Categories
Apple warning

Warning—Apple Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users – Forbes

FRANCE-US-INTERNET-TECHNOLOGY

AFP via Getty Images

As I reported on June 23, Apple has fixed a serious problem in iOS 14, due in the fall, where apps can secretly access the clipboard on users’ devices. Once the new OS is released, users will be warned whenever an app reads the last thing copied to the clipboard. As I warned earlier this year, this is more than a theoretical risk for users, with countless apps already caught abusing their privacy in this way.

Worryingly, one of the apps caught snooping by security researchers Talal Haj Bakry and Tommy Mysk was China’s TikTok. Given other security concerns raised about the app, as well as broader worries given its Chinese origins, this became a headline issue. At the time, TikTok owner Bytedance told me the problem related to the use of an outdated Google advertising SDK that was being replaced.

Well, maybe not. With the release of the new clipboard warning in the beta version of iOS 14, now with developers, TikTok seems to have been caught abusing the clipboard in a quite extraordinary way. So it seems that TikTok didn’t stop this invasive practice back in April as promised after all.

Worse, the excuse has now changed.

According to the Telegraph, TikTok now says the issue its caused by “a feature designed to identify repetitive, spammy behavior,” and has assured that it has “already submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.” Let me translate that for you: We’ve been caught doing something we shouldn’t, we’ve rushed out a patch.

TikTok also said that the platform “is committed to protecting users’ privacy and being transparent about how our app works.” No comment on that one.

When I covered the original TikTok clipboard issue, the company was adamant it was not their problem and related to an outdated library in their app. “The clipboard access issues,” a spokesperson told me, “showed up due to third-party SDKs, in our case an older version Google Ads SDK, so we do not get access to the information through this (presumably they do but we cannot speak to that). We are in the processes of updating so that the third-party SDK will no longer have access.”

TikTok assured me it was being fixed and questioned coverage that suggested this was an issue. “It’s a Google Ads SDK issue,” they assured again in a later email, “so we need to make the change in which version of that SDK we use. TikTok does not get access to the data, but we are updating regardless to resolve it.”

Now Apple’s welcome iOS 14 security and privacy changes have caught them red-handed still doing something they shouldn’t. Something they said was fixed. TikTok isn’t alone—other apps will now need to change deliberate or inadvertent clipboard access. But TikTok is the highest profile and most totemic of the apps caught out, given its prior coverage and wider issues.

The most acute issue with this vulnerability is Apple’s universal clipboard functionality, which means that anything I copy on my Mac or iPad can be read by my iPhone, and vice versa. So, if TikTok is active on your phone while you work, the app can basically read anything and everything you copy on another device: Passwords, work documents, sensitive emails, financial information. Anything.

Earlier in the year, when TikTok was first exposed, the security researchers acknowledged that there was no way to tell what the app might be doing with user data, and its abuse was lost in the mix of many others. Now it’s feeling different. iOS users can relax, knowing that Apple’s latest safeguard will force TikTok to make the change, which in itself shows how critical a fix this has been. For Android users, though, there is no word yet as to whether this is an issue for them as well.

“Apple dismissed the risks that we highlighted and explained that iOS already had mechanisms to counter all of the risks,” the researchers told me earlier this week. “But the mechanisms that Apple provided were not effective to protect user privacy.” Following their initial report, they explained, “there was a tremendous public interaction with the topic—not only iOS users, but also Android users demand more restriction and transparency about the apps that use the system-wide clipboard.”

Apple originally dismissed the clipboard vulnerability as an issue, and only provided a fix after significant media coverage of the security research. This latest news shows just how important a fix that will be.

All iPhone users should update to the latest version of TikTok as soon as it’s released—and given it is actively reading your clipboard, you might want to bear that in mind while using the app ahead of that update.

TikTok has been approached for any comments on this story.

Read More

Categories
sounds warning

WHO sounds warning on coronavirus ‘second peak’: Live updates – Al Jazeera English

  • The World Health Organization has warned of the risks of an “immediate second peak” as countries ease up on lockdowns, urging governments in Europe and the US to step up surveillance, testing and tracking measures to keep the disease under control.  

  • Spain has revised its death toll downwards by nearly 2,000 people after checking data from the regions and discovering some deaths had been recorded twice while others had not been the result of the coronavirus. 

  • Public anger continues to simmer in the UK over Dominic Cummings, Prime Minister Boris Johnson’s chief political adviser, who apparently flouted lockdown to drive from his home in London to his parents’ house in the north when he suspected he had coronavirus. Cummings adopted a conciliatory tone at an extraordinary news conference on Monday but did not apologise.  
  • Nearly 5.5 million cases of coronavirus have been confirmed around the world, according to Johns Hopkins University. More than 346,000 people have died, while more than 2.2 million have recovered.

Here are the latest updates:

Tuesday, May 26

05:30 GMT –

I’m handing over the blog to my colleagues in Doha. Before I go, an update of developments so far this morning. As more countries ease their lockdowns (Saudi Arabia is the latest to announce a relaxation), the WHO is warning again of the dangers of a ‘second peak’. On the medical front Japan’s tests of Avigen as a coronavirus treatment have been delayed while US firm Novavax has started phase one trials for its vaccine in Australia. Meanwhile, a study has found some 8,000 more people died in Mexico city in the first months of 2020 than the average of the same period over the previous four years. 

