Three tech companies must address consumer and congressional concerns over privacy rights in the wake of high-profile news stories.
Last week Apple released its newest version of the iPhone
with the Touch ID feature that only unlocks your phone with your fingerprint spawning “substantial privacy concerns
.” Naturally, hackers want to break into it.
Just days after the website IsTouchIDHackedYet.com
launched, a group of German hackers, the Chaos Computer Club (CCC), claims to have done it
using a bit of a convoluted process:
Here’s how the CCC says it did it:
First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
Even before this happened, U.S. lawmakers were questioning the inherent privacy issues with Touch ID.
In a letter to Apple, Sen. Al Franken (D-Minn.) asked the company to answer the following questions:
• Would it be possible to extract fingerprint data from an iPhone?
• What legal status would the fingerprint have?
• How well would the fingerprint data be protected?
• Could Apple assure its users that it would never share their fingerprint data or fingerprint files with any commercial third party?
• Do they believe users have a reasonable expectation of privacy in fingerprint data they provide to Touch ID?
Apple isn’t the only one dealing with these types of issues.
[RELATED: Find out about our November event that has instruction for your entire communications team.]
Google allegedly knows the WiFi password of every Android user. A Computer World article
from this month that made this claim caused Google to respond with the following statement (not exactly a denial) to Talk Android
Our optional ‘Backup my data’ feature makes it easier to switch to a new Android device by using your Google Account and password to restore some of your previous settings. This helps you avoid the hassle of setting up a new device from scratch. At any point, you can disable this feature, which will cause data to be erased. This data is encrypted in transit, accessible only when the user has an authenticated connection to Google and stored at Google data centers, which have strong protections against digital and physical attacks.
LinkedIn, meanwhile, has been accused of hacking users’ email addresses for marketing purposes. A group saying it plans to file a lawsuit in California is alleging that LinkedIn hacked its email to download contacts’ email addresses.
In a post titled “Setting the Record Straight on False Accusations
,” Blake Lawit vehemently denies this on the LinkedIn blog. He writes:
• We do not access your email account without your permission. Claims that we “hack” or “break into” members’ accounts are false.
• We never deceive you by “pretending to be you” in order to access your email account.
• We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so.