iOS 15 helps normalize digital IDs

Plus, Android gets some new safety features and a single configuration error takes down websites around the world

When Apple releases iOS 15 this fall, iPhone users will find something new – a designated space in Apple Wallet where they can store their state ID or driver’s license along with their credit cards. Some U.S. states have already begun to develop the infrastructure for digital IDs, but even states that allow digital driver’s licenses require users to keep their physical licenses on them as well. “The TSA is working to enable airport security checkpoints as the first place you can use your digital ID,” said Jennifer Baily, vice president of Wallet and Apple Pay. Apple did not release specifics, however, as to whether the digital ID protocol will adhere to any existing standards, such as the one drafted by the International Organization for Standardization.

“Whether we like it or not, our life is becoming more digital every day, and having official digital IDs is something that is coming,” said Avast researcher Luis Corrons. “It will depend on each country's regulation, of course, but we can already see the trend. The European Union is working on the European Digital Identity, which allows every eligible person to have a national ID card that is recognized anywhere in the EU, operated via digital wallets available on mobile phone apps and other devices. But one thing to keep in mind is that we still need to see what security measures will be put in place, as this will probably become a new attack vector.” Check out Wired for more on this story. 

Google adds several safety updates to Android

Android 6.0 got 6 updates this week, all pertaining to safety and security. One update is the Android Earthquake Alert System rolling out to seven more countries, including Turkey and the Philippines. The free system gives people in affected areas a bit of advance warning (mere seconds, though) that an earthquake is going to strike. Another security update is “gaze detection” on voice access, which is where the device ensures you are looking at it while giving a command before it follows that command. Read more about the new features on the Google blog.

Paradise Ransomware source code released 

The source code for a strain of ransomware that has not been very active since January 2020 has been published on a hacker forum for any would-be ransomer to use. The Paradise Ransomware code was posted to the hacking forum XSS and can only be accessed by active users on the site. Bleeping Computer reported that the code, when compiled, creates three executables: a ransomware configuration builder, the encryptor, and a decryptor. Paradise Ransomware uses RSA, a very strong encryption, and threat actors can easily modify the source code to create their own customized version of the ransomware. 

A single CDN error took down websites across the globe

Last week, content distribution network (CDN) Fastly experienced a configuration error which caused some major websites such as Twitch and Reddit to go down globally for almost an hour. CDNs are services designed to speed up internet access by storing local versions of websites in close proximity to major population centers. That way, if someone wanted to read a newspaper from another country, they would not have to route through thousands of miles of subsea cables before arriving at the content. The configuration error and ensuing “internet blackout” incident has put into focus just how truly fragile the internet infrastructure is. For more, see The Face

Apple bans “hookup apps” but not “dating apps”

To clarify what it meant last week when Apple announced it would soon be banning “hookup apps” from its app store – an announcement that sparked much grumbling on social media – a spokesperson told The Guardian that the statement pertained to “overtly sexual or pornographic material” and not dating apps. Some users feared Apple was referring to Grindr or Scruff in the initial announcement, dating apps that cater to the LGBTQIA+ community. The company did not specify which apps would be affected, but it did define rejectable content as “explicit descriptions or displays of sexual organs or activities intended to stimulate erotic rather than aesthetic or emotional feelings.”

This week’s ‘must-read’ on The Avast Blog

Platforms on which strangers can make contact can potentially be used for online grooming of children, especially if the platform is one that parents don't understand themselves. In order to keep kids safe online, it’s essential that parents start explaining online grooming early and repeating the conversation often.

--> -->