Source: Newser
https://www.newser.com/story/361428/its-a-risk-of-driverless-taxis-that-may-come-as-a-surprise.html
Typically, stories about the dangers of driverless cars focus on accidents with other vehicles or pedestrians. But the Washington Post reports on a different type of risk being encountered more and more by Waymo taxi passengers in San Francisco: harassment on the street, often at night. The newspaper spoke with four such passengers, three of them women, who were left rattled by their experiences. In one, a man who looks to be wielding a knife attempts to enter a Waymo vehicle—they’re familiar sights in the city—as it was stopped on a deserted street at a red light. Fortunately, he gave up and walked away, but the passenger wished for a human driver who could have just stepped on the gas and fled to safety. (The newspaper has video.)…
(More Waymo stories.)
Source: EFF
https://www.bespacific.com/cars-and-drivers-2024-in-review/
EFF: “If you’ve purchased a car made in the last decade or so, it’s likely jam-packed with enough technology to make your brand new phone jealous. Modern cars have sensors, cameras, GPS for location tracking, and more, all collecting data—and it turns out in many cases, sharing it. Cars Sure Are Sharing a Lot of Information – While we’ve been keeping an eye on the evolving state of car privacy for years, everything really took off after a New York Times report this past March found that the car maker G.M. was sharing information about driver’s habits with insurance companies without consent. It turned out a number of other car companies were doing the same by using deceptive design so people didn’t always realize they were opting into the program. We walked through how to see for yourself what data your car collects and shares. That said, cars, infotainment systems, and car maker’s apps are so unstandardized it’s often very difficult for drivers to research, let alone opt out of data sharing. Which is why we were happy to see Senators Ron Wyden and Edward Markey send a letter to the Federal Trade Commission urging it to investigate these practices….
[summary:]
The privacy problems of cars are of increasing importance, which is why Congress and the states must pass comprehensive consumer data privacy legislation with strong data minimization rules and requirements for clear, opt-in consent. While we tend to think of data privacy laws as dealing with computers, phones, or IoT devices, they’re just as applicable, and increasingly necessary, for cars, too.
EFF Related Issues:
Source: The Hacker News
https://thehackernews.com/2024/12/new-hipaa-rules-mandate-72-hour-data.html
The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients’ data against potential cyber attacks.The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the cybersecurity of critical infrastructure, the OCR said.
The rule is designed to strengthen protections for electronic protected health information (ePHI) by updating the HIPAA Security Rule’s standards to “better address ever-increasing cybersecurity threats to the healthcare sector.”
To that end, the proposal, among other things, requires organizations to conduct a review of the technology asset inventory and network map, identify potential vulnerabilities that could pose a threat to electronic information systems, and establish procedures to restore the loss of certain relevant electronic information systems and data within 72 hours.
Source: Android Headlines
https://www.androidheadlines.com/2024/12/ios-18-photos-app-sends-apple-without-consent.html
Data privacy has always been a key selling point for Apple products. The company even carried its philosophy over to the implementation of AI in iPhones, which could be affecting performance. However, it seems that Apple enabled by default in iOS 18 an option that sends data from your photos to its servers without your prior consent.A while back, Apple introduced the “Visual Look Up” feature in its Photos app. It serves to identify different objects or items in your photos, be it plants, pets, or even landmarks, among others. This then enabled Apple’s search engine to more easily reach the photos in question using keywords. iOS 18 brought “Enhanced Visual Search” as an improved version of Visual Look Up. The option is also present in the macOS 15’s Photos app.
iOS 18 “Enhanced Visual Search” sends photo data to Apple, and your consent is not required
The Enhanced Visual Search feature is available in the Photos app settings as a toggle. Its description says that if you enable it, it will “privately match places in your photos.” However, according to developer Jeff Johnson’s findings, Enhanced Visual Search isn’t as private as it seems. The feature works by creating a vector embedding of elements in a photo. This can include the characteristics of a landmark or object, for example. That metadata travels to Apple servers, which, after analyzing it, return an output in the form of possibilities from which your phone will choose the final match according to your search.
…
A potential privacy risk, according to a developer – Although Apple guarantees that Enhanced Visual Search works privately, Johnson disagrees. “if something happens entirely on my computer, then it’s private, whereas if my computer sends data to the manufacturer of the computer, then it’s not private, or at least not entirely private.” “A software bug would be sufficient to make users vulnerable, and Apple can’t guarantee that their software includes no bugs,” he added.
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2024/
2024 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.Some stories, though, were more impactful or popular with our 31 million readers than others.
Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2024, with a summary of each. These stories are in no particular order.
…
Source: CNN Business
https://edition.cnn.com/2025/01/02/business/apple-siri-privacy-lawsuit/index.html
Apple agreed to pay $95 million in cash to settle a proposed class action lawsuit claiming that its voice-activated Siri assistant violated users’ privacy.A preliminary settlement was filed on Tuesday night in the Oakland, California federal court, and requires approval by U.S. District Judge Jeffrey White.
Mobile device owners complained that Apple routinely recorded their private conversations after they activated Siri unintentionally, and disclosed these conversations to third parties such as advertisers.
Voice assistants typically react when people use “hot words” such as “Hey, Siri.”
Two plaintiffs said their mentions of Air Jordan sneakers and Olive Garden restaurants triggered ads for those products. Another said he got ads for a brand name surgical treatment after discussing it, he thought privately, with his doctor.
The class period runs from Sept. 17, 2014 to Dec. 31, 2024. It began when Siri incorporated the “Hey, Siri” feature that allegedly led to the unauthorized recordings.