Table of Contents
Database containing details of 56M US residents found on the public internet
A database containing the personal details of 56.25m US residents -- from names and home addresses to phone numbers and ages -- has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough. The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone's name, and it will look up their current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases, all presumably gathered from public records. However, all of this information is not only sitting in one place for spammers, miscreants, and other netizens to download in bulk, but it's being served from an IP address associated with Alibaba's web hosting wing in Hangzhou, east China, for reasons unknown. It's a perfect illustration that not only is this sort of personal information in circulation, but it's also in the hands of foreign adversaries.
Iranian Hackers Have Been ‘Password-Spraying’ the US Grid
A state-sponsored group called Magnallium (also APT33) has been probing American electric utilities for the past year. In the wake of the US assassination of Iranian general Qasem Soleimani and the retaliatory missile strike that followed, Iran-watchers have warned that the country could deploy cyberattacks as well, perhaps even targeting US critical infrastructure like the electric grid. A new report lends some fresh details to the nature of that threat: By all appearances, Iranian hackers don't currently have the capability to start causing blackouts in the US. But they've been working to gain access to American electric utilities, long before tensions between the two countries came to a head.
Lawmakers Prod FCC to Act on SIM Swapping
Crooks have stolen tens of millions of dollars and other valuable commodities from thousands of consumers via "SIM swapping," a particularly invasive form of fraud that involves tricking a target's mobile carrier into transferring someone's wireless service to a device they control. But the U.S. Federal Communications Commission (FCC), the entity responsible for overseeing wireless industry practices, has so far remained largely silent on the matter. Now, a cadre of lawmakers is demanding to know what, if anything, the agency might be doing to track and combat SIM swapping. On Thursday, a half-dozen Democrats in the House and Senate sent a letter to FCC Chairman Ajit Pai, asking the agency to require the carriers to offer more protections for consumers against unauthorized SIM swaps.
Amazon Takes a Swipe at PayPal's $4 Billion Acquisition
The retail giant warned holiday shoppers that Honey, a popular browser extension, was a "security risk." Honey denies the claim. "Honey tracks your private shopping behavior, collects data like your order history and items saved, and can read or change any of your data on any website you visit," the message read. "To keep your data private and secure, uninstall this extension immediately." It was followed by a hyperlink where users could learn how to do so. Screenshots of the warning were posted to forums and social media by Honey users, like Ryan Hutchins, an editor at Politico. Honey isn't some obscure browser extension from an unknown developer. Founded in 2012, the Los Angeles-based startup now boasts over 17 million users. It finds discount codes to save shoppers money at tens of thousands of online retailers, including Amazon. In November, PayPal agreed to purchase Honey for an eye-popping $4 billion, its largest deal ever. The acquisition was completed this week.
4 Ring Employees Fired For Spying on Customers
Ring said that four employees were fired because they for inappropriate access to customers' connected video feed. Smart doorbell company Ring said that it has fired four employees over the past four years for inappropriately accessing customer video footage. The disclosure comes in a recent letter to senators (in response to a November inquiry into the company's data policies) from Amazon-owned Ring as it attempts to defend the privacy of its platform, which has been plagued by data privacy incidents over the past year. In the letter, Ring said the former employees were authorized to view video data, but their attempted access to the data "exceeded what was necessary for their job functions."
Google Removed Over 1.7K Joker Malware Infected Apps from Play Store
Roughly 1,700 applications infected with the Joker Android malware (also known as Bread) have been detected and removed by Google's Play Protect from the Play Store since the company started tracking it in early 2017. At least one series of such malicious apps did manage to get into the Play Store as discovered by CSIS Security Group security researchers who found 24 apps with over 472,000 downloads in total during September 2019. "Sheer volume appears to be the preferred approach for Bread developers," says Google. "At different times, we have seen three or more active variants using different approaches or targeting different carriers. [..] At peak times of activity, we have seen up to 23 different apps from this family submitted to Play in one day."
Messenger Hacking: Remotely Compromising an iPhone through iMessage
Samuel Groß, from Project Zero has published a series of three blog posts about how he was able to fully compromise an iPhone device with a "0-click" exploit, which is a more detailed explanation of the 36C3 talk from December 2019.
Are Samsung phones and tablets really running Chinese spyware?
"Chinese Spyware Pre-Installed on All Samsung Phones (& Tablets)" declares the title of a post from earlier this week that's kicked up quite a storm on Reddit. In it, the author launches into an analysis of a utility in Samsung's Device Care mobile application --- specifically, the storage scanner feature inside the application (which can't be removed by the user). The scanner is useful, in that it can find unnecessary files junking up your phone and remove them to free up space. The problem, though, is that the writer of this post says he found the scanner to be apparently sending data to domains based in China. Samsung Members Korea's official reply has arrived. It is said that the result of the inquiry from Samsung Members Korea. The answer is that it does not use any function of 360 Security app, but outsourcing only DB checking for unnecessary files. Deletion logic is handled by Samsung's logic, and it is said that 360 DB is used to check the Junk File that can delete files.
US Government-funded Android phones come preinstalled with unremovable malware
An Android phone subsidized by the US government for low-income users comes preinstalled with malware that can't be removed without making the device cease to work, researchers reported on Thursday. The UMX U686CL is provided by Virgin Mobile's Assurance Wireless program. Assurance Wireless is an offshoot of the Lifeline Assistance program, a Federal Communications Commissions plan that makes free or government-subsidized phones service available to millions of low-income families. The program is often referred to as the Obama Phone because it expanded in 2008, when President Barack Obama took office. The UMX U686CL runs Android and is available for $35 to qualifying users. Researchers at Malwarebytes said on Thursday that the device comes with some nasty surprises. Representatives of Sprint, the owner of Virgin Mobile, meanwhile said it didn't believe the apps were malicious.