FlashRouters Privacy News Center: Australian Data Laws, Airport Wi-Fi Security, & How Your Apps Are Tracking You

UPDATED: 12/28/2018

Welcome to the FlashRouters Privacy News Center, your one-stop shop for news on worldwide Internet privacy.

Whether it is a hardware vulnerability potentially exposing the privacy of users, a draconian government snooping in on their citizens, or even big company’s data breach, FlashRouters provides a solution for online safety in a constantly changing world. Now, let’s check in on this latest Internet privacy top stories.

Authorities Accuse Weather Channel App Of Selling User Data

According to The New York Times, the city of Los Angeles is suing the popular “Weather Channel” app of selling user data. The city government states that “operators unfairly coerced app users to turn on location tracking.”

However, it was further revealed that user’s location data was being used for commercial purposes, such as targeted marketing. Other weather apps have been subject to similar allegations as well, including Accuweather and WeatherBug.

Strangers May Have Had Access To Your Ring Amazon Ring Security Camera

The Ring, a video enabled “smart-doorbell”, has a history of poorly handling customer’s home video feeds. In 2016, Ring provided its Ukrainian research and development team complete access to every video created by every Ring camera around the world. These video files were unencrypted and were linked to a corresponding database of customers.

Coincidentally, Ring also provided U.S. based executives and engineers total access to the company’s support portal, allowing unfiltered and unrestricted access to live feeds of all their customers. Anyone given this level of access would only require a customer’s email address to be able to watch live footage of their home.

Vulnerability Within Fortnite Allows Hackers To Take Over Accounts

Researchers at Check Point Research uncovered a bug within popular video game Fortnite allowing attackers access user accounts. This bug granted access to accounts after clicking on a suspicious link. Epic Games, developer of Fortnite, was notified of the bug in November and has since patched the bug.

Attackers could potentially use these hijacked accounts to purchase the in-game currency “V-Bucks”. Since the game does not allow simultaneous sign-ins, the hacker could prevent the victim from logging into the account.

Amadeus Booking System Potentially Exposes Millions Of Travelers

A recent discovery by Safety Detective’s research lab found that the Amadeus online reservation system contained a crucial vulnerability. It was found that it was possible to access and change reservations with only a booking number.

This booking system is used by 44 percent of the international carrier’s market. By simply making a small change in the code, attackers could access customer name and flight details, granting access to frequent flyer miles, seats, meals, email addresses, and more.

Amadeus released a statement citing that it had “added a Recovery PTR to prevent a malicious user from accessing travelers’ personal information.” The vulnerability has since been patched.

Explaining Australian Data Encryption Laws

This month, Australia passed controversial laws granting police and security agencies access to encrypted messages. The government states that this measure is necessary to combat terrorism and crime, but many are concerned that it could undermine the security and privacy of users.

These laws differ to ones in China, Russia, and Turkey, where end-to-end encryption services are banned. For Australians, this law means that police can force companies to create a function to grant them access to encrypted messages without the user’s knowledge.

Companies that do not comply risk being fined.

Stopping Cyber Criminals While On Airport Wi-Fi

According to Dror Liwer, chief security officer for Coronet, a cyber-security firm, airports are a target for hackers due to the concentration of “high-value assets.” This includes business travelers and more affluent individuals.

Hackers launch a fake airport Wi-Fi signal to entice unknowing users to connecting to it. Once the user connects to the hacker’s Wi-Fi, they have access to all your information. According to Liwer, the best way to protect yourself on public Wi-Fi networks is to use  a virtual private network, or VPN.

Top NRCC Officials Fall Victim To Major 2018 Email Hack

The email accounts of four senior aides at the National Republican Congressional Committee were accessed by an outside hacker, party officials state. This event took place during 2018 midterm campaigns, exposing thousands of sensitive emails.

After alerting the committee as well as its cyber-security contractor, an internal investigation was initiated. Luckily, no information accessed during the hack has been exposed to the public.

Your Smartphone Apps Are Tracking And Selling Your Location

Smartphone apps are tracking your location in near real-time and selling the information without your knowledge. Some individuals are tracked over 8,600 times, an average of once every 21 minutes. The information is so precise that companies are able to know exactly what you are doing and where you are during the day. This information is accurate within a few yards.

