While it’s certainly possible to sometimes do biometrics well, a long line of companies frequently… don’t. Voice print authentication is particularly shaky, especially given the rise of inexpensive voice deepfake technology. But, much like the continued use of text-message two-factor authentication (which is increasingly shown to not be secure), it apparently doesn’t matter to a long list of companies.
Banks and telecom giants alike have started embracing voice authentication tech at significant scale despite the added threat to user privacy and security. And they’re increasingly collecting user “voice print” data without any way to opt out:
“despite multiple high-profile cases of scammers successfully stealing money by impersonating people via deepfake audio, big banks and ISPs are rolling out voice-based authentication at scale. The worst offender that I could find is Chase. There is no “opt in”. There doesn’t even appear to be a formal way to “opt out”! There is literally no way for me to call my bank without my voice being “fingerprinted” without my consent.”
We now have data on over 21,000 broken items and what was done to fix them. This information comes from volunteers at our own events and others who use our community repair platform, restarters.net.
Thanks to our partners in the Open Repair Alliance who also collect this kind of data, we were able to include extra data from other networks around the world.
Together, this brought the total to nearly 50,000 broken items.
Want to see this data for yourself? Download the full dataset here
(Note: Links to the datasets that contain fault types are further down this page)
That’s a lot of data. So to analyse it, we focused on three types of products that the European Commission would be investigating:
Printers
Tablets
The batteries that power many of our gadgets.
[…]
Thanks to this collective effort, we were able to identify the most common reasons printers, tablets and batteries become unusable.
These findings are based on the analysis of problems in 647 tablets brought to community repair events, but don’t include 131 tablets with poor data quality, making it impossible to confirm the main fault.
In addition, many of the items we looked at were fairly old, demonstrating that people really want to keep using their devices for longer.
But we also found that there are lots of barriers to repair that make this tricky. Some of the biggest are the lack of spare parts and repair documentation as well as designs that make opening the product difficult without causing extra damage.
You can see our full results and download the data for yourself here:
We want rules that make products easier to fix. And we’re already using data to push for a real Right to Repair. Just recently, we used previous findings to undermine an industry lobbyist’s anti-repair arguments in an EU policy meeting about upcoming regulations for smartphone and tablet repairability.
As a follow up, we also contributed our findings on common fault types in tablets, making the case for the need for better access to spare parts and repair information for this product category as well.
Next, we hope to increase the pressure on European policymakers for regulating printer repairability and battery-related issues in consumer products. For printers, the European Commission is considering rejecting a “voluntary agreement” proposed by industry, which ignores repairability for consumer printers.
And as for batteries, European institutions are working towards a Batteries Regulation, which must prioritise user-replaceability as well as the availability of spare parts.
Apple has quietly nixed all mentions of CSAM from its Child Safety webpage, suggesting its controversial plan to detect child sexual abuse images on iPhones and iPads may hang in the balance following significant criticism of its methods.
Apple in August announced a planned suite of new child safety features, including scanning users’ iCloud Photos libraries for Child Sexual Abuse Material (CSAM), Communication Safety to warn children and their parents when receiving or sending sexually explicit photos, and expanded CSAM guidance in Siri and Search.
The majority of criticism was leveled at Apple’s planned on-device CSAM detection, which was lambasted by researchers for relying on dangerous technology that bordered on surveillance, and derided for being ineffective at identifying images of child sexual abuse.
In the latest hack targeting cryptocurrency investors, hackers stole around $135 million from users of the blockchain gaming company VulcanForge, according to the company.
The hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, which is VulcanForge’s token that can be used across its ecosystem, the company said in a series of tweets on Sunday and Monday. VulcanForge’s main business involves creating games such as VulcanVerse, which it describes as an “MMORPG,” and a card game called Berserk. Both titles, like pretty much all blockchain games, appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR.
