Child safety smartwatches ‘easy’ to hack, watchdog says

Children's smartwatchesImage copyright NCC

Some smartwatches designed for children have security flaws that make them vulnerable to hackers, a watchdog has warned.

The Norwegian Consumer Council (NCC) tested watches from brands including Gator and GPS for Kids.

It said it discovered that attackers could track, eavesdrop or even communicate with the wearers.

The manufacturers involved insist the problems have either already been resolved or are being addressed.

UK retailer John Lewis has withdrawn one of the named smartwatch models from sale in response.

The smartwatches tested essentially serve as basic smartphones, allowing parents to communicate with their children as well as track their location.

Some include an SOS feature that allows the child to instantly call their parents.

They typically sell for about £100.

The NCC said it was concerned that Gator and GPS for Kids' watches transmitted and stored data without encryption.

It said that meant strangers, using basic hacking techniques, could track children as they moved, or make a child appear to be in a completely different location.

Image copyright NCC Image caption The NCC plans a social media campaign to publicise its findings

Consumer rights watchdog Which?criticised the "shoddy" watches and said parents "would be shocked" if they knew the risks.

Spokesman Alex Neill said:"Safety and security should be the absolute priority.If that can't be guaranteed, then the products should not be sold."

John Lewis stocks a version of the Gator watch, although it is not clear whether it suffers from the same security flaws as the watches tested.

The firm said it was withdrawing the product from sale "as a precautionary measure" while awaiting "further advice and reassurance from the supplier".

GPS for Kids said it had resolved the security flaws for new watches and that existing customers were being offered an upgrade.

The UK distributor of the Gator watch said it had moved its data to a new encrypted server and was developing a new, more secure app for customers....

Read more

Social media data shared by spy agencies

GCHQImage copyright PA Image caption GCHQ is due to offer its view to the court later this week

UK spy agencies are collecting citizens' social media and medical data, a court has heard.

The details emerged in a case brought by Privacy International, looking at the legality of mass data collection.

It said it was concerned that the information could have been shared with foreign governments and corporate partners.

The body which oversees UK surveillance did not know that highly sensitive data was being shared, it emerged.

Facebook said it did not provide "any government with access to people's data".

The long-running legal case was brought by Privacy International, following revelations in March 2015 that the intelligence agencies were collecting not only targeted data on specific suspects but also information from the general public.

The details were revealed in an Intelligence and Security Committee report which, although heavily redacted, stated that so-called bulk personal datasets (BPDs) vary in size from hundreds to millions of records.

The current case is being heard by the Investigatory Powers Tribunal, set up to look at complaints about surveillance issues.

According to Privacy International it is the first time that the type of data being collected has been made public, although it is still not clear how such data is collected.

"We don't know whether it it is intercepted or given to it by the companies," Millie Graham Wood, a solicitor at Privacy International, told the BBC.

Facebook said that it did not provide "back doors" and that it scrutinised "each government request for user data".

Meanwhile, in a blogpost [1]from 2016, Twitter said that it "prohibits developers using the public APIs and...data products from allowing law enforcement - or any other entity - to use Twitter data for surveillance purposes."

One of the biggest reveals of the court case was that private contractors had "administrator" access to some of the information the agencies collect.

The Investigatory Powers Commissioner's Office (IPCO), which oversees the UK's surveillance regime, has raised concerns over the role of these private contractors.

In letters shared with PI, it said that there are "no safeguards" in place to prevent the misuse of the systems by third parties.

Ms Graham Wood said:"After all this time, just before the court hearing we learn not only are safeguards for sharing our sensitive data non-existent, but the government has databases with our social media information and is potentially sharing access to this information with foreign governments.

The risks associated with these activities are painfully obvious.We are pleased the IPCO is keen to look at these activities as a matter of urgency and the report is publicly available in the near future."...

References

  1. ^ in a blogpost (blog.twitter.com)

Read more

Adobe patches Flash bug used for planting spying tools

Padlock with a hole in itImage copyright Getty Images Image caption Kaspersky discovered a new Flash security vulnerability being used to distribute spying software

Adobe has patched a new Flash security flaw that was being used by attackers to install spying tools on victims' computers.

The security bug was delivered using malicious Flash files embedded in Microsoft Word documents, sent as an email attachment to targets.

When the document was opened, the FinSpy malware would secretly install itself.

The vulnerability was discovered by Russian security firm Kaspersky Lab[1].

The flaw was discovered by Kaspersky Lab researchers on 10 October.

They found that the attacker - thought to be a group called BlackOasis - was targeting the governments of various countries who are members of the United Nations, as well as oil and gas companies in several regions.

