Daily Digest (11/25)

7 States Set to File Antitrust Lawsuit Against Google; Researchers Find Backdoors in Chinese-Made Routers Sold at Walmart; Chinese President Pushes for Global QR Codes Amid COVID-19; Home Depot Reaches $17.5 Million Settlement for 2014 Data Breach.

7 States Set to File Antitrust Lawsuit Against Google

Seven bipartisan states — Colorado, Iowa, Nebraska, New York, North Carolina, Tennessee and Utah — plan to file an antitrust lawsuit against Google as early as next month, Reuters reported Tuesday.

The news service cited “two people briefed on the matter.”

The pending legal action follows the antitrust lawsuit filed against Google in October by the Justice Department.

The states, sometimes referred to as the Colorado-Nebraska group, said it was planning to combine its case with the Justice Department’s, Reuters reports.

Google has denied wrongdoing in response to the government’s lawsuit and other probes.

The people briefed on the matter said the Colorado-Nebraska group planned to file their lawsuit around mid-December, according to Reuters, in U.S. District Court.

The filing potentially would beat out an anticipated lawsuit from a Texas-led group of attorneys generals from 50 states, which announced a probe of Google last year.

Texas is leading that group, which is focused on online advertising, while the Colorado-Nebraska group has a broader investigation in progress.

The Justice Department’s lawsuit focuses on Google’s efforts to maintain its dominance in search and its advertising business, Reuters reports.

Sources (all links external):

Researchers Find Backdoors in Chinese-Made Routers Sold at Walmart

Researchers have found suspicious backdoors in the Chinese-made Jetstream routers that are sold exclusively at Walmart, CyberNews reported Tuesday.

Mantas Sasnauskas, CyberNews’ senior information security researcher — along with researchers James Clee and Roni Carta — found that the backdoor allowed attackers to remotely control the routers and any devices connected to the network, according to the report.

“Thank you for bringing this to our attention,” a Walmart representative told CyberNews. “We are looking into the issue to learn more.

“The item in question is currently out of stock — and we do not have plans to replenish it.”

In addition, the research team found that Wavlink routers — normally sold on Amazon or eBay — have similar backdoors.

Those routers also contain a script listing nearby Wi-Fi and can connect to those networks.

“I was interested in seeing how much effort companies were putting into security,” Clee said. “I decided it would be a great hobby to buy cheap Chinese technology off Amazon and see what I could find out.”

Jetstream has an exclusive deal with Walmart, and is sold under Ematic and other brand names. Wavlink is a technology company based in Shenzhen, China.

The researchers told CyberNews that they believed both were subsidiaries of a Shenzhen-based company known as Winstars Technology Ltd.

Wavlink could not be reached for comment, CyberNews reports.

Chinese President Pushes for Global QR Codes Amid COVID-19

Chinese President Xi Jinping has pushed for a global tracking system using QR codes to monitor people and any potential exposure to COVID-19.

Beijing mandated the widespread use of QR-based health certificates earlier this year, CNN reports. 

Xi called for the system via video at the G20 Leaders’ Summit on Saturday. 

According to the report, the QR code would issue users with a color code based on their probable exposure to COVID-19. Green is safest, then amber and red.

Xi said that to ensure the “smooth functioning” of the world economy during the pandemic, countries needed to coordinate a uniform set of policies and standards, the state-run news agency Xinhua reports.

“China has proposed a global mechanism on the mutual recognition of health certificates based on nucleic acid test results in the form of internationally accepted QR codes,” Xi said. “We hope more countries will join this mechanism.” 

But Xi didn’t say what type of app or QR code system he was suggesting or who would design and run it. 

On preserving data privacy, Xi said: “We should adopt people-centered and facts-based policies to encourage innovation and build trust.

“We should support the UN’s leadership role in this field, and work together to foster an open, fair, just and nondiscriminatory environment for building the digital economy.”

But Kenneth Roth, executive director of the Human Rights Watch, warned against Xi’s proposal.

“Beware of the Chinese government’s proposal for a global QR code system,” he tweeted. “An initial focus on health could easily become a Trojan Horse for broader political monitoring and exclusion — akin to the dangers associated with China’s social-credit system.”

Home Depot Reaches $17.5 Million Settlement for 2014 Data Breach 

Home Depot reached a $17.5 million settlement on Tuesday to resolve a probe involving multiple states into a 2014 data breach where hackers accessed the payment information of 40 million customers, Reuters reports. 

The settlement, with 46 states and Washington, originated from a breach between April 10, 2014, and Sept. 13, 2014. 

The probe was led by Connecticut, Illinois and Texas.

The breach affected customers who used self-checkout terminals at the retailer’s  U.S. and Canadian stores.

The attackers used a vendor’s username and password to access Home Depot’s network, deploying a custom-built malware to access customers’ payment information.

Home Depot previously said that email addresses of at least 52 million people also were exposed.

Home Depot did not admit liability by agreeing to the settlement, according to the report. The settlement requires the company to hire a chief information security officer and upgrade its security procedures and training. 

Companies that collect sensitive personal information from customers “have an obligation to protect that information from unlawful use or disclosure,” Connecticut Attorney General William Tong said in a statement, Reuters reports.

 “Home Depot failed to take those precautions.”

In a statement on the settlement, Home Depot said that security was a top priority, and that it had since 2014 “invested heavily to further secure our systems.

“We’re glad to put this matter behind us.”

Reuters: https://www.reuters.com/article/us-home-depot-cyber-settlement/home-depot-reaches-17-5-million-settlement-over-2014-data-breach-idUSKBN2842W5 

— By DPN Staff