Security News

Can the airline industry recover?

Avast Security News Team, 7 May 2021

Plus, new protections against ad tracking in the newest iOS and Trump launches his blog

According to the International Air Transport Association (IATA), two major obstacles hindering the recovery of the airline industry are phony Covid-19 certificates and the high cost of testing. IATA Director General Willie Walsh urged all governments this week to pay for their citizens’ Covid-19 testing and use the official IATA electronic travel pass to both reduce the risk of fraudulent documents and to prevent “intolerable delays at the airport.”

Forgeries of negative Covid-19 results have been found all throughout Europe and India. In March, 47 airline passengers who traveled from Delhi to Hong Kong tested positive after arrival, even though their paperwork had already cleared them pre-flight. “Counterfeit vaccine paperwork is a really big security risk,” agreed Avast Security Evangelist Luis Corrons. “A number of countries and organizations such as the European Union are already working on a digital certificate to show proof of vaccination.” Utilizing an authorized digital travel pass would eliminate the need for paper documents. 

The IATA also warned that consumers will be hesitant to travel if the cost of testing has to be added on both sides of the trip. On average, that would raise the total travel cost by around $200. Citizens should not have to bear that expense, Walsh maintains. “The best solution is for the costs to be born by governments as is their responsibility under WHO guidelines,” he said. For more on this story, see Airline Ratings

Facebook bans Signal ads that display IG data collection

In an effort to show users just how much of their data is collected and used for targeted ads, privacy-forward messaging app Signal created a data-transparent ad to run in Instagram which tells the user exactly what Facebook shares with advertisers. The banned ads informed users they were targeted, then provided reasons such as, “You got this ad because you’re a K-pop-loving chemical engineer. This ad used your location to see you’re in Berlin. And you have a new baby. And just moved. And you’re really feeling those pregnancy exercises lately.”  Very quickly, Facebook blocked the ads from appearing. “Facebook is more than willing to sell visibility into people’s lives, unless it’s to tell people about how their data is being used,” Signal wrote in their blog post on the topic. 

Apple provides new ad tracking controls in iOS 14.5

Users upgrading their iPhones to iOS 14.5 will find that the previous ad tracking setting called “Limit Ad Tracking” has been replaced with a new one called “Allow Apps to Request to Track.” The new setting pertains to a new set of privacy protections that are Apple’s strongest yet. Whereas “Limit Ad Tracking” prevented apps from using Apple’s unique device identifier (IDFA) to profile your behavior, “Allow Apps to Request to Track” does the same in addition to prohibiting apps from using third-party tracking tools that could achieve the same goal. Disabling “Allow Apps to Request to Track” will also prevent the incessant pop-ups from apps requesting to access one’s data. For more, see Fast Company.

New Spectre attack exploits micro-ops

Researchers at the University of Virginia published an academic paper wherein they claim to have discovered a new transient execution variant of Spectre, an attack that uses the physical architecture of an Intel microchip to compromise a system. Intel has been working on mitigating Spectre vulnerabilities since 2018, when it was first discovered. The new vulnerability takes advantage of micro-ops caches, which are collections of simplified commands derived from complicated ones. Intel denied that the micro-ops threat poses a new danger, issuing a statement that concluded with, “No new mitigations or guidance are needed.” For more, check out the article on Ars Technica

Trump launches “From the Desk of Donald J. Trump” blog

Donald Trump launched a blog this week in what is apparently his deliverance on the promise to his fans of a “new social media platform,” after being banned from Twitter and Facebook for inciting the Capital riot on January 5. Trump’s new blog is styled to appear like a generic version of Twitter. He is writing Twitter-length posts, and his subscribers can receive them on their phone. Trump’s team promises the ability to “like” posts will be coming soon. In a video on the blog, Trump calls his new platform “a place to speak freely and safely, straight from the desk of Donald J. Trump.” For more see The Verge

This week’s ‘must-read’ on The Avast Blog

Lately, the chances of having your personal information stolen online are pretty high, as identity theft affects millions of people every year. You may have already taken steps to prevent or monitor online identity theft, but what if you suspect that your ID has already been stolen? Here are a roundup of clues that could help.