Sunday, November 3, 2019
Uber restructured and moved its India business
Android bug impacting all Android 8 or later devices lets hackers plant malware via NFC beaming and circumvent the installation security prompt; patch available (Catalin Cimpanu/ZDNet)
Android bug impacting all Android 8 or later devices lets hackers plant malware via NFC beaming and circumvent the installation security prompt; patch available — All Android 8 (Oreo) or later devices are impacted. Google released a patch last month, in October 2019.
A network of ‘camgirl’ sites exposed millions of users and sex workers
A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected.
The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States.
According to Alexa traffic rankings, amateur.tv is one of the most popular in Spain.
The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses, which can be used to identify users. The logs also included users’ private chat messages with other users, as well as promotional emails they were receiving from the various sites. The logs even included failed login attempts, storing usernames and passwords in plaintext. We did not test the credentials as doing so would be unlawful.
The exposed data also revealed which videos users were watching and renting, exposing kinks and private sexual preferences.
In all, the logs were detailed enough to see which users were logging in, from where, and often their email addresses or other identifiable information — which in some cases we could match to real-world identities.
Not only were users affected, the “camgirls” — who broadcast sexual content to viewers — also had some of their account information exposed.
The database was shut off last week, allowing us to publish our findings.
The “camgirl” site, which exposed millions of users’ and sex workers’ account data by failing to protect a backend database with a password. (Image: TechCrunch)
Researchers at Condition:Black, a cybersecurity and internet freedom firm, discovered the exposed database.
“This was a serious failure from a technical and compliance perspective,” said John Wethington, founder of Condition:Black. “After reviewing the sites’ data privacy policy and terms and conditions, it’s clear that users likely had no idea that their activities being monitored to this level of detail.”
“Users should always take into consideration the implications of their data leaking but especially where the implications could be life altering,” he said.
Data exposures — where companies inadvertently leave their own systems open for anyone to access — have become increasingly common in recent years. Dating sites are among those with some of the most sensitive data. Earlier this year, a group dating site 3Fun exposed over a million users’ data, allowing researchers to view users’ real-time locations without permission. These security lapses can be extremely damaging to their users, exposing private sexual encounters and preferences known only to the users themselves. The fallout following the 2016 hack of affair-focused site Ashley Madison resulted in families breaking up and several reports of suicides connected to the breach.
An email to VTS Media bounced over the weekend and could not be reached for comment.
Given both the company and its servers are located in Europe, the exposure of sexual preferences would fall under the “special categories” of GDPR rules, which require more protections. Companies can be fined up to 4% of their annual turnover for GDPR violations.
A spokesperson for the Spanish data protection authority (AEPD) did not respond to a request for comment outside business hours.
Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
Week in Review: #DeleteLinkedIn
Hey everyone. Thank you for welcoming me into you inbox yet again.
Last week, I talked about SoftBank’s big embarrassment and how it could impact venture capital.
If you’re reading this on the TechCrunch site, you can get this in your inbox here, and follow my tweets here.
The big story
#DeleteLinkedIn
Before you dial up a quick search, no, LinkedIn isn’t currently caught in a scandal, but does a product need to have a deeply toxic culture, corrupt democracy or have an ICE contract for you to boycott it? Can’t the product itself just be bad?
I’ve thought about writing this for a long time because LinkedIn does serve some purposes, but it’s not a professional network, for the lay user it’s not much of anything.
It’s built for recruiters and salespeople, and, yeah, I’m sure they will have plenty of great things to say about the doors that have been opened to them, but what about the employed consumers who value professional development and have been convinced that a LinkedIn account is a necessity? Facebook has taught consumers that our data is the price to use their services, but at least we get a little something out of that deal. LinkedIn is just a CRM where the customers all populate their own cells of the spreadsheet. It gives users spam and pop-ups that seem designed to help them find where the notifications settings on their phones are.
LinkedIn has been remarkably unambitious for a long time. The company is trying to make money and that’s chill; they’re trying to live up to Microsoft’s expectations by making obvious choices and I’d imagine it’s awfully hard to do that.
Enterprise software lives in an eternal cycle of bundling and unbundling and LinkedIn is long overdue for some startups to come unbundle it. It can keep recruiting, sales and the millions of hallowed-out users profiles, but there’s so much potential dying on the LinkedIn vine.
Investors have raved about the “consumerization of enterprise,” or bringing consumer-like products deeper into the workplace. There has also been a ton of chatter about startups building bespoke communities focused on tighter verticals. These two trends should lead to some great professional development products, and I’m sure there already are plenty entrepreneurs building solutions that will pop up in my inbox or the comments. There’s nearly endless potential for niche professional networks to flourish, actually innovate and create connections.
LinkedIn is what happens when network effects congeal. It has this data that could be used to create so many good worker-facing products, instead the company has monetized itself by going out of its way to obfuscate this data for the majority of its users. I have truly limited faith in LinkedIn turning itself around so maybe it’s time we all walk away from this idea that it has so much untapped potential and we just give up on it to search out some more focused products that have a few users and meet a few needs.
Please reach out to me if you’re building something cool.
