ENISA launched Smartphone Secure development Guidelines

ENISA launched a smartphone guidelines tool with the following subjects: – Ensure correct usage of biometric sensors and secure hardware; – Secure data integration with third party code;

– Implement user authentication, authorization and session management correctly;
– Ensure sensitive data is protected in transit;
– Consent and privacy protection;
– Protect paid resources;
– Secure the backend services and the platform server and APIs;
– Identify and protect sensitive data on the mobile device;
– Protect the application from client side injections;
– Secure software distribution;
– Check device and application integrity;
– Handle runtime code interpretation correctly;
– Handle authentication and authorization factors securely on the device.

Read more about this topic at: https://www.enisa.europa.eu/topics/iot-and-smart-infrastructures/smartphone-guidelines-tool

Is it possible to escape from face detection while shopping in Australia?

Digital billboards in shopping areas in Australia record customers’ reactions to advertisements tailored to them, but not in accordance with the GDPR. Who is safeguarding the Australians’ privacy? Face detection makes it possible to distuingish f.e. age, gender and mood. The French manufacturer emphasizes that all data collected remains anonymous and that they are using facial detection, not facial recognition technology. They’re not identifying who the person is, they’re just identifying the characteristics of that person.

The global FRT market is worth approximately US$3bn (A$4.1bn) and is expected to grow to US$6bn by 2021. But there are major concerns about how to protect the privacy of those whose data is collected. In January a coalition of 85 civil rights groups wrote to Microsoft, Amazon and Google demanding the companies commit not to sell face surveillance technology to governments. According to Microsoft three main problems governments needed to address, namely the risk of bias and discrimination, new intrusions into privacy, and the potential for mass surveillance to “encroach on democratic freedoms”.

Read more about this topic at: https://www.theguardian.com/technology/2019/feb/24/are-you-being-scanned-how-facial-recognition-technology-follows-you-even-as-you-shop

ETSI lanches first security baseline for consumer IoT devices

The security of IoT devices is becoming a growing concern. ETSI has therefore created a “security baseline” for these IoT devices. ETSI: “People entrust their personal data to a growing number of online devices and services. In addition, traditionally offline products and appliances are now connected and must be designed to withstand cyber threats.

To meet the specifications, IoT devices must adhere to 13 rules, including f.e.:

– Vulnerability management;
– Secure communication;
– Up2date software and guarantee software integrity;
– Prevent use of universal default passwords;
– Secure sensitive, personal data and credential storage. The standard is designed to suit a wide range of consumer-facing devices.

These include:
– Children’s toys and baby monitors;
– Security systems;
– TV and speakers;
– Wearable sanitary fittings;
– Home automation systems.

Read more about this topic at: https://www.etsi.org/newsroom/press-releases/1549-2019-02-etsi-releases-first-globally-applicable-standard-for-consumer-iot-security

Data breaches in 2018: An overview

Risk Based Security came out with their annual data breach report. Some highlights:

– Compared to 2017, the number of reported breaches was down 3.2% and the number of exposed records was down approximately 35.9% from 7.9 billion.
– The Business sector accounted for 65.8% of the records exposed followed by Unclassified at 31.8% and Government at 2.2%. The Medical and Education sectors combined accounted for 9.9 million records exposed, or less than 0.02% of the total records exposed in the year.
– Web regained the top spot for the breach type exposing the most records, accounting for 3% of compromised records, while
– Hacking remained the top breach type for number of incidents, accounting for 57.1% of reported breaches. 5% of breached organizations were unwilling or unable to disclose the number of records exposed.
– 6,515 breaches were reported through December 31, 2018, exposing approximately 5 billion records.
– the average number of days between discovery and disclosure has gone up from 48.6 in 2017 to 49.6 days in 2018.

Read more about this topic at: http://www.govtech.com/blogs/lohrmann-on-cybersecurity/data-breaches-what-do-the-numbers-mean.html

US Senators: risk assessement on foreign VPNs

In a letter to Director of the Department Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, Christopher Krebs, the two senators Wyden and Rubio requested an investigation of possible risks stemming from VPN and data-saving apps based in unfriendly foreign nations. The growth of usage of mobile VPN and data-saving (proxying) apps of Russian and Chinese provider by government officials could harm U.S. National Security.

See the full letter: https://www.wyden.senate.gov/imo/media/doc/020719%20Wyden%20Rubio%20VPN%20Letter%20to%20DHS.pdf

Is Surveillance Capitalism the Future of Data Economics?

Surveillance capitalism has implications for our economy, the prospects of a market democracy, privacy and the future of capitalism itself. It transforms society in ways that are profoundly anti-human and anti-democratic and all for the sake of surveillance revenues. The future of surveillance capitalism has to be fought against, but first understanding is needed.

Shoshana Zuboff spent a lot of time on naming, which will be hopefully followed by taming, interupting and outlawing. This in favour of the values and freedoms required to nurture defend and protect individual autonomy and the democratic prospect for our families and the generations to come. Surveillance capitalism declares private human experience as free raw material for translation into production and sales, which is translated into behavorial data for computation and analysis with substantial predictive value. The behavioral data comes from online browsing, search, social media, but also the movement, conversation, facial expression, etc.

With more devices and points connected more data is gathered, which will result in machine learning telling what we will do now, soon and later. Do you think it’s time to gain back control over your data and (y)our future?

For more information about this topic visit: https://www.youtube.com/watch?v=DeaSxCN2uw8

EE dataleak caused stalking via sim-swapping?

An EE customer has said she was stalked by an ex-partner who worked at the firm, after he accessed her personal data without permission. She was switched to a new handset and her address and bank details were accessed. She involved the police and claims the firm EE and police did not take the dataleak seriously. She claims her sim was swapped by her ex-partner with her personal data getting into his hands. She claims to have spent a lot of private time at the police station and missed days at work, while her ex having access to sort code, her account number, photocopy of her driver’s licence. “It did put her at risk and she feels all customers should know how poorly something like this will be handled if there is a data breach on their account

Read more about this topic at: https://www.bbc.com/news/technology-46896329