At a glance.
- British regulator FCA mistakenly publishes personal data.
- Sports retailer exposes misconfigured ElasticSearch database.
- Smart speakers are awakened by more than just intentionally spoken wake phrases.
Financial Conduct Authority inadvertently reveals personal data.
Personal data belonging to about sixteen-hundred individuals were revealed by the UK's Financial Conduct Authority (FCA), the Guardian reports. The regulator published on its website a document containing the names, addresses, and telephone numbers of people who complained about the agency. The exposure was inadvertent, coming in the course of a mishandled and over-sharing response to a request under the Freedom of Information Act that sought to learn the "number and nature of new complaints made against the FCA between 2 January 2018 and 17 July 2019." The FCA has apologized and said it will notify people whose addresses and phone numbers were exposed (not, however, those whose names only were published). The Authority has also reported itself to the Information Commissioner's Office, the British regulatory body that polices data use and abuse.
Retail data exposure.
Decathlon, a major sports retailer, inadvertently exposed one-hundred-thirty-two million records in an improperly secured ElasticSearch database, Computing writes. SC Magazine says the company has now shut the door, but the data, of course, have already been exposed. The information at risk includes unencrypted passwords, user names, full addresses, social security numbers, dates of birth, email address, qualifications, and unencrypted administrator logins. The incident is thought to be reportable under GDPR.
Smart speakers are over-eager responding to their wake phrases.
Researchers at Northeastern University and University College London have measured the privacy performance of smart speakers and found it wanting. The problem is essentially this: the speakers tend to eavesdrop, as often, Naked Security says, as nineteen times a day. Smart speakers respond to wake phrases, most of which will be familiar. Google Home Mini 1st generation listens for "OK Google," "Hey Google," or "Hi Google;" Apple Homepod 1st generation responds to "Hey, Siri;" Harman Kardon Invoke by Microsoft perks up when it hears "Cortana;" and the 2nd and 3rd generation of Amazon Echo Dot will hop to it when "Alexa," "Amazon," "Echo," or "Computer" are uttered in their presence. The researchers' method was to play T.V. shows within range of the devices, testing their response to whatever was being said on Gilmore Girls, Grey’s Anatomy, The L Word, The Office (which national version wasn't clear), Greenleaf, Dear White People, Riverdale, Jane the Virgin, Friday Night Tykes, Big Bang Theory, The West Wing, and Narcos. In addition to arguably providing a window into the T.V. consumption habits of academics in Boston and London, the experiment found that the devices were activated, on average, between 1.5 and 19 times during any given 24-hour period. Siri and Cortana were the busiest, but all the assistants showed some response to ambient dialogue. None of them recorded continuously or even for extended periods of time, but they responded long enough to merit inclusion in the unscientific category we would call "creepy." Apparently the smart speakers were fans of Gilmore Girls and the Office; those two shows triggered the most activations.
The research is ongoing, and the investigators intend to try to answer the following questions:
- "How many activations lead to audio recordings being sent to the cloud vs. processed only on the smart speaker?"
- "Do cloud providers correctly show all cases of audio recording to users?"
- "Do activations depend on the TV show character’s accent, ethnicity, gender, or other factors?"
- "Do smart speakers adapt to observed audio and change whether they activate in response to certain words over time?"