Security News

Mudge takes charge of Twitter security

Avast Security News Team, 20 November 2020

Plus, TikTok adds tougher parental controls and TCL found to have weak security

CEO Jack Dorsey has tapped Peiter Zatko, otherwise known as famed white-hat hacker “Mudge,” as the new head of security at Twitter. Zatko is undergoing a review period for 45-60 days before assuming full control of the platform’s security, which encompasses a range of needs. Reuters reported that Zatko said he will examine “information security, site integrity, physical security, platform integrity – which starts to touch on abuse and manipulation of the platform – and engineering.”

Known for his creativity when it comes to security, one of Zatko’s proposals is to confuse bad actors by manipulating the data they receive back from Twitter about how people interact with their posts. Another idea is to force people to understand long threads of conversation before allowing them to participate in it. Twitter seems to be welcoming the new ideas. “They’re willing to take some risks,” Zatko told Reuters. After an early career working on special government projects while also hacking Microsoft in an effort to get them to reinforce their security, Zatko went on to work with the Pentagon’s Defense Advanced Research and Projects Agency (DARPA), Google, and payment system Stripe before accepting his current position at Twitter.

TikTok introduces tougher parent controls

Popular video sharing app TikTok has upped its parental controls to give guardians more choices when it comes to placing limits on their children’s accounts. Previously, TikTok’s parental controls allowed guardians to set limits on time, content, and private chat use. New features added just this week include the abilities to limit comments on their children’s posts, to limit who can see which posts the children liked, and to turn off the search function for specific content, users, hashtags, and sounds. Children do have an option to “unpair” from their guardians’ accounts, but doing so automatically sends the guardian a notification, giving them 48 hours to restore the link before the accounts are unpaired. More on this story at BBC

Wi-Fi dead zones force schools and students to get inventive

Many rural areas of the U.S. are grappling with internet connection issues for their K-12 students. The New York Times ran an article this week about rural dead zones, particularly in parts of North Carolina and South Carolina, where school districts and students are scrambling to make use of any and all resources at their disposal. The Trump administration’s inaction on building more cell towers or otherwise bolstering internet service in struggling areas has forced school districts to take creative and desperate measures, including transforming a fleet of school buses into mobile internet hot spots and sending lessons to students on flash drives. Some students’ lives have been impacted to the extent that they must live with other relatives or friends through the school week, just so they can use the Wi-Fi. 

TCL to fix backdoor flaw on their smart TVs

When researchers alerted TCL about a vulnerability they found in TCL smart TVs that allows remote access into the TVs’ controls and data, the company initially made no comment nor gave any acknowledgement of the claim. But after the story hit the press, TCL issued a statement that its labs were working on patches to the flaw and that updates should be released in the coming days. The flaw does not affect Roku-based TCL TVs, but it does leave 7 TCL models at risk – S2S330, 40S330, 43S434, 50S434, 65S434, and 75S434. For more details, see the story on PC Mag

Noyb claims Apple tracks users without consent

Privacy activist Max Schrems, who took on Facebook over data transfer protocol in a previous legal battle, is issuing formal complaints in Spain and Germany that Apple tracks users without their knowledge or consent. Schrems’ non-profit group for digital rights Noyb issued complaints to Spanish and German authorities that Apple has installed identification trackers for advertisers in iPhones for the purpose of observing users’ behavior and consumption preferences. While any change that comes from the complaints would technically be for the benefit of Spanish and German users only, the action could cause a sweeping change that affects Apple users worldwide. Read more at Business Standard

This week’s ‘must-read’ on The Avast Blog

After identifying and analyzing a collection of smart devices in her home, Avast Senior Writer Emma McGowan figured out how to minimize security and privacy gaps in each of these gadgets to maximize her smart home protection.