ITy Bytes 7 April are digestible byte-sized chunks of new you need to know. In this edition

  • Kaspersky now detects stalkerware;
  • Amazon plans to launch 3236 satellites for broadband coverage;
  • 540 million Facebook user’s data left unprotected on Amazon Cloud;
  • Most mobile financial apps not safe;
  • Nokia X71 knocks the notch for a six – prefers Samsung O-hole;
  • Apple Series-11 iPhones coming in September;
  • Microsoft adds 8th gen Intel Core and USB-C to Surface Book 2;
  • Google blocked 1.6 billion potentially harmful apps (PHA) in 2018;
  • Google Street View becomes Kakadu park View;
  • Australia broadband worse than many third world countries;
  • Crapple grappling with quality;
  • Don’t trust Facebook in combining WhatsApp and Instagram;
  • Telstra Plus loyalty programme;
  • iFixit tears down iPad Mini 4 – sorry 5!
  • iFixit tears into iPad Air 3 – more of the same;
  • Ford waits to 2020 to introduce the Escape PHEV;
  • The most beautiful construction sets in the world – TimeforMachine (T4M)

ITy Bytes 7 April

Kaspersky now detects stalkerware

Kaspersky has been focusing on the technology used by spies, stalkers and abusers and it has found a way to flag if an Android device is infected.

In case you think it is a numerically small problem Kaspersky’s new algorithms detected nearly 59,000 infected devices – and that is only from the Android phones it protects.

Stalkerware evades detection because it is not a virus or malware – it is installed by ordinary people with access to someone’s phone (most are not secured with a pin, fingerprint or other security) or via a phishing email and clicking on a link. It can report on your location, copy SMS and MMS, open microphones and much more.

Motherboard has a good article on stalkerware here. Scarily it says, “It’s difficult to tell if someone has installed stalkerware on your phone, being that there’s typically no visible evidence.”

ITy Bytes 7 April

Amazon aims sky-high with plans to launch 3236 satellites for ubiquitous broadband coverage

Amazon’s project Kuiper plans to spend billions of dollars on providing broadband internet access to around 95% of the world’s population via 3236 satellites in low Earth orbit. It will cover from latitude 56 degrees north to south.

It is not the first audacious plan – and let’s call it for what it is a plan, not a certainty. SpaceX has its Starlink plan for 12,000 satellites. OneWeb has plans for ‘hundreds’ of satellites and has completed a successful $1.25 billion funding round. Telesat plans hundreds of satellites by early 2020s. And Facebook in conjunction with Boeing has a LeoSat program.

Motivation? I wish I could say it is altruistic but in Amazon’s and Facebook’s case it is to tie you into their ecosystems. Or is someone channelling Bezominator and Skynet? Space truly is the next frontier.

ITy Bytes 7 April
Would you buy a used rocket from this man – Amazon’s Geoff Bezos

540 million Facebook user’s data left unprotected on Amazon Cloud

Researchers at Upguard found two more third-party Facebook app developers exposed 540 million (146GB) and 22,000 Facebook user data. User data that Facebook allows app developers to collect.

The 540 million user data mainly has Facebook ID, like/dislikes, account names and comments. The second breach has columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more.

It reflects the cavalier attitude Facebook has to data security – it’s Cambridge Analytica all over again. Facebook cannot be trusted with our data when it’s business model clearly allows sharing with third-party app developers and their clients.

Upguard says, “The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook’s control.”

#DeleteFacebook

ITy Bytes 7 April
All there for the taking – no security at all

Most mobile financial apps not safe

A report from Aite Group and Arxan Technologies in the US revealed glaring security holes in most of the top 30 mobile financial apps.

  • 97% of the apps could easily be reverse engineered, providing access to sensitive source code data, including account credentials, API keys, server file locations, and incorrectly stored health savings account information.
  • 90% shared services with other apps leaving financial data accessible on the device
  • 83% insecurely stored data outside the apps control in a device’s local file system, external storage, and copied data to the clipboard allowing shared access with other apps; and exposed a new attack surface via APIs
  • 80% of the apps tested implemented weak encryption algorithms or the incorrect implementation of a strong cipher, allowing adversaries to decrypt sensitive data and manipulate or steal it as needed
  • 70% of the apps use an insecure random-number generator, a security measure that relies on random values to restrict access to a sensitive resource, making the values easily guessed and hackable

In all, there were 180 critical vulnerabilities across the 30 apps. You can read an overview of vulnerabilities here. If this is happening in the US imagine how prevalent it is here. For the present avoid using mobile apps for financial purposes.