October 2, 2018

Suspect forced to unlock iPhone with his face

By Lisa Vaas

An investigation into a chain of pedophiles has revealed the first known case of law enforcement forcing a (living) suspect to unlock his iPhone by using his face with Apple Face ID facial recognition technology.

Forbes dug the case out of an affidavit for a search warrant issued on 19 September that mentioned using Face ID to unlock an Ohio man’s iPhone X.

Forbes staffer Thomas Brewster notes that this isn’t just a first for US law; this is a first for any law enforcement outfit in the world.

The iPhone X belongs to Grant Michalski, 28 – one of six Ohio men who, according to the Department of Justice (DOJ), met on Craigslist to talk about the sexual abuse of at least two 10-year-old girls. In August, the six were charged with crimes related to producing sexual abuse images and repeated sexual abuse of at least those two girls.

Larry McCoy, a task force officer with the FBI, had begun the investigation in January 2018 by posting a Craigslist ad titled “Taboo Dad chat.” Posing as a recently divorced father, McCoy’s ad said he was looking to chat with others regarding “taboo stuff.”

He got a response from somebody later identified as William G. Weekley, 34, of Newark, NJ – one of the men mentioned in the DOJ’s announcement from August. Weekley allegedly proceeded to send McCoy child abuse images via the Wickr messaging app. He was arrested in January and admitted to communicating with others on Craigslist. According to the affidavit, the suspects also used the chat app Kik Messenger to discuss abuse of minors.

Read more at https://nakedsecurity.sophos.com/2018/10/02/suspect-forced-to-unlock-iphone-with-his-face/

Students swap data for coffee at cashless café

By Lisa Vaas

How much is the personal data of young people worth?

Stop. We know what you’re thinking. You’re thinking it’s worth about as much as a large pizza.

Sorry, but no – that’s circa 2016 thinking, when 42% of 13- to 17-year-olds said they’d rather give away their personal data than work at a job to earn $20.

But since February, personal data has been worth a cup of coffee. News of the devaluation comes with the opening of Shiru Cafe, which now has a branch in Providence, RI, near Brown University.

The University’s staff and faculty have to shell out $1 for their beverage, but students caffeinate in exchange for nothing more than a college ID… and their names, phone numbers, email addresses, majors, dates of birth, professional interests, “IT skills,” “previous internships,” and the size of “company the student is interested in”. As the BBC reports, the students fill that personal data into an online form.

By doing so, they agree to receive information – via logos, apps, digital ads displayed in stores and on mobile devices, signs, surveys and well-briefed baristas – from the corporate sponsors who pay for those roasting beans.

At any rate, all that will theoretically come to pass as soon as Shiru Providence actually has corporate sponsors. Keith Maher, the manager of Shiru’s Providence locations, told NY Magazine that for now, the cafe’s screens are just showing ads for internship positions at Shiru, until the company manages to recruit actual, paying sponsors.

Read more at https://nakedsecurity.sophos.com/2018/10/02/students-swap-data-for-coffee-at-cashless-cafe/

Lock screen bypass already discovered for Apple’s iOS 12

By John E Dunn

Apple’s well-received iOS 12 is barely out of the gates and already someone has found a way to beat its lock screen security to access a device’s contacts, emails, telephone numbers, and photos.

As bypasses go, this one’s elaborate, requiring two Apple devices, 16 steps to be executed in the correct sequence to view contacts, numbers and emails, plus a further 21 steps to view photos (and Face ID to be either turned off or taped over).

That immediately rules out a casual or opportunist attack – anyone wanting to exploit the weakness would need physical access to the device, plenty of time, and step-by-step instructions.

The weakness

The flaw was revealed to the world in a Spanish-language video from a researcher, Jose Rodriguez, who has built a reputation for finding at least two other iOS lock screen bypasses.

One of Siri’s helpful features is the ability to do all sorts of things even when an iPhone or iPad are locked, including phone people, send a text message, and tell users about their meetings. From the description, it is this which makes the bypass possible, albeit via a convoluted route.

Read more at https://nakedsecurity.sophos.com/2018/10/02/lock-screen-bypass-already-discovered-for-apples-ios-12/

How to have that difficult “stay safe online” conversation with your kids

By Maria Varmazis

It’s crucial to arm kids with knowledge of how to protect themselves and their information online, not only in the moment, but also for the future – a concept many kids may not really care about or even grasp.

If you’re looking for the best way to start a conversation with your children about online safety as they start using the internet with greater independence, below are some tips to help them (and you!) keep themselves and their information protected.

1. Does it pass the grandmother test?

It can be easy to get swept up in the moment, and suddenly without realizing you’ve said or done something you regret and that you can’t take back. It’s even worse on the internet, as that thing you’ve said or done lives online forever – yes, even if you think you’ve deleted it.

Think for a moment before you post something, and remember that once it’s online it’s out there for everyone to see. If you wouldn’t be comfortable with your grandmother, a teacher, or future employer reading that post, perhaps it shouldn’t go online in the first place.

Read more at https://nakedsecurity.sophos.com/2018/10/01/how-to-have-that-difficult-stay-safe-online-conversation-with-your-kids/

You gave your number to Facebook for security and it used it for ads

By John E Dunn

What happens to the mobile numbers Facebook users add to their accounts to enable SMS two-factor authentication (2FA)?

If you assume the answer is nothing beyond their described purpose, prepare for a bit of a surprise courtesy of a study by researchers from Northeastern University and Princeton University, backed by plenty of dissatisfied commentary from the privacy community and tech press.

Facebook, the researchers found, has been adding these numbers to the other data it uses to target people with advertising.

It is already known that Facebook lets advertisers upload their own data – including email addresses and telephone numbers – which is matched to the same data on user accounts. As the researchers explain:

Facebook then creates an audience consisting of the matched users and allows the advertiser to target this specific audience.

What’s never been clear, however, is which personally identifiable information (PII) from its various services (including Instagram and WhatsApp) are used in ad targeting because it’s not easy to directly relate a specific piece of data from one context to the ads that show up.

Read more at https://nakedsecurity.sophos.com/2018/10/01/facebook-turn-off-sms-2fa-if-you-dont-want-your-number-used-for-ads/


Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation