Security News

Google pulls ads for stalkerware

Plus, the CIA invests in Wickr and Singapore rolls out some robots

Google pulled several ads for violating its policy against promoting “stalkerware,” surveillance apps that encourage users to spy on their spouses or significant others. TechCrunch found five app makers skirting Google’s no-tolerance policy in various ways, such as using the ad to send users to a webpage that then pushes the stalkerware angle. The app developers took advantage of the gray areas of the policy, which allows ads for surveillance apps targeted at parents to keep track of their children or workplaces to keep track of their employees’ devices. “We do not allow ads promoting spyware for partner surveillance,” a Google spokesperson told TechCrunch. “We immediately removed the ads that violated this policy and will continue to track emerging behaviors to prevent bad actors from trying to evade our detection systems.”

Avast Security Evangelist Luis Corrons feels this is a step in the right direction. “Stalkerware is a growing threat. In the last couple of years, it has increased dramatically. Last year alone, after Covid-19 lockdown measures were applied, we saw a 51% increase in the use of stalkerware and spyware apps. At Avast, we have been focusing our efforts on protecting against these threats, as we’re part of the Coalition Against Stalkerware.”

Singapore rolls out patrol robot trial

For three weeks in September, the Singapore government performed a trial run of two patrol robots, one monitoring a housing estate and the other a shopping center. The robots were on wheels and equipped with seven cameras each. Their function was to detect “undesirable social behavior,” which included smoking in prohibited areas, parking bicycles improperly, and breaching coronavirus social distancing rules. The government says the robots are needed to address a labor crunch, but some residents find the increasing amount of surveillance in the country unnerving. For more on this story, see The Guardian

Intuit warns of QuickBooks phishing attacks

An email phishing campaign impersonating QuickBooks is trying to steal phony renewal payments from users. Intuit warned its customers that this was an ongoing campaign, and it advised any customer who receives one of the messages not to click any links embedded in the emails or open any attachments. According to Bleeping Computer, another email phishing scam preying on QuickBooks customers is an attempt to get users to call a phone number in order to upgrade to QuickBooks 2021. Once victims call the number, they are guided through a process that results in the scammers gaining full control of the account.

CIA funding arm invests $1.6M in Wickr

Encrypted chat platform Wickr has received about $1.6 million from In-Q-Tel, a nonprofit investment firm started by the U.S. Central Intelligence Agency (CIA), according to public disclosure records reviewed by Motherboard. Amazon Web Services (AWS) acquired Wickr in June, which was after the funds had been transferred. Wickr seems to be the U.S. government’s preferred vendor for encryption, as the Department of Defense uses a Wickr product and the U.S. Customs and Border Protection has a $900,000 contract with the company. 

Google activating 2SV by default for millions of accounts

In a blog post titled “Making sign-in safer and more convenient,” Google announced that by the end of 2021, it would auto-enroll 150 million users in two-step verification (2SV). The company said it would also require two million YouTube creators to turn on 2SV by the end of the year. “2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign it,” the blog post said. Google is choosing to auto-enroll users because, it said, “we know the best way to keep our users safe is to turn on our security protections by default.” 2SV is another term for multi-factor authentication (MFA), which helps all users stay secure

This week’s ‘must-read’ on The Avast Blog

Gen Z is the first generation to grow up as true digital natives. But despite the fact that these people grew up online, Gen Z doesn’t appear to be as concerned about online privacy and security as older generations. We walk through how to help guide and protect members of Gen Z as they move into adulthood.