Security News This Week: Germany's Election Software Is Dangerously Hackable

WIRED

First, Symantec revealed that hackers--probably based in Russia, although the security firm didn't go so far as to name names--had hacked more than 20 power companies in North America and Europe, and in a handful of cases, had direct access to their control systems. And then Equifax confessed it had been the target of a breach that stole 143 million Americans' data, one of the worst data spills ever, and one that raises questions about data centralization, particularly for Social Security Numbers. Megabreaches aside, Facebook admitted that a Russian troll farm had spent $100,000 on influence ads during last year's election. Google patched a flaw in Android that would allow a nasty "toast overlay" attack to take control of devices. And we spoke to the Democratic National Committee's chief technology officer about how he hopes to prevent the next attack aimed at disemboweling the party.


The Morning After: Wednesday, May 10th 2017

Engadget

How's it gone so far? Microsoft's big annual conference kicks off today, and we've sniffed out what you can expect. We also get the full reveal of Amazon's Echo-with-a-screen. It's not pretty, but it does sound pretty smart. What to expect at Microsoft's Build 2017 conference While it's a mobile computing world, Microsoft has no shortage of projects we need to be updated on.


Apple says the iPhone doesn't listen to your conversations

Engadget

Last month, members of the House Energy and Commerce Committee fired off a letter to Apple following reports that phones and other devices, such as smart speakers, can listen in on conversations. Now, the tech giant has sent the Representatives its response: iPhones, it says, don't listen to people's conversations and don't share people's spoken words with third-parties. In what could be interpreted as a dig at its staunchest competitors, Cupertino explains in the letter (courtesy of CNET) that the customer is not its product and that its business model "does not depend on collecting vast amounts of personally identifiable information to enrich targeted profiles marketed to advertisers." In the original letter the lawmakers sent, they specifically noted reports that third-party apps could access the data devices supposedly collect while listening for their "trigger words," such as "Hey, Siri, "OK Google" and "Hey, Alexa." During Facebook's congressional hearing back in April, Senator Gary Peters (D-MI) even asked Mark Zuckerberg whether the social network listens in on people through their phone mics in order to serve relevant ads.


Tech Advances Make It Easier to Assign Blame for Cyberattacks

WSJ.com: WSJD - Technology

"All you have to do is look at the attacks that have taken place recently--WannaCry, NotPetya and others--and see how quickly the industry and government is coming out and assigning responsibility to nation states such as North Korea, Russia and Iran," said Dmitri Alperovitch, chief technology officer at CrowdStrike Inc., a cybersecurity company that has investigated a number of state-sponsored hacks. The White House and other countries took roughly six months to blame North Korea and Russia for the WannaCry and NotPetya attacks, respectively, while it took about three years for U.S. authorities to indict a North Korean hacker for the 2014 attack against Sony . Forensic systems are gathering and analyzing vast amounts of data from digital databases and registries to glean clues about an attacker's infrastructure. These clues, which may include obfuscation techniques and domain names used for hacking, can add up to what amounts to a unique footprint, said Chris Bell, chief executive of Diskin Advanced Technologies, a startup that uses machine learning to attribute cyberattacks. Additionally, the increasing amount of data related to cyberattacks--including virus signatures, the time of day the attack took place, IP addresses and domain names--makes it easier for investigators to track organized hacking groups and draw conclusions about them.


Congress, Privacy Groups Question Amazon's Echo Dot for Kids

WIRED

Lawmakers, child development experts, and privacy advocates are expressing concerns about two new Amazon products targeting children, questioning whether they prod kids to be too dependent on technology and potentially jeopardize their privacy. In a letter to Amazon CEO Jeff Bezos on Friday, two members of the bipartisan Congressional Privacy Caucus raised concerns about Amazon's smart speaker Echo Dot Kids and a companion service called FreeTime Unlimited that lets kids access a children's version of Alexa, Amazon's voice-controlled digital assistant. "While these types of artificial intelligence and voice recognition technology offer potentially new educational and entertainment opportunities, Americans' privacy, particularly children's privacy, must be paramount," wrote Senator Ed Markey (D-Massachusetts) and Representative Joe Barton (R-Texas), both cofounders of the privacy caucus. The letter includes a dozen questions, including requests for details about how audio of children's interactions is recorded and saved, parental control over deleting recordings, a list of third parties with access to the data, whether data will be used for marketing purposes, and Amazon's intentions on maintaining a profile on kids who use these products. Echo Dot Kids is the latest in a wave of products from dominant tech players targeting children, including Facebook's communications app Messenger Kids and Google's YouTube Kids, both of which have been criticized by child health experts concerned about privacy and developmental issues.