Daily Archives: February 11, 2025

Gravy Analytics sued for data breach containing location data of millions of smartphones

Posted on by

Gravy Analytics has been sued yet again for allegedly failing to safeguard its vast stores of personal data, which are now feared stolen. And by personal data we mean information including the locations of tens of millions of smartphones, coordinates of which were ultimately harvested from installed apps.

A complaint [PDF], filed in federal court in northern California yesterday, is at least the fourth such lawsuit against Gravy since January, when an unidentified criminal posted screenshots to XSS, a Russian cybercrime forum, to support claims that 17 TB of records had been pilfered from the American analytics outfit’s AWS S3 storage buckets.

The suit this week alleges that massive archive contains the geo-locations of people’s phones.

Gravy Analytics subsequently confirmed it suffered some kind of data security breach, which was discovered on January 4, 2025, in a non-compliance report [PDF] filed with the Norwegian Data Protection Authority and obtained by Norwegian broadcaster NRK.

Three earlier lawsuits – filed in New Jersey on January 14 and 30, and in Virginia on January 31 in the US – make similar allegations.

Gravy Analytics and its subsidiary Venntel were banned from selling sensitive location data by the FTC in December 2024, under a proposed order [PDF] to resolve the agency’s complaint against the companies that was finalized on January 15, 2025.

The FTC complaint alleged the firms “used geofencing, which creates a virtual geographical boundary, to identify and sell lists of consumers who attended certain events related to medical conditions and places of worship and sold additional lists that associate individual consumers to other sensitive characteristics.”

[…]

Source: Gravy Analytics soaks up another sueball over data breach • The Register

U.K. orders Apple to let it spy on users’ encrypted Data in Secret Order – guess they didn’t learn from the Chinese hack of the US telco system then

Posted on by
Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.
The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies.
[…]
Rather than break the security promises it made to its users everywhere, Apple is likely to stop offering encrypted storage in the U.K., the people said. Yet that concession would not fulfill the U.K. demand for backdoor access to the service in other countries, including the United States.
The office of the Home Secretary has served Apple with a document called a technical capability notice, ordering it to provide access under the sweeping U.K. Investigatory Powers Act of 2016, which authorizes law enforcement to compel assistance from companies when needed to collect evidence, the people said.
The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.
Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.
In March, when the company was on notice that such a requirement might be coming, it told Parliament: “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”
The Home Office said Thursday that its policy was not to discuss any technical demands. “We do not comment on operational matters, including for example confirming or denying the existence of any such notices,” a spokesman said.
[…]
At issue is cloud storage that only the user, not Apple, can unlock. Apple started rolling out the option, which it calls Advanced Data Protection, in 2022. It had sought to offer it several years earlier but backed off after objections from the FBI during the first term of President Donald Trump, who pilloried the company for not aiding in the arrest of “killers, drug dealers and other violent criminal elements.” The service is an available security option for Apple users in the United States and elsewhere.
While most iPhone and Mac computer users do not go through the steps to enable it, the service offers enhanced protection from hacking and shuts down a routine method law enforcement uses to access photos, messages and other material. iCloud storage and backups are favored targets for U.S. search warrants, which can be served on Apple without the user knowing.
[…]
Google would be a bigger target for U.K. officials, because it has made the backups for Android phones encrypted by default since 2018. Google spokesman Ed Fernandez declined to say whether any government had sought a back door, but implied none have been implemented. “Google can’t access Android end-to-end encrypted backup data, even with a legal order,” he said.
Meta also offers encrypted backups for WhatsApp. A spokesperson declined to comment on government requests but pointed to a transparency statement on its website saying that no back doors or weakened architecture would be implemented.
If the U.K. secures access to the encrypted data, other countries that have allowed the encrypted storage, such as China, might be prompted to demand equal backdoor access, potentially prompting Apple to withdraw the service rather than comply.
[…]

Source: U.K. orders Apple to let it spy on users’ encrypted accounts – The Washington Post

See also: Phone Metadata Suddenly Not So ‘Harmless’ When It’s The FBI’s Data Being Harvested

and In massive U-turn, FBI Warns Americans to Start Using Encrypted Messaging Apps, after discovering the problem with backdoors

Stellantis Introduces Pop-Up Ads in Vehicles, Bombarding your Jeep, Dodge, Chrysler display every time you stop

Posted on by

Car technology is supposed to make driving safer, smoother, and more enjoyable. But Stellantis, the parent company of Jeep, Dodge, Chrysler, and Ram, seems to have taken a different approach—one that prioritizes ad revenue over user experience.

In a move that has left drivers both frustrated and bewildered, Stellantis has introduced full-screen pop-up ads on its infotainment systems. Specifically, Jeep owners have reported being bombarded with advertisements for Mopar’s extended warranty service. The kicker? These ads appear every time the vehicle comes to a stop

[…]

One Jeep 4xe owner recently shared their frustration on an online forum, detailing how these pop-ups disrupt the driving experience. Stellantis, responding through their “JeepCares” representative, confirmed that these ads are part of the contractual agreement with SiriusXM and suggested that users simply tap the “X” to dismiss them.

[…]

A Symptom of a Bigger Problem: Subscription Fatigue

The automotive industry is heading into murky waters with the increasing push toward subscription-based features. BMW tried charging for heated seats. Mercedes locked performance boosts behind a paywall. Now, Stellantis has decided to monetize its infotainment screens with intrusive advertising.

It’s a trend that consumers are growing increasingly tired of. New vehicles already come with a hefty price tag—averaging $48,700 in 2024—so the expectation is that premium pricing should come with a premium experience, not one riddled with ads and additional fees. Instead of making customers feel like valued buyers, automakers are making them feel like they’re merely users in an ad-supported ecosystem.

The Off-Roading Community’s Response: “AdBlock for Jeeps?”

The off-roading community has always been passionate about modifying their vehicles, but no one expected that “blocking ads” would become a must-have Jeep upgrade. Some tech-savvy drivers are already exploring ways to disable these pop-ups permanently, with discussions surfacing about potential software hacks or third-party solutions to remove intrusive in-car advertising.

[…]

Source: Stellantis Introduces Pop-Up Ads in Vehicles, Sparking Outrage Among Owners – TechStory