InfoSec Round-Up: June 19th 2020

Play Video

Dating App Leak, Norwegian Tracing App and Security Camera Flaw

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

This week we are looking at the dating app data leak, Norwegian contract tracing app ruled intrusive and how secure is your home security camera? Welcome to the Hut Six Infosec Round-Up.

Niche Dating App Info Left Unsecured

Around 845GB of dating app data has been left publicly exposed as a results of a misconfigured AWS S3 bucket.

Believed to contain the data of hundreds of thousands of users, the exposed information was discovered by researchers at vpnMentor.

Made up of data from nine niche dating applications, explicit images, chats, and audio recordings were found in the breach. Data which could easily be used by cybercriminals to blackmail affected users.

Who exactly is responsible is unclear, though the researchers who discovered the data speculate a common developer, based on among other things, suspiciously similar website design.

Originally discovered on the 24th of May, researchers stated, “We [provided] the URL of their misconfigured bucket and mentioned that other buckets owned by their apparent sister companies were open too (without saying which ones).

While we didn’t receive any further communication, the same day, all the buckets belonging to every other app were also secured, confirming our assumption about the common developer.”

Global Contact Tracing Issues Persist

Contact tracing programs face yet another setback with Norway’s health authority forced to delete all data gathered via is Covid-19 tracking app.

The Norwegian Data Protection Authority has ruled that the Smittestopp app intruded into users’ privacy and that health chiefs have not demonstrated a ‘strict necessity’ for the extent of data collected.

As well as the ongoing privacy concerns being faced by the UK’s contract tracking systems, across the world authorities continue to run into privacy and security problems.

An Amnesty Security Lab investigation has reviewed a plethora of similar apps from across the world, noting the invasiveness of apps developed for Norway, Bahrain and Kuwait in particular.

Claudio Guarnieri, Head of Amnesty International’s Security Lab stated the following:

“Bahrain, Kuwait and Norway have run roughshod over people’s privacy, with highly invasive surveillance tools which go far beyond what is justified in efforts to tackle COVID-19. Privacy must not be another casualty as governments rush to roll out apps.” 

Adding, “there are better options available that balance the need to trace the spread of the disease without hoovering up [the] sensitive personal information of millions of people,”

100,000 UK Security Cameras at Risk of Hacking

Research conducted by consumer publication Which? suggests that up to 100,000 UK security cameras contain critical flaws that may leave them vulnerable to hacking.

Having tested a variety of cameras available from marketplaces such as eBay and Amazon, the publication reports that 47 brands contain serious security issues in design and software, potentially allowing hackers to access video streams.

With the extremely serious privacy implications needing no explanation, it is thought that 12,000 of these devices have been activated in UK homes over the past three months alone.

Though many of the cameras have been taken off the market, more than 3.5 million cameras worldwide are still at risk.

For anyone wanting help with checking the security of their camera, the NCSC provides a detailed guide of how to securely set up smart cameras, including measures that can be taken to minimise the chances of misuse. A link to which is provided in the description.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

NHS Phishing Attacks

NHS Email Accounts Compromised in Phishing Attack

NHS phishing attack sees email accounts compromised as part of an attack targeting a wide range of organisations Blog by Hut Six Security.

Data Protection Act Enforcers

Who Enforces the Data Protection Act?

Who Enforces the Data Protection Act? Principles, Protections and Penalties. Blog by Information Security Awareness Training provider Hut Six Security.

InfoSec Round-Up: June 12th 2020

InfoSec Round-Up: June 12th 2020 - Hut Six

Tax Refund Scams, Zoom Encryption and Fake Ransomware Decryptor – Infosec Round-Up, June 12th, 2020

How to improve your password security

How Secure is Your Password Process?

How Secure is your Password Process? Password security blog from Information Security Awareness Training provider Hut Six Security.

Data Protection Act Updates to Coverage

Who Does the Data Protection Act Apply To?

Who Does the Data Protection Act Apply to? Blog by Information Security Awareness Training and phishing simulator provider Hut Six Security

InfoSec Round-Up: June 5th 2020

InfoSec Round-Up: June 5th 2020 - Hut Six

REvil Ransomware, Apple Bug Bounty & UK Gov Contact Tracing – Infosec Round-Up, June 5th 2020

Social Engineering Methods

Why Social Engineering Works

What Social Engineering Methods do attackers use to get your personal information? Blog by Information Security Awareness Training provider Hut Six Security

Data Protection by the Numbers

What Year Was the Data Protection Act Introduced?

What Year Was the Data Protection Act Introduced? Blog by Information Security Awareness Training provider Hut Six Security.

InfoSec Round-Up: May 29th 2020

InfoSec Round-Up: May 29th 2020 - Hut Six

GitLab Phishing, Red Cross Cybersecurity, and easyJet Lawsuit - Infosec Round Up, May 29th 2020

Data Protection Principles

How Does the Data Protection Act Protect your Rights?

How Does the Data Protection Act Protect your Rights? Blog by information security awareness training provider Hut Six Security.