These companies sell and, use, and analyze the data to advertisers, retail outlets, and even hedge funds in order to gather information on consumer behavior. While companies claim that the data is not tied to anyone’s personal data, individuals with access to raw data can attach a name to the data by simply seeing where the device spent the most time.

19,000+ Orange Modems Are Leaking Wireless Network Credentials

This week, a security researcher found that nearly 19,500 Orange LiveBox ADSL modems are leaking Wi-Fi credentials. Troy Mursch, co-founder of Bad Packets LLC, states that his company’s honeypots have detected at least one threat actor scanning exclusively for Orange modems.

The attacker is exploiting a vulnerability affecting Orange LiveBox devices. It allows a remote attacker to obtain the Wi-Fi password and SSID for the modem’s internal Wi-Fi network by accessing its configuration file.

This attack can result in on-location proximity hacks and even a way for hacker’s to build an online botnet.

Amazon Leaks Names And Email Addresses In “Technical Error”

Just last week Amazon emailed users to inform them of a “technical error” that exposed their names and email addresses publicly available. Amazon has not revealed how many users have been affected by the mistake and has began to reach out to those affected.

However, these emails that Amazon has sent are surprisingly brief and offer little to no insight on how the leak happened. While Amazon claims that the error has been fixed and no actions need to be taken on the users’ end, this leak leaves users exposed to phishing attacks and false password reset attempts.

How The NSA Is Responsible For A Recent Attack On Home Routers

Do you have an older home router? Does it have the Universal Plug and Play (UPnP) protocol activated? If you answered “yes” to these questions, then you may be infected with malware developed by the NSA.

Fortunately, the NSA is not behind the plot to infect your router. The malware attack is being sent out by various cyber criminals and hacker groups. This malware has been dubbed “UPnProxy: EternalSilence” by researchers at Akamai, a data management firm. Essentially, this malware can infect old routers via the UPnP protocols and gain direct access to Windows PCs on home and small-business networks.

The best way to combat this attack if you aren’t already infected is to factory reset your router, disable UPnP, and then update your router to the latest firmware.

Hackers Bypass Crucial And Samsung SSD Encryption With Ease

Researchers at Radboud University in The Netherlands have recently reported that hackers could easily bypass Microsoft’s default encryption on Crucial and Samsung solid state drives. The researchers were able to reverse engineer the firmware on multiple drives and discovered a “pattern of critical issues.”

One issue happens to be that the default master password to decrypt the data was just an empty string. This means that someone could decrypt the drive by just hitting the Enter key on the keyboard. Another issue happened to be that the drive’s password validation check did not work, allowing any password to unlock the drive.

The drives that the researchers found to have these issues include, but are not limited to, Crucial’s MX100, MX200, and MX300 SSDs, Samsung’s T3 and T5 portable SSDs, as well as Samsung 840 EVO and 850 EVO SSDs. These issues likely affect other products, considering that many share the same firmware.

500 Million Guests’ Data Exposed By Marriott International

The Marriott International hotel chain stated the Starwood reservation database system had been hacked. This database contained details of up to 500 million guests going as far back as 2014. The hotel group was informed i September that an attempt to access the database was made. An investigation taking place this month confirms that unauthorized access had been made.

The hackers also obtained encrypted credit-card information for some customers, but it is not clear if they will be able to use the payment details. The hack affects customers who made reservations for Starwood hotel brands from 2014 to September of this year. Some of these hotels include Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Meridien, tribute, Design Hotels, Elements, and the Luxury Collection.

Marriott International has since set up a dedicated website and call center for those affected in the breach. They will also be offering a year of free enrollment to Web Watcher to customers that live in the United States, Canada, and Britain. This service will alert people if their information is being sold online.

More Steps To Secure Your Home Network

A FlashRouter provides open-source firmware such as DD-WRT, OpenWRT and TomatoUSB to secure and protect your home network from exploits, whether they come from hackers or snooping governments.

Choose from our most popular VPN & Security Enhanced FlashRouters or creach out to our Team of Open Source Experts for more information!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.