In this week’s Cyber Blurbs Roundup, we write about Apple’s decision to bolster the privacy features for its item tracker, the latest privacy intrusion from TikTok, and the federal government’s pivot against ransomware.
Apple To Update AirTags To Be Android Friendly
Apple is making some changes to its AirTags, updating the tracker’s software to notify individuals of potential stalking within eight to 24 hours, the company announced. The company is also planning on releasing an app for Android that should make it easier for users on the other side of the line to know if they’re being followed, according to a report from CNET.
AirTags were first introduced in April, finally announced after years of rumors and anticipation from the Apple faithful. The device was nothing innovative, joining the already crowded market of item trackers largely dominated by the likes of Tile and Cube. But Apple had an ace up its sleeve that would immediately allow AirTags to make a sizable impact. AirTags would function through the company’s Find My Network — meaning that every enabled Apple device (iPhones, iPads, Mac computers) would be able to serve as a device for your AirTag to ping to create an accurate location for your lost item. Compare that to Tile’s approach, which requires other Tile trackers or mobile devices with the Tile app installed to create an accurate location.
Apple’s ecosystem created an immediate advantage over its more seasoned competitors, providing users with a reason to buy in. But the abundance of Apple products also created a bit of an issue: AirTags may be working too well.
Shortly after the announcement, critics posed a question: What’s stopping a person from slipping an AirTag into somebody’s bag to stalk them? Apple’s initial response was less than ideal, with the company stating that a potential victim of stalking would only be notified of a persistently nearby AirTag after about 72 hours. This was seen as a happy medium, considering the company also wanted to avoid false alarms being sent to those who may simply be sharing public transit with non-malicious individuals who simply have AirTags for their own personal items.
There was also a second problem: For as much as Apple worked on notifying users of a potential stalker, that scenario would only work if said user owned an iPhone. Android users had no mechanism to be notified of a nearby AirTag.
Apple’s update to correct the first issue is live now, with the Android app expected to be released later this year.
TikTok to Begin Collecting ‘Faceprints’
It’s been a while since we’ve heard from the folks over at TikTok HQ — which is probably how they want it to go. But as is the case with any time the social media app decides to make another change to its already intrusive privacy policy (can we still call it that if there really isn’t any, uh, privacy?), we’re here to tell you about it so you can maybe pass it along to your kids or youthful colleagues
TikTok recently updated its privacy policy to now include the potential collection of things like “faceprints” and “voiceprints.”
No, we don’t really know what that means.
No, TikTok didn’t clarify when asked by several news outlets.
An excerpt from that policy, as originally highlighted by TechCrunch:
“We may collect information about the images and audio that are a part of your User Content, such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content. We may collect this information to enable special video effects, for content moderation, for demographic classification, for content and ad recommendations, and for other non-personally-identifying operations.”
While mentioned in the privacy policy, TikTok has yet to explain how it will be collecting “faceprints” and “voiceprints,” and for what purpose. The company says it will actively request permission when required to do so, although only a handful of states in the US have laws in place that would require TikTok to get the go ahead from users.
DOJ: Ransomware to Get Terrorism-Level Priority
Just one week after the federal government reportedly announced plans to regulate pipeline cybersecurity, the US Justice Department is taking it one step further: Ransomware will soon receive the level of investigation often associated with terrorist attacks.
In short, the new approach will require US attorney’s offices to share case information with leadership in Washington, centralizing the data points in hopes of gaining ground on the investigation.
"To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking," read a statement on the federal guidance obtained by Reuters.
As mentioned, the decision to elevate ransomware investigations also follows a slew of costly attacks against pipelines, food suppliers, and health care systems. Colonial Pipeline recently admitted to paying $4.4 million following a ransomware attack that sent many parts of the east coast into a fuel shortage. Scripps Health in San Diego announced earlier this month that an attack against its network resulted in the exposure of nearly 150,000 individuals who had personal information stolen by hackers.
