Tag Archive for: TikTok

Temu accused of data risks amid TikTok, Pinduoduo fears

/in


  • The U.S. has accused Temu of potential data risks after Google suspended its Chinese sister app, but analysts are not too worried.
  • “Temu is not as aggressive as Pinduoduo that is requesting all kinds of privileges,” said Kevin Reed, chief information security officer at cybersecurity firm Acronis.
  • Temu is taking the U.S. market by storm with discount items from fashion to pet supplies to home goods.
  • “I am less worried about the shopping apps than social media platforms like TikTok and Lemon8,” said Lindsay Gorman, senior fellow for emerging tech, German Marshall Fund.

In just 17 days after launch, Temu surpassed Instagram, WhatsApp, Snapchat and Shein on the Apple App Store in the U.S., according to Apptopia data shared with CNBC.

Stefani Reynolds | Afp | Getty Images

The U.S. has accused discount shopping site Temu of possible data risks after its Chinese sister app was pulled from Google’s app store over “malware” — but analysts say they’re not that worried.

Compared to Pinduoduo, which was suspended by Google in March after versions offered outside Google’s Play store were found to contain malware, Temu is “not as aggressive,” one analyst said.

The malware in Pinduoduo was found to leverage specific vulnerabilities for Android phones, allowing the app to bypass user security permissions, access private messages, modify settings, view data from other apps and prevent uninstallation.

Google called it an “identified malicious app” and urged users to uninstall the Pinduoduo app, but the Chinese online retailer denied those claims.

According to analysis by Kevin Reed, chief information security officer at cybersecurity firm Acronis, Pinduoduo requests for as many as 83 permissions — including access to biometrics, Bluetooth and information about Wi-Fi networks.

“Some of these permissions Pinduoduo is asking seems to be unexpected for an e-commerce app,” said Reed, who shared his analysis of both apps with CNBC.

“But Temu is not as aggressive as Pinduoduo that is requesting all kinds of privileges,” said Reed.

Pinduoduo is a China-based e-commerce app that sells everything from groceries to clothing. It is the flagship product of Nasdaq-listed Chinese company PDD Holdings which also owns…

Source…

The CEO who also ran IT, Strava strife, and TikTok tall tales • Graham Cluley

/in


Smashing Security podcast #319: The CEO who also ran IT, Strava strife, and TikTok tall tales

A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Strava’s privacy isn’t so private, and a private investigator uncovers some TikTok tall tales.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by T-Minus’s Maria Varmazis.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Guest:

Maria Varmazis – @mvarmazis

Episode links:

Sponsored by:

  • Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
  • Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
  • hCaptcha – hCaptcha Enterprise is the leading Security ML platform. hCaptcha adapts to detect and block even the most sophisticated attacks, keeping you ahead of evolving threats.Start your free trial today.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.
Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or

Source…

Flipper Zero: The ‘tamagotchi for hackers’ goes viral on TikTok | Science & Tech

/in


Cesar Gaytán, a security consultant and the mind behind the YouTube channel HackWise, has used the Flipper Zero to turn on the television, unlock his car and even disconnect security cameras from a WiFi network. The device, nicknamed the “tamagotchi for hackers” on social media, has gone viral on TikTok. Users share videos using it to unlock hotel rooms, turn on the air conditioner and read pets’ identifying microchips. Some even claim that the device can clone credit cards.

At first sight, the device, which costs around $170, looks like a toy. It is smaller than a cellphone, and its 1.4-inch screen features a dolphin that gets happier when the device is used. In the words of its creators, it is “a tiny piece of hardware with a curious personality of a cyber-dolphin.” Inside, it contains sensors to intercept and imitate signals, like the air conditioner’s infrared waves and the TV remote control. The push of a button, Gaytán explains, can read infrared signals and then turn the television on. “The device captures the signal and saves it, and then it can replicate it. If the television is on, it turns off, and if it’s off, it turns on,” he says.

The screen of the Flipper Zero displays a dolphin that reacts when the device is used.
The screen of the Flipper Zero displays a dolphin that reacts when the device is used.Flipper Zero

Edgar Pons For, industrial designer, biohacker and technology content creator, always carries a Flipper Zero with him. Though he rarely uses it, he feels good knowing that he carries “a technological Swiss Army knife” with the capacity to read and repeat signals. When he first got the device, which is often out of stock, he spent a few weeks trying to read all kinds of signals, including keys, home appliances and cards.

The Flipper Zero brings together several functions that can be found individually in other devices. It can, for example, analyze radiofrequency signals, like those used by car keys, garage remotes and alarm systems, among other wireless devices. It can also read cards that use RFID and NFC technology — like credit cards, gym cards and hotel keys — and sometimes replicate them.

Videos recorded to go viral

TikTok has an abundance of videos that show the Flipper Zero supposedly being used to replicate credit…

Source…

No evidence of TikTok national security threat but reason for concern, experts say

/in


Social media app TikTok faces mounting bipartisan hostility in Washington D.C., where Biden administration officials and lawmakers are weighing a possible ban of the platform.

The app, which counts more than 150 million U.S. users each month but is owned by a China-based parent company, has faced growing scrutiny from government officials over fears that user data could fall into the possession of the Chinese government and the app could be weaponized by China to spread misinformation.

However, there is no evidence that TikTok has shared U.S. user data with the Chinese government or that the Chinese government has asked the app to do so, cybersecurity experts told ABC News.

Still, there’s reason to believe that the Chinese government could compel the company to share data on U.S. users or manipulate content on the app to forward a pro-China agenda, considering the nation’s authority over domestic companies and previous misleading statements made by TikTok on related issues, the experts added.

“We don’t have smoking-gun evidence,” Sarah Bauerle-Danzman, a professor who specializes in national security and business investment at Indiana University, told ABC News. “But we do know that if the [Chinese government] asks TikTok for any data, they would be compelled to provide it and we also probably wouldn’t know if they did.”

In a statement, TikTok cited Project Texas, an initiative that the company says keeps all U.S. user data on servers within the country.

“The whole point of Project Texas is to put TikTok U.S. user data and systems outside the reach or influence of any foreign government,” the company said in a statement to ABC News.

“Today, all new protected U.S. user data is stored exclusively in infrastructure in the United States, and today all access to that environment is managed exclusively by TikTok U.S. Data Security, a team led by Americans, in America,” the company added.

Here’s what we know and don’t know about the national security threat posed by TikTok.

No evidence that TikTok has shared US user data with the Chinese government

A key fear among lawmakers and other government officials is that TikTok could share sweeping data on U.S. users with the Chinese government or the…

Source…