GM will deliver over-the-air updates to 'most' vehicles by 2023

Sponsored Links


General Motors

Today, General Motors unveiled its new electronics system. The platform will make “smartphone-like” over-the-air software updates possible, and it should be rolled out in most GM vehicles by 2023, the company says. We’ll see it first in the 2020 Cadillac CT5 sedan, which should go into production later this year.

Tesla has been able to update its software via the internet for years, but conventional automakers have been slow to follow suit. GM is one of the first to introduce the capability, and its new electronic system will be able to manage up to 4.5 terabytes of data processing per hour — that’s five times more than GM’s current systems can handle.

GM says cybersecurity is a “key pillar” of the platform. And, according to Reuters, the company previously said it would not use over-the-air updates for safety-critical systems, like braking. While there are potential safety and security implications, over-the-air updates will likely become standard industry wide as automobile manufacturers and tech companies alike double down on automotive software.

Let’s block ads! (Why?)

Link to original source

US government warns China may have access to drone data

Sponsored Links


ASSOCIATED PRESS

Today, the Department of Homeland Security issued an alert warning that Chinese-made drones may be sending flight information back to their manufacturers, who could share it with third parties. According to CNN, the alert warns companies and organizations that the US government has “strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data.”

The alert reportedly cautions organizations involved in national security and critical functions that they must be “especially vigilant as they may be at greater risk of espionage.” If the alert has any merit, it could be serious, as in the US, drones are used for everything from law enforcement to first response missions and medical deliveries.

The alert doesn’t list a specific drone manufacturer, but as CNN points out, nearly 80 percent of drones in the US and Canada come from DJI, which is headquartered in Shenzhen, China. According to Reuters, DJI said “the security of our technology has been independently verified by the US government and leading US businesses.” The company also said it gives its customers full and complete control over how data is collected, stored and transmitted. For government and other critical operations, DJI also offers drones that do not transfer data back to the company or via the internet.

This alert, issued by DHS’s Cybersecurity and Infrastructure Security Agency, comes less than a week after President Trump signed an executive order that bans the sale and use of telecom equipment that poses “unacceptable” risk to national security. While the US has expressed fears that companies like Huawei and ZTE could use infrastructure to facilitate surveillance, there hasn’t been any public evidence that Huawei participated in Chinese government espionage. Likewise, we haven’t seen any indication that Chinese drone manufacturers have shared drone data or used it in any objectionable ways.

Let’s block ads! (Why?)

Link to original source

Unsecured database exposed millions of Instagram influencers

Sponsored Links


Boston Globe via Getty Images

A database containing contact information for millions of Instagram influencers was reportedly found online, exposing info like phone numbers and email addresses for celebrities, influencers and brand accounts. According to TechCrunch, the database was hosted on Amazon Web Services and left without a password. It contained as many as 49 million records.

Each record contained public data scraped from influencers’ accounts. In some cases, the location of accounts, as well as owners’ email addresses and phone numbers were listed. Each record also contained an estimated worth of the account, based on followers, engagement and reach.

Security researcher Anurag Sen found the database, and TechCrunch reportedly traced it back to Chtrbox, a Mumbai-based social media marketing firm. When TechCrunch contacted the company, the database was removed, but Chtrbox did not respond to TechCrunch‘s request for comment.

“We’re looking into the issue to understand if the data described — including email and phone numbers — was from Instagram or from other sources,” an Instagram spokesperson told Engadget. “We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”

According to Facebook, scraping data of any kind is prohibited on Instagram, but it’s still unclear how the data was obtained or how it may have been used. In the past, we have seen hackers try to sell celebrity data scraped from Instagram, and the platform has faced its own security issues — like storing passwords in plain text and a bug that exposed some users’ passwords. As Facebook works to emphasize privacy, it will have to address Instagram’s vulnerabilities as well.

Let’s block ads! (Why?)

Link to original source

Hackers turn tables on account hijackers by stealing forum data

Sponsored Links


weerapatkiatdumrong via Getty Images

Online account hijackers received a taste of ironic punishment this week. KrebsOnSecurity has learned that hackers stole the database from the popular hijacker forum OGusers on May 12th, obtaining email addresses, hashed passwords, IP addresses and private forum messages for 112,988 accounts. The administrator initially told users that a hard drive failure had wiped out the information and forced the use of a backup, but that tall tale fell apart when the administrator of a rival forum made the data public.

The incident reportedly sparked chaos, with users receiving phishing emails. The main OGusers administrator even turned off self-bans so that users couldn’t leave and theoretically cover some of their tracks.

The hack’s consequences could extend significantly beyond giving account thieves and SIM hijackers a taste of their proverbial medicine. There’s a real chance law enforcement has its hands on the forum data. This could lead to more arrests, not to mention leads on existing cases. Don’t be surprised if some of the users go quiet, or at least scramble to change email addresses and logins.

Let’s block ads! (Why?)

Link to original source

US carriers say they've stopped selling location data

Sponsored Links


Jaap Arriens/NurPhoto via Getty Images

You might not have to worry quite so much about carriers selling your phone location data to less-than-diligent third parties. AT&T, Sprint, T-Mobile and Verizon (Engadget’s parent company) have provided responses to FCC Commissioner Jessica Rosenworcel’s request for an update on the practice, with all four saying they’d halted sales to aggregators sometime after promising to do so back in June 2018. AT&T, T-Mobile and Verizon all said they’d terminated their last sales at varying points in March 2019, while Sprint said it was ending its last deal with a location aggregator on May 31st.

To no one’s surprise, the carriers maintained that their sales only allowed specific uses. AT&T’s terms required “approved use cases” and deletion of info, while Verizon said it had a “detailed process” for clearing and screening aggregators’ customers. Sprint was less specific, but said it allowed aggregators to hold on to data for long enough to provide an “adequate response” and limited their access to just the information needed to fulfill their contracts.

It’s not certain those since-ended sales were legal, though. As Ars Technica observed, the Communications Act forbids phone companies from disclosing or using location info without explicit permission from customers. There’s no clear indication the networks obtained consent — customers certainly didn’t intend for the information to reach the hands of bounty hunters.

You might not get a timely response from the FCC, either. Rosenworcel wrote that the FCC had been “totally silent” about reports of companies selling location data, and Chairman Ajit Pai deferred responsibility to recently appointed commissioner Geoffrey Starks despite holding control of the investigation. Carriers may have eventually done more to respect customer privacy, but there’s no guarantee they’ll face punishment if they abused their power.

Verizon owns Engadget’s parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

Let’s block ads! (Why?)

Link to original source