05:20 GMT – Novavax starts coronavirus vaccine trial in Australia

US biotech firm Novavax has started trials of the novel coronavirus vaccine it’s developing.

It expects preliminary results from the phase one trial of NVX-CoV2373 by July.

The phase one trial is taking place in Australia. The second phase will include more countries.

04:35 GMT – Fujifilm COVID-19 drug research spills over into June

Research into Fujifilm’s Avigen drug as a potential treatment for COVID-19 will continue into June.

Japan’s Prime Minister Shinzo Abe had said he hoped the drug would be approved in May if its efficacy and safety could be confirmed.

“The company will continue research into next month or so, and if an application for approval is received from the company, it will be promptly reviewed,” Chief Cabinet Secretary Yoshihide Suga said at a regular briefing when asked about Avigan.

Suga said trials of a coronavirus vaccine could begin as early as July, raising expectations about a candidate developed by Osaka University and biopharmaceutical firm AnGes Inc .

Avigan is the subject of at least 16 trials worldwide, though there is concern the drug has been shown to cause birth defects in animal studies.

Japan has given up on approving Fujifilm Holdings Corp’s anti-influenza drug #Avigan this month for the treatment of patients infected with the new coronavirus, health minister Katsunobu Kato says.https://t.co/katTFchGxm

— Kyodo News | Japan (@kyodo_english) May 26, 2020

03:50 GMT – Australia borders won’t open “anytime soon”: PM Scott Morrison

Australia’s Prime Minister Scott Morrison says the country won’t open its borders “anytime soon” but the government was continuing to discuss a travel corridor with New Zealand. 

“I was speaking with Prime Minister (Jacinda) Ardern this morning and we’ll continue to have our discussions about the trans-Tasman safe travel zone,” Morrison told the National Press Club in Canberra.

03:15 GMT – Doctors group in Japan warn against masks for infants

Children under the age of two shouldn’t wear masks because they can make breathing difficult and increase the risk of choking, the Japan Pediatric Association has warned.

“Masks can make breathing difficult because infants have narrow air passages,” which increases the burden on their hearts, the association said, adding that masks also raise the risk of heat stroke.

“Let’s stop the use of masks for children under 2-years-old,” the association said in a notice on its website.

It added that there had been very few serious coronavirus cases among children and that most kids became infected from family members, with almost no outbreaks at schools or day care facilities. 

03:00 GMT – Mexico City registers more than 8,000 more deaths than usual 

Mexico’s capital registered 8,072 more deaths in the first five months this year than the average from the same period over the previous four years, an analysis by independent researchers showed on Monday, suggesting a possible surge in fatalities to the coronavirus pandemic.

Health officials have reported 1,655 deaths from the virus in Mexico City, out of 7,394 deaths nationwide. They have also acknowledged that the true death toll is higher, but difficult to estimate because of the low testing rate.

Read more on the study here.

Mexico

Mexico has been hard hit by the coronavirus [File: Gustavo Graf/Reuters] 

02:50 GMT – Hong Kong airport to open for transit passengers

Hong Kong International Airport will open for some transit services from June 1, chief executive Carrie Lam said on Tuesday.

01:35 GMT – Saudi Arabia to loosen curfew from Thursday

Saudi Arabia will loosen its curfew for everywhere but Mecca from Thursday, according to the state news agency.

The curfew will be in force from 3pm (12:00 GMT) to 6am (03:00 GMT) local time.

From May 31 to June 20, it will also allow prayers in mosques with the exception of Mecca. The curfew and restrictions on prayer there will be relaxed from June 21, it said.

You can read more on that story here.  

More:

01:25 GMT – South Koreans required to wear masks on public transport

South Koreans now have to wear masks whenever they use public transport or take taxis.

Health Ministry official Yoon Taeho says masks will also be required on all domestic and international flights from Wednesday.

South Korea was reporting 500 new cases every in early March before it largely stabilised its outbreak with aggressive tracking and testing. But infections have been rising slightly since early May, with more people going out during warmer weather and eased social distancing guidelines.

“Until treatments and vaccines are developed, we will never know when the COVID-19 crisis could end, and until then we will have to learn how to live with COVID-19,” Yoon said.

00:00 GMT – WHO warns of “second peak” where COVID-19 apparently in decline

The World Health Organization (WHO) is warning that countries in which coronavirus appears to be in retreat could still face an “immediate second peak” if they let up too soon on measures to halt the outbreak.

WHO emergencies head Dr Mike Ryan told an online briefing that, while cases were declining in many countries, they were still increasing in Central and South America, South Asia and Africa.

Ryan said there was a chance infection rates could rise again more quickly if measures to halt the first wave were lifted too soon.

“We need to be cognizant of the fact that the disease can jump up at any time,” he said. “We cannot make assumptions that just because the disease is on the way down now it is going to keep going down and we are get a number of months to get ready for a second wave. We may get a second peak in this wave.”

He said countries in Europe and North America should “continue to put in place the public health and social measures, the surveillance measures, the testing measures and a comprehensive strategy to ensure that we continue on a downwards trajectory and we don’t have an immediate second peak.”

Reopened shops in Europe eagerly await the return of tourism

Hello and welcome to Al Jazeera’s continuing coverage of the coronavirus pandemic. I’m Kate Mayberry in Kuala Lumpur.

Read the updates from yesterday (May 25) here.

Read More