Hidden Alexa Commands, Cell Phone Tracking, and More Security News This Week
Credit to Author: Brian Barrett| Date: Sat, 12 May 2018 13:00:00 +0000
This week, the United States officially backed out of the Iran nuclear deal. The geopolitical reverberations should continue to play out in a variety of fields, but make sure you count cybersecurity among them. Iran targeted the US frequently—particularly financial institutions before the deal went into place. Security experts warn that with the agreement no longer in place, the barrage could begin again. So, look out for that!
We also took a look at facial recognition technology. Law enforcement around the world uses it more than ever, but picking out a single face out of a crowd of 60,000 feels downright dystopian—as does wrongly identifying several thousand people as potential criminals. It's off-putting at either extreme, which seems like a decent argument to slow down its deployment.
Microsoft, meanwhile, has introduced JavaScript to Excel, which makes security researchers as anxious as it delights hackers and phishers. Speaking of which, your Facebook and Twitter accounts are vulnerable. Here's how to lock them down once and for all.
And this isn't security, specifically, but if, hypothetically, Donald Trump had bought up so many properties in cash as part of an elaborate money laundering scheme? Here's how that would work.
And there's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
You know how dogs can hear noises you can't? Guess what! So can Alexa and Google Assistant and Siri. And while research along those lines has been fomenting for the last several years, a team from UC-Berkeley this month demonstrated that they can hide voice-assistant commands not just in white noise, but behind actual voices or music. It's not a hack that appears to have hit the wild yet, but there's every reason to expect that it will eventually. And given the amount that we offload to voice assistants—purchases, door locks, and more—that could have serious consequences.
Signal remains our pick for the best encrypted messaging service. But those who use its desktop client with the default settings may have inadvertently stored those messages indefinitely on their Mac's notification bar, even if they had been set to self-destruct. Not ideal! On Thursday, Signal pushed an update that should fix the issue, but just to be safe, any desktop Signal users should do what they can to triple check that messages they thought were gone forever really are.
On the one hand, a video doorbell helps you increase your personal security, keeping close tabs on who's coming and who's going. On the other hand, yikes! Popular model Ring, recently acquired by Amazon, until recently wouldn't log users out of its app after the password changed. That meant that if you switched up your authentication to, say, deny access to an ex, they could still essentially spy on your front door. (In fact, that's precisely what happened in an incident outlined by The Information.) Ring says it updated the app in January such that everyone has to log back in now after a password reset, but even now it doesn't take effect for several hours.
As if Facebook didn't give you enough surveillance hassles lately, The New York Times takes a look at a company called Securus, which advertises the ability to track nearly any cell phone in the US within seconds. They're able to do so because carriers regularly sell access to location services to third parties with no customer consent and little oversight. Meanwhile, not every state even requires a warrant to gather location data, which all adds up to a pretty nightmarish scenario of being snooped on without any knowledge—or any way to prevent it.