ICYMI: Crypto-crash; privacy shield; AI-weapons; Alexa, Swedish breach


In Case You Missed It: Rudd crypto-crash; privacy shield invalid; AI weaponised?; Alexa pwned; Swedish breach fallout

Rudd reaps tech industry backlash for proposal to undermine encryption

UK home secretary Amber Rudd faced a barrage of criticism after she warned social media and companies - ahead of attending the inaugural Global Internet Forum to Counter Terrorism in San Francisco - that the Government may introduce laws to clamp down on extremist content if companies do not take action themselves.

She drew particular criticism from civil rights groups and the tech industry for her comment, reported in the Telegraph, that "real people" don't need end to end encryption and that messaging apps like WhatsApp should ditch it and do more to help the authorities deal with security threats.  This ‘help' is understood to mean backdoors for the authorities – as well as not allowing suspected terrorists access to their services. More...

Human rights organisations declare EU-US privacy shield invalid

US surveillance practices render EU-US Privacy Shield ineffective according to a recent letter from Amnesty International and Human Rights Watch.

According to the groups, “the United States of America (United States) does not ensure a level of fundamental rights protection regarding the processing of personal data that is essentially equivalent to that guaranteed within the European Union (EU)”. In short, that the safety of European data cannot be ensured. More...

Weaponised AI. Davey Winder asks the industry - is that a thing yet?

According to research announced during the recent Black Hat conference in Vegas, some 62 per cent of infosec pros reckon weaponised AI will be in use by threat actors within 12 months. 

That artificial intelligence was on the agenda at Black Hat should come as no surprise. The promise of AI, from machine learning through to automation, in cyber security has become a major marketing tool amongst vendors. The good guys are clearly investing heavily in AI-defence research, but what about the bad guys?  More...

Researchers pwn Alexa, turning Amazon Echo into covert snooping device

A vulnerability in the Amazon Echo device can be exploited to turn it into a covert spying tool, according to researchers at MWR InfoSecurity

The popular speaker-come-personal-assistant is vulnerable to a physical attack that enables a threat actor to covertly monitor and listen in on users, stealing private data, without any indication of anything untoward.

While earlier research had shown that it was possible to boot into a generic Linux environment from an external SD card, via the debug pads exposed when the Echo rubber base is removed, MWR researchers managed to boot into the Echo firmware itself. This enabled them to install a 'persistent implant' and gain remote root shell access, before remotely monitoring the always listening microphone of the Echo.  More...

Two Swedish officials resign over data breach fallout

Transport agency staff who sought to hide a data breach at a Swedish transport agency have been ousted and  the PM criticised for failure to disclose earlier.

Two senior Swedish government officials have resigned in response to a data breach stemming from the country's Transport Agency. Anders Ygeman, Sweden's home affairs minister, and Anna Johansson, the infrastructure minister, had both resigned their posts due to the data breach and the scandal that followed, reported Politica.eu. More...

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews