Wednesday, 6 April 2016

It’s a Vulnerable World: March 2016

SumRando Cybersecurity, VPN, Secure Messenger, It's a Vulnerable World, vulnerability
Android phones, iPhones, public Wi-Fi, oh my! Is anything safe anymore? March’s vulnerabilities have us convinced that it’s always the right time for a VPN and secure messaging:

Android phones: Not only have recent reports revealed that only 10% of Android phones are encrypted (as compared to 95% of iPhones), Kaspersky Lab has found Android operating systems 4.4.4 and earlier to be at risk for a “Triada” of malware: Ztorg, Gorpo and Leech. Nikita Buchka referred to the malware as “a new stage in the evolution of Android-based threats. They are the first widespread malware with the potential to escalate their privileges on most devices.” Triada has the ability to download, install, launch and modify applications.

iPhone encryption: Johns Hopkins researchers found a way to decrypt photos and videos sent via iMessage, a vulnerability that has since been patched with the release of iOS 9.3. The flaw that remains unfixed, however, is the vulnerability used by the FBI to break into San Bernardino shooter Syed Farook’s phone. Given that we can’t fix what we don’t know, this is one FBI secret that leaves us all less secure.

In-Flight Wi-Fi: Journalist Steven Petrow recently took advantage of American Airlines’ Gogo in-flight Internet to catch up on work while in the air, only to find that he was the one taken advantage of: following the flight, a fellow passenger confessed to hacking into and viewing the online communications of Petrow and several others on board. For Petrow, it was a lesson learned in always using a VPN when accessing public Wi-Fi.

The Right to Be Forgotten: Europe’s Right to Be Forgotten has been extended to all Google searches within the continent, but remains no match for searches conducted while logged into a non-European VPN server, as the protection does not extend elsewhere. In response, France’s CNIL, a privacy authority, fined Google 100,000 euros: “For people residing in France to effectively exercise their right to be delisted, it must be applied to the entire processing operation, i.e., to all of the search engine’s extensions.”

Latin America and the Caribbean:
“Cybersecurity: Are We Ready in Latin America and the Caribbean?”, a study by the Inter-American Development Bank, the Organization of American States and Oxford University, has answered its own question with a resounding no. Of the 32 countries evaluated, only 7—Argentina, Brazil, Chile, Colombia, Mexico, Trinidad and Tobago and Uruguay—have reached even an intermediate level of preparation against cyberattacks, while 16 entirely lack a coordinated capacity to respond to cyberattacks.

Social Media in Turkey: Facebook, Twitter and other social media sites were banned in Turkey following a mid-March Ankara bombing that killed 37 people, but this is one country that has grown accustomed to finding workarounds for government censorship: Suraj Sharma tweeted, “Having to use a VPN again to access Twitter and other social media. Sad, very sad. Information doesn’t kill, never has. #Turkey.”

Social Media in Iran: In Iran, Facebook and Twitter are banned…except for when they’re not. “Of course officials, even lower-ranking ones, use VPNs. A friend of mine, who works in the Iranian parliament, told me that he had seen members of parliament use VPNs to access social networks and forbidden news sites. It’s crazy. These are the very same lawmakers who voted to ban social networks and decided on the penalties for using VPNs,” reported Iranian cybersecurity specialist Amin Sabeti. For everyone else, illegal internet access is punishable by up to a year in prison.

Women on dating websites: 11 South Africa-based Nigerians were arrested for involvement in an operation targeting divorced and widowed women, aged 40-60, on sites such as Match.com and pof.com. The ruse involved a “United States soldier” who, following months of online courtship, would ask for money to cover a medical emergency. Before being shutdown, the operation collected over 70 million South African rand.

Motor vehicles: The United States FBI and National Highway Traffic Safety Administration recently reminded car owners that their vehicles are only growing “increasingly vulnerable” to attack: “Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.” Meanwhile, German researchers have their own concerns to share, specifically with ease of breaking into vehicles with keyless entry.

Healthcare.gov: The health insurance web portal for Americans without workplace coverage experienced 316 cybersecurity incidents between October 2013 and March 2015. Although to date no sensitive information has been leaked, Healthcare.gov remains vulnerable to attack.

Everyone!: Not only are we surveilled in our daily lives, that surveillance is so readily accessible that it has found its way into the art of Dries Depoorter. The Belgian artist’s exhibits include footage of Canadian jaywalkers, the recordings of American traffic cameras and side-by-side comparisons of Tinder and LinkedIn photos.

Surf secure and stay Rando!



Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider.

No comments:

Post a Comment