Send me feedback
on Twitter @lucasmtny or email
lucas@techcrunch.com
On to the rest of the week’s news.
Cole Burston/Bloomberg via Getty Images
Trends of the week
Here are a few big news items from big companies, with green links to all the sweet, sweet added context:
- Jack and Zuck
Jack Dorsey says an awful lot of nothing for being the guy in charge of Twitter, but he had a lot to say this week, and more importantly a little to do. He said the company would be uniformly banning political ads on its site, something that will likely help it sidestep some controversy, and will turn up the heat for Facebook to do the same. - Escape pods
I wrote some harsh words about Juul in my previous newsletter ahead of what seemed like an inevitable reckoning. Well, that reckoning has gotten a bit more codified this week. Altria wrote down $4.5 billion of Juul’s value. The company is prepping for major layoffs including a handful of execs. Layoffs suck but not quite as much as taking a job at Juul. - Fitting in
Google made an interesting hardware play this week buying Fitbit for $2.1 billion. Hardware has always been a bit of an afterthought for Google, but maybe this purchase will allow them a more concerted push to take on the Apple Watch, or maybe like Nest, they won’t have any idea what to do with them. Regardless, it’s a relatively soft and dignified landing for Fitbit which has had a rocky past three years going head-to-head with Apple.
GAFA Gaffes
How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:
- Facebook pays fine without saying sorry:
[Facebook agrees to pay UK data watchdogs Cambridge Analytica fine but settles without admitting liability] - App Store bugs erases ratings:
[A week-long iOS App Store bug wiped out over 20M ratings]
Disrupt Berlin
It’s hard to believe it’s already that time of the year again, but we just announced the agenda for Disrupt Berlin and we’ve got some all-stars making their way to the stage. I’ll be there this year, get some tickets and come say hey!
- Learn how to win customers and influence consumers
- Three of the best tackle the thorny issue of Brexit for startups
- Learn how to raise your first Euros
Sign up for more newsletters in your inbox (including this one) here.
Ford is bringing huge screens—and live updates—to its cars
Enlarge / A 2019 Ford Edge Titanium. (credit: Eric Bangeman)
In the unending war for dominance in the auto industry, the fighting has long focused on questions of performance, reliability, comfort, style, and safety. But in the past decade, a new front has opened up: infotainment.
The newest entrant is Ford. Today, the biggest touchscreen you can get in a Ford is the Explorer’s 10-incher. Most of its cars come with 8-inch offerings. Starting next year, Ford announced Wednesday, some (to be announced) vehicles will come with 12- and 15-inch touchscreens—the latter is larger than any iPad—stuck smack in the middle of the dashboard.
Read 7 remaining paragraphs | Comments
Emotion recognition systems, which have been installed in Xinjiang, have started rolling out across China even as experts say the tech does not work very well (Financial Times)
Emotion recognition systems, which have been installed in Xinjiang, have started rolling out across China even as experts say the tech does not work very well — Emotion recognition was the crime prevention buzz-phrase on everyone's lips this week at China's largest surveillance tech expo, held in the southern tech hub of Shenzhen.
Meet the Best Mobile Phones Under Rs. 20,000
Moto G8 Plus Review
WhatsApp Hack, Mi Note 10 Teasers, MIUI 11 Update, and More News This Week
Samsung Galaxy S10 Lite revealed to sport 4370mAh battery
In October, we learnt that Samsung had plans to release a ‘Lite’ version of two of its popular flagship smartphones, the Galaxy S10 and Galaxy Note 10. We also learnt that the Galaxy S10 Lite (codenamed SM-G770F) would come in white, black, and blue colours. A recent certification made by Anatel (or the National Telecommunications Agency) in Brazil now suggests that the upcoming Galaxy S10 Lite will sport a fairly large 4370mAh battery.
According to a post published by Gurugram-based comparisons site IndiaShopps, the report from Anatel indicates that the Galaxy S10 Lite will have a minimum battery capacity of 4370mAh, which means the unit's typical capacity should be close to 4500mAh. This is much more than the Galaxy S10's 3400mAh unit and the Galaxy S10e's 3100mAh unit. What's more, recent rumours suggest the Galaxy S10 Lite's large battery will be complemented by a 45W fast charging kit.
From all that we've learnt so far, the Samsung Galaxy S10 Lite is a rebranded and repackaged Galaxy A91. It could be powered by a Qualcomm Snapdragon 855 chipset with up to 8GB of RAM and 128GB of internal storage space that's expandable up to 512GB using a microSD card. We expect the phone to run Android 9 Pie right out of the box with Samsung's proprietary One UI on top. Like the Galaxy S10, the ‘Lite’ model could be available in Prism Black, Prism Blue, and Prism White colours.