The VulcanForge hack is notable because, like many new tokens, PYR trades on decentralized exchanges. Decentralized exchanges run on smart contracts, and because there’s no centralized order book, investors trade against “liquidity pools” with funds contributed by users who earn a “staking” reward in return. It also means there’s no central authority to blocklist a malicious account trying to cash out stolen funds.
Since the hack, VulcanForge has advised users to remove their liquidity in order to make it difficult or impossible for the attacker to cash out. As The Block reported, the hacker has so far managed to cash out most of the tokens by trading small amounts at a time, although not without sending PYR’s price into a downward spiral due to the sell pressure. On Discord, a bot message has been asking users every half hour: “Anyone that has LP in uniswap or quickswap remove it ASAP.”
Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe.
“As a result of the operation, about 100 databases of personal data relevant for 2020-2021 were seized,” the Cyberpolice Department of the National Police of Ukraine said.
“The seized databases contained information on more than 300 million citizens of Ukraine, Europe and the United States”
Following this large-scale operation, Ukrainian police also shut down one of the largest sites used to sell personal information stolen from both Ukrainians and foreigners (the site’s name was not revealed in the press release).
On the now shutdown illegal marketplace, suspects were selling a wide range of stolen personal data, including telephone numbers, surnames, names, addresses, and, in some cases, vehicle registration info.
UK online used goods bazaar Gumtree exposed its users’ home addresses in the source code of its webpages, and then tried to squirm out of a bug bounty after infosec bods alerted it to the flaw.
British company Pen Test Partners (PTP) spotted the data leakage, which meant anyone could view a Gumtree user’s name and location (either postcode or GPS coordinates) by pressing F12 in their web browser.
In both Firefox and Chrome, F12 opens the “view page source” developer tools screen, showing the code that generates the webpage you see. This meant that anyone could view the precise location of any of the site’s 1.7 million monthly sellers.
PTP claimed it encountered a brick wall of indifference in its first attempts to alert Gumtree to the data breach.
The bug bounty policy specified €500-€5,000, PTP added, and “after the issue was fixed, [it was] informed that no reward was payable because – ‘This is a Responsible Disclosure report, meaning that receiving a reward is a bonus in itself.'”
In a blog post about the kerfuffle, a PTP rsearcher said: “After I queried which of their rules I’d broken on responsible disclosure, they changed their mind and paid the minimum.”
[…]If deciphering every version of HDMI wasn’t already tedious enough, we now know that the latest and greatest HDMI 2.1 standard, well, isn’t very standardized. A TFTCentral investigation revealed that the TV or monitor you purchase with “HDMI 2.1″ might not support any of the latest features.
TFTCentral smelled something fishy when it saw that a Xiaomi monitor with HDMI 2.1 support only reached the specifications for HDMI 2.0. Instead of 4K resolution, the panel was limited to 1080p. And the thing is, Xiaomi technically didn’t do anything wrong. It all comes down to semantics and some murky (and consumer-hostile) guidelines set by the HDMI Licensing Administrator.
[…]
in short, HDMI 2.0 is a subset of HDMI 2.1, meaning its specifications are housed within the newer standard. The standards organization even said it would no longer certify for HDMI 2.0, telling TFTCentral that HDMI 2.0 “no longer exists” and that the features and capabilities of HDMI 2.1 are optional. As long as a monitor supports one of the newer standards, it can be called HDMI 2.1.
As you’d expect, HDMI 2.1 consists of many standards, so TV and monitor makers could theoretically grab the lowest hanging fruit, add it to their (formerly) HDMI 2.0 ports, and slap an HDMI 2.1 label on the box.
The HDMI standards body even confirmed to The Verge that what Xiaomi is doing is perfectly within the rules and that we all depend on manufacturers to be honest about their products. The problem is that they rarely are.
[…]
HDMI 2.1 has made headlines in recent months because of the capabilities it enables on next-gen consoles and gaming PCs—specifically, the ability to run 4K games at 120Hz.
