Cybersecurity researchers have found a flaw in the encryption algorithm used for GPRS or 2G cell phones. This may have allowed hackers to gather information on data traffic for over 20 years. Experts suggest that the flaw in GEA-1 was created intentionally to allow a backdoor for law enforcement agencies. The GEA-1 algorithm was supposed to be removed from smartphones back in 2013 but researchers have found them in android and iOS devices, as well.
Tim Cook said that the proposed EU tech rules threaten the security and privacy of iPhones. He partially agrees with the rules, but expressed concern as legislation may allow apps to be downloaded by users from outside of the Apple store. This could ruin the security parameters that have been set by Apple, thereby putting users’ security at risk. Lawmaker Andreas Schwab said he wanted to strengthen the legislation and narrow the scope to just big companies.
Google has announced the launch of six new updates to android, including earthquake alert and E2E encrypted messaging. The earthquake alert system is already live in New Zealand and Greece, with Turkey, with Philippines, Kazakhstan, Kyrgyz Republic, Tajikistan, etc coming on board. Countries with higher earthquake risks are being prioritized for the launch of the alert system. The in-built message app can have messages encrypted.
WhatsApp is set to launch its new multi-device feature soon with E2E encryption. Mark Zukerberg said syncing all chats with E2E encryption across different devices was a technical challenge for them. In the next 1-2 months the Beta version of the new feature will be launched. Users will be able to run WhatsApp on multiple devices with no dependency on a primary device. The iPad will get its own version of the app.
Cyber threat intelligence company, Cyble has hired Rishi Mehta as their new CISO. The company specialises in empowering global organisations with dark web, cybercrime monitoring and mitigation services. Mehta is a veteran with experience of over two decades. He formerly worked with Target for six years as Senior Director, Technology. He has also worked with Religare, CitiFinancial, and Genpact. At Cyble he is expected to manage infosec functions.
The govt of India has said there has been no data breach into its email system run by the NIC and the email system is “totally safe and secure.” The statement released by the Union IT ministry further said that cybersecurity breaches on private portals may not impact govt employees unless the users have used their govt email ID and password to register on these portals. Data breaches in Air India, BigBasket, and Domino’s had exposed the email passwords of NIC to hackers.
Volkswagen, in a statement, said a data breach at a vendor has affected 3.3 mn customers and potential buyers in North America. Almost all of them were customers or potential buyers of Audi. The vendor had left sales and marketing information from 2014-19 in an e-file unsecured. Limited personal information about customers and potential buyers was exposed to hackers. VW will offer free credit protection services to the 90,000 customers affected by the leak.
Fast-food giant Mcdonald’s has been hit by a cyber attack. The South Korea and Taiwan branches had some of their customer and employee information exposed. Customer name, address, and email ID were leaked while the payment details are secure. The company will inform the regulators and customers listed in those files. McDonald’s daily operations were unaffected and no ransom was involved.