Saturday, May 2, 2020
10 'tech innovations’ by Indian Army, Indian Navy, DRDO and others to fight COVID-19
Barcelona-based Factorial, maker of an all-in-one HR automation platform aimed at SMBs that is used by 60K+ customers, raises €15M Series A funding led by CRV (Ingrid Lunden/TechCrunch)
Barcelona-based Factorial, maker of an all-in-one HR automation platform aimed at SMBs that is used by 60K+ customers, raises €15M Series A funding led by CRV — A startup that's hoping to be a contender in the very large and fragmented market of human resources software has captured …
Security lapse at India’s Jio exposed coronavirus symptom checker results
Since the start of the outbreak, governments and companies have scrambled to develop apps and websites that can help users identify COVID-19 symptoms.
India’s largest cell network Jio, a subsidiary of Reliance, launched its coronavirus self-test symptom checker in late March, just before the Indian government imposed a strict nationwide lockdown to prevent the further spread of the coronavirus. The symptom checker allows anyone to check their symptoms from their phone or Jio’s website to see if they may have become infected with COVID-19.
But a security lapse exposed one of the symptom checker’s core databases to the internet without a password, TechCrunch has found.
Jio’s coronavirus symptom checker. One of its databases exposed users’ responses. (Image: TechCrunch)
Security researcher Anurag Sen found the database on May 1, just after it was first exposed, and informed TechCrunch to notify the company. Jio quickly pulled the system offline after TechCrunch made contact. It’s not known if anyone else accessed the database.
“We have taken immediate action,” said Jio spokesperson Tushar Pania. “The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms.”
The database contains millions of logs and records starting April 17 through to the time that the database was pulled offline. Although the server contained a running log of website errors and other system messages, it also ingested vast numbers of user-generated self-test data. Each self-test was logged in the database and included a record of who took the test — such as “self” or a relative, their age, and their gender.
The data also included the person’s user agent, a small snippet of information about the user’s browser version and the operating system, often used to load the website properly but can also be used to track a user’s online activity.
The database also contains individual records of those who signed up to create a profile, allowing users to update their symptoms over time. These records contained the answers to each question asked by the symptom checker, including what symptoms they are experiencing, who they have been in contact with, and what health conditions they may have.
Some of the records also contained the user’s precise location, but only if the user allowed the symptom checker access to their browser or phone’s location data.
We’ve posted a redacted portion of one of the records below.
A redacted portion of the exposed database. (Image: TechCrunch)
From one sample of data we obtained, we found thousands of users’ precise geolocation from across India. TechCrunch was able to identify people’s homes using the latitude and longitude records found in the database.
Most of the location data is clustered around major cities, like Mumbai and Pune. TechCrunch also found users in the United Kingdom and North America.
The exposure could not come at a more critical time for the Indian telecoms giant. Last week Facebook invested $5.7 billion for a near-10% stake in Jio’s Platforms, valuing the Reliance subsidiary at about $66 billion.
Jio did not answer our follow-up questions, and the company did not say if it will inform those who used the symptom tracker of the security lapse.
Telemedicine startup Medici raises $24M Series B as demand surges due to COVID-19 pandemic, bringing Medici's total raised since 2016 to over $70M (Mary Ann Azevedo/Crunchbase News)
Telemedicine startup Medici raises $24M Series B as demand surges due to COVID-19 pandemic, bringing Medici's total raised since 2016 to over $70M — We've seen a number of industries hit hard by the COVID-19 pandemic. But we've also seen a number with increased demand. Telehealth is one of the latter.
Researchers detail the increasingly prevalent LockBit ransomware, which may one day reach parity with other feared ransomware packages like Maze or Ryuk (Dan Goodin/Ars Technica)
Researchers detail the increasingly prevalent LockBit ransomware, which may one day reach parity with other feared ransomware packages like Maze or Ryuk — You've probably never heard of LockBit, but that's likely to change. — Ransomware has emerged as one of the top threats facing large organizations …
Friday, May 1, 2020
Bihar STET Exam Answer Key 2020 – Re Exam Answer Key & Objections Released
CAIT: E-commerce companies creating confusion over new MHA rules
Telefonica seeks to merge Britain's O2 and Virgin Media
Google's Messages app, which isn't part of Google's apps package often pre-installed on phones by 3rd-party Android OEMs, passes 1B+ installs on the Play Store (Hagop Kavafian/Android Police)
Google's Messages app, which isn't part of Google's apps package often pre-installed on phones by 3rd-party Android OEMs, passes 1B+ installs on the Play Store — Google's Messages app is packed with features, including a built-in markup tool, reminders, context-aware recommendations, a dark mode, RCS support, and a web interface.
Bitfinex's parent firm has applied for subpoenas in three US states asking federal courts to aid in recovering $800M+ in user funds seized by legal authorities (George Chidi/CoinDesk)
Bitfinex's parent firm has applied for subpoenas in three US states asking federal courts to aid in recovering $800M+ in user funds seized by legal authorities — The Bitfinex crypto exchange is making a new push to find and potentially recover more than $800 million in user funds seized …
India's government has mandated all private sector employees to download its COVID-19 contact tracing app, following its mandate for all the public sector staff (The Economic Times)
India's government has mandated all private sector employees to download its COVID-19 contact tracing app, following its mandate for all the public sector staff — Privacy activists said a diverse group of organisations and individuals had endorsed a representation to the Prime Minister's Office …
Apple has missed an opportunity by not introducing a product like Facebook Portal by combining different aspects of the Apple TV and HomePod with FaceTime (M.G. Siegler/500ish)
Apple has missed an opportunity by not introducing a product like Facebook Portal by combining different aspects of the Apple TV and HomePod with FaceTime — Apple TV should own the living room with FaceTime. And the Facebook Portal market with HomePod. And yet...
Bihar STET Answer Key 2020 – Re Exam Answer Key & Objections Released
A profile of Netflix co-CEO Greg Peters, who led the company's successful crackdown on password sharing and is now pushing a focus on live programming (Lucas Shaw/Bloomberg)
Lucas Shaw / Bloomberg : A profile of Netflix co-CEO Greg Peters, who led the company's successful crackdown on password sharing and ...
-
Jake Offenhartz / Gothamist : Since October, the NYPD has deployed a quadruped robot called Spot to a handful of crime scenes and hostage...
-
Andrew Tarantola / Engadget : An adapted excerpt from the book “Your Computer Is on Fire”, on how voice assistants like Siri and Alexa al...
