At a glance.
- Oversharing of vaccination cards.
- Sailors betray Sailors in identity theft wave.
- A privacy role for IoT regulation?
Please, no shots of your shot.
Though it has become popular for recipients of the COVID-19 vaccination to share the good news on social media, CNN reports that the US Better Business Bureau (BBB) advises against posting a picture of your vaccination card, as it could be a security risk. First, the card contains the individual’s full name and birthday, as well as general location (based on the vaccination site), valuable personal data a cybercriminal could use for identity theft. Second, the more images of vaccine cards that are circulating, the easier it is for cybercriminals to create counterfeit cards. Some scammers have already begun producing and selling fake cards in Great Britain. The BBB’s advice: just post your vaccine sticker instead.
Couple allegedly uses Navy credentials to steal personal data.
A press release from the U.S. Attorney’s Office, Eastern District of California discloses that an American couple living in the state of California have been indicted by a federal grand jury for using their status in the Navy to steal and sell the personal data of over nine thousand individuals. In August 2018, Marquis Asaad Hooper, then a chief petty officer with the Navy, contacted a commercial company that collects personal data for use by governments and businesses who need to confirm the identity of clients and employees. Hooper convinced the company that he was requesting access to their database in order to run background checks on behalf of the Navy’s Seventh Fleet. Instead, over the next two months he and his wife, naval reservist Natasha Renee Chalk, allegedly used the database to steal private data and sell it to identity thieves for upwards of $160,000 in bitcoin. Stars and Stripes notes, Hooper’s attorney is claiming that the couple only accessed the information for work purposes, and that the company’s services are readily available to the general public. The charges include wire fraud and aggravated identity theft, and if convicted Hooper and Chalk could face upwards of twenty years in prison.
IoT regulation could protect against vulnerabilities.
IoT security company ReFirm Labs published a guest blog written by a professor and graduate student who have discovered vulnerabilities in popular smart doorbells and security cameras. Early adopters in ReFirm’s IoT Cybersecurity Education Program, Dr. TJ O’Connor and student Daniel Campos identified backdoors in various models of Merkury/Geeni brand doorbells and security cameras available at major retailers like Amazon and Walmart. The security flaws could allow an attacker to gain full access to the device via a hardcoded account, remove any evidence of their actions in the audit log, bypass the user’s firewall to record audio or video, or even exploit a denial of service attack that would shut down the device completely. In a companion piece to the blog, ReFirm discusses ways retailers can make sure the devices they sell better conform to security regulations. For instance, safety certification company UL has created UL 2900, a series of safety standards that includes IoT regulations. Also, security certification labeling could better inform the consumer about the strengths and weaknesses of the device they’re purchasing and motivate manufacturers to adhere to higher standards.