Connect with us


Google Play could be used to track other people’s movements

Voice Of EU



A researcher from Malwarebytes discovered he was able to know his wife’s whereabouts without installing any spyware on her phone.

While spyware and stalkerware apps are a growing problem, these are not the only ways for someone to track us without our knowledge.

Cybersecurity company Malwarebytes appears to have discovered a way for Google Play to be manipulated to allow someone to track someone else’s movements without installing spyware.

In a blogpost, security researcher Pieter Arntz explained that he discovered the problem after he signed into his Google account on his wife’s phone.

“I installed an app on my wife’s Android phone and to do so, I needed to log into my Google account because I paid for the app. All went well, but after installing the app and testing whether it worked, I forgot to log out of Google Play,” Arntz explained.

Back to his own devices, he later looked at the Google Maps Timeline feature to see what information it had about his location.

“I started noticing strange things but couldn’t quite put my finger on what was going on. It showed me places I had been near, but never actually visited. I figured this was nothing more than Google being an over-achiever,” he said.

Arntz added the only way his wife could have noticed his lingering Google Play sign-in was a change in the avatar in the top right corner of her phone when she opened the app.

However, Arntz said that the issue persisted even after he logged out of Google Play on her phone. “After some digging I learned that my Google account was added to my wife’s phone’s accounts.”

Tech-enabled abuse

Malwarebytes is a cybersecurity company with offices in California, Florida, Estonia and Cork in Ireland.

Support Silicon Republic

It is also a founding member of the Coalition Against Stalkerware, which aims to keep people safe from being spied on.

However, while the Google sign-in problem uncovered by Arntz is not stalkerware, it can still be dangerous if used maliciously.

This is considered tech-enabled abuse, where the design of a legitimate technology can lead to intentional and malicious misuse.

This type of flaw can be particularly dangerous as it requires very little technological knowledge. In this case, all someone needs is access to another person’s phone.

Tech-enabled abuse like this can also circumvent any security software designed to detect spyware because the stalking is happening through a legitimate app.

Eva Galperin, director of cybersecurity for Electronic Frontier Foundation, said the flaw highlights the importance of quality assurance and user testing that takes domestic abuse situations into account.

“One of the most dangerous times in a domestic abuse situation is the time when the survivor is trying to disentangle their digital life from their abusers’,” she said.

“That is a time when the survivors’ data is particularly vulnerable to this kind of misconfiguration problem and the potential consequences are very serious.”

Malwarebytes has submitted an issue report to Google regarding the flaw but has advised Android users to check if any other accounts have been added to their phone.

This can be done by going to Settings > Accounts and Backups > Manage Accounts. From here, you can see which accounts are listed and remove any that should not be there.

Source link


‘A lemon’: Coalition fights to keep Covidsafe app data under wraps | Australia news

Voice Of EU



The Morrison government insists it is negotiating with the states about “future uses” for its troubled Covidsafe app despite it not being used during the outbreaks that prompted lockdowns in Victoria, New South Wales and the Australian Capital Territory.

The government is also refusing to release how many Australians continue to use the app, with one tech expert accusing the government of trying to avoid disclosing embarrassing data rather than admit it had failed to achieve its purpose.

Since vaccination rates reached more than 90% of the eligible population in most states, contact tracing is slowly being scaled back, with health authorities limiting the number of people contacted and asked to test and isolate.

Even when contact tracing played a critical role in reducing the number of cases, the app was of little assistance.

Almost none of the contacts were identified through the federal government’s CovidSafe contact tracing app despite well over 7 million people in Australia downloading it last year and the prime minister, Scott Morrison, declaring it the ticket out of lockdown.

Since launching in April last year, just 17 “close contacts” in NSW were found directly through the app that were not otherwise identified through manual contact tracing methods.

Guardian Australia has been engaged in a year-long freedom of information battle with the Digital Transformation Agency to reveal how many people continued to use the app after installing it.

This month the agency said releasing the information would hurt negotiations with the states over the app’s future uses.

“The Commonwealth is engaged in ongoing consultations and discussions with the states and territories on a framework around the use of Covidsafe data and data derived from Covidsafe data as a key tool for contact tracing,” DTA’s chief technology officer, Anthony Warnock, told the Office of the Australian Information Commissioner in a letter provided to Guardian Australia.

When asked about these discussions, both NSW and Victoria said the app had not been used at all in 2021.

“To date, it has not been necessary to use the Covidsafe app with any case clusters in 2021,” a NSW Health spokesperson said. “NSW Health’s contact tracing team has access to a variety of information to contain the spread of Covid-19 and keep the community safe.”

The ACT also said the app had never been used in the capital and, as of September, Queensland said it had used the app twice, with one contact identified but no positive cases identified.

It’s also unclear what future uses the federal government is considering.

Electronic Frontiers Australia’s chair, Justin Warren, who has been involved in complex FOI battles with the government, suggested the only reason the the release of the information would be damaging was if it showed far fewer people continued to use the app.

“The DTA appears to be trying to argue that we can’t learn the truth about just how big a lemon the Covidsafe app is because then people might know it’s a lemon and act accordingly,” he said. “It’s clear to me that they wouldn’t try to make this argument if the app was useful.”

The app costs around $75,000 a month to run, and a spokesperson for the federal health department said there were “no plans” to shut it down until the health minister determined it was no longer required.

Experts in the tech community last year called for the app to be modified using the Apple-Google exposure notification framework, which would work similarly to the UK’s NHS app and alert people when they had been in contact with a confirmed Covid-19 case.

A study published in Nature in May about how effective the NHS app in England and Wales had been between September and December last year found that for every positive case who agreed to alert their contacts, one case was averted.

The government has long argued against switching to an NHS-style version of the app, arguing that it left it up to users to contact the health department and get tested and isolate, rather than giving contact tracers a list of those exposed to follow up.

But a ministerial brief prepared by the DTA in May 2020, released this week on the transparency website Right to Know, reveals that the government believed it would require massive changes to the app and privacy laws to accommodate the change.

“The app would need to be significantly redesigned and rebuilt,” the agency said. “The ENF cannot simply be embedded into the current app. The health portal would also need to be redesigned and rebuilt.”

The DTA warned that a new privacy assessment would need to be undertaken, legislation might need to be amended, all current users would need to download and re-register through the app, and contact data could not be transferred.

The briefing also noted that the alerts people received through the app “may cause alarm” if contact tracers were not involved in the process.

Sign up to receive an email with the top stories from Guardian Australia every morning

But the agency said a change to the Apple/Google version would improve connectivity between devices and might encourage people who had hesitated to download the original app.

“Certain users who have avoided the app may perceive that the ENF provides stronger privacy protections through this largely decentralised non-government-controlled model.”

Victoria now automatically alerts people who were at high-risk venues through the Service Victoria app, and advises them to test and isolate, but does not do any further contact tracing except when someone tests positive.

NSW is planning to ditch QR code check-ins from all but high-risk venues from 15 December, or when the state reaches 95% of the eligible population having two doses of the vaccine.

Source link

Continue Reading


Meta won’t migrate future acquisitions out of AWS • The Register

Voice Of EU



Mark Zuckerberg’s recently rebadged Meta and Amazon Web Services have announced they’re going to be cloud BFFs, with the emphasis on the second F.

A joint announcement styles AWS as Meta’s “Key, Long-Term Strategic Cloud Provider”. Details of just what that means have not been offered, but a few specific initiatives were revealed.

One is the plan for Meta to “use the cloud to support acquisitions of companies that are already powered by AWS”. That’s notable, because when the firm (under its former nomenclature) acquired messaging service WhatsApp in 2014, it migrated the service from AWS to its own infrastructure. The new deal appears to mean Meta won’t bother doing that again – perhaps because it’s had a rotten time managing a MySQL migration?

The joint blurb also reveals that Meta already uses AWS “to complement its existing on-premises infrastructure”. More of that is coming: Zuck’s umbrella brand plans to “broaden its use of AWS compute, storage, databases, and security services to provide privacy, reliability, and scale in the cloud”.

The two companies are also both fired up about the PyTorch machine learning framework, which The Social Network™ spawned in 2016. The pair have promised to work together to optimise the tool so it works well with Amazon’s EC2 and SageMaker services.

“To make it easier for developers to build large-scale deep learning models for natural language processing and computer vision, the companies are enabling PyTorch on AWS to orchestrate large-scale training jobs across a distributed system of AI accelerators,” the announcement states, going on to promise “native tools to improve the performance, explainability, and cost of inference on PyTorch.”

While that work will be open sourced, the plan is to drive PyTorch users to AWS.

Meta’s veep of production engineering, Jason Kalich, said the special bond between them means “The global reach and reliability of AWS will help us continue to deliver innovative experiences for the billions of people around the world that use Meta products and services” – which reads like the sort of language it’s appropriate to write off as marketing doggerel.

Or perhaps not: Meta’s plan to build a metaverse – whatever that is – has been sketched out as requiring a lot of real-time multi-party video set in detailed virtual environments. That sort of thing is rather well suited to an elastic cloud that constantly upgrades its infrastructure with new instance types and GPUs, and perhaps less apt for a social network operator that essentially runs exceptionally large databases and analytics engines. ®

Source link

Continue Reading


What this leader finds most rewarding about working in medtech

Voice Of EU



The general manager of Johnson & Johnson’s Cerenovus site in Galway tells us about his role and the importance of gender equality in STEM.

