At a glance.
- Dual use: parental monitoring tool or stalkerware?
- Keeping virtual meetings secure.
- Coronavirus trackers raise concerns about smartphone users' privacy.
- Coronavirus-themed phishing continues.
A stalkerware outbreak? Or just an innocent case of a dual-use technology?
Kaspersky reports finding an app, MonitorMinor, that can be installed to monitor a user's activity in Gmail, WhatsApp, Instagram, and Facebook. As Kaspersky notes, the app's developers do seem to have produced a product intended legitimately for parents to use in monitoring their children's activity online. But parental monitoring tools are disturbingly close to what arms controllers call "dual use" products: what can be used to monitor children can also be used to snoop on spouses, colleagues, and so on.
Advice on keeping remote work secure.
The US National Institute of Standards and Technology (NIST) has some advice on how to conduct online meetings securely. The challenge is keeping out eavesdroppers.
- First, follow your organization’s policies for virtual meeting security.
- Avoid reusing access codes. As NIST points out, “if you’ve used the same code for a while, you’ve probably shared it with more people than you can imagine or recall.” Sensitive discussions call for one-time PINS or meeting codes, and also for multi factor authentication.
- Don’t let the meeting start until the host joins. Enable notification when someone joins--play a tone or speak a name. In any case have new attendees announce themselves. Use a dashboard to monitor attendees.
- Think twice about recording the meeting--if it’s not necessary, then don’t.
- If it’s a web meeting, with video, then disable features you don’t need, like chat or file-sharing. And before someone shares their screen, remind them not to inadvertently put up any sensitive information.
Tracking coronavirus and tracking smartphone users.
We've seen US and Israeli interest in online tools designed to help suppress the COVID-19 pandemic. (The US is interested in screening questionnaires, Israel in applying a security database to track physical interaction.) The UK is also contemplating using an online tool for epidemiological purposes. The Telegraph reports that researchers at Oxford University are working on an app that "would immediately notify anyone who had been near them for the previous fourteen days."
And in Israel the controversial lawful intercept vendor NSO Group is also offering its services to public health purposes. The company says, according to Bloomberg, that it has a new product that will help track infection and interaction.
Coronavirus-themed phishing.
Malwarebytes reported this morning on a phishing expedition that begins with an email spoofing the World Health Organization. This one is baited with an offer of a WHO e-book. “Inside this E-Book, My-Health,” write the skids in their email, “you shall find out the complete research/origin of corona-virus and the recommended guide to follow to protect yourself and others. This guidance provides critical considerations and practical checklists to keep Kids and business-centre safe.” Note the poor capitalization and questionable usage.