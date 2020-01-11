Loading...

After anxious days awaiting Iran’s response to the American assassination of Qasem Soleimani, the country sent missiles to two Iraqi soldiers who housed American troops – who knew about it well in advance, thanks to an early warning system dating back to the Cold War. In a rare reversal of the norm, Donald Trump succeeded by using Twitter to release tensions rather than escalate them further. Iran is still on its way to developing nuclear capabilities, but they will not be there soon.

As far as everyone knows, Iran has not directly thwarted the US with a cyber attack, but a new report shows that they have been looking for critical US infrastructure over the past year. All this means, let’s hope that both parties stick to the escalation.

On the home front, Amazon struck just in time for the money-saving extension Honey and warned users that it was a security risk without specifying how. Google welcomed the espionage app ToTok back to the Google Pay Store, while the jury is still out for Apple. And TikTok recently fixed bugs that could allow attackers to take over a victim’s account. (No, that doesn’t mean it spies on you.)

It was an active week for Facebook; the company made its Privacy Checkup feature a little more grainy, acknowledging that standard end-to-end encryption of Messenger will take years, and suffered a bug that affected the Pages administrators. Otherwise all good.

And although you may have heard that Russia disconnected itself from the internet during the holidays, that is not entirely true. But the Kremlin’s efforts to censor the internet are very real and increasingly wider.

Stop us if you’ve heard this before: the FBI has asked Apple to unlock the iPhone from a mass shooter. As it did when the agency did the same in the San Bernadino investigation, Apple refused. The Cupertino company regularly meets summonses for data stored in the cloud, but states that breaking a locked iPhone should undermine its own encryption, which in turn would make all iPhones less secure. The long-standing fight in 2016 ended in a draw, when the FBI found a way to unlock the iPhone itself. Although his request has not yet escalated for a judicial battle, it is only a matter of time before he tries a rematch.

We have written about the risks inherent in using SMS-based two-factor authentication since 2016. Since then, the scourge of so-called SIM swap attacks that makes it possible has only gotten bigger, even Twitter director Jack Dorsey. This week, researchers at Princeton University’s Center for Information Technology have described in detail how SMS 2FA can go wrong, including multiple errors at couriers to check SIM swap requests. If this does not convince you to switch to an authenticator app, nothing does that.

It is no longer surprising that every voice assistant has a small army of human contractors behind them who transcribe recordings to improve accuracy. (Or did so, to the public impact.) Skype, allegedly, allegedly reached an impressive low point by not only using contractors in China, but allowing them to listen to recordings via a Chrome web browser, and was encouraged to stay long in to stay via the same account and password. In other words, it would have been almost comically easy to compromise the sensitive data. Microsoft told The Guardian that it has since moved its transcription efforts from China to “secure facilities.” It is unclear what that means exactly, but the bar seems to be extremely low.

To continue the theme: in a letter to US senators this week, Ring acknowledged that over the past four years, four employees were seeking unauthorized access to video made by their customers’ cameras. The company says one of them has been fired for violating company policies and that currently only three employees have access to stored customer videos.

