Daily Digest (9/10)

Study: Children’s Apps Could Be Sharing Personal Information With Third Parties; Ireland Orders Facebook to Stop Sending User Data to US; Windows Themes Can Be Exploited to Obtain User Passwords; Italy Probing Apple, Dropbox, Google for Cloud-Storage Issues. Click “Continue reading” below.

Study: Children’s Apps Could Be Sharing Personal Information With Third Parties 

Children’s apps could be breaking federal laws by sharing the personal information of some preschoolers with businesses, a new study finds.

The study, published in JAMA Pediatrics, tested more than 451 children’s apps — finding that two-thirds collected data and shared it with other parties, which violates the Children’s Online Privacy Protection Act (COPPA).

The study was disclosed by Media Entertainment Arts WorldWide (MEAWW.com).

“Our study suggests that potential violations of child digital-privacy laws are common, and social-economic factors may influence which children are at greater risk,” said the study’s senior author, Dr. Jenny Radesky of the C.S. Mott Children’s Hospital in Ann Arbor, Mich.

Researchers also found that older children with smartphones and those from lower-education households were more susceptible to privacy breaches than those with parents with higher degrees.

Sources (all external links): 

Ireland Orders Facebook to Stop Sending User Data to US 

Ireland’s Data Protection Commission has ordered Facebook to suspend its data transfers to the U.S. about its users in the European Union.

Ireland’s action comes after U.K. courts ruled that Europeans have no effective way of challenging American government surveillance, The Wall Street Journal reports.

The preliminary order is the first significant step EU regulators have taken to enforce the July ruling, restricting how companies like Facebook can send personal information about EU residents to the U.S.  

Facebook also would have to re-engineer its service to remove the data it collected from European users or temporarily stop providing services. 

If Facebook fails to comply with the order, Ireland’s data commission could fine the company as much as $2.8 billion or 4% of its annual revenue, the Journal reports.

“A lack of safe, secure and legal international data-transfers would damage the economy and prevent the emergence of data-driven businesses from the EU, just as we seek a recovery from COVID-19,” said Nick Clegg, Facebook’s top policy and communications executive.

Ireland’s data commission has given Facebook until the middle of the month to respond to the order. 

Source: 

Windows Themes Can Be Exploited to Obtain User Passwords

Hackers could exploit Windows theme packs to gain a user’s login credentials. 

Jimmy Bayne, a security researcher who writes the Bohops blog, discovered that the text files used to configure theme packages in Windows could be exploited and used to execute a “pass-the-hash” attack, which sends passwords to a remote server, BetaNews reports.

Themes are made up with background images, cursors and sound files — and they are packaged in a plain-text file.

However, the configuration file can be exploited so that Windows looks to a remote server rather than to a locally stored image. That would allow the display to prompt a user for their credentials. 

According to a Bleeping Computer report, once a user puts in their credentials, malicious actors could exploit their Windows username and password.

Users should avoid using theme packs from unknown sources to steer clear of the risk, BetaNews advises. 

Source: 

Italy Probing Apple, Dropbox, Google for Cloud-Storage Issues

The Italian Competition Authority (AGCM) on Wednesday launched six investigations against Apple, Dropbox, and Google over the companies’ cloud-storage systems.

The agency said in a news release disclosed by The Hill that the investigations concerned “unfair commercial practices and the possible presence of unfair clauses in the contractual conditions.”

AGCM also said that that the investigations involve “the failure or inadequate indication, when presenting the service, of the collection and use for commercial purposes of the data provided by the user and the possible undue influence in towards consumers, who, in order to use the cloud storage service, would not be in a position to give the operator their consent to the collection and use of information concerning them for commercial purposes.” 

Italian antitrust authorities have been pursuing cases against top tech companies this year — and, in July, even raided the offices of Apple and Amazon over a separate investigation, the Hill reports.

Source: 

By DPN Staff