Google’s New Application Tools for Maps, YouTube, and Assistant Put Privacy in the Hands of Its Users

Image Source: www.iStock.com/IngusKruklitis

Just in time for National Cybersecurity Awareness Month, Google Maps, YouTube, and Google Assistant were recently announced to have new tools related to user privacy and security. The new updates to these applications give users more control over what data Google can retrieve, and even gives the option for users to delete already collected data such as within Google Voice Assistant. 

Google Maps has now included an incognito mode to keep the application from tracking which places you search for and where you travel to, this thus giving its application users more control over privacy. Incognito mode also helps to keep users’ personalized recommendations from including any locations that would otherwise be irrelevant. Android and iOS users are expected to have this feature available to their Maps application this month.

Image Source: Google | https://www.blog.google/technology/safety-security/keeping-privacy-and-security-simple-you/

 

YouTube is receiving an update as well, with users now able to choose when the app will automatically delete accumulated history. You can choose to keep your watch history for three or 18 months, or just choose to keep the data until you delete it manually.

Google Assistant is also getting an update that allows users to delete any saved voice data. By saying phrases like “Hey Google, delete the last thing I said to you,” or “Hey Google, delete everything I said to you last week,” to your device, Google Assistant will delete its “Assistant Activity”. Deleting voice data from a while back would require you to go into account settings.

After it was revealed that actual people could listen to voice recordings for the purposes of improving voice assistants, Google, Amazon, and Apple all took action to remedy the privacy situation. Alexa, for instance, was implemented with the option for consumers to choose whether recordings will be reviewed. Two months ago, Apple also stated the suspension of its Siri grading program which similarly recorded user audio. The company commented on how they would incorporate consumer participation choice in the grading program with a future update. 

Image Source: Google | https://www.blog.google/technology/safety-security/keeping-privacy-and-security-simple-you/

 

This Google Assistant feature is expected to be released in all languages by next month. The English commands will be available this month. 

Lastly, Google had released Password Checkup within its Password Manager tool. The Checkup feature notifies its users if their passwords have been compromised from a data breach, weak and need to be strengthened, or whether a password has been reused. Google will be adding this tool to Chrome soon, but users can still take advantage of the feature at passwords.google.com.

Google Study Reveals Many People Are Still Using Breached Passwords

Recently, a Google study showed that about 316,000 passwords have already been breached and are still in use. These used password credentials also include financial and governmental accounts. The information used to create this study was from Google Chrome’s Password Checkup extension. Google recently stated on their blog, “The study illustrates how secure, democratized access to password breach alerting can help mitigate one dimension of account hijacking.”

The Password Checkup Extension activates when someone signs into a site, which uses one out of 4 billion username/passwords that Google finds unsafe due to a third-party breach. Google found out that out of 21 million passwords and usernames, 1.5% of these sign-ins were risky. They also stated that many people like to reuse passwords that tend to be vulnerable, which puts them at risk. People use vulnerable passwords when it comes to entertainment and news websites, and sometimes on shopping sites where there could be credit card information stored. About 26 percent of unsafe passwords were reset by users. In addition to that, 60 percent of those new passwords are secured, leaving out the possibility of guessing attacks, which would take a hacker over a hundred million guesses before figuring out the user’s new password. 

Not changing used passwords can lead to cybercriminals gaining unauthorized account access. There have been “credential-stuffing incidents”, which affected companies like Dunkin Donuts and State Farm. Hackers would use lists of breached usernames and passwords to log in to web application accounts through automated requests. When the right username and password combination are found, cybercriminals can gain access to the targeted account. 

Google recommends using their Password Checkup Extension as a precautionary measure to alert users of whether their password has been breached. It is good practice to use different passwords for all your accounts and store them in a secure password manager application. As always, avoid using simple-to-guess passwords and instead use phrases with numbers and symbols. 

WebAuthn May Be the Solution for a Passwordless Future

On Monday, The World Wide Web Consortium – or the W3C – announced their approval of a new means of account security: through use of WebAuthn (a.k.a. Web Authentication). With WebAuthn, users can use other ways of logging into their accounts without the need for a password. Browsers such as Chrome, Firefox, and Safari already support the new authentication system. As now a new standard for authentication, WebAuth may be a tool individual sites can start implementing.

WebAuthn works as an API that essentially acts as the liaison between websites and users logging into their account, as sites “communicate” with security tools such as security keys on a USB to allow a user to access his/her account; this ultimately provides an extra form of protection.

The beneficial side to websites using WebAuthn includes less possibilities for hackers to cause destruction through site data breaches. This authentication system would work as a safer alternative than using passwords that may end up stolen during the instance of a data breach. It would even save many the trouble of having to remember and use weak passwords in the first place.

