Site icon IT World Canada

ITWC Morning Briefing, July 9, 2020 – A 1-on-1 with security researcher Talal Bakry

To keep up with the firehose of news and press releases, we’ve decided to deliver some extra news to you on the side. Some of it is an extension of our own reporting that didn’t make its way into a story, while others might be content we’ve bookmarked for later reading and thought of sharing with you.  We’re doing a similar thing at Channel Daily Newscheck it out here. Today’s inaugural briefing is delivered by ITWC editorial director Alex Coop.



What you need to know, right now

====

Canada’s Finance Minister Bill Morneau says the federal government’s deficit is expected to hit $343 billion this year. The deficit is significant and can largely attributed to the relief programs that have pushed federal spending to a level not seen since the Second World War. Source: CBC News

====

Microsoft Teams just came out with some updates:

Together Mode in Teams. Source: Microsoft
Dynamic Stage in Teams. Source: Microsoft

===

Slack is acquiring software as a service company Rimeto, it announced Wednesday. Terms of the deal were not disclosed. Source: CNBC.com


A one-on-one with security researcher Talal Haj Bakry

The main course for this morning’s briefing


It was barely the turn of a new decade when security researchers Talal Bakry and Tommy Mysk voluntarily told Apple that most users were oblivious to the fact that content stored in the clipboard on iOS was accessible to a number of apps most people wouldn’t expect. For example, why is Fruit Ninja snooping around back there?

A malicious app that monitors the clipboard can store any content it finds there. It’s also safe to assume most people aren’t aware of what’s floating around on their clipboard. Most of the time they contain contacts, photos, phone numbers, emails, URLs, PDFs of official documents, audio files, word documents, spreadsheets, passwords. 

Talal Bakry is a senior iOS developer at NuraLogix Corp.

“Most people don’t know that their photos contain location information,” Bakry tells me shortly after new iOS 14 features were announced recently. One of its new tricks is notifying users whenever an app accesses the device’s copied text. “And if you happen to have a photo that you’ve taken with an iPhone and it’s copied to the clipboard, these apps can silently read it, and also read the GPS location tag that’s attached to it.”

When Apple found out about the vulnerability and read the detailed report, they acted swiftly, confirmed the vulnerability, and patched it. I’m kidding, Apple circled back with the researchers a month later and basically said everything is fine. That’s when Bakry and Mysk took matters into their own hands and published their findings and highlighted at least 50 apps that were actively snooping clipboard data.

Bakry says many developers had no idea the snooping was taking place. “It turns out there was an older version of the Google advertising SDK that was reading the clipboard for some debugging reasons. It was looking for a particular token. This was the case for several apps where developers had no idea that their app was doing this.”

“We did reach out to Apple again after iOS 14 was announced and asked them if this was a response to our work,” Bakry says, referring to how users running iOS 14 are now notified whenever an app accesses the device’s copied text. “They said yes, and that they will acknowledge us in the security release once iOS 14 becomes public. So that is rewarding.”


In case you missed it

The recent news that we maybe didn’t get to yet, or it’s the news we’ve reported on and feel is worth resurfacing. Sometimes we’ll also feature awesome stories from other publications.


EY Canada’s recent survey says that the disconnect between cybersecurity and business teams is more prominent in Canada compared to global peers. The 2020 EY Global Information Security Survey finds that 34 per cent of Canadian organizations have yet to fully articulate their cybersecurity risk, compared to 16 per cent of global peers. Other takeaways from the survey include: 

 ===

A research group in Montreal has outlined some ways that companies can navigate the inherent bias in AI models. The beefy 128-page report from the nonprofit group Montreal AI Ethics Institute highlights how biases can enter at any stage of the ML development pipeline and solutions need to address them at different stages to get the desired results. Additionally, the teams working on these solutions need to come from a diversity of backgrounds including UX design, ML, public policy, social sciences and more.  

===

The latest Simplii Summer Survey suggests Canadians are relying on technology more than ever before. In recent months Canadians have started using technology for:

Other takeaways include

===

SecTor 2020 is going virtual. The popular Canadian cybersecurity conference has announced that registration for this year’s virtual conference is open. 

===

From IT World Canada – Intel details Thunderbolt 4, devices coming later this year

Intel this week announced its new Thunderbolt 4 specification for improved peripheral connectivity. Details of the announcement include:

===

From IT Business Canada – Global spending on cloud-based web conferences set to hit $4.1 billion in 2020

It’s no surprise to see this trend taking place. The global spending on cloud-based web conferencing continues to expand and is expected to hit the $4.1 billion mark in 2020, according to data gathered by LearnBonds. Our own Pragya Sehgal reports on some of the latest data. 

===

From Channel Daily News – OVHcloud’s hosted private cloud offerings make a bit of noise in latest Forrester Wave report

I caught up with OVHcloud’s CEO Michel Paulin recently and spoke to one of the cloud provider’s customers from Halifax.

===

ITWC’s Digital Transformation Awards are next week – and we’re going virtual! Don’t forget to register. More details here.


Bookmarks of the week

A few bookmarked Tweets that we think are worth sharing with you


Cloud economist Corey Quinn walks us through a surprise Amazon Web Services bill of $2,700 belonging to Red Hat’s Chris Short. It’s a good thread that highlights the inheritance weaknesses with the AWS platform when it comes to moving your data around.

 


Microsoft says Project Freta was incubated at Microsoft Research. It’s a roadmap toward trusted sensing for the cloud that can allow enterprises to engage in regular, complete discovery sweeps for undetected malware. It sounds a little complicated, but cloud-based VM forensics at a massive scale does sound like a good idea. Microsoft says if commercial cloud could guarantee the capture of malware, no matter how expensive or exotic, in volatile memory, producers of stealthy malware would then be “locked into an expensive cycle of complete re-invention, rendering such a cloud an unsuitable place for cyberattacks.”


Some examples of devices helping businesses reintegrate themselves into the office environment.

 


We’d love to hear from you, so please leave a comment if you like what you saw above (or didn’t like, we love feedback). And if you have any news tips or pitches, send them to acoop@itwc.ca

Exit mobile version