InfoSec Round-Up: June 19th 2020
Dating App Leak, Norwegian Tracing App and Security Camera Flaw
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
This week we are looking at the dating app data leak, Norwegian contract tracing app ruled intrusive and how secure is your home security camera? Welcome to the Hut Six Infosec Round-Up.
Niche Dating App Info Left Unsecured
Around 845GB of dating app data has been left publicly exposed as a results of a misconfigured AWS S3 bucket.
Believed to contain the data of hundreds of thousands of users, the exposed information was discovered by researchers at vpnMentor.
Made up of data from nine niche dating applications, explicit images, chats, and audio recordings were found in the breach. Data which could easily be used by cybercriminals to blackmail affected users.
Who exactly is responsible is unclear, though the researchers who discovered the data speculate a common developer, based on among other things, suspiciously similar website design.
Originally discovered on the 24th of May, researchers stated, “We [provided] the URL of their misconfigured bucket and mentioned that other buckets owned by their apparent sister companies were open too (without saying which ones).
While we didn’t receive any further communication, the same day, all the buckets belonging to every other app were also secured, confirming our assumption about the common developer.”
Global Contact Tracing Issues Persist
Contact tracing programs face yet another setback with Norway’s health authority forced to delete all data gathered via is Covid-19 tracking app.
The Norwegian Data Protection Authority has ruled that the Smittestopp app intruded into users’ privacy and that health chiefs have not demonstrated a ‘strict necessity’ for the extent of data collected.
As well as the ongoing privacy concerns being faced by the UK’s contract tracking systems, across the world authorities continue to run into privacy and security problems.
An Amnesty Security Lab investigation has reviewed a plethora of similar apps from across the world, noting the invasiveness of apps developed for Norway, Bahrain and Kuwait in particular.
Claudio Guarnieri, Head of Amnesty International’s Security Lab stated the following:
“Bahrain, Kuwait and Norway have run roughshod over people’s privacy, with highly invasive surveillance tools which go far beyond what is justified in efforts to tackle COVID-19. Privacy must not be another casualty as governments rush to roll out apps.”
Adding, “there are better options available that balance the need to trace the spread of the disease without hoovering up [the] sensitive personal information of millions of people,”
100,000 UK Security Cameras at Risk of Hacking
Research conducted by consumer publication Which? suggests that up to 100,000 UK security cameras contain critical flaws that may leave them vulnerable to hacking.
Having tested a variety of cameras available from marketplaces such as eBay and Amazon, the publication reports that 47 brands contain serious security issues in design and software, potentially allowing hackers to access video streams.
With the extremely serious privacy implications needing no explanation, it is thought that 12,000 of these devices have been activated in UK homes over the past three months alone.
Though many of the cameras have been taken off the market, more than 3.5 million cameras worldwide are still at risk.
For anyone wanting help with checking the security of their camera, the NCSC provides a detailed guide of how to securely set up smart cameras, including measures that can be taken to minimise the chances of misuse. A link to which is provided in the description.
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
NHS phishing attack sees email accounts compromised as part of an attack targeting a wide range of organisations Blog by Hut Six Security.
Who Enforces the Data Protection Act? Principles, Protections and Penalties. Blog by Information Security Awareness Training provider Hut Six Security.
How Secure is your Password Process? Password security blog from Information Security Awareness Training provider Hut Six Security.
Who Does the Data Protection Act Apply to? Blog by Information Security Awareness Training and phishing simulator provider Hut Six Security
What Social Engineering Methods do attackers use to get your personal information? Blog by Information Security Awareness Training provider Hut Six Security
What Year Was the Data Protection Act Introduced? - 2018, however it has seen some changes as enforcements have increased.
How Does the Data Protection Act Protect your Rights? Blog by information security awareness training provider Hut Six Security.
Knowing how a ransomware attack works is the key to avoiding them and the damage they can pose to your organisation. Blog by Hut Six Security.
Luke talks about his favourite Information Security tutorial, Handling Sensitive Information. Information Security video by Hut Six Security.
Ways of recognising phishing attacks to ensure your organisation stays secure. Blog by information security awareness training provider Hut Six Security.