FixMeStick’s Weekly Cybersecurity Round-Up: Feb 24th – March 1st

Welcome back to our weekly round up! Happy belated Leap Day; we’re slowly progressing through the end of winter, which should spark some joy among our friends up north. Though spring and warmer days often bring a wave of relief, the tech world has been having its own fair share of problems lately. This week we bring you news regarding a PayPal hack, eavesdropping smart home speakers, and potential threats regarding Clearview AI.

It seems like PayPal is dealing with a bit of trouble when it comes to their online payments. Initially, hackers would be able to bypass user authentication once they gained access to the user’s credentials, though now it seems as though the entire authentication process can be bypassed, so long as the hacker has access to stolen credentials. 

Though at first the vulnerability hadn’t seen any reported cases, recently there have been a number of reports from Germany which indicate that hackers are in fact exploiting the issue. Currently, German media is reporting that PayPal users are being charged through transactions via Google Pay, which may indicate that hackers are targeting PayPal users who have their accounts linked to the virtual card reader.

With that being said, at this time it’s important to check up on your PayPal account and update your security preferences if need be. Though there haven’t been any reported cases elsewhere, it’s best to stay up to date.

You can read more about the ongoing case here.

While smart home speakers are a convenient device to have at home, certain aspects concerning their use has raised some eyebrows lately. Although these devices aren’t programmed to listen to everything you say, mistakes are often made, as shown by a recent study.

These smart home speakers aren’t meant to eavesdrop on your conversations, but instead they typically respond to key phrases, such as: “Ok Google” or “Hey Siri”. However, it seems as though the devices will often mishear a command, prompting them to begin listening (in some instances, audio of sex or criminal deals have been recorded). Studies show that these devices will often eavesdrop up to 19 times a day, simply from mishearing a command.

Though there isn’t any real cause for alarm, it does raise some questions regarding how much is being recorded, even if only by accident. You can read an article here about the relationship between smart home speakers and privacy.

Recently, Clearview AI, the company that’s taken more than three billion of our public photos by scanning various social media sites, has recently lost its entire client list to hackers. Though the company insists that none of their customers’ search histories have been accessed, the fact that a hacker was able to access such sensitive information is truly alarming.

A solid portion of Clearview AI’s customer base are involved with law enforcement, as the company allows customers to identify an individual by providing a single photo. Although this can be deemed beneficial in certain aspects, it raises many concerns regarding individual privacy. 

This isn’t the first time Clearview has caught some heat, as the company had been sued not too long ago for their involvement in scraping people’s photos from the internet.

Interested? You can read more about the situation here.

Well that’s it for this week of cyber security! With all being said and done, these events definitely bring up a lot of questions regarding our own security and privacy. Do you think we should sacrifice privacy for convenience and criminal justice? Let us know what you think!