A wired report Google’s geographic location data has been used in 45 investigations and calculations of Capitol rioters. This includes the use of two geofence warrants that enable the FBI to identify suspects inside the January building. Experts acknowledge that this may have been fair, but are concerned about a slippery slope, especially since the use of geofence warrants has exploded in recent years.
In other Google news, Android has suffered another wave of scam applications. In at least one November campaign, hundreds of malicious apps entered Google Play and were downloaded to more than 10 million devices simultaneously. Bad apps used a variety of trickery tactics to avoid detection and tried to get users to sign up for a recurring charge. Researchers are unclear how much money they have made, but given the number of victims, it could be in the millions.
Internet infrastructure company Cloudflare is entering email security, two new, free tools designed to protect enterprise customers from phishing and other email problems. The Senate shouted again on Facebook, this time about the teen’s mental health. And now that you can go to your Microsoft account without a password, we’ve put together a quick guide on how to enable it.
Hill It lends itself to many explanations, but it may be the most interesting for future global conflicts, from Afghanistan to the cyber war. And we’ve seen why real-life James Bond probably won’t use the iPhone. (Or for the movie that Nokia relies on.)
And there’s more! Every week we do not publish all the security news of WIRED in depth. Click on the title to read the full story, and stay safe there.
The SIM-swap attack, in which someone ports your phone number on their device to get two-factor authentication on your most sensitive accounts, has been a nightmare for years. They have stolen cryptocurrencies, bank accounts are being emptied and social media accounts have been taken over. And while there is no easy way to stop them, there are certainly ways that the United States has not yet tried. That’s why it’s gratifying that the FCC seems to be finally paying attention to them; The company said this week that it plans to pressure carriers to implement more secure authentication before transferring numbers to a new device. It won’t completely solve the problem – especially since phone company employees have occasionally been able to actively carry out attacks – but it’s a long-delayed start.
Russia has continued to crack down on every aspect of technology in the country, which has taken a worrying turn this week. The country’s law enforcement agency has arrested Ilya Sachkov, founder and chief executive of the St. Petersburg-based cyber security firm Group-IB. He is accused of working with “foreign intelligence agencies” to undermine Russia’s national interests; The company has said he is innocent of all charges. If convicted, Sachkov could face up to 20 years in prison.
Security researchers this week pointed out a flaw in how Visa applied Apple Pay’s “Express Transit” feature that allows them to make unauthorized payments from a locked iPhone. First, they disguised a transit system ticket barrier using a cheap radio equipment, so that the iPhone thinks it is connecting to a legitimate system. Then, they use a so-called relay attack to send payment messages directly from the iPhone to the reader under their control, so that they can make large transactions without the need for any biometric verification. This is an issue that will primarily apply to stolen iPhones, and Apple said in a statement to the BBC that Visa is unlikely to recover due to the relative complexity of the attack.
We write a lot about ransomware and its various harmful effects on society around here. But you should take some time to read it, especially as attacks against hospitals continue to grow The Wall Street Journal Report on actual human consumption. This is a devastating but essential reading.
More great cable stories