Unlike its current cousins, the Samsung Galaxy S10 Lite is expected to come with a much larger 6.7-inch Super AMOLED screen with a resolution of 1080 x 2400 pixels. On the back panel, the handset could have as many as three cameras, including a 48MP primary sensor with an f/2.0 aperture, a 12MP ultra-wide sensor with an f/2.2 aperture, and a 5MP depth sensor with an f/2.2 aperture. The single selfie camera is expected to be a 32MP sensor with an f/2.2 aperture. We expect to learn more about this phone in the coming weeks.
https://ift.tt/2PD7sTj
Saturday, November 2, 2019
TikTok developer reveals its first smartphone with Snapdragon 855 Plus
ByteDance, the developer of the famous short-video app called TikTok, has quietly revealed its first smartphone. Called Jianguo Pro 3 (or ‘Nut Pro 3’), the flagship-grade smartphone is currently on sale in the Chinese market for a starting price of 2,899 yuan (Rs 29,051 approx) under the Smartisan brand name. Powered by a Qualcomm Snapdragon 855 Plus chipset, the Jianguo Pro 3 allows the user to access Duoyin, the Chinese version of TikTok, right from the lock screen.
According to Smartisan's product page, the Jianguo Pro 3 is available in three variants: 8GB RAM + 128GB storage, 8GB RAM + 256GB storage, and 12GB RAM + 256GB storage. The Jianguo Pro 3 sports a 6.39-inch Full HD+ AMOLED screen with an in-display fingerprint scanner. Its back panel is home to four cameras, including a 48MP Sony IMX586 primary sensor with an aperture of f/1.75, 13MP ultra-wide sensor, 8MP telephoto lens, and a 5MP super-macro lens. The selfie camera is a single 20MP unit with an aperture of f/2.0.
Powered by a 4000mAh battery with Quick Charge 4+ 18W fast-charging, the Jianguo Pro 3 runs Smartisan OS 3.0 that's based on Android 9 Pie. The phone is sold in China in black, white, and ‘Matsutake’ (mushroom green) colours. According to a recent report by Abacus News, the native camera app in the phone contains special effects and filters found in TikTok. “These can be applied to videos of any length, unlike TikTok videos, which can only last up to 60 seconds.”
According to a statement received by Reuters back in July from a ByteDance spokesperson, the Jianguo Pro 3 is a “a continuation of earlier Smartisan plans, aiming to satisfy the needs of the old Smartisan user base.” Founded in 2012, Smartisan is a “struggling” Chinese smartphone manufacturer that transferred some of its patents to ByteDance to keep the brand name going. At this point, we don't know whether the Jianguo Pro 3 will come to the Indian market.
https://ift.tt/2WAjhLt
A technical critique on why even a well-intentioned effort to build a client-side scanning system for messaging will break key promises of end-to-end encryption (Erica Portnoy/Electronic Frontier ...)
A technical critique on why even a well-intentioned effort to build a client-side scanning system for messaging will break key promises of end-to-end encryption — Recent attacks on encryption have diverged. On the one hand, we've seen Attorney General William Barr call for “lawful access” …
Genome sequencing: A solution to India's problem of rare genetic diseases
Reliance Jio extends JioPhone Diwali offer till November 2019
Late in October 2019, Reliance Jio announced the JioPhone Diwali offer under which the company’s first smart feature phone was being offered with a discount. Under the offer, one could purchase the JioPhone for Rs 699, down from its original price of Rs 1,500, and this offer was originally supposed to be valid till October 27, 2019. Now, the telco has extended this offer so that the JioPhone can be purchased with a Rs 801 discount till November 2019. In addition, the previously available additional data benefits worth Rs 693 will also remain in effect. Do note that the minimum recharge amount needs to be Rs 99 per month to avail the benefits.
Jio has apparently extended the offer saying it received an ‘overwhelmingly’ positive response from consumers. “Under the Jio Phone Diwali Offer, Jio Phone witnessed an unprecedented record demand during the past 3 weeks, due to which Jio has decided to continue the onslaught for 1 additional month. The feature phone users who were not able to join the Jio movement during the Jio Phone Diwali offer, now get another month to avail the benefits of the festive offer and migrate to Jio Digital Life”, the company said in a statement. As mentioned above, an additional data benefit worth Rs 99 will be credited back to a customer for seven recharges performed in a row.
JioPhone is a smart feature phone that runs KaiOS and is equipped with a 2.4-inch display. Powered by a 1.2GHz dual-core processor, the handset comes with 512MB RAM and offers 4GB of internal storage. There’s also support for a microSD card of up to 128GB. The Jio Phone supports Google Assistant, which can be used to place calls, send texts and more. Additionally, it supports popular apps like Facebook, Google Maps, WhatsApp, and YouTube. It is backed by a 2000mAh battery.
https://ift.tt/36tI2xn
WhatsApp says it informed govt in September that Indian users were impacted of malware
TSMC says it will raise 2025 capital spending to $38B-$40B, an over 30% increase after three years of stagnation (Kathrin Hille/Financial Times)
Kathrin Hille / Financial Times : TSMC says it will raise 2025 capital spending to $38B-$40B, an over 30% increase after three years of s...
-
Jake Offenhartz / Gothamist : Since October, the NYPD has deployed a quadruped robot called Spot to a handful of crime scenes and hostage...
-
Lorena O'Neil / Rolling Stone : A look at the years of warnings about AI from researchers, including several women of color, who say ...
