Security News This Week: Google Pulls 60 Malicious Apps With Millions of Downloads from Play Store• https://www.wired.com
The fallout of the widespread Meltdown and Spectre processor vulnerabilities continued this week. WIRED took an in-depth look at the parallel sagas that caused four research teams to independently discover the bugs within months of each other. Dozens of patches are now floating around to try to defend devices against attacks that might exploit the vulnerabilities, but a significant amount of time and resources has gone into vetting and installing the patches, because they slow processors down and generally take a toll on systems in some situations.
On Thursday, Congress re-authorized warrantless surveillance initiatives under Section 702 of the 2008 FISA Amendments Act, rejecting reform proposals and instead expanding the scope of the dragnet for six years. In other secret surveillance news, a report by Human Rights Watch details legal techniques law enforcement officials use to avoid revealing some of their sketchier investigative tools.
Skype is going to start offering end-to-end encryption as an opt-in feature, which will bring the protection to the service's 300 million users (though the security industry likely won't be able to vet whether Skype's encryption implementation is actually robust). But researchers found a flaw in WhatsApp, which is end-to-end encrypted by default, that would allow an attacker to join a private group chat and manipulate the notifications about their entrance so group members aren't necessarily aware that they are an interloper.
Protests in Iran continue to be forcibly opposed by the government on numerous fronts, including through initiatives to disrupt Iranians' internet connections and access to communication platforms like Instagram and Telegram. Researchers have developed a technique for catching spy drones in the act by analyzing their radio signals, and mobile pop-up ads are on the rise. Oh, and the Russian hacking group Fancy Bear is apparently gearing up to target the 2018 Winter Olympics, so there's that.
And also there's more. As always, we've rounded up all the news we didn't break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
###Google Removes 60 Malicious Apps Downloaded Millions of Times from the Official Play StoreGoogle removed 60 supposed gaming apps from the Google Play Store on Friday after new research revealed that the apps were laced with malware designed to show pornographic ads and get users to make bogus in-app purchases. The findings from the security firm Check Point indicate that users downloaded the tainted apps three to seven million times. The malware is known as "AdultSwine," and also has a mechanism to try to trick users into downloading phony security apps so attackers can gain even deeper access to victims' devices and data.