Security
Headlines
HeadlinesLatestCVEs

Headline

Netflix’s Password-Sharing Crackdown Has Hit the US

TikTok user data is exposed to Chinese ByteDance employees, a screen recording app goes rogue in Google Play, and privacy groups want Slack to expand encryption.

Wired
#android#google#git

“We use information such as IP addresses, device IDs, and account activity to determine whether a device signed into your account is part of your Netflix Household,” Netflix has said. “We do not collect GPS data to try to determine the precise physical location of your devices.”

TikTok employees have been sharing sensitive user data on an internal productivity and communication platform known as Lark. Documents obtained by The New York Times show that thousands of Chinese employees of TikTok’s parent company ByteDance have access to and use Lark each day. User data shared on Lark mostly shows up in group chats, but the documents show that TikTok employees have raised concerns about the fact that ByteDance employees in China could potentially access users’ personal details on the platform, like US driver’s license data and even child sexual abuse material. Employees have reportedly been warning ByteDance and TikTok executives about the exposure since at least July 2021. Both TikTok and ByteDance have maintained over the years that there are barriers in place to prevent TikTok user’s data from being accessed in China.

An Android app known as iRecorder Screen Recorder that has been downloaded more than 50,000 times on Google Play was a legitimate app when it emerged in September 2021. But researchers from the security firm ESET found that in August 2022, the app received an update and started displaying malicious behavior. It now abuses its device microphone access to record audio every 15 minutes and send the data to a malicious server.

“Unfortunately, we don’t have any evidence that the app was pushed to a particular group of people, and from the app description and further research … it isn’t clear if a specific group of people was targeted or not,” ESET researcher Lukas Stefanko wrote. “It seems very unusual.”

Dozens of digital rights, pro-privacy, and civil liberties groups including Mozilla, the Tor Project, Fight for the Future, Derechos Digitales, and Abortion Access Front signed a letter calling for the workplace communication platform Slack to implement end-to-end encryption on its platform. Slack has long been criticized for failing to provide an end-to-end encryption option, which would cut down on governments’ ability to access and surveil Slack messages, but the letter is the most organized commentary yet. “For many of these groups and individuals, Slack is an absolutely vital communication tool, but it could also become the basis of government targeting, repression, censorship,” the organizations wrote. “Default end-to-end encrypted messaging [is] a first and best step companies can take to protect targeted communities.”

Wired: Latest News

Emergency Vehicle Lights Can Screw Up a Car's Automated Driving System