News in brief: Uber goes driverless in SFO; Skype on macOS; 2016’s breaches tallied; encryption call for cameras

Your daily round-up of some of the other security stories in the news

Uber puts more driverless cars on the road

Uber has launched a trial of its self-driving cars in San Francisco, following on from its debut of the pilot scheme in Pittsburgh in September. There’s much that’s interesting about this, from the news that Volvo is part-funding the pilot scheme (Uber famously isn’t in a hurry to IPO, and it’s also famously running through cash at a rate of knots), the technology it’s using (the cars rely on “lidar”, a type of radar, to detect obstacles and navigate around them), to the fact that this comes the day after news that Google has, via its parent, Alphabet, spun out its autonomous cars unit from its “moonshot” division into a separate company of its own, called Waymo.

Driverless cars are a fascinating vision of the future, although there are many obstacles for any organisation working on this particular vision of the future, from issues of safety (Tesla had its first fatal accident recently, although arguably that was only to be expected, from a statistical point of view ) to the bigger questions of what happens to all those people who now drive for a living.

Our concern at Naked Security is Uber’s unimpressive record on data security, especially in the wake of allegations earlier this week from its former forensic investigator Samuel Ward Spangenberg. It should be noted that Spangenberg’s claims of lax security are part of his suit against the company for ageism and whistleblower retaliation.

The extension of the trial from Pittsburgh to San Francisco is therefore one to watch as Uber ramps up its ambitions, for so many reasons.

Make sure you patch Skype on macOS

If you use Skype on macOS, make sure you don’t have an old version. Recent reports suggest that up to and including  version 7.35, unauthorised plugins could sneakily connect into Skype simply by giving themselves the name of a plugin that was already authorised. No cryptographic or other validation was carried out, it seems.

At least one report is calling this a “backdoor”, though that’s probably rather unkind to Microsoft, when “bug” might be a fairer (if unavoidably uncomplimentary) word to use – there’s no suggestion that this was a deliberate hole left willingly to assist eavesdroppers.

The latest Skype for Mac version is 7.43; check your version using Check for Updates  in the Skype menu. Paul Ducklin

Number of records lost tops 2bn

There are still just over two weeks to go until the end of the year, but we already know that 2016’s total number of records lost in breaches is more than 2bn: one researcher puts the total at 2.14bn, up from last year’s hardly insignificant figure of 480m records lost.

Lewis Morgan of the IT Governance blog posted his list yesterday, and it’s a sobering reminder of just how high the stakes are when it comes to personal records. The huge total is of course boosted by the enormous Yahoo! breach, which, although it happened before this year, is counted in this year’s stats as it came to light in 2016.

Gemalto’s breach database keeps a handy list of the number of records stolen, too: it reminds us that hard on the heels of the Yahoo! breach was the Adult Friend Finder hack last month, which exposed more than 412m records, along with the breach at Mossack Fonseca, where 2.6Tb of data were stolen in April, along with others you’ve never heard of.

Here’s hoping 2017 might be better.

Camera-makers urged to add encryption

Professional photographers and film-makers have called on leading camera manufacturers to add encryption capabilities to the devices they use every day.

In an open letter to manufacturers including Nikon, Canon, Sony, Olympus and Fuji, the photographers and film-makers urge them to “build encryption features into your still photo and video camera products”.

Photographers and film-makers often work in dangerous conditions, where their lives and the lives of those they’re filming can be at risk. Raw footage of dissidents, for example, whose identities a film-maker was planning to obscure, could put them in peril and discourage people from speaking to journalists and photographers.

The open letter, from the Freedom of the Press Foundation, points out that those taking pictures and filming on mobile phones can encrypt their material, and urge camera-makers to add the technology to their cameras. “As filmmakers and photojournalists, we use our lenses to hold powerful people to account — and ultimately to change society for the better. Encryption features will allow us to continue to tell the most important stories, from some of the most dangerous places in the world.”


Catch up with all of today’s stories on Naked Security