Daily Digest (6/12)

Microsoft Joins Amazon, IBM in Pausing Face Scans for Police; Malicious Apps Pose as Contact-Tracing to Infect Android Devices; Zoom: China Demanded Closing Activists’ Accounts Over Tiananmen Event; Babylon Health Admits ‘Software Error’ Caused Patient Data Breach; Want to Protect Privacy? Stay Off Social Media, Indiana US Court Says. Click “Continue reading” below.

Microsoft Joins Amazon, IBM in Pausing Face Scans for Police

Microsoft Corp. is now the third huge technology company this week to ban facial-recognition software sales to police, following similar moves by Amazon Inc. and IBM Corp.

Brad Smith, Microsoft’s president and chief counsel, disclosed the decision and called on Congress to regulate the technology during a video event at The Washington Post on Thursday.

“We’ve decided we will not sell facial-recognition technology to police departments in the United States until we have a national law in place, grounded in human rights, that will govern this technology,” Smith said, The Associated Press reports.

The tech giants are stepping back from law-enforcement use of systems that have faced criticism for incorrectly identifying people with darker skin.

They also follow protests after last month’s death of George Floyd in Minneapolis, which have focused attention on racial injustice in the U.S. and how police use technology to track people.

But while all three companies are known for their work in developing artificial intelligence, including face-recognition software, none is a major player in selling such technology to police.

Smith said Microsoft currently does not sell its face-recognition software to U.S. police departments. He didn’t say if that includes federal law enforcement agencies or police forces outside the U.S., AP reports.

“If all of the responsible companies in the country cede this market to those that are not prepared to take a stand, we won’t necessarily serve the national interest or the lives of the black and African American people of this nation well,” Smith said. “We need Congress to act, not just tech companies alone.”

Source (external link):

Malicious Apps Pose as Contact-Tracing to Infect Android Devices

Scammers are using fake COVID-19 contact-tracing apps to infiltrate Android devices in countries around Asia, Europe and South America, a California cybersecurity company said Thursday.

Twelve fake apps have been detected as targeting citizens in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore, the company, Anomali, said in a report.

Once installed, the apps are designed to download and install malware to monitor infected devices and steal banking credentials and personal data.

The company noted that the Anubis and SpyNote malware, in particular, have been detected as being downloaded by these apps.

Anubis is an Android banking Trojan that utilizes overlays to access infected devices and then steal user credentials, while SpyNote is an Android Trojan used for gathering and monitoring data on infected devices, the company said.

“We believe the threat actors are distributing the malicious apps via other apps, third-party stores, and websites, among other channels,” Anomali said in a blog post.

“Threat actors continue to imitate official apps to take advantage of the brand recognition and perceived trust of those released by government agencies,” the blog continued. “The global impact of the COVID-19 pandemic makes the virus a recognizable and potentially fear-inducing name, of which actors will continue to abuse.”

Sources (external links):

Zoom: China Demanded Closing Activists’ Accounts Over Tiananmen Event

Zoom Video Communications Inc. said Thursday that the Chinese government demanded that it terminate four public meetings held on its video-conferencing platform on June 4 to commemorate the 31st anniversary of China’s Tiananmen Square crackdown.

Zoom said it provided no user information or meeting content to the Chinese government, adding that it would not allow further requests from Beijing to impact users outside the country, Reuters reports.

“The Chinese government informed us that this activity is illegal in China and demanded that Zoom terminate the meetings and host accounts,” the company said in a statement.

Zoom’s statement comes after it temporarily shut three accounts, one based in Hong Kong and two in the U.S., after they held the Tiananmen event.

The company said it decided to end three of the meetings and temporarily suspend the host accounts, as it was currently unable to remove specific participants from a meeting or block participants from a certain country from joining a meeting.

Zoom said it left one of the four meetings “undisturbed” as it did not have any participants from mainland China. It has now reinstated the three other accounts, which initially had been suspended or terminated.

Source (external link):

Babylon Health Admits ‘Software Error’ Caused Patient Data Breach

Babylon Health, a U.K. AI chabot and telehealth startup valued at more than $2 billion, has experienced a data breach after an app user found he could access other patients’ video consultations.

“Why have I got access to other patients’ video consultations through your app?” tweeted Rory Glover Thursday, TechCrunch reports. “This is a massive data breach. Over 50 video recordings are on this list!”

Babylon Health officials confirmed the breach Thursday, telling the BBC that a “software error” related to a feature that allows users to switch from audio to video-based consultations part way through a call had caused a “small number” of U.K. users to be able to see other sessions.

In all, Babylon Health claimed three users were able to access others’ data. It was not clear how many patient consultations were erroneously presented to those three, TechCrunch reports.

“On the afternoon of Tues. 9 June, we identified and resolved an issue within two hours, whereby one patient accessed the introduction of another patient’s consultation recording,” the company said.

“Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app,” the company said.

“Affected users were in the U.K. only and this did not impact our international operations,” it added.

Sources (external links):

Want to Protect Privacy? Stay Off Social Media, Indiana US Court Says

A federal court in Indiana has ruled that the U.S. government could obtain certain information from a criminal suspect’s Facebook account without a warrant.

The U.S. District Court for the Northern District of Indiana ruled last week that Facebook and other social media users did not have a “reasonable expectation of privacy” regarding the information, a Security Boulevard blog post reported Thursday.

The data included Facebook registration information, billing records, records of session times and durations, and IP addresses and cookies.

The court decided that the target of a government investigation had no expectation of privacy in the records that he “voluntarily disclosed to Facebook (either directly or through associated third-party websites or apps),” the blog disclosed.

“Reasonable minds can debate whether, as a society, we want entities such as Facebook to log the kind of information contained in the records.

“But what cannot be debated is that Facebook has this information only by virtue of individuals making an affirmative choice to provide it,” the court ruled.

The records “contain potentially personal information about (the defendant’s) life, but they contain no more than he chose to provide,” according to the blog.

The IP address information, online and offline cookie data, session times, duration and other data “comes solely from (the) defendant” by using the actual social platform, the court ruled.

Source (external link):

— By DPN Staff