Welcome to Dead Drop number 9, a look at what's happening in the worlds of computer security and internet freedom. All source links mentioned are below.
A laptop used by a Navy IT contractor was recently hacked, exposing sensitive data including social security numbers of about 130,000 Navy personnel. A spokesman said that those affected will be notified in the coming weeks.
Riot announced that the latest version of their decentralized, cross-platform chat app now has end-to-end encryption built in, meaning room admins now have the ability to increase the privacy of users.
The Tor Project also pushed out a new release of their Tor Messenger app this week too. Have any of you tried either of these chat apps? What are your thoughts?
Blackhat uploaded a tonne of new videos from their latest conference, Black Hat USA 2016. As always, there are many different topics covered to get your neurons firing.
Kaspersky Lab created a report on the security of wireless networks around the globe, according to their security network database. They found that of the 32 million access points assessed, roughly ¼ of them are completely open, without any form of encryption. It also drills down into the types of encryption used, and distribution around the world. Well worth a read.
And speaking of unsecured networks, AndroidAuthority on Youtube, released a good 101 video about the different ways someone could go about capturing data on open wifi hotspots.
INTERNET OF FAILS
On the back of all the IP camera fails I've covered recently, a new serious vulnerability has been found in Siemens-branded CCTV cameras, used widely by government and healthcare organizations.
A careful crafted request can be exploited remotely, revealing admin credentials, and leading to access. A patch has been released, but it requires individual camera operators to apply it manually.
Another day, another massive Android vulnerability, this time, affecting almost 3 million Chinese handsets. Similar to something I covered in an earlier episode, researchers found a hidden binary responsible for software updates, which can be taken advantage of using a man in the middle attack, allowing attackers to install and run, anything they like.
Researchers at Ben Gurion University showed off a way to turn headphones into microphones, for audio surveillance. This is due to the widely used Realtek audio codec chip, which allows attackers to change audio output to audio input.
And finally, Bloomberg reports that some financial insitutions have begun using phone data, like location, call and browsing habits, to determine whether people who don't have credit histories are allowed or denied loans.
This opens up the possibility of being pre-declined for loans, just by virtue of where you live, who you know, and what your interests are.