Categories
Shared

Google Hands Feds 1,500 Phone Locations In Unprecedented ‘Geofence’ Search

According to Forbes, Google has sent 1,494 device identifiers to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) to help them investigate arsons carried out across Milwaukee, Wisconsin, throughout 2018 and 2019. “The requests, outlined in two search warrants obtained by Forbes, demanded to know which specific Google customers were located in areas covering 29,387 square meters (or 3 hectares) during a total of nine hours for the four separate incidents,” the report says. “Unbeknownst to many Google users, if they have ‘location history’ turned on, their whereabouts are stored by the tech giant in a database called SensorVault.” From the report:

To investigators, this kind of “geofence” demand is useful, allowing them to go through the data trove provided by Google, look for devices of interest such as a known suspect’s phone and ask for more personal information on the user of that mobile. But it’s also the kind of search that’s been making pro-privacy folk anxious over the last year. Such data grabs, also referred to as “reverse location searches,” see the police give Google a timeframe and an area on Google Maps within which to find every Google user within. Google then looks through its SensorVault database of user locations, taken from devices running the tech giant’s services like Google Maps or anything that requires the “location history” feature be turned on. The police then look through the list, decide which devices are of interest to the investigation and ask for subscriber information that includes more detailed data such as name, email address, when they signed up to Google services and which ones they used.

It’s unclear whether or not Google handed over any identifying information, but to Jerome Greco, a public defender in the Digital Forensics Unit of the Legal Aid Society, it’s a sign that geofence warrants are overly broad and endanger user privacy. “The number of phones identified in that area shows two key points,” he tells Forbes. “One, it demonstrates a sample of how many people’s minute-by-minute movements Google is precisely tracking. “Two, it shows the unconstitutional nature of reverse location search warrants because they inherently invade the privacy of numerous people, who everyone agrees are unconnected to the crime being investigated, for the mere possibility that it may help identify a suspect.”For what it’s worth, Forbes did obtain a search warrant that indicates Google is trying to fight back against overly broad government requests, “but still appears to be handing over innocent people’s information as well as legitimate suspect data.”

As found on: https://tech.slashdot.org/story/19/12/12/2139212/google-hands-feds-1500-phone-locations-in-unprecedented-geofence-search

Categories
Shared

Vulnerability In Fully Patched Android Phones Under Active Attack By Bank Thieves

An anonymous reader quotes a report from Ars Technica:

A vulnerability in millions of fully patched Android phones is being actively exploited by malware that’s designed to drain the bank accounts of infected users, researchers said on Monday. The vulnerability allows malicious apps to masquerade as legitimate apps that targets have already installed and come to trust, researchers from security firm Promon reported in a post. Running under the guise of trusted apps already installed, the malicious apps can then request permissions to carry out sensitive tasks, such as recording audio or video, taking photos, reading text messages or phishing login credentials. Targets who click yes to the request are then compromised.

Researchers with Lookout, a mobile security provider and a Promon partner, reported last week that they found 36 apps exploiting the spoofing vulnerability. The malicious apps included variants of the BankBot banking trojan. BankBot has been active since 2017, and apps from the malware family have been caught repeatedly infiltrating the Google Play Market. The vulnerability is most serious in versions 6 through 10, which account for about 80% of Android phones worldwide. Attacks against those versions allow malicious apps to ask for permissions while posing as legitimate apps. There’s no limit to the permissions these malicious apps can seek. Access to text messages, photos, the microphone, camera, and GPS are some of the permissions that are possible. A user’s only defense is to click “no” to the requests.”The vulnerability is found in a function known as TaskAffinity, a multitasking feature that allows apps to assume the identity of other apps or tasks running in the multitasking environment,” reports Ars Technica. While Google has removed the [unnamed] malicious apps from its Play Store, according to Promon, the vulnerability is still unfixed in all versions of Android.

“Promon is calling the vulnerability ‘StrandHogg,’ an old Norse term for the Viking tactic of raiding coastal areas to plunder and hold people for ransom,” the report adds. “Promon researchers said they identified StrandHogg after learning from an unnamed Eastern European security company for financial institutions that several banks in the Czech Republic reported money disappearing from customer accounts.”

As seen on: https://it.slashdot.org/story/19/12/02/230254/vulnerability-in-fully-patched-android-phones-under-active-attack-by-bank-thieves

Categories
Shared

Apple exec says students who use Google’s ‘cheap’ laptops at school are ‘not going to succeed’

Apple’s marketing SVP Phil Schiller slammed Google’s Chromebooks in an interview with CNET published on Wednesday, saying that students who use them are not going to succeed.

The remarks are an escalation of Apple’s rhetoric about the competitive K-12 market in the United States where it is losing to Google and Microsoft.

“Chromebooks have gotten to the classroom because, frankly, they’re cheap testing tools for required testing,” Schiller said during an interview to promote a new $2,400 MacBook Pro. “If all you want to do is test kids, well, maybe a cheap notebook will do that. But they’re not going to succeed.”

In a tweet sent after this story published, Schiller said that “every child has the ability to succeed.”

Right now, there are far more Chromebooks being sold to schools than other kinds of computers. In 2018, 60% of all laptops and tablets purchased for U.S. K-12 classrooms were Chromebooks, with Microsoft Windows-powered computers coming in at second at 22%. Apple’s iOS and macOS had 18% of the market, according to stats from Futuresource Consulting.

“At the point where U.S. districts needed to purchase devices for online assessment on mass scale, Chromebooks were clearly significantly cheaper than competitive offerings,” Futuresource analyst Michael Boreham said in an email.

Schiller’s argument against Chromebooks goes like this: According to a study done “many many years ago” internally at Apple, kids learn the best when they’re engaged. To maximize engagement, schools need to buy “cutting-edge learning tools” like Apple’s iPad.

He also returned to an argument that Apple CEO Tim Cook has made previously: Google’s Chromebooks are “test machines.” That’s because Chromebooks are better suited for government-mandated “Common Core” tests, which require or heavily recommend keyboards. Apple’s iPad, which Schiller calls the “ultimate tool for a child to learn on,” doesn’t have a built-in keyboard and requires an additional accessory to add one.

The U.S. education market is expected to hit $43 billion in sales in 2019, according to an estimate from Technavio earlier this year. Students who get comfortable with a given company’s software in school may remain a customer when they grow up and buy their own computers.

The education market is important to Apple, which held a press event at a school in Chicago in early 2018 discussing its education strategy and the “Everyone Can Code” program in which Apple creates computer science curricula it distributes to schools for free. Last year, Apple announced that it would build a new course for Advanced Placement high school students focusing on Apple’s programming language, Swift.

Apple also announced an update to its entry-level iPad at the event and said it would sell it to schools for $300 after an educational discount.

Aside from cost, Google enjoys a competitive advantage over Apple with its Google Classroom software, according to Boreham. Google Classroom lets students log on to any Chromebook to pull up their profile and saved work. Google’s device management software is also better suited for IT administrators, he added.

“Both Microsoft and Apple have added and extended their solutions with upgraded and cheaper hardware, IT deployment tools and a wider range of apps and tools, but to date there are limited signs of a significant OS market share change,” Boreham said.

As found on CNBC, https://www.cnbc.com/2019/11/13/apple-exec-students-who-use-googles-cheap-laptops-wont-succeed.html