A lot happened this week in the world of cybersecurity, both locally and internationally: A security loophole discovered in SIM cards allows an attacker to take over your mobile phone, Mozilla Firefox and Google Chrome roll out new privacy enhancing features, Indian researcher takes home $6,500 bounty for discovering a security loophole on Uber, and CcHUB had its first cybersecurity conference called Security Demo Conference.
AdaptiveMobile Security (a company that provides cyber security services to the telecoms industry) this week announced the discovery of a major and previously undetected security loophole in SIM cards that allows remote attackers to hijack and spy on targeted mobile phone users just by sending an SMS. The good news is that AdaptiveMobile Security is working with MTN and other operators around the world to block some of these attacks.
Last week, Mozilla announced that its Firefox browser would block third-party tracking software for everyone by default, and turn on by default an often overlooked privacy feature in Firefox: DNS-over-HTTPS (DoH). This week, Mozilla also announced a new privacy-focused VPN product called Firefox Private Network that could give Firefox users even more privacy on the web. The VPN product comes as a browser extension that aims to encrypt your online activity and limit what websites and advertisers know about you. It is currently in beta and available only to desktop users in the United States for now.
Not wanting to be outdone by Mozilla, Google last week also officially announced its own DNS-over-HTTPS (DoH) experiment in Chrome browser. Computers normally send unencrypted DNS (domain name service) requests to your ISP when you try to open a website. But doing that allows someone (your internet provider or criminal) to see what sites you’re visiting, or change it, to send you somewhere else. Hence the need for DNS-over-HTTPS (DoH)
Google is making the service available on all Chrome-supported platforms with the exception of Linux, iOS and Chrome Enterprise. The upgraded Chrome browser is due for a stable release on 22 October 2019.
Uber fixed a serious security issue recently that was discovered by an Indian cybersecurity researcher named Anand Prakash. Uber paid out a bounty of $6,500 to Anand for discovering the security loophole. The security loophole would have allowed hackers to take over anyone’s Uber account, including the accounts of partners and Uber Eats users. The researcher said the security loophole was caused because authorisation was missing on an endpoint which gave rise to an access token leak of Uber mobile apps of other users by just supplying the user id.
In Nigeria, CcHUB (Nigeria’s foremost tech incubation hub) had its first cybersecurity conference called “Security Demo Conference”. The conference was open to cyber-security enthusiasts, developers, entrepreneurs and others. The conference exposed the importance of Cybersecurity to companies and businesses. It held at NG HUB, Yaba, Lagos on Friday 13, September 2019.
That’s it for this week’s security news. Check back next week for more news in the cybersecurity world.