Michael Gilvarry is the general manager of Cerenovus in Galway, which is part of the Johnson & Johnson family of medical devices companies.

It is a research site that develops a broad portfolio of innovative devices that aim to help patients after they have had a stroke.

Here, Gilvarry gives an overview of his role at Cerenovus and what a typical day looks like.

lick here to check out the top sci-tech employers hiring right now.

What kind of teams do you oversee at Cerenovus?

Cerenovus is a global leader in neurovascular care. Our commitment to changing the trajectory of stroke is inspired by our long heritage and dedication to protecting patients from stroke-related disabilities.

The functions at the Cerenovus Galway site are R&D, supply chain, quality, clinical, regulatory, finance and marketing. As well as leading the R&D in acute ischemic stroke, Cerenovus Galway also manufactures and supplies approved devices to global markets and oversees clinical activity.

What does a typical day at Cerenovus look like for you and your teams?

Our work at Cerenovus is focused on changing the trajectory of stroke. How do we do this? It all starts with scientific research into the underlying diseases which lead to stroke. We conduct this work under the umbrella of the Cerenovus Neuro Thromboembolic Initiative (NTI).

We work closely with universities and academics, including strong collaborations locally with GMIT and NUI Galway. This helps us recreate stroke in bench models. When we can simulate stroke in a lab environment, the creative process begins to think up new ideas for devices that can solve the real-world scenarios that we recreate. We then design and build in our prototype lab and test and refine designs until we have a concept that we are confident will work clinically.

Quality assurance is an essential part of what we do, so before devices are approved, they undergo rigorous design testing generating thousands of data points that are eventually submitted for approval before we can bring the device to market.

For our approved devices, we manage the supply chain from end to end – from material purchases, supplier quality, manufacturing devices through our external partners, sterilising and releasing the product, and shipping to distribution centres all over the globe.

What does leading the R&D taskforce involve?

The Ireland R&D taskforce is about bringing together our diverse businesses to strengthen our research, development and innovation footprint and looking at the external environment – such as how we engage with universities in research, strengthening and developing a diverse talent pool and networking with other researchers across Johnson & Johnson.

We are fortunate to have the support of agencies such as Science Foundation Ireland, IDA Ireland and Enterprise Ireland that recognise how important it is for us to continue to make scientific and technology advancements so we can continue to be leaders in the life sciences sector.

Is there anything you’re particularly excited to be working on at the moment?

We are continuously working on new product developments and building on past success. There is nothing more rewarding than hearing about successful patient outcomes after being treated with our devices. And it a big personal driver for me to continue to push the boundaries of technology to put even better tools in the hands of physicians that make stroke treatment quicker, easier and even more effective.

The growth of our business has led to a significant expansion of our facility, which is almost complete. I’m also excited that the business is recruiting new roles to continue to expand our capabilities. Each year we have seen new, talented people join our team and they are bringing the business to new heights. I’m excited to continue to bring on new employees that will bring new perspectives, ideas and diversity to our team.

It looks like your responsibilities are multifold, from R&D to boosting gender equality. How do these responsibilities complement each other?

I don’t just see this as my responsibility as a business leader in Johnson & Johnson, but also as a responsibility as a member of the scientific community and as a globally minded citizen who feels passionately about developing future leaders.

When I reflect on my career, I appreciate how fortunate I was to have mentors to guide me along my path from an engineering graduate to my current role as general manager. Looking back, I appreciated the importance of having a mentor to support, advise, challenge and encourage in the right measures.

I was delighted to have the opportunity to sponsor the Johnson & Johnson women’s leadership and inclusion employee resource group for across our Ireland campuses, which promotes the development of female leaders in the organisation. The programme supports professional development through networking initiatives, mentorship programmes and personal brand development.

We recently expanded Johnson & Johnson’s WiSTEM2D programme to NUI Galway, offering more female STEM students support even before they start their careers. This programme has been very successful and is helping build a more diverse STEM community in Ireland.

Why do you think gender equality should be a priority for more science and tech companies?

At Johnson & Johnson, we recognise that women are continuously and disproportionately missing from the STEM workforce and in higher education. We need a more diverse STEM workforce if we are going to unleash our potential to change the trajectory of health and stroke.

More than 5,000 people work for Johnson & Johnson across 10 sites in Ireland. We have women working in STEM roles every day and we put them to the forefront to showcase that an exciting career in STEM is possible.

The lack of representation of women in STEM is high, so businesses need to spend time designing accessible solutions to attract more women to the sector and help remove barriers – thereby opening pathways, creating networks and job opportunities.

Source link

Continue Reading


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!