Dr. T's security brief
Daniel Tauritz
China Creates Its Own Digital Currency
The Wall Street Journal
James T. Areddy
April 5, 2021
China's digital yuan cryptocurrency is expected to give its government a vast economic and social monitoring tool, and strip users of their anonymity. Beijing is preparing the digital currency for international use, and designing it to be unconnected to the global financial system, to permit more centralized control. The cryptocurrency is accessible from the owner's cellphone or on a card, and it may be spent without an online connection. Analysts and economists say the digital yuan could gain a foothold on the fringes of the international financial system, allowing people in impoverished nations to transfer money internationally. With a trackable digital currency, China's government could impose and collect fines as soon as an infraction is detected, or enable parties sanctioned by the U.S. to exchange money outside of sanctions.
*May Require Paid Registration
Android Sends 20x More Data to Google Than iOS Sends to Apple, Study Says
Ars Technica
Dan Goodin
March 30, 2021
Douglas Leith at Ireland's Trinity College suggests the Android operating system (OS) transmits about 20 times more information from smartphone handsets to Google than iOS sends to Apple, even when the devices appear idle, are just opened, or users have opted out. At startup, Android devices transmit about 1 MB of data versus iOS's 42 KB; idle, Android transmits approximately 1 MB every 12 hours, compared to iOS's roughly 52 KB. Both OSes also send data to their parent companies when users perform tasks like inserting a subscriber identification module card or browsing the handset settings screen. Even when not in use, each device links to its back-end server on average every 4.5 minutes. Leith also found pre-installed applications or services made network connections even when the handset is unopened or unused, and said these findings are worrisome, because "currently there are few, if any, realistic options for preventing this data sharing."
Tool Strips Manipulative 'Dark Patterns' From Mobile Apps
IEEE Spectrum
Edd Gent
March 30, 2021
Researchers at the U.K.'s University of Oxford have developed the user-friendly GreaseDroid tool to eliminate "dark pattern" design features from popular mobile applications. Such features aim to subtly manipulate users' online behavior to profit app makers, but may significantly harm user autonomy, privacy, well-being, and choice. GreaseDroid lets users implement patches to edit app code, and remove or alter features supporting dark patterns, through a Web portal. Users choose the app to be modified, then browse a library of patches that each target different dark patterns; following selection, the GreaseDroid software deploys the alterations and supplies a link to download a bespoke version of the app. Purdue University's Colin Gray said GreaseDroid highlights "the use of what might be considered ethical 'hacking' to allow consumers to respond to addictive and manipulative threats that are present in apps on their smart devices."
New Wave of 'Hacktivism' Adds Twist to Cybersecurity Woes
Reuters
Joseph Menn
March 25, 2021
Activist hackers looking to make political statements constitute emerging threats to U.S. cybersecurity. The U.S. government charged non-binary Swiss hacker Tillie Kottmann with conspiracy for their claimed exposure of artificial intelligence-powered corporate video surveillance by the startup Verkada. Hacktivists also exposed January 6 Capitol riot videos from the right-wing social network Parler, which Gabriella Coleman at Canada's McGill University said indicated support for antiracist or antifascism politics. Emma Best of the Distributed Denial of Secrets website said indictments like Kottmann's "show just how scared the government is, and just how many corporations consider embarrassment a greater threat than insecurity."
TikTok Does Not Pose Overt Threat to U.S. National Security, Researchers Say
The Wall Street Journal
Eva Xiao
March 22, 2021
Cybersecurity researchers at the University of Toronto's Citizen Lab in Canada said TikTok's underlying computer code does not pose a national security threat to the U.S. The researchers said a technical analysis of the app, owned by China's ByteDance Ltd., found no evidence of "overtly malicious behavior." Although they determined that TikTok's data collection practices are no more intrusive than Facebook's, the researchers acknowledged there could be security issues they did not uncover. Further, ByteDance could be forced to turn data over to the Chinese government under the country's national security laws. ByteDance said it was committed to working with authorities to resolve their concerns.
*May Require Paid Registration
FBI Warns Cybercriminals Are Increasingly Targeting Colleges
Inside Higher Ed 
(3/19, McKenzie) reported, “A spate of recent cyberattacks on colleges, universities, seminaries and K-12 schools prompted a warning from the FBI’s Cyber Division this week.” The advisory notice “warned that criminals using malicious software called PYSA ransomware are increasingly targeting education institutions and attempting to extort them.” In the advisory, “security professionals and network administrators at K-12 and higher education institutions were encouraged to implement multifactor authentication, regularly patch software and systems, encourage users not to use public Wi-Fi networks, and train employees to recognize phishing scams.”