9 Jun, 2020

Online Doctor App is Leaking Videos of Patient Consultations

A security researcher named Rory Glover tweeted today that he is able to access video recordings of medical consultations of other patients through the Online Doctor app, Babylon Health.

Rory claims that over 50 video recordings of private consultations are being leaked publicly.

If this claim is valid then Babylon Health may be liable for GDPR violations and massive fines.

Rory spoke to the BBC and said:

On Tuesday morning, when he went to check a prescription, he noticed he had about 50 videos in the Consultation Replays section of the app that did not belong to him.

Clicking on one revealed that the file contained footage of another person’s appointment.

“I was shocked,” he told the BBC.

“You don’t expect to see anything like that when you’re using a trusted app. It’s shocking to see such a monumental error has been made.”

Mr Glover said he alerted a work colleague to the fact, who used to work for Babylon. He in turn flagged the issue to the company’s compliance department.

Babylon, which has its headquarters in London, has since confirmed the breach.

“On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours whereby one patient accessed the introduction of another patient’s consultation recording,” it said in statement.

“Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.”

Babylon told the BBC it had already been in touch with everyone involved to inform them and apologise.

9 Jun, 2020

Apple Macs Transitioning to ARM in 2021

According to Bloomberg, Apple are going to announce at the upcoming Worldwide Developer Conference (WWDC20) a transition to ARM-based processors for all Macs. It will be interesting to see how Apple maintains compatibility for all of the x86 compiled apps which have been on macOS forever. This may also be another sign that we’re going to see a cross-platform play between Mac and iPad. Who knows but it’s going to be interesting!

Talk a look at what Bloomberg said today:

Apple Inc. is planning to start selling Mac computers with its own main processors by next year, relying on designs that helped popularize the iPhone and iPad, according to people familiar with the matter.

The Cupertino, California-based technology giant is working on three of its own Mac processors, known as systems-on-a-chip, based on the A14 processor in the next iPhone. The first of these will be much faster than the processors in the iPhone and iPad, the people said.

Apple is preparing to release at least one Mac with its own chip next year, according to the people. But the initiative to develop multiple chips, codenamed Kalamata, suggests the company will transition more of its Mac lineup away from current supplier Intel Corp.

Taiwan Semiconductor Manufacturing Co., Apple’s partner for iPhone and iPad processors, will build the new Mac chips, said the people, who asked not to be identified discussing private product plans. The components will be based on a 5-nanometer production technique, the same size Apple will use in the next iPhones and iPad Pros, one of the people said. An Apple spokesman declined to comment, as did Intel and TSMC.

Apple is designing more of its own chips to gain greater control over the performance of its devices and differentiate them from rivals. Getting Macs, iPhones and iPads running the same underlying technology should make it easier for Apple to unify its apps ecosystem and update its computers more often. The move would also reduce reliance on Intel, which has struggled to maintain the annual increases in performance it once offered.

“This news has negative longer-term implications for Intel, in-line with our concerns around Intel’s future market share,” Brad Gastwirth, chief technology strategist at Wedbush Securities, wrote in a note to investors. Shares of the chipmaker fell as much as 2.2% on Thursday while the rest of the market rose.

Current mobile device chips from Apple have multiple processing units, or cores, that handle different types of tasks. The latest iPad Pro has four cores for performance-intensive workloads and another four to handle low-power tasks to preserve battery life.

The first Mac processors will have eight high-performance cores, codenamed Firestorm, and at least four energy-efficient cores, known internally as Icestorm. Apple is exploring Mac processors with more than 12 cores for further in the future, the people said.

In some Macs, Apple’s designs will double or quadruple the number of cores that Intel provides. The current entry-level MacBook Air has two cores, for example.

Like Qualcomm Inc. and the rest of the mobile semiconductor industry, Apple designs its smartphone chips with technology from Arm Inc., owned by SoftBank Group Corp. These components often use less energy than Intel’s offerings. But it in recent years, Arm customers have tried to make processors that are also more powerful.

The transition to in-house Apple processor designs would likely begin with a new laptop because the company’s first custom Mac chips won’t be able to rival the performance Intel provides for high-end MacBook Pros, iMacs and the Mac Pro desktop computer.

The switch away from Intel is complex, requiring close collaboration between Apple’s software, hardware and component-sourcing teams. Given work-from-home orders and disruptions in the company’s Asia-based supply chain, the shift could be delayed, the people said.

