In this week’s cyber news roundup, WhatsApp tries to put out a fire, Ring focuses its attention on privacy, President-elect Joe Biden proposes major boosts to US cybersecurity as he prepares for a major downgrade in personal fitness.
Without further ado:
WhatsApp Backtracks
WhatsApp wants to clarify a few things. Following a hailstorm of bad press regarding an update to its terms of service — namely in the apparent pivot the company was taking in sharing user data with Facebook — WhatsApp is taking the stand.
WhatsApp will now give users until May 15 to accept the new terms, extending it well past the original Feb. 8 deadline.
“WhatsApp was built on a simple idea: what you share with your friends and family stays between you,” a recent statement reads. “This means we will always protect your personal conversations with end-to-end encryption, so that neither WhatsApp nor Facebook can see these private messages. It’s why we don’t keep logs of who everyone’s messaging or calling. We also can’t see your shared location and we don’t share your contacts with Facebook.”
WhatsApps says its new policy changes have more to do with user conversations with businesses through WhatsApp. The company has previously shared some data with Facebook since 2016, sans the users who actively opted out of the sharing. The company wants to make it clear that end-to-end encryption prevents WhatsApp (and Facebook) from reading user conversations.
That doesn’t eliminate the fact that WhatsApp may collect the following data (and potentially share with Facebook):
Purchases
Identifiers
Diagnostics
Financial Info
Contact Info
User Content
Usage Data
WhatsApp will now spend the next four months trying to fix this mess. This, after the company saw rival platforms like Signal and Telegram see a surge in downloads over the last week. Yikes.
Ring Adopts Encryption
First announced back in September, Ring is now beginning to add support for end-to-end encryption for its security cameras. All video captured on security cameras will now be encrypted from the camera itself to the device the video is being viewed on. Nobody else will be able to intercept and view the content.
The official rollout of this new feature was announced on Jan. 13 at the Consumer Electronics Show (CES) 2021 and went into effect the same day. The good news for existing Ring customers: The new feature will not be exclusive to 2021 devices — most existing doorbells, indoor and outdoor cameras can benefit. It’s worth noting that E2EE will be an opt-in feature, so be sure to dig into those settings if you’re looking to bolster the cybersecurity surrounding your physical security device.
More good news for those with a real desire for privacy: Opting into E2EE will effectively nullify one of the more controversial aspects of owning a Ring device. You may remember Ring’s highly criticized partnership with hundreds of police departments across the country — a move that raised numerous concerns regarding privacy and the development of a privately run and for-profit surveillance state. Opting into the encryption would prevent Ring, Amazon, and law enforcement from viewing the videos taken on those devices.
Check out CNET’s 2019 write-up for more on these concerns.
Biden Boosting US’ Cyber Efforts
President-elect Joe Biden is wasting little time in responding to the colossal cyber attack that hit many of the nation’s federal agencies. As part of his COVID-19 relief plan, Biden is earmarking more than $10 billion to bolster the United States’ cybersecurity and information technology. Biden describes cybersecurity as “an urgent national security issue that cannot wait.”
About $9 billion will go towards the Cybersecurity and Infrastructure Agency (CISA) and General Services Agency (GSA) with the goal of kickstarting new cybersecurity and IT devices. Lawmakers had previously appropriated about $2 billion for CISA in 2021.
“In addition to the COVID-19 crisis, we also face a crisis when it comes to the nation’s cybersecurity,” as stated in Biden’s plan. “The recent cybersecurity breaches of federal government data systems underscore the importance and urgency of strengthening U.S. cybersecurity capabilities. President-elect Biden is calling on Congress to launch the most ambitious effort ever to modernize and secure federal IT and networks.”
All customers of cybersecurity company SolarWinds, the US Department of Commerce, Department of Homeland Security, the Pentagon, Department of the Treasury, the US Postal Service, and the National Institutes of Health were all announced to have been breached — true icing on the cake to what was one of the more forgettable years on record. Numerous federal officials have stated that Russian intelligence was likely behind the attack.
The following weeks will determine whether or not Biden’s plan is accepted by Congress.
Biden Won’t Be Able to Bring His Peloton to White House
We’ll end our cyber news brief with a bit of a cooldown (pun totally intended): President-elect Joe Biden won’t be able to bring his beloved Peloton bike to Pennsylvania Ave. The upper class stationary bikes are equipped with cameras and microphones that White House security experts have deemed a cybersecurity risk.
Disabling the camera and microphone apparently won’t do the trick, because the bikes still need to be connected to the web in order to make use of the instructional videos.
Whether Peloton can create a custom bike fit for a president remains to be seen, but it seems the commander in chief may have to break a sweat just like the rest of us commoners.
(Also let this be a reminder that all IoT devices come with inherent security risks that could compromise your privacy. Purchase and enjoy at your own risk!)