News for the cybersecurity community during the COVID-19 emergency: Wednesday, May 27th, 2020. Daily updates on how the pandemic is affecting the cybersecurity sector.
Contact-tracing apps are rolling out, slowly...
India's government has announced that it's making the source code of its Aarogya Setu contact-tracing app available for inspection and testing, a decision that Reuters says is generally being well-received by "digital rights activists" as likely to increase the system's security.
Privacy concerns continue to surround the contact-tracing technology being trialed by Britain's NHSX. Fear that the app will outlive the pandemic and become are permanent part of a national surveillance system are now familiar, and the "war rhetoric" that C4ISRNet sees surrounding national responses to the pandemic have probably helped provoke that sort of backlash in public opinion. ComputerWeekly reports that centralized data collection has also aroused worry that contact-tracing databases will themselves prove to be insecure, and that, if breached, they would provide cybercriminals with resources for identity theft and other capers.
...but they're being quickly spoofed by malware.
According to BleepingComputer, an archly named ransomware strain, [F]Unicorn, is being distributed by social-engineering come-ons that inveigle users in Italy to download the malware in the belief that it's a contact-tracing app developed by the Italian Pharmacist Federation. Trend Micro says the ransomware poses as a beta release of the Italian government's Immuni COVID-19 app.
One might ask, given the difficulty that legitimate contact-tracing apps have in finding enough willing users to make them effective, why criminals would think this particular social engineering approach likely to succeed. The answer's obvious: public health organizations need at least half the population to sign up for contact tracing, but the criminals only need a few marks to make it worth their while. As is so often the case, the secret to the criminals' success is volume.
Incoming Data61 head advises companies to invest in research.
The Commonwealth Scientific and Industrial Research Organisation's Data61 unit, Australia's data science research institution, advises companies not to squeeze R&D budgets in the course of COVID-19 belt-tightening, the Financial Review reports. Jon Whittle, currently dean of the faculty of information technology at Monash University, will assume the directorship of Data61 in July. He urges companies to maintain their commitment to research; that innovation would pay off once the pandemic passes.
5G conspiracy theories descend into lucrative self-parody.
Now available on Amazon, if you're interested, are products that claim to protect the user from the malign effects of 5G signals, the Telegraph reports. The offerings include underwear, stickers, blankets, pills, and so forth. Not only do none of these things offer protection, but the protection itself would be protection against a perceived threat that's no threat at all. We looked at Amazon, and indeed the stuff is up for sale: Anti EMF Radiation Reducing Underwear ("protection from cell phone, wireless, bluetooth, and 5G radiation and EMF"), EMF Shielding Black Sportsbra (which features "moisture wicking properties for 5G"), EMF Protection Hat Hood (with "anti radiation fabric, EMF protection and RF shielding"), and anti-EMF stickers (these come in ten-packs, and it's not clear whether the stickers themselves afford protection or simply warn people of the dangers). "EMF" is "electromagnetic field." The US Federal Trade Commission says there's “no scientific proof that so-called shields significantly reduce exposure from these electromagnetic emissions." This is the tinfoil hat for the Twenty-first Century, and we have to say the garments are a lot more stylish than the old DIY hats used to be, you know, the kind you wore to keep the government from x-raying you through the ceiling...