Thursday, 25 April 2019

Behind the Mask: 4 Companies That Don’t Really Care About Your Security

companies-dont-care-security

Before the internet, if we didn’t trust a company or business, we could choose not to trade with them. It was easier to evaluate the trustworthiness of local companies too.

These days, our digital lives are spread among many online apps and services, all of which capture personal and confidential data about who we are. We expect them to value our security, but not all of them do.

Here are four examples of companies that don’t really care about your security.

1. Facebook

Facebook in a web browser

In the early days of Facebook, most of us would share our thoughts, ideas, events, and photos on the social network. It gained users at a phenomenal rate, eventually claiming an estimated 2.3 billion users as of December 2018. However, as we’ve come to find, that growth has been at our expense.

The company had a terrible 2018, filled with privacy scandals, regulation, criticism, and security flaws.

The first story that opened the floodgates was the Cambridge Analytica scandal, where your supposedly private Facebook data was made available to political research groups around the world. The company was heavily implicated in interference with both the 2016 US Presidential election and the UK’s European Union membership referendum.

Since that revelation, there has been an almost endless stream of issues emanating from the world’s largest social network. In October 2018, we found out that over 50 million Facebook accounts were  hacked. Then there was the bug that exposed your private Facebook photos. The company was later caught using immoral tactics to harvest data from young people using a questionable VPN app. The backlash led to Facebook axing the Onavo VPN app in early 2019.

Throughout this spate of bad press, Mark Zuckerberg maintained that Facebook was a positive force in the world. Evidently, he didn’t communicate this to the rest of the company, as in March 2019, it was reported that Facebook had stored user passwords in plaintext for years.

2. Intel

Screenshot of the Intel Remote Keyboard vulnerability disclosure

Intel, founded in 1968, was one of the first major technology companies of Silicon Valley. The company’s main trade is in computer processors. However, as the years passed by, the company diversified into many different areas.

In 2015, they released several consumer-focused mini-PCs, like the Intel Next Unit of Computing (NUC) and the Intel Compute Stick. These mini computers focused on their space-saving hardware and didn’t include additional peripherals like keyboards. So instead, the company released smartphone apps to control them remotely.

Experience has taught us that niche apps don’t receive regular updates, as budgets get reduced, or the developer moves onto other projects. The Intel Remote Keyboard app for Android devices was no different. In mid-2018, security researchers disclosed three security bugs they had found in the app.

Two of these flaws received high severity ratings, while the third was deemed critical. The researchers found that these bugs could allow attackers to inject keystrokes and even compromise the user’s device.

Instead of promising to fix these severe and critical flaws in the app, Intel instead opted to remove it from the Google Play Store entirely. Existing users were left with the choice between a flawed device or consigning their Intel mini-PCs to the past.

3. Amazon

Screenshot of Amazon's Rekognition marketing website

The world’s largest online retailer, Amazon, has mostly avoided any high-profile data breaches. However, in November 2018, some customers received an email from the company alerting them to accidental disclosure of their data.

Amazon blamed this disclosure on a technical error with the website. The email was brief and contained very little information.

“We’re contacting you to let you know that our website inadvertently disclosed your name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.”

Understandably, the affected customers were not reassured by Amazon’s communications. The company refused to give any further updates, so customers were left in the dark as to what data was disclosed and how long for. The tight-lipped nature of the response left many feeling that the company had something to hide.

Unsurprisingly, this did nothing to improve people’s trust in the retailer.

Amazon has also been subject to much criticism for its use of facial recognition technology. While maintaining a public opposition to its use, Amazon was selling a facial recognition product called Rekognition to various US law enforcement agencies.

The product’s marketing materials made it clear that one of the most likely uses was for law enforcement, and that it could identify up to 100 people in a single image in real time.

4. Companies That Use the Phrase “We Take Your Privacy and Security Seriously”

Data breaches are happening more often than ever before. No matter how security conscious you try to be, these hacks ultimately end up affecting us all. The diverse range of business and companies targeted over recent years show that the attackers don’t discriminate.

Despite all their best attempts, sometimes a company can’t hold back the attack. The next steps, then, should be to alert their users responsibly, and tell them how they intend to remedy the situation.

In our media-heavy world, we’ve become well-versed at detecting corporate PR, and the stock phrases they use to deflect blame. You’ve probably seen a recently-breached company say something to the effect of “we take your privacy and security seriously.” This is a significant indicator that they don’t take your security seriously.

The problem has become so widespread, that TechCrunch even reported on the use of this stock phrase. They analyzed all 285 data breach notifications submitted to the California attorney general and found that over a third used this phrase.

The TechCrunch analysis also noted that many of these multi-national, cash-rich companies would rather pay the fines issued them for the breach than make improvements to their cybersecurity. In 2017, Equifax was subject to an enormous breach that affected 200 million people worldwide.

The company’s response was messy, took very little responsibility for the breach, and left most people affected without any real support. To date, Equifax has not faced any repercussions for their lack of security measures although there have been a few individual lawsuits which have resulted in awards of up to $10,000.

Who Can You Trust?

We live our lives online, disclosing personal and confidential information across the internet. We often believe that the companies we entrust with it will protect us. However, that isn’t always the case. Data breaches, and the responses to them, highlight how little we can really trust that our data is secure.

Fortunately, we can take steps to protect ourselves. You can use open-source tools to keep your data secure. Additionally, if you find yourself losing faith in the mainstream social networks, you could switch to the Facebook alternatives that don’t steal your data.

Read the full article: Behind the Mask: 4 Companies That Don’t Really Care About Your Security



from MakeUseOf http://bit.ly/2PtNFU6
via IFTTT

No comments:

Post a Comment