The 33rd edition of our weekly security recap is here! What do we have today? Well, on one hand, the eternal tug-of-war between manufacturers and law enforcement regarding the ethical limits of user privacy. On the other, we see how a giant service like Uber deals with intricate cyber-scams that target their service, carried out by people who are looking to make a quick buck
Apple to Protect the Lightning Port to Counter Hacking
Last Tuesday Apple announced that the way that the Lightning port works on the iPhone will change to protect their users against external hacking attempts. This change will arrive as a new feature on iOS called “USB Restricted Mode”, which after an hour will block any communications coming from the port, only charging the device through it.
This security feature comes as a response to the eternal battle between law enforcement agencies, like police forces and the FBI, who seek to crack iPhones belonging to suspects in favor of legal investigation. The problem is that iPhones, by default, encrypt their user’s data.