Like with the iPhone, Apple’s Mac processors will include several components, including the main processor, known as a Central Processing Unit or CPU, and the GPU, the graphics chip. Apple’s lower-end computers currently use Intel for graphics, while it has partnered with Advanced Micro Devices Inc. for the graphics cards in its professional-focused offerings.

The Kalamata project has been going for several years. In 2018, Apple developed a Mac chip based on the iPad Pro’s A12X processor for internal testing. That gave the company’s engineers confidence they could begin replacing Intel in Macs as early as 2020, Bloomberg News reported.

Apple has already started designing a second generation of Mac processors that follows the architecture of chips planned for the 2021 iPhone. That indicates Apple wants to put its Macs, iPhones and iPads on the same processor development cycle.

Despite a unified chip design, Macs will still run the macOS operating system, rather than the iOS software of the iPhone and iPad. Apple is exploring tools that will ensure apps developed for older Intel-based Macs still work on the new machines. The company also has technology called Catalyst that lets software developers build an iPad app and run it on Mac computers.

Moving macOS from Intel’s chip architecture to an Arm-based design will be a technical challenge. Microsoft Corp. stumbled with a similar effort.

The changes will be a blow to Intel’s prestige. Apple Co-founder Steve Jobs and the late Intel Chief Executive Officer Paul Otellini stood on stage in 2005 to announce the first Macs with Intel processors. The decision was praised for several years, resulting in capable computers such as the original Mac Pro in 2006, the second-generation MacBook Air in 2010 and the thinner MacBook Pro in 2012.

But in recent years, the pace of Mac upgrades has declined, partly due to a slowdown in Intel’s chip advancements. That sometimes left years between Mac refreshes, upsetting some customers. Intel has also faced manufacturing challenges that Apple has blamed for some recent declines in Mac sales.

Kalamata is Apple’s most ambitious computer chip initiative to date. It currently offers specific chips for Mac features, such as security and power management, that work alongside the main Intel processors.

Apple also aims to stop using Intel cellular modems — chips that connect smartphones to the internet and support calls — after using them for only four years. The company plans to use 5G modems from Qualcomm in as many as four new iPhone models later this year. Apple last year acquired Intel’s modem business after striking the short-term supply deal with Qualcomm.

5 Jun, 2020

FitBit Users Can’t Turn off Friend Requests

A UK-based web application security researcher today noticed that his FitBit account is subject to ‘Friend Requests’ from other FitBit owners.

The researcher known only as -Redacted- today tweeted about a Friend request he received. He proclaims that he bought a FitBit for his own personal usage and to track his exercise goals.

Friends on FitBit profiles can track each other’s exercise progress and message each other, and they also have a leaderboard which tracks who has done the most progress that week.

-Redacted- does not want to share his exercise data with other users so he investigated how to turn off friend requests and make his profile completely private. -Redacted- was shocked to find out about FitBit’s stance on this subject.

FitBit said: “You can make your profile private by setting the privacy of your data… but it’s not possible to make yourself entirely invisible. You can choose not to receive Notifications from friend requests but they will always reach you.”

FitBit was bought by Google in November 2019.

4 Jun, 2020

Romanian Cash Machine Skimming Gang Stole $1.2 Billion From Tourists in Mexico

The cash machine company “Intacash” installed sophisticated debit and credit card skimming devices on at least 100 machines, and distributed them throughout Mexico, including in many tourist spots.

Intacash is owned by Florian ‘The Shark’ Tudor, who is allegedly also the leader of Romanian mafia gang ‘Riviera Maya’.

It is alleged the skimming operation stole card details from an average 1000 cards per cash machine every month and siphoned an average of $200 from every card. This allowed the gang to steal approximately $20 million per month.

A three-part web series published in 2015 by Brian Krebs of KrebsOnSecurity.com detailed a discovery of around two dozen Intacash machines with Bluetooth-enabled skimming devices.

One of the Bluetooth-enabled PIN pads pulled from a compromised ATM in Mexico. Copyright KrebsOnSecurity.com

These devices are much more difficult to identify than the typical devices fitted on the exterior of a cash machine.

A report published yesterday by the Organized Crime and Corruption Reporting Project (OCCRP) fills out the whole picture. The OCCRP allege that Police investigator now believe “Intacash installed the same or similar skimming devices in its own ATMs prior to deploying them – despite advertising them as equipped with the latest security features and fraudulent device inhibitors.”

Watch the 2015 investigation on https://krebsonsecurity.com and read the OCCRP’s report at https://www.occrp.org/en