As the W3C has approved this new standard, websites can now adopt it into their own login methods, much like Dropbox and Microsoft did.

6 Security Tips to Keep in Mind When Using Device Apps

Nowadays, data breaches are happening more and more frequently, and an app you’ve once entrusted to keep your data and privacy safe can put your information at risk of being stolen through malicious hackers using security exploits, or through the developers’ means of using a third-party application to harvest your data. As you download your favorite applications from Apple’s App Store or Google’s Play Store, you’ll want to keep these security tips in mind:

  1. Using a password manager can help keep your accounts secure

Password manager applications are there to assist us when there are many accounts to keep track of. Often times, users rely upon using the same passwords which puts them at risk during massive data breaches. Easy-to-guess passwords like “Password” and “123456” are still among the top worst choices for users’ accounts, and slightly changing passwords to include a symbol or number is not always the best line of defense against hackers guessing your codes.

Using a password that is created by a random string of numbers and letters is assuredly a strong way of protecting your accounts. However, remembering these passwords comes as another issue at hand.

To help store your passwords in a secure and encrypted space, users can take advantage of password manager apps.

  1. Use a VPN when you use public WiFi

A virtual private network (VPN) can help keep your data secure when on public WiFi. VPNs can secure transactions and keep users anonymous when on the internet, ultimately masking any data transmissions.

When looking for a VPN provider via an app store, make certain you read the app’s data collection policies.

  1. Be aware of what permissions you grant to applications

Users should always be wary of what information apps ask to gain access to, such as contacts lists, location, and photos. A good form of practice is to always question an app’s request for certain permissions. For instance, if a note-keeping application asks for photo access, users should question the app’s motives in harvesting photo data.

It is also important to take note of any unusual behavior after certain application downloads. If your battery life performance drops or you notice your phone acting slower than usual, the malicious app could be collecting data in the background.

  1. Do your research on specific applications you want to download

Before you decide to download an app onto your phone, another good practice is to search the application on Google and see if it was involved in any recent data breaches or scams.

If previously involved in a data breach, take note of the way a company/developer handles the occurrence. A developer should take extreme precautionary measures to make certain this does not affect its users again, while also making sure the app’s security is heightened after a breach has already happened.

  1. Keep your phone’s software updated

Often times, OS updates are released to patch any device vulnerabilities that may allow hackers to access your data via malicious application downloads. By updating your device regularly, you can reduce the risk of hackers using data exploits to their advantage.

  1. Download legitimate applications from a trustworthy source, such as Apple’s App Store and Google’s Play Store

Most applications found within Apple’s and Google’s stores “meet a standard quality of data protection and [are]…required to produce a dedicated privacy policy [to]…protect your data,” says Stephen Hart in an interview with CNET.

It is better to avoid any untrustworthy sources outside of reputable app stores, as a user runs the risk of downloading an app that may contain a virus onto their device.

Ransom Demand Scam Tricks Users by Using Real Passwords in Emails

Have you heard about the new ransom demand sextortion scam? Cybercriminals have implemented a new method of false blackmail to scare users into paying bitcoin.

The email reads:

I’m aware that X is your password.

You don’t know me and you’re thinking why you received this email, right?

Well, I actually placed a malware on the porn website and guess what, you visited this website to have fun (you know what I mean). While you were watching the video, your web browser acted as an RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger,  Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 will be a fair price to pay so your secrets stay safe with me. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72

(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have a unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, co-workers, and so forth. Nonetheless, if I do get paid, I will erase the video immediately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

To be clear, there is a slim chance that anyone has recorded a video of you, therefore making this email a scam. With that said, hackers are able to make emails such as this so convincing nowadays by implementing new strategies like using your real password (most probably accessed through corporate data breaches within the last few years).

This has really changed the cyber-blackmailing game, but luckily hackers don’t have access to current passwords.

“[A]ll three recipients said the password was close to ten years old, and that none of the passwords cited in the sextortion email they received had been used anytime on their current computers,” explained researcher Brian Krebs, thereby making the stolen passwords old and outdated.

While sextortion scams like this have endeavored for a considerable length of time, there are no reports of any cybercriminals utilizing this strategy and really introducing malware to film somebody pleasuring themselves while watching porn. It’s substantially less demanding to simply lie about it and persuade individuals that it’s true.

To be safe from hackers, you can cover your webcam when not in use and change your passwords regularly to prevent any cybercriminals from accessing your login credentials. To be on the safe side, you can also set up two-factor authorization and secure logins.

To read more about this click here.