A Hacker Takes $610M in Cryptocurrency and Returns the Most It

Plus: A lawsuit against Apple, a VPN audit and other top security news.

It was a big week for smartphone privacy, or at least in various ways that external forces make your location data more or less secure. On the bad side of the ledger, most 5G connections in the US today aren’t actually full 5G, which means they’re susceptible to the sort of stingray surveillance that the next-generation standard was supposed to prevent. On the plus side, researchers have figured out a way to prevent your carrier from knowing where you are every single time you reconnect to a cell tower. It’s difficult to get them to implement it.

This week, privacy advocates also published documents showing that the NYPD spent $159 million to buy surveillance tools since 2007. These tools included stingrays and policing software.

Our colleagues in the UK took a look at new research that shows how and where extremists have set up shop on platforms like Steam and Discord. It’s a long-stewing problem, which makes it all the more frustrating that these well-resourced services haven’t managed to tackle it yet.

Google has made some changes to the Play Store, most of which matter for developers more than end users. Scammers will be unable to sell malware-laden sideloaded applications if they switch to an Android package instead.

The Poly Network decentralized financial system has been on a rollercoaster ride. The hacker took over $600,000,000 in just the first week and began returning it Wednesday. They had already returned $342million of the stolen funds by Thursday and had also frozen $33million worth of Tether stablecoins. They have placed the remaining crypto assets in a wallet which requires keys from Poly Network as well as the hacker. Their fate remains in doubt.

Virtual private networks are nice in theory; they let you browse without your ISP knowing what you’re up to, and their encrypted connections make it harder for anyone to snoop on your activity. A new study by the Markup has shown that many VPNs allow third-party trackers to monitor your activities, even though they don’t themselves log it. It’s a practice that undermines the whole privacy aspect of a VPN–and also something we factor into our best VPN recommendations.

Apple filed a lawsuit against Corellium in 2019 over their iOS virtualization software. Corellium’s products are popular among security researchers, who have limited insight into iOS itself; Apple claimed that the software violated the company’s copyright claims. The retreat comes at a time Apple has come under fire from privacy advocates over it introduced controversial steps to find child sexual abuse materials in iCloud that involves iPhones themselves. The security community needs to support it. A lawsuit against an important research tool was not going to help.

Microsoft has had to deal with many security problems over the past few months related to Windows Print Spooler. This includes more than one unsuccessful attempt to fix a PrintNightmare vulnerability. Although it is a temporary solution, Microsoft finally provided a means to resolve its printer problems this week. Anyone who uses Windows Point and Print to install drivers must have administrative rights. That should stave off most PrintNighmare attacks–but has already been demonstrated not to stop all of them.

More Great WIRED Stories

Publited Sat, 14 August 2021 at 13:56.42 +0000

Leave a Reply

Your email address will not be published. Required fields are marked *