The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday September 11, 2019

Facebook has confirmed that at least 200 million phone numbers from members have been exposed in an online database. It could be more than twice that.

Facebook has confirmed that at least 200 million phone numbers from members have been exposed in an online database. It could be more than twice that.

Yes, we took a break from Facebook's weekly data leaks these past few weeks, but we weren't joking when we said it continues to happen.

The company said it is now investigating, trying to figure out who compiled this database of anywhere from 200 to 400 million phone records, leaving it online unprotected. It is not believed to have been compiled or put there by Facebook.

The database of telephone numbers and Facebook IDs was discovered on an unprotected web server and was not password protected.

The database was taken offline after the news site TechCrunch reported the issue to the web hosting company.

In April 2018, Facebook switched off a feature that let people search for other users by typing in their phone number.

The company said "malicious actors" had abused the feature by typing in millions of phone numbers to find out who owned them.

It said they had been harvesting profiles and phone numbers for years by abusing the search tool and that anybody who had not changed their privacy settings after adding their phone number should assume their information had been harvested.

Source: www.bbc.com

Sent to us by: Roy W. Nash

An estimated 600,000 GPS trackers for monitoring the location of kids, seniors, and pets contain vulnerabilities that open users up to a host of creepy attacks.

An estimated 600,000 GPS trackers for monitoring the location of kids, seniors, and pets contain vulnerabilities that open users up to a host of creepy attacks.

The $25 to $50 devices are small enough to wear on a necklace or stash in a pocket or car dash compartment. Many also include cameras and microphones. They’re marketed on Amazon and other online stores as inexpensive ways to help keep kids, seniors, and pets safe. Ignoring the ethics of attaching a spying device to the people we love, there’s another reason for skepticism. Vulnerabilities in the T8 Mini GPS Tracker Locator and almost 30 similar model brands from the same manufacturer, Shenzhen i365 Tech, make users vulnerable to eavesdropping, spying, and spoofing attacks that falsify users’ true location.

Researchers at Avast Threat Labs found that ID numbers assigned to each device were based on its International Mobile Equipment Identity, or IMEI. Even worse, during manufacturing, devices were assigned precisely the same default password of 123456. The design allowed the researchers to find more than 600,000 devices actively being used in the wild with that password. As if that wasn’t bad enough, the devices transmitted all data in plaintext using commands that were easy to reverse engineer.

The result: people who are on the same network as the smartphone or Web-based app can monitor or modify sensitive traffic. One command that might come in handy sends a text message to a phone of the attacker’s choice. An attacker can use it to obtain the phone number tied to a specific account. From there, attackers on the same network could change the GPS coordinates the tracker was reporting or force the device to call a number of the attacker’s choice and broadcast any sound within range of its microphone. Other commands allowed devices to return to their original factory settings, including the default password, or to install attacker-chosen firmware.

And for those of us familiar with man-in-the-middle attacks, here's a scary one: a simple command allows attackers to change the IP address of the server that the tracker communicates with.

The researchers said they privately notified the vendor of the T8 Mini GPS tracker of the vulnerabilities on June 24 and never got a response.

Source: arstechnica.com

Sent to us by: Roy W. Nash

To protect query privacy, Mozilla will begin a slow rollout of DNS-over-HTTPS by default in its Firefox browser at the end of the month, moving all DNS queries to Cloudflare.

To protect query privacy, Mozilla will begin a slow rollout of DNS-over-HTTPS by default in its Firefox browser at the end of the month, moving all DNS queries to Cloudflare.

Under development since 2017, DNS-over-HTTPS (known as DoH, for short) transfers domain-name queries – which try to match domain names with server IP addresses – over a secure, encrypted HTTPS connection to a DNS server, rather than via an unprotected, unencrypted bog-standard DNS connection.

This extra layer of security ideally prevents third-parties, such as network service providers, from easily seeing the websites internet users visit, and prevents miscreants from tampering with domain-name look-ups. Though DoH provides more privacy than the status quo, it's controversial where lack of privacy is assumed or required, such as monitored environments that insist on content filtering, among other reasons.

Back in July, the UK Internet Services Providers’ Association nominated Mozilla for its "internet villain of the year" award because DoH breaks DNS-based content filters put in place to deny access to explicit, obscene or otherwise objectionable websites. A few days later, the trade group reversed itself after fallout from users.

It's been claimed that DoH will make it easier for people to avoid network-based content filtering; Mozilla maintains that DoH improves overall internet security.

Although Firefox's DoH service will be provided through Cloudflare's 1.1.1.1 DNS service at first, the list of supported service providers may grow over time.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

A blind man has helped develop smart cane that uses Google Maps and sensors to navigate the world.

A blind man has helped develop smart cane that uses Google Maps and sensors to navigate the world.

Cities are difficult to navigate at the best of times, but for people who are visually impaired, they can be like an obstacle course and a maze wrapped into one.

A UK national travel survey found that adults with mobility difficulties took 39% fewer trips than those with no disability in 2017.

Now, a new smart cane is set to change that by revolutionising the way that blind people can navigate the world.

In order to guide its user around both low-hanging objects and obstacles above chest level, the WeWALK smart cane uses ultrasonic sensors to warn of nearby impediments through vibrations in the handle.

The cane, designed by engineers from Young Guru Academy (YGA) in Turkey, can also be paired with the WeWALK smartphone app via Bluetooth. Using the touchpad controls on the smart cane, the user can then control their smartphone without taking it out of their pocket, leaving one hand free for other tasks.

The tech doesn't stop there, though! Native integration with Voice Assistant and Google Maps software enables the cane to use its built-in speakers to inform the user of nearby stores and infrastructural details that they may not be able to see.

WeWALK CEO and co-founder Kursat Ceylan, who is also blind, says that he helped to develop the cane out of a desire to use modern technology as a tool for the visually impaired. In a world where there's talk of flying cars, he can't get his head around why blind people are still just using a stick to get around.

He says, “As a blind person, when I am at the Metro station I don’t know which is my exit…I don’t know which bus is approaching…[or] which stores are around me. That kind of information can be provided with the WeWALK.”

Currently, the startup sells the WeWALK for about $500. Of course, as they gain momentum, the price may change, but the features will also continue to be improved and enhanced.

Source: www.adaptnetwork.com

Sent to us by: Bekah Ferguson