News Roundup: There's malicious code in my website, dear Liza…

A roundup of all this week’s technology news including Google mapping pollution rates, a folding phone and Amazon schools.

A roundup of all this week’s technology news including Google mapping pollution rates, a folding phone and Amazon schools.



British Airways hack

I know this is bordering on last week’s news but due to the lack of News Roundup last week (my bad) and the ongoing saga of the British Airways data breach, it’s one of the bigger stories of the week.

Quick recap for those of you who weren’t aware. Last Thursday, British Airways announced that hackers had gained access to the names, street and email addresses, credit card numbers, expiry dates and security codes of around 380,000 customers. All the compromised details came from customers who used British Airways’ website or mobile app between August 21st and September 5th.

Although the airline dealt with the breach in the proper manner; informing affected customers, contacting the ICO within the legal timeframe etc. things went from bad to worse for the company. Within hours of the disclosure, a British law firm announced it would take legal action against the airline on behalf of those impacted customers, launching a £500 million group action lawsuit.

However, the story took another interesting turn this week when researchers from the US cybersecurity company Risk IQ announced that the perpetrators of the attack, a group dubbed MageCart, were also responsible for the recent Ticketmaster breach.

The hackers were able to inject malicious code into the airline’s website, which allowed them to skim financial data that was inputted into online payment forms.

Not so surprisingly, this doesn’t seem to be the end of MageCart’s antics. The push notification platform Feedify has repeatedly had their JavaScript library infected with a string of malicious code that steals payment information. Feedify is used by eCommerce companies across the globe meaning that if this infected library code is embedded into a retail webpage, customers will have their payment information stolen via this third-party hack.

The malicious code was spotted by a security professional and has now been removed. However, others are reporting that this is the third time this month Feedify's systems have been compromised to spread the MageCart malware.

Security roundup

If you don’t want to know the scores, look away now…

  • Mobile fraud has reportedly reached new heights in 2018. 150 million global attacks were reported in the first half of the year alone, as cybercriminals take note of the shift away from desktop transactions and towards mobile. In a similar vein, FireEye revealed this week that two thirds of email traffic sent in the first six months of 2018 was infected in some way. Is no one safe?!
  • In its efforts to remain GDPR compliant, the ICO has said it’s receiving around 500 telephone reports a week, a third of which are unnecessary or don’t meet the threshold for a data incident. Approximately half of the calls the ICO receives each week involve a cyber element, while a third have involved phishing attacks.
  • Researchers from Lancaster University have published a paper detailing how they were able to gain access to smartphones, simply by using the device’s speaker and microphone. The hack relies on the user downloading a malicious app that broadcasts a sound signal above the range of human hearing. These acoustic echoes are then recorded by the device’s microphone and can be used to track the unwitting user’s finger movements across their screen. The technique is not foolproof but apparently reduces the number of entry attempts by 70%.
  • The European Court of Human Rights has once again ruled that the UK government’s surveillance regime has broken the law. The ECHR ruled that the government unlawfully obtained data from communications companies and failed to put into place the proper safeguards around how it did it. However, the courts didn’t rule that having a bulk data collection scheme is itself illegal, rather that the methods used by the British Security Services was.

Killer drones

The US government is reportedly looking into the use of so-called “hunter-killer” drones at the Mexican border. Although the government claims the drones will only be used for intelligence and surveillance purposes, the Reaper drone that has apparently been touted for the job is the same one currently used by the US army to bomb Afghanistan.

The possibility of drones being used was first discussed in July at a House Homeland Security Committee hearing. The drones are expected to reduce the number of National Guardsmen at the border, thousands of which were deployed by the President back in April. The National Guard and Border Patrol officers are yet to tell the committee whether these drones at the border would be armed.

Google to map pollution

Google and environmental sensor organization Aclima have announced a plan to expand their partnership across the world. For the past three years, Google Street View cars equipped with Aclima sensors have been driving around the streets of California, mapping air quality across the Golden State.

So far, the data collection exercise has been a success and the information gathered has been made available to the scientific and academic communities. The air quality-sensing cars will hit US streets later this year and it’s reportedly already got its sights on a number of European cities. The technology giant has already developed a partnership with EDF energy for a similar project in London.

M&A

Bomgar has acquired low-code platform BeyondTrust, WeWork has snapped up software startup Team, Twilio now owns Ytica, Renesas has bought IDT, Crowdcube has snaffled Supdate, Lightyear has purchased Chain Inc., Intel has got its hands on NetSpeed Systems, Jaunt has splashed out for Teleporter, and Munich Re has taken over relayr

Next-generation screens

Chinese telecom giant Huawei has announced plans to launch the world’s first foldable phone within the next 12 months. The company’s Korean rival, Samsung, said earlier in the year that it was due to deliver a foldable smartphone however, comments made by Huawei’s CEO confirm that the company has already started work on the innovative device.

The foldable phone isn’t the only ground-breaking screen to make headlines this week. Research scientists at Queen’s University’s Human Media Lab have developed a prototype touch screen device that’s a cross between a smartphone and a tablet. The device, dubbed the Magic Scroll, has a flexible 7.5inch touchscreen that can be rolled up in a cylindrical fashion.

Amazon

It’s been a week of highs and lows for Amazon. Last week, the eCommerce giant briefly became the second $1 trillion publicly listed US company. This week, its fortunes have weakened somewhat with both the Archbishop of Canterbury and Bernie Sanders publicly slagging off the company for everything from zero hours contracts to the lack of tax they pay in the UK.

Some of this criticism might have finally rubbed off on the Amazon owner cum richest man alive, Jeff Bezos. This week the multi-billionaire announced he is launching a $2 billion fund to build a network of preschools and help homeless families. Proving that some people can never switch off from the day job, Bezos said that the “child will be the customer” in this new scheme.

However, none of this will erase the reputational damage Amazon has suffered after accounts that ambulances had been called 600 times to its warehouses in the past three years, and that workers on zero hours contracts are sleeping in tents because they aren’t paid a living wage.

Bernie Sanders has recently proposed a Stop Bad Employers by Zeroing Out Subsidies (Stop Bezos) Act that would see companies like Amazon taxed to cover the cost of any welfare payments their employees have to claim as a result of low wages.

Related: