The Federal Government’s coronavirus tracing app has raised some privacy concerns amongst the Australian public. Even some of our government Ministers have ruled out downloading the app due to such concerns! However, the independent cyber security body tasked with reviewing the app has said that it has found no major concerns with it.Read More
Following Australia’s latest round of expanded 5G restrictions, the South Australian Government has made a decision to remove all close circuit surveillance cameras made by a Chinese surveillance giant from health department buildings, according to an article by the Sydney Morning Herald.
The article notes that the relevant cameras are made by the partially state-owned Chinese surveillance technology company Hikvision, which was blacklisted in October 2019 by the United States for their alleged role in human rights violations and in purporting to create a surveillance network amongst federal agencies. Issues with Hikvision in South Australia were first identified in the course of a Commonwealth-funded trial in which Hikvision cameras were to be used in the rooms of aged care residents as a means to improve overall safety.Read More
By Cameron Abbott and Karla Hodgson
Remember the time when you first heard about cloud computing and it took you a few moments of quiet contemplation before you wrapped your head around the concept of computing being situated “up there”? Of course today we aren’t surprised to learn that over 80% of enterprise workloads will be in the cloud by next year and that a new wave of cloud-based security as a service (SECaaS) solutions are rolling in to address the forecasted USD $5.2 trillion per year in cybercrime damage that is expected to impact within the next 5 years.
Based on the software as a service (SaaS) model, SECaaS is a cloud-based managed security service that removes the need for businesses to buy and continually upgrade on-premises hardware and software and keep staff upskilled in the ever-shifting world of cybersecurity risk and protection.Read More
Have you inadvertently given the owners of global, searchable databases of phone numbers and associated names access to your entire contact list?
We suspect that you cannot confidently answer “no”.
The Samsung Smart Call function, which is powered by Hiya, boasts that it allows you to “deal with spam the easy way”, by letting you know who is calling you, even if their number is not saved in your contact list. In theory, this is a handy tool, and in the context of robocalls or other unsolicited marketing calls, doesn’t create any privacy issues. But when the database which powers the function contains the names and numbers of (we suspect) millions of private citizens, this becomes quite concerning.
Hiya is of course not the only “caller ID” app on the market – a quick search of the Apple App store reveals numerous other options for download – including Truecaller, Caller-ID, Sync.ME and CallHelp. In 2018, Hiya reached 50 million active users worldwide, while Truecaller’s website says it has over 130 million daily active users. Those figures of course would barely scrape the surface of the number of names and phone numbers held in their collective databases.
In case you’re wondering how much damage could really be done by a third party having access to your name and phone number – think about all of the things your number is linked to. Your Facebook, your Gmail, maybe even your bank account and credit cards. Information is power – and this is the kind of information that could easily allow hackers to wreak a reasonable amount of havoc. So before you sign-up to a new app, take the time to read the terms of service, because your use could not only be exposing your personal information, but that of your entire contact list.
By Cameron Abbott and Wendy Mansell
It has been a fairly turbulent week in the cyber-espionage space following accusations that China’s Ministry of Security Services is behind the surge of intellectual property theft from Australian companies.
The news that the persistent attacks on Australian IP are perhaps a State sponsored campaign by the Chinese government is concerning as it suggests that China are in breach of several international and bilateral agreements.
In 2015, an agreement was made between Chinese President Xi Jinping and former President Obama, that the U.S and China would not steal intellectual property from one another for commercial gain. This was furthered at the November 2015, G20 Summit, where the cyber-theft of IP was accepted as the norm.
Following on from this in September 2017, former Prime Minister Malcolm Turnbull and Chinese Premier Li Kequiang promised that neither country would engage in cyber-theft of intellectual property and commercial secrets.
Reports of cyber-theft declined immediately after these agreements, however in recent months they have ramped up again.
A U.S Trade Representative report released this week confirms that despite any international agreements, China has continued engaging in cyber-espionage and the theft of intellectual property. Further the report states that not only is China likely to be in breach of these agreements, but the attacks have “increased in frequency and sophistication”.
Notably in July of this year, China was linked to the cyber-breach of Australian National University. This attack was particularly disturbing given that ANU is a leading university involved in key areas of Australian technological, scientific, defence and commercial research. It is fascinating that cyber attacks and theft are a “norm” that is accepted within our overall international relationships. Physical acts of a similar nature would not be so easily accepted.
By Cameron Abbott and Colette Légeret
Cymulate, a leading provider of Breach and Attack Simulation solutions and a Gartner 2018 Cool Vendor, announced last week that its Security Research Team had uncovered a security flaw in the Microsoft Office Suite (Office) that may affect Microsoft Word (Word) users.
By Cameron Abbott and Sarah Goegan
You would think government agencies would have a keen focus on cybersecurity risks, but apparently not! A report by the United States Office of Management and Budget (OMB) has found that nearly three-quarters of Federal agencies reviewed have either “at risk” or “high risk” cybersecurity arrangements. 71 of 96 agencies assessed were either missing, had insufficiently deployed or had significant gaps in their fundamental cybersecurity policies, processes or tools.
Last week, the Australian Government announced that it would propose new anti-terror laws that force telecommunications and multinational tech companies to give law enforcement agencies access to encrypted data of suspected criminals and terrorists.
Cyber Security Minister Angus Taylor said the laws would give police, intelligence and security agencies the ability to bypass encryption on messaging (such as private messages sent on Whatsapp and Facebook), phone calls, photos, location and apps.