Cyber Security News Update 10/05/2018
Amazon and Apple Continue to Deny Cyber Security Fears
Amazon and Apple lashed out against a report from Bloomberg news which claims Chinese devices shipped to the US are hacked. The Bloomberg report claims that Chinese factories are adding additional microchips to motherboards produced for SuperMicro at the request of the Chinese government. The yet unidentified chips supply enough space for programming that allows them to act as a portal for future use. As expected, the Chinese government denied the claims too. Bloomberg still have not identified a credible source, or any source for that matter. Amazon continued to lead the anti-hacking charge today with more denials of Bloomberg’s claims.
California Law Requires Unique Passwords
California passed a new law that requires stricter security features for all connected devices by 2020. The law, Senate Bill No. 327, calls for all connected electronic devices to be delivered with a password that is unique to each device. No more generic passwords that ship with all units of the same make and model will be allowed. All connected devices such as routers must have a preprogrammed password that is unique to each individual device. That means default passwords like “password” with no longer be acceptable by 2020. New security features must be designed to protect the device and any information on it from “unauthorized access, destruction, use, modification, or disclosure.”
California Senate Bill No. 327 also requires that all new connected devices have “a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time,” This forces device owners to change the unique password to something new as soon as it’s connected for the first time. The goal is to stop cyber attacks that prey on known admin usernames and passwords set by equipment manufacturers.
According to the new law, the term “connected device” includes any device or other physical object that can connect to the Internet, directly or indirectly, and that is assigned an Internet Protocol (IP) address or Bluetooth address.
Source: California Legislature
Still No Trust in Facebook?
Facebook continues to wallow in even more controversy (but no serious sanctions or fines) as over 50 million accounts were hacked. Facebook was also caught using users’ two-factor authentication (2FA) data in its advertising platform. Although 2FA credentials are not revealed directly to the advertisers, its use was not authorized by the Facebook users to be incorporated into anything other than increasing account security.
This is just another trust breach in a long line of Facebook cyber security issues that have surfaced since the whole Cambridge Analytica conundrum surfaced earlier this year.
Chinese Security Official Missing
French police are investigating the disappearance of Interpol President Meng Hongwei. It is suspected that he may have been taken into custody in China where he landed last week. Hongwei is also a senior Chinese security official who serves as China’s deputy minister of public security. Hongwei’s family has not heard from him since his September 29 departure for China
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers