On the home front, Amazon swatted at money-saving extension Honey just in time for the holidays, warning users that it was a security risk without specifying how. Google welcomed alleged spy app ToTok back into the Google Pay Store, while the jury's still out for Apple . And TikTok recently patched bugs that could have let attackers take over a victim's account . (No, that doesn't mean it's spying on you.)It was an active week for Facebook; the company made its Privacy Checkup feature a wee bit more granular, acknowledged that encrypting Messenger end-to-end by default will take years , and suffered a bug that doxxed the admins of Pages . Otherwise all good, though.
And while you may have heard that Russia disconnected itself from the internet over the holidays, that's not quite right. But the Kremlin's efforts to censor the internet are very real , and increasingly broad.The FBI Wants Apple to Unlock iPhones AgainStop us if you've heard this one before: The FBI has asked Apple to unlock the iPhone of a mass shooter. As it did when the agency did the same in the San Bernadino investigation , Apple has declined. The Cupertino company regularly complies with subpoenas for data stored in its cloud, but argues that breaking into a locked iPhone would be require undermining its own encryption, which in turn would make all iPhones less safe. The prolonged fight in 2016 ended in something of a draw, when the FBI found a way to unlock the iPhone on its own . While its request hasn't escalated to a court fight yet, it's only a matter of time before it tries for a rematch.
[A Comprehensive Look at How SMS Two-Factor Authentication Gets Abused](https://www.issms2fasecure.com/
)We've written about the risks inherent in using SMS-based two-factor authentication since 2016 . Since then, the plague of so-called SIM-swap attacks that it enables have only grown, hitting even Twitter CEO Jack Dorsey . This week, researchers at Princeton University's Center for Information technology detailed the many, many ways that SMS 2FA can go wrong, including multiple failings on the part of carriers to vet SIM-swap requests. If this doesn't convince you to switch to an authenticator app , nothing will.
Contractors in China Listened to Skype Calls With No Security PrecautionsBy now it's no longer surprising that every voice assistant has a small army of human contractors behind it, transcribing recordings to improve accuracy. (Or did, until the public backlash.) Skype, however, reportedly hit an impressive low by not only using contractors in China but letting them listen to recordings through a Chrome web browser, and were encouraged to all long in through the same account and password. In other words, it would have been almost comically easy to compromise the sensitive data. Microsoft told The Guardian that it has since moved its transcription efforts out of China and into "secure facilities." It's unclear exactly what that means, but the bar appears to be extremely low.
4 Ring Employees Fired for Watching User VideosTo continue the theme: In a letter to US senators this week, Ring acknowledged that four employees sought improper access to video taken by its customers' cameras over the last four years. The company says that of them were fired for violating company policy, and that currently only three employees can access stored customer videos.
- Here's what directing a Star Wars movie is really like
- Bored with Sunday service? Maybe nudist church is your thing
- The mad scientist who wrote the book on how to hunt hackers
- How the US prepares its embassies for potential attacks
- When the transportation revolution hit the real world
- 👁 Will AI as a field "hit the wall" soon ? Plus, the latest news on artificial intelligence
- ✨ Optimize your home life with our Gear team’s best picks, from robot vacuums to affordable mattresses to smart speakers