Home / Technology / Forgive the intrusion # 13: policing with AI Forgive the intrusion # 13: policing with AI Google +
Subscribe to this biweekly newsletter here!
Welcome to the latest issue of Pardon The Intrusion, TNW’s biweekly newsletter in which we explore the wild world of security.
A few months ago I wrote about how the Indian government rejected fears of mass surveillance in response to concerns that its proposed facial recognition system did not have adequate oversight.
But when the country’s capital was captured by municipal violence last month, law enforcement agencies seem to have used the technology to identify more than 1 ,100 people who are alleged to have been at unrest and violent protests were involved.
“We use facial recognition software to identify the people behind the violence,” said India’s Interior Minister Amit Shah .“We also entered Aadhaar (personal identity numbers based on a person’s biometric and demographic data) and driver’s license data into this software, which identified 1,100 people.Of these, 300 people came from [the north Indian state of] Uttar Pradesh to use violence.“
However, this is not the first time that the technology has been introduced in India.It was used by police forces during the parades and once at a political rally earlier this year to check the crowd.The Delhi police use facial recognition software called AI Vision to identify suspects in real time.
In addition, the police in Uttar Pradesh used the technology – called Police Artificial Intelligence System .(PAIS), developed by the Indian startup Staqu – during protests against a controversial citizenship law which critics say are marginalizing Muslims.
Although this admission is huge, the problem here is: From a legal point of view, India is currently India.
There are no comprehensive regulations that define responsible use of this technology.Even worse is the lack of consent that results from sharing Aadhaar data with law enforcement officials.
As the government is working to create a nationwide database to match the images captured by CCTV cameras with existing databases, the need for proper monitoring is a must to protect individual privacy and prevent innocent people from being arrested.*** Do you have a burning cybersecurity question or privacy issue that you need help with? Write them to me by email and I will discuss them in the next newsletter! Now for further security messages.
What is the trend in terms of security?
It was only a time before hackers learned how to use the coronavirus pandemic to spread malware.In the last two weeks more bad apps were booted from the Apple and Google app stores and T-Mobile, Virgin Media, Uber, Walgreens and the anonymous social media app Whisper suffered data leaks.Be safe online and offline.As the corona virus becomes a pandemic, villains take advantage of the situation by spreading malware disguised as a “corona virus card” that activates information theft called ” AZORult “.[ TNW about Basic Cybersecurity ] Your VPN and ad blocker apps can route your internet traffic over the phone and through the app analysis company Sensor Tower.
However, the company said it “only collects anonymized usage and analytics data”.
[BuzzfeedNews ] The crypto wars are back: US lawmakers are pushing the law to eliminate abusive and widespread neglect of interactive technologies (also known as EARN IT ), which aims to Enforce standards to protect children from sexual exploitation online, but at the cost of data protection.The Match Group, which owns dating apps like Match, Tinder, OkCupid and Hinge, said it will support the act.[ CNET / Match Group ] Other cases of bad apps: Banjo an AI-based surveillance company, used a shadow company to push benign – Look for Android and iOS apps that have secretly searched users’ social media accounts.In a similar case, Clean Master retrieved an Android security app with 1 billion downloads from the Google Play Store after it was found to track users’ web browsing activity.Avast was recently caught pulling the same thing.
Attackers also use hidden apps from to get malware on mobile devices.[Motherboard / Forbes / TechRepublic ] D Do you have a Samsung phone and have a Samsung account? It activates the mandatory 2FA for all new registrations after reporting a “minor” data breach that affected a handful of customers.However, it is based on SMS.At this point, there is no excuse for not enforcing 2FA on every account you value.
[Forbes ] LGBTQ dating app Grindr was sold by its Chinese owner Kunlun to investor San Vicente Acquisition for $ 608.5 million after a US government committee raised concerns National Security that Kunlun Grindr owns was a national security risk.[TheFinancialTimes ] Even within the CIA, wrong passwords are one thing.And the password for his top secret hacking tools? ” 123ABCdef ” [ The Register ] Google location data turned an innocent biker into a suspect just because he had passed three times inside the victim’s house Hour.
[ NBC News ] Researchers describe how Android apps can steal unique 2FA codes from Google Authenticator by taking screenshots – a bug that was first discovered in 2014.ThreatFabric discovered “Cerberus” is the first Android malware to use this technology to steal 2FA codes from the authentication app.[ ThreatFabric / Nightwatch Cybersecurity ] Consumer Watchdog Which? has calculated that two out of five Android devices no longer receive major security updates from Google, exposing them to a higher risk of malware or other vulnerabilities.[Which? ] Newly published research uncovered several bugs in Intel and AMD CPUs that exposed sensitive data, arbitrary code (called Load Value Injection ) and compromise the security features.
While AMD downplayed the threat, Intel released a patch to address the LVI vulnerability.[ Positive Technologies / The Hacker News / Intel ] As Malware the authors attempt to develop more secret tools, Patrick Wardle , A former National Security Agency hacker showed how easy it is to steal a rival’s code and then reuse it.[ Ars Technica ] A penetration tester wanted to test the defense of a South Dakota correctional facility in 2014, and his mother volunteered for the job.
Not only did she get involved, she also stuck malicious USB sticks into prison computers to give him remote access to the systems.
[WIRED ] Here is a new tool that allows you to open all email attachments without fear of malware.It is also open source.[Dangerzone ] Researchers found problems in how Toyota, Hyundai and Kia deal with encryption in immobilizers for cars Immobilizers so that an attacker could start the engine remotely and then can drive away.[ WIRED ] An old story, but is still relevant given the flood of ransomware attacks.
“Like a man who goes through customs with cocaine dripping from his pant leg,” Drake Bennett of Bloomberg managed to sabotage his editor with the ransomware he found in the dark web.[ Bloomberg ] Microsoft, along with partners in 35 countries, abolished Necurs one of the most productive spam and malware botnets, believed to be more than nine million has infected computers worldwide.[ Microsoft ] The last two weeks in data breaches and leaks : Clearview AI (yes, the controversial face recognition startup ), T-Mobile Uber Virgin Media Visser Walgreens and Whisper .Datapoint
Did you know that hacking victims uncover cyberattacks faster? We probably have to thank the GDPR for that.
According to FireEye Mandiant M-Trends 2020 report [19459109]organizations can find and contain attackers more quickly.
The global mean dwell time, calculated as the number of days an attacker is present in a, the network of victims before they are discovered has decreased from 416 days in 2011 to 56 days in 2019.In the European Union, the mean residence time decreased from 177 days in 2018 to only 54 days – a decrease of 77%.It is also noteworthy that more victims are notified by an external party than by the organization that identifies the security incident itself.
GDPR regulations require affected organizations to report the violation to the relevant data protection authority within 72 hours of the incident.
Takeaway: Data breaches unfortunately become part of life in the 21st century.This just means that companies need to take security seriously and invest more in strengthening their cyber security.
“Validating security effectiveness using purple and red team exercises is one of the best ways for businesses to assess and test their security,” FireEye said.
“By acting against real attackers, security teams can assess their own ability to identify and respond to an active attacker scenario.Readiness assessments and table exercises to respond to incidents also help improve readiness.“
That was & # 39; s.We’ll see you in a few days.Stay safe!
Ravie x TNW (ravie [at] thenextweb [dot] com) Corona Reporting
Read our daily coverage of how the tech industry is responding to the corona virus and subscribe to our weekly Corona Virus newsletter in context.
Tips and tricks for remote work can be found in our articles on growth quarters here or follow us on Twitter ..
