Your daily round-up of some of the other security stories in the news
Amazon declines to hand over Echo data
Arkansas police are hoping that an Amazon Echo found at a murder scene in Bentonville will help them with their investigation into the death of a man strangled in a hot tub.
While Amazon’s smart assistant only records what’s said to it after it’s triggered by someone saying “Alexa”, police are hoping that the devices’ habit of piping up in response to a radio or TV might mean it inadvertently recorded something that might be of use to them.
However, Amazon, in common with other tech companies, is not keen to hand over this kind of customer information to law enforcement. Amazon stores voice recordings from the Echo on its servers to improve its services, but the Seattle-based company, which has apparently released the account details of the alleged attacker to police, has declined to provide the voice recordings they are seeking via a search warrant.
Facebook in Bangkok ‘fake news’ row
Facebook found itself at the centre of another row over “fake news” this week after it posted an alert about an explosion in Bangkok on Tuesday.
The platform’s “Safety Check” feature, which encourages people in the area to check in and reassure their friends that they’re safe, was triggered after a protester apparently threw some firecrackers. However, to “confirm” the incident, Facebook referenced a site that had scraped a video from last year’s bombing at a shrine in the Thai capital in which 20 people were killed.
The Safety Check feature is triggered automatically rather than by humans, sparked by locals posting about an event. Facebook turned off the alert after an hour, but not before the story had spread widely, according to the BBC.
Airline booking security rapped
Airline booking systems are hopelessly insecure and lack basic security, according to researchers.
Karsten Nohl and Nemanja Nikodijevic presented their findings at the Chaos Communication Congress in Germany on Tuesday, warning that there’s little standing in the way of attackers who could change passengers’ flight details and steal airmiles.
The pair said that with a traveller’s six-digit identification code, the PNR, which is easily found on boarding passes and luggage tags, an attacker could steal personal information and launch phishing attacks, because there’s no way to check that the person seeking that information was entitled to do so.
They also warned that the airline booking systems, which date from the 1980s and earlier, lack the security systems that prevent abuse.
Catch up with all of today’s stories on Naked Security