Daily Digest (8/14)

NSA, FBI Expose Russian Intelligence Hacking Tool; UK Testing New COVID App Amid Privacy Concerns; Alexa Bug May Have Exposed Voice History to Hackers; Facebook Sued for Allegedly Collecting Biometric Data on 100M Instagram Users; Click “Continue reading” below.

NSA, FBI Expose Russian Intelligence Hacking Tool 

The National Security Agency and the FBI exposed a Russian hacking tool code named “Drovorub” in a report released Thursday.

Russia’s Main Intelligence Directorate, also known as the GRU, used “Drovorub” malware to break into Linux-based computers, Reuters reports.

“Linux systems are used pervasively throughout national security systems, the Department of Defense and the Defense Industrial Base,” said Keppel Wood, chief operations officer in the NSA’s cybersecurity directorate.

Drovorub is connected to a Russian intelligence team, the 85th main special service center (GTsSS), part of military unit 26165, according to the 45-page report.

The NSA and the FBI claim GTsSS is associated with the same hackers who broke into the Democratic National Committee’s servers in 2016. 

The agencies did not disclose the organizations that had been compromised by Drovorub, Reuters reports.

Sources (all external links) 

UK Testing New COVID App Amid Privacy Concerns

Despite security concerns, Britain started testing a new smartphone app Thursday to help people track whether they’ve been close to someone infected with COVID-19.

“It uses the latest security technology and is designed with user privacy in mind, so it tracks the virus, not people,” the U.K. Department of Health and Social Care said in a statement, The Associated Press reports. 

The app uses Bluetooth technology to track when a user’s phone has been near someone who has tested positive for COVID, but the app does not store names, addresses or other personal information.

The app is designed to work with the National Health Service’s “track and trace” program, AP reports, and authorities say the technology will play a role in reducing the spread of the virus.


Alexa Bug May Have Exposed Voice History to Hackers 

Research into Amazon’s Alexa data revealed vulnerabilities within the system that could have been exploited by hackers.

The security firm Check Point disclosed Thursday that Alexa’s web services had bugs that could allow hackers to exploit a user’s audio interactions with the device, Wired reports. 

Amazon has patched the flaws, but the vulnerable system could have exposed such profile information as home addresses and the “skills” apps users add to Alexa. 

Check Point also found that attackers could delete an existing app and install a malicious one to gather user information, according to Wired.

“Virtual assistants are something that you just talk to and answer — and usually you don’t have in your mind some kind of malicious scenarios or concerns,” Oded Vanunu, Check Point’s head of product vulnerability research, told Wired.

“But we found a chain of vulnerabilities in Alexa’s infrastructure configuration that eventually allows a malicious attacker to gather information about users and even install new skills.”

But an Amazon representative told Wired: “The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us.

“We fixed this issue soon after it was brought to our attention.”


Facebook Sued for Allegedly Collecting Biometric Data on 100M Instagram Users 

Facebook has been sued for allegedly collecting the biometric data of more than 100 million Instagram users without their consent.

The lawsuit, filed Monday in state court in California, claimed the biometric data was used to create “face templates” for facial-recognition purposes that are stored in Facebook databases, Apple Insider reports.

Instagram uses the tool automatically even if the individuals pictured do not have Instagram accounts.

“Once Facebook captures its Instagram users’ protected biometrics, it uses them to bolster its facial recognition abilities across all of its products, including the Facebook application, and shares this information among various entities,” the lawsuit claimed. 

The data-collection violates an Illinois privacy law prohibiting the unauthorized collection of biometric data, the lawsuit says.

Facebook could face fines up to $1,000 per violation — or $5,000 if the company is found to have acted intentionally, Apple Insider reports. 


— By DPN Staff