This Week in CyberNews: Oct. 2-6 [Cybersecurity & Tech Roundup]
It’s time for our weekly look back at the latest breaking news in cybersecurity and tech. we’ll look at the US antitrust report calling the Big Four Tech companies monopolies, EU’s ruling against bulk data collection, Apple’s T2 chip vulnerability, Oracle battling Google at the Supreme Court, and other important cybersecurity and tech news.
Big Tech Giants have “monopoly power”
Big news coming from the US Congress as they published their findings in the Big Tech antitrust hearings.
In July, we covered the key moments from the Big Four CEO’s testimony before US Congress.
In that, Congress questioned whether the Big Four tech companies were essentially monopolies. Now, with its published 449-page report, Congress finds that the Big Four used “killer acquisitions” to smite rivals, charged exorbitant fees, and forced small businesses into “oppressive” contracts in the name of profit.
The antitrust subcommittee of the Judiciary Committee recommended that Google, Apple, Amazon, and Facebook – with a combined market value of over $5 trillion – should not both control and compete in related businesses. The report states that these companies, that “once were scrappy, underdog startups that challenged the status quo have become the kinds of monopolies we last saw in the era of oil barons and railroad tycoons.” The report goes on to state: "These firms have too much power, and that power must be reined in and subject to appropriate oversight and enforcement."
Of course, Facebook, Google, Apple and Amazon are denying the report and calling the conclusions outdated. The report didn’t recommend any specific actions for any specific company, but instead recommended structural separations. Whether these recommendations are put into effect in any way will really depend on whether Biden or Trump wins next month’s elections. If Biden wins, it’s largely agreed that the pressure on these companies will continue.
EU court rules against bulk data retention
A new ruling from the European Court of Justice has stated that bulk data retention and surveillance is banned. The court stated that the "general and indiscriminate transmission or retention of traffic data and location data" is to be banned, and that the personal data of phone and internet users can only be handed over when there are serious threats to national security.
The retention thus should be “limited in time to what is strictly necessary.” That’s pretty much an explicit stop to the type of mass, bulk data collection favored by most western countries, including the US with its NSA surveillance programs.
In terms of the EU, this means that the UK, France and Belgium has to go back to respecting people’s privacy. We’ll see what this means for the UK, though, since it’s set to leave the EU in the always-delayed but always impending Brexit. For now, each country’s courts will have to implement the new rules.
Oracle vs. Google at the Supreme Court
Oracle and Google are facing off at the Supreme Court. The Oracle-Google Saga first started about 10 years ago, after Oracle acquired Sun Microsystems. Sun created Java – which is where the problems start.
When Google began developing Android, it wanted to use Java’s APIs but couldn’t work out a deal with Sun Microsystems. So Google then just said screw it and pretty much duplicated parts of Java in its Android system, and also used some of Java APIs from an open-source version of Java. Essentially, the court case is now whether Google had a right to use Java APIs in creating Android.
Oracle says that Google essentially infringed on its copyright and patent. Google on its side is arguing that since APIs are just interfaces, or methods of using a computer program or platform, it isn’t a computer program itself and can’t be copyrighted. Earlier cases stated that methods of operation can’t be copyrighted.
Since 2009, when Google snatched Java’s APIs, generations of software – most of the software that you use everyday – has been built on APIs. If Oracle wins their Supreme Court fight, a small group of companies will be able to sue all those companies for using and building software on top of something – a process, a method of operation – that was previously thought of being free. This freedom allowed for software interoperability.
Oracle originally lost the case in 2012, then Google lost the case in 2014 and again in 2016. The recent death of Justice Ginsburg will make the Supreme Court fight even harder for Google to win.
Apple’s T2 security chip vulnerability
Even Apple has some security issues. Recent research shows that Apple’s latest Macs and MacBooks – anything that uses the latest T2 chips – are vulnerable to a cocktail of exploits. Essentially, researchers found that they could jailbreak T2 chips, which means that they’d be able to fully control these devices, modify the OS behavior, retrieve sensitive or encrypted data and even plant malware. This is big.
These T2 chips were first introduced in 2017 and they serve as security chips. The new attack combines two previous exploits, known as checkm8 and the Blackbird vulnerability. In order for the exploit to work, attackers would need to have physical access to the device. Which seems pretty difficult. But on the other hand, this isn’t something that Apple can solve with a firmware update. It is considered unpatchable, and Apple will surely fix the issue for its upcoming T2-related devices.
On the other other hand, this will make it easier for law enforcement to access data that would’ve been encrypted.
Other important cybersecurity and tech news
- The Qiui Cellmate internet-connected chastity lock, which is a chastity lock...for the guys...connected to the internet...has a security flaw that lets anyone lock or unlock the device at will. This is probably a good reminder that just because something can be connected to the internet, it doesn’t mean it needs to be. And if it is connected, at least make it secure, right?
- The IRS is being investigated for bypassing warrants by buying users’ location data. Earlier, the Secret Service was caught using the same tactic, but now the body tasked with IRS oversight will investigate the tax-collecting organization. They get this app location data, by the way, from users like you and me who give our data away freely in exchange for playing flappy bird or some unnecessary beauty camera app.
- Facebook did something good this time. The social media site has banned QAnon groups, again, after it tried to ban them the first time. This time, however, it’s not just banning QAnon groups that discuss violence or other extremes, but QAnon groups in total.