The encrypted messaging app Telegram is the latest to be banned in Russia, prompting Kremlin officials to look elsewhere for how it communicates with the media.
We found out last week that not all Android vendors are created equal when it comes to security patches, following research by a pair of analysts from Security Research Labs on 1,200 Android handsets.
The researchers found that patches were missing from a wide range of handsets across a variety of makers. Both Samsung and Sony had missed some patches, despite reporting that they were up to date.
“It’s almost impossible for the user to know which patches are actually installed,” one of the researchers said.
Also, from a fintech perspective, Siliconrepublic.com heard from the head of IBM Ireland’s security business unit, Aidan McHugh, on how analysis of billions of security events found financial services to be the worst-hit industry in ‘the year of ransomware’.
Russia bans Telegram over encryption keys
The Russian government has never been shy in banning apps and online services that don’t comply with its strict data regulations, as seen with LinkedIn following its refusal to transfer data on Russian users to servers based in the country.
Now, according to Bloomberg, the latest to feel the wrath of Russia’s communications regulator Roskomnadzor is the encrypted messaging app Telegram.
Today (16 April), the regulator ordered all Russian internet and mobile internet providers to block access to the service within 24 hours after a Russian court found that Telegram’s founder, Pavel Durov, did not comply with the government’s demand to hand over encryption keys.
The service has almost 10m users in Russia, including many in the Kremlin who use it as a means of communication with both national and international media, forcing the latter to switch to the ICQ chat service owned by Mail.ru.
In a statement, Durov said the move will actually be harmful to Russia’s national security because people will look elsewhere for encrypted messaging such as the “US-controlled” services of Facebook and WhatsApp.
“We see the decision to block it as anti-constitutional and will continue to defend Russians’ right to private messaging,” he said.
ZTE now a pariah in eyes of US and UK governments
In the current tense geopolitical sphere, fears surrounding the influence the Chinese government has on its powerful tech companies are manifesting in outright bans of the use of hardware from some major manufacturers from the country.
The latest is ZTE as, according to the Financial Times, the UK’s National Cyber Security Centre has sent a letter to UK-based telecoms and Ofcom warning that “the use of ZTE equipment or services within existing telecommunications infrastructure would present risk to UK national security that could not be mitigated effectively or practicably”.
The letter went on to state that new laws introduced by the Chinese government allow the state to exert enormous influence over company policy and that of individuals with “wide-ranging powers of compulsion”.
Not long after, the US Department of Commerce announced a ban on American companies from selling components to ZTE for the next seven years after violating the terms of sanctions placed against the Chinese company.
According to Reuters, ZTE pleaded guilty last year to charges that it illegally shipped US goods and technology to Iran.
Android apps a goldmine for bad password practices
Another week, another litany of security problems for Android devices, as new research shows that many free apps on the Google Play Store still have their encryption keys embedded within them.
According to The Register, the findings were revealed by Will Dormann, a software vulnerability analyst at the CERT Coordination Center, speaking to attendees of the BSides conference in San Francisco.
During his search, he found nearly 20,000 apps with insecure keys – including Samsung’s Smart Home app – but said there could be many more among the paid-for apps.
Dormann noted that the biggest problems were in apps that used the Appinventor tool, as he found that it hardcodes privacy keys into apps by default.
Meanwhile, software key stores did little to help as, while they were password-protected, they could be bypassed relatively easy by password crackers.
NHS spends £1m to get itself ready for GDPR
A freedom-of-information request has revealed that the UK National Health Service (NHS) has spent more than £1m across 46 trusts on email systems, software, staffing and training ahead of the enforcement of GDPR next month.
According to ITPro, the findings came as part of a report compiled by the think tank Parliament Street, showing that only 55pc of acute trusts and 47pc of mental health trusts have an implementation plan ahead of its enforcement.
“This suggested that around half of trusts are properly equipped with a plan to tackle this complex legislation,” the report said.
“A key issue for the NHS is how they manage and secure sharing of confidential patient records and data, which is extremely sensitive and personal to individuals.”