Daily Digest (12/9)

Apple threatens to remove apps that won’t comply with new privacy feature; Researchers find millions of devices vulnerable to cyberattacks; Cloudflare and Apple create a new privacy-focused internet protocol; Federal judge blocks TikTok ban.

Apple Threatens to Remove Apps That Won’t Comply With New Privacy Feature

Apple threatened Tuesday to remove apps from its App Store if they failed to comply with an upcoming privacy feature that would block advertisers from tracking users.

The new feature, called the App Tracking Transparency, originally was planned to debut this year, but was delayed to give developers more time to make changes to their apps and to address privacy issues, Reuters reports.

Some tech companies and advertisers, including Facebook, have criticized the proposed change. 

But Craig Federighi, Apple’s senior vice president of software engineering, said users should know when they were being tracked across different apps and websites.

“Early next year, we’ll begin requiring all apps that want to do that to obtain their users’ explicit permission, and developers who fail to meet that standard can have their apps taken down from the App Store,” he told the European Data Protection and Privacy Conference.

Last month, Austrian privacy group None of Your Business: European Center for Digital Rights (NOYB) filed complaints with data-protection watchdogs in Germany and Spain, alleging that an online tracking tool used in Apple devices breached European law. 

Sources (all links external): 

Researchers Find Millions of Devices Vulnerable to Cyberattacks

Researchers at the cybersecurity firm Forescout Technologies said Tuesday that they identified vulnerabilities in software used by millions of devices that could be exploited to infiltrate and disrupt business and home-computer networks.

There was no evidence that the vulnerabilities have been exploited, but the research prompted the U.S. Cybersecurity and Infrastructure Security Agency to flag the issue in an advisory, The Associated Press reports. 

The potentially affected devices, from an estimated 150 manufacturers, range from networked thermometers to “smart” plugs and health care appliances to components of industrial-control systems, Forescout Technologies said in a report released Tuesday.

The most-affected devices included remote-controlled temperature sensors and cameras, the report said.

If unfixed, the vulnerabilities could leave corporate networks open to crippling denial-of-service attacks, ransomware or malware that hijacked devices and enlisted them in zombie botnets, the researchers said. 

Cloudflare and Apple Create a New Privacy-Focused Internet Protocol 

Engineers at Cloudflare and Apple said Tuesday that they had developed an internet protocol to make it harder for internet providers to know the websites a user visited. 

Internet browsers use a DNS resolver to convert web addresses to machine-readable IP addresses to locate where a web page is located on the internet, TechCrunch reports.

But the process is not encrypted — allowing the DNS resolver, which may be the internet provider, to know what sites someone visits. 

Recent developments like DNS-over-HTTPS (DoH) added encryption to DHS queries, making it harder for attackers to take over DNS queries and point victims to malicious websites, but DoH did not prevent DNS resolvers from viewing browser information.

Cloudflare and Apple have developed the Oblivious DNS-over-HTTPs (ODoH) prototype to remove DNS queries from internet users and to prevent the DNS resolver from knowing which sites are visited. 

“What ODoH is meant to do is separate the information about who is making the query and what the query is,” Nick Sullivan, Cloudflare’s head of research, told TechCrunch.

Federal Judge Blocks TikTok Ban 

A federal judge on Monday blocked President Donald Trump’s attempts to ban TikTok from app stores in the U.S. and cut it off from crucial technical services. 

Federal District Court Judge Carl Nichols in Washington ruled Monday that the Commerce Department “likely overstepped” its use of presidential emergency powers “and acted in an arbitrary and capricious manner by failing to consider obvious alternatives,” The Associated Press reports. 

Nichols is the second federal judge to block the Trump administration’s sanctions against the app. 

The White House has alleged that TikTok is a security threat because the Chinese government could spy on app users’ personal data.

TikTok has denied allegations that it poses a security threat but said that it was working with the administration to address its concerns.

— By DPN Staff