm... well suddenly rebooted.
Then Apple again dreams up a plan that could make lost luggage a thing of the past.
From there, an update from the Feds as they suggest staff be as brief as possible on your next phone call.
Next one library has lending rights withdrawn and we wait for the echo effect as it hits other libraries making books available online.
And finally IBM takes a hit as they are again dragged to court over the Weather Channel's data sharing.
We always have the latest, freshest, IT privacy, and security updates for you. Come on! Let's set off some alarms!

Find the full transcript for this podcast here.

For Episode two one five and a half our couple does a deep dive into this week's topics.

Enjoy!

Episode 215

On U.S. election day, this is the update that will tear you away from the endless all night results shows.
Schneider Electric gets hacked, and the cyber thief is demanding $125,000 in something peculiar – a data breach with a French twist!
Scientists have discovered that plants “see” light by bending it through tiny air gaps – proving they don’t need eyes to point to something bright.
Opting out of Facial recognition site PimEyes means giving them more photos... and left us feeling conflicted.
Google’s AI Big Sleep found a bug in SQLite, so now we have AI debugging AI – what could possibly go wrong?
Meta’s AI models just got the green light for military use, because nothing says “peace” like open-source warfare tech.
The 26-year-old founder of Gotbit just got indicted for market manipulation – because apparently fake crypto trading volume isn’t cool with the feds.
A new report reveals that millions of American phones might be susceptible to Chinese surveillance could it be time to switch to encrypted apps or start using carrier pigeons?
Sit back, relax, and join in for the best update yet!

Find the full transcript to this podcast here.

Episode 214.5 This deep-dive session takes a more conversational look into the topics covered in Tuesday's update. More to enjoy!

EP214

Hacks, Zachs, and Smacks from the IT Privacy and Security Weekly Update for the week ending October 29th., 2024

10/29/2024

0 Comments

EP214 ​This week's update whirls us around the living room for a collection of stories demonstrating that your privacy and security are nothing to be taken for granted.
We start with a report with more troubling news about another robot vacuum cleaner gone rogue.
Then French newspaper Le Monde are the sleuths in unravelling more compromise for our global leaders from a fitness app that's already divulged the wearabouts of secret military bases.
The EU prepares to take a tough stance on insecure software.
We meet the next new secret agent and speculate that it could be a very lucrative new job role.
From there we learn the new numbers for Google's AI generated code and then have an update on a new open source LLM that checks for Zero days in Python code.
Finally we finish with an update from Microsoft's Threat Analysis Center for all those going to vote in the US November 5th.
We circled the floor for this week's collection of updates, and now it's time to clean up!

Find the full transcript to this week's podcast here.