Stop virtual assistants from sharing your voice, data breach at Moviepass, trouble at Poker Tracker
Welcome to Cyber Security Today. It’s Friday August 23rd. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
When you talk to Alexa, Siri, Google Assistant or any other device with voice command it’s expected the conversation is private. However, you may not realize manufacturers or their contractors may be listening as well. Not in real-time, but listening to recordings of what you say and what the assistant hears in the background to help train the assistant’s machine learning system. News outlets The Guardian and Bloomberg News have recently written exposes about it. This week Motherboard revealed that contractors working for Microsoft have been hired to listen to voice commands of Xbox users. Notices about this are often buried in product privacy statements. Since the exposes, Apple, Google and Facebook have suspended their use of contractors for this work. Microsoft has now updated its privacy statement to say the processing of personal data for improving products includes both automated and human methods. It also offers users a way to delete the stored audio conversations with assistants so no one can hear them.
If you’re bothered by this, the New York Times had a piece yesterday noting Amazon and Google offer the ability to disable human vetting for their virtual assistants. Apple says it plans to release a software update that will let people opt into its voice training program.
There are other things you can do, such as deleting recordings and turning off sensors, to minimize the information shared with the companies.
The Times article has details on how to tailor Alexa, Siri and Google Home. There’s a link to the article here.
Another clumsy employee has been detected. This time it’s at the movie ticket subscription service Moviepass. TechCrunch reports a security researcher found someone there left a database with information on some subscribers open to the Internet. It had at least 58,000 records containing people’s credit card data, some of which could be completely read. The company said it will notify affected subscribers.
Do you subscribe to the website Poker Tracker? It sells tools for online poker enthusiasts to improve their chances of getting winning hands. Well, according to security vendor Malwarebytes, the site was recently hacked so criminals could skim credit and debit card numbers as they were entered. The problem: Poker Tracker was using an older version of a content management platform called Drupal. The criminals exploited a vulnerability in the unpatched platform. The company quickly fixed the problem. It’s another example of why organizations have to do a better job of patching software and watching their web pages for compromised code.
Finally, users of the free version of Bitdefender Anti-Virus 2020 should make sure they’re running the latest version. The software should be configured to automatically update. The latest version fixes a bug.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.