Security Week 14: pandemic privacy
Let’s start with the digital aspect. Zoom teleconference service, which has recently experienced a significant increase in the number of users, has become the focus of attention of those who care about privacy and those who like to violate it. The latter are responsible for the phenomenon called “Zoom bombing“: connecting other people to the chats to make mess and panic. The reason is the lack of reliable tools so that only those who are waiting there can join the meeting.
The default Zoom algorithm “there is a link – you can connect”, which was originally designed to simplify the work with the service, played a cruel joke with it. Result: pornography and threats in public chat rooms, forced cancellation of internal corporate negotiations due to the connection of third parties. There are solutions to the problem – more precisely, they have always been, but have not always been used: a password for access, manual verification of the list of subscribers, active moderation of public sessions. Zoom developers share recommendations here.
Questions on the privacy of meetings and negotiations have arisen for the company itself. The service practically forces all users to install the application (and will probably receive a lot of data for analysis in the coming weeks). A web interface for connecting to the conference exists, but is not used by default. The application collects analytics, including sending data to Facebook, at least from an iOS application. Last week after media queries, the Facebook tracker removed.
But the question is not only about keeping our network activity a secret. A pandemic is likely to expand the scope of an acceptable invasion of privacy in general.
Threatpost Edition prepared a compilation of views on the evolution of privacy, with an emphasis on video surveillance. The main thing: people are now much more relaxed in the disclosure of personal information, including medical information, if this even theoretically helps to improve the situation with the spread of the virus.
Progress in recognition systems is significant. For example, according to Reuters, the Chinese company Hanwang Technology has achieved reliable identification people wearing masks. It also mentions a combination of cameras for face recognition and infrared sensors for measuring temperature. Originally installed at airports, such systems are now used outside of them, for example, in public transport.
Just a year ago, massive face recognition systems were discussed as a threat to privacy, and in some cities at the local government level did not dare to introduce similar technology. Depending on the country, the attitude towards mass tracking of movements of people was different, but most likely in 2020 such systems will be actively developed, both in terms of the set of functions and the scale of application.
One of the unexpected consequences of the epidemic was a temporary rejection of biometric identification by fingerprint or palm pattern. Such a solution, for example, have accepted at the police department in New York. The reason is clear: unhygienic.
Interestingly, privacy in the network has always evolved as a result of response to network threats. If you can track unencrypted traffic – let’s encrypt it, if hundreds of thousands of companies collect personal user data – let’s regulate this process legally and require agents to protect this information. Steal money online? It’s better to identify users: through two-factor authentication, biometrics, and so on. Now, privacy both on the Internet and offline is changing under the influence of a virus – not a computer, but a human one. Interesting times have come.
What else happened:
Continued review of coronavirus cyberthreats. Reuters Agency informs about the cyber spy campaign aimed at the World Health Organization. According to the organization, an attempt by criminals to lure employees to an almost exact copy of the corporate email web interface failed. A public malicious site that allegedly offered a free (and in fact nonexistent) vaccine, discovered and closed the US Department of Justice.
BitDefender reports (newsoriginal article) about the attack on routers with default passwords, which also exploits the theme of coronavirus. On hacked routers, the DNS settings are changed and a redirect is turned on when visiting some services to reduce links. The user is sent to a page where they offer to install the application “to obtain information about the virus.”
Basic thematic recommendations for users on the Kaspersky Lab blog:
- how spend web conferencing.
- how disinfect smartphone and do not break it.
- Examples coronavirus phishing.
- General recommendations for work from home.
New 0-day on Windows in Adobe Type Manager Library Advisorywhich affects Windows 7, 8, 10 and server OS versions. More in blog post “Kaspersky Labs” and on Habr.
Bug in iOS 13 leads data leakage when using a VPN connection. After connecting to the server, the existing connections should be disconnected and restored through the secure channel, but in practice they will not break. There is no patch yet, only a permanent connection to the VPN fixes the problem.
FireEye Company approvesthat recently discovered vulnerabilities in Citrix NetScaler / ADC software, Zoho ManageEngine Desktop Central and Cisco routers are used for cyber espionage.
Another unscheduled patch from Adobe closed Critical vulnerability in the Creative Cloud Desktop client. Last week, the vulnerabilities in Photoshop.
Check point software tells about malware on Google Play: a whole series of app masks disguised as applications and games, although in reality it simulates user clicks on banners of common advertising networks.
Qihoo 360 found vulnerability in video surveillance systems of the Taiwanese company LININ. Attacks on these devices with the subsequent spread of malware have been recorded since last August, the manufacturer was notified in January. The patch was released in February, but requires manual installation.