Weekly Threat Report - 1st March 2019
Record fine handed to TikTok following data privacy issues
The video sharing app, TikTok, has received the largest ever fine recorded in a US case following issues with its management of children’s data privacy.
Musical.ly app, which was later acquired and incorporated into TikTok, was handed a $5.7m fine because it was knowingly hosting content that had been published by underage users. The company has accepted the fine and will implement new measures to handle users who are under the age of 13. Additionally, TikTok have been ordered to delete the data and users in the US will have to verify their age when opening the app. The issue here however is that users can simply lie about their date of birth to gain access.
The firm commented: "We care deeply about the safety and privacy of our users. This is an ongoing commitment, and we are continuing to expand and evolve our protective measures in support of this."
Users of the app outside of the US should be aware that these
measures will not be implemented in other countries with the settlement only applied to the US.
TikTok was one of the most downloaded apps last year and it said to have more than one billion users worldwide.
Social media continues to be a huge part of modern digital life and it’s important to ensure you and your loved ones are secure on the various platforms. The NCSC has published advice on how to use social media safely.
Smart Home devices vulnerable to remote attacks due to weak credentials
It is no secret that the number of connected devices in the average home is rising. However the Internet of Things (IoT), which is likely to be the norm in the next couple of years, can also contain vulnerabilities and security issues.
Smart home devices can be vulnerable to attacks due to outdated software, unpatched security flaws, and weak credentials according to a new report produced by Avast.
In total, 16 million different home networks worldwide are included in Avast’s study with the report focusing on 21 countries in North and South America, Europe, and the Asia Pacific region. 56 million devices were scanned as part of the study.
The report states that two out of five (40.8%) smart home devices worldwide have at least one device that is vulnerable to attacks, out of which, 69.2% are vulnerable due to weak credentials.
The UK Government advocates for strong security to be built into internet-connected products by design. In October 2018, the government published the Code of Practice for Consumer IoT Security to support all parties involved in the development, manufacturing and retail of consumer IoT.
The NCSC has called for the adoption of Secure by Default which covers the long-term technical effort to ensure that the right security primitives are built in to software and hardware. Advice about how to use smart devices safely at home as also been published.