In the UK, activists and several non-governmental organisations (NGOs) were targeted by the attackers, but not government agencies.

Kaspersky contacted Adobe on the same day it discovered the exploit, and Adobe published the patch[2] on Monday 16 October.

What is FinSpy?

FinSpy is a surveillance software product developed by Anglo-German firm Gamma International.

It is a legal spying tool that is used by law enforcement agencies around the world for lawful surveillance during criminal and anti-terror investigations.

"What is unusual about BlackOasis is that they are using legal surveillance tools to hit other nation states," Costin Raiu, the director of Kaspersky's Global Research &Analysis Team told the BBC.

"This is unusual because everybody was using these tools for lawful surveillance in their own countries."

Due to the numerous security issues relating to Adobe Flash, the software is now gradually being phased out[3].

However, some older websites still use it, so web browsers now come with protections to prevent attackers from exploiting Flash to sneakily install malware on consumers' computers.

This has proved effective in curtailing Flash exploits in the web browser, so to make the attack work, BlackOasis appeared to have embedded a Flash file in a Microsoft Word document, because this stops the typical protections from working.

Mr Raiu thinks that Microsoft should consider blocking certain types of files from launching when Word documents are opened.

He recommended that consumers install the patch for Flash even if they don't think they are using it on your computer, because it might still be installed.

"The most worrying thing in this story is that tools produced by these companies specialising in lawful surveillance are being used to fuel cross-country espionage and contribute to the increasing climate of world cyber war," said Mr Raiu.

"The creator of the tool is a UK company, and then it is used to spy on British targets.I just find the whole concept a bit worrying."...

References

  1. ^ Kaspersky Lab (securelist.com)
  2. ^ published the patch (helpx.adobe.com)
  3. ^ gradually being phased out (www.bbc.co.uk)

Read more

'First 5G mobile net connection' claimed by Qualcomm

Qualcomm's Snapdragon X50 NR chipsetImage copyright Qualcomm Image caption Qualcomm has showcased 1Gbps mobile internet speeds using a 5G chip

Qualcomm has demonstrated mobile internet speeds of 1Gbps using a 5G smartphone chip.

The chipset manufacturer claims this is the first working 5G data connection on a mobile device.

The fifth generation of the mobile network does not yet exist, but it promises faster data speeds and more bandwidth to carry more web traffic.

Qualcomm is describing the demonstration as a "major milestone", but one expert is playing it down.

1Gbps is equivalent to 1,000Mbps, and this speed would enable you to download a one-hour TV programme in HD from BBC iPlayer in less than six seconds.

"It's not a big deal," Prof William Webb, a independent consultant and author of the book The 5G Myth:When vision decoupled from reality[1], told the BBC.

"5G is not yet clearly defined, they've just postulated what they think it will look like.

"It's not 5G in its final form, so it's premature to say it's a 5G demonstration."

Prof Webb added that speeds higher than 1Gbps were already achievable on 4G.

For example, Huawei's Kirin 970 chipset offered mobile speeds of up to 1.2Gbps when used with compatible network equipment.

Qualcomm said the demonstration, at its laboratories in San Diego, had used its first dedicated 5G chip, the Snapdragon X50 NR modem chipset, on the 28GHz millimetre wave spectrum band.

What is 5G?

Today's 4G mobile networks currently make use of the sub-6GHz frequencies, but these are now heavily crowded.

Mobile operators are running out of capacity to carry the huge amounts of web traffic generated by consumers on billions of mobile devices, in addition to data being sent from internet-enabled sensors in smart devices.

The specifications for 5G have not yet been set out by the global mobile standards body, 3GPP, so various parts of the industry are trying different technologies, with the hope that 5G will be ready by 2019.

Some of the technologies involve optimising the current 4G network[2] by making the transit of data more efficient, in order to offer greater capacity and higher speeds.

But there are also plans to make use of the currently unused 28GHz and 39GHz millimetre wave spectrum bands, which are found in the electromagnetic spectrum between microwaves and infrared waves.

Millimetre waves offer far more bandwidth than the sub-6GHz frequencies, but the radio signal deteriorates if data is transmitted over more than a few kilometres.

"There are many different definitions of 5G, some of which could be implemented by 2019, and those that wouldn't be, such as millimetre wave, which will probably take a lot longer," said Prof Webb....

References

  1. ^ The 5G Myth:When vision decoupled from reality (www.amazon.co.uk)
  2. ^ optimising the current 4G network (www.ibtimes.co.uk)

Read more

NewsLine is a full functional magazine news for Entertainment, Sports, Food website. Here you can get the latest news from the whole world quickly.

Popular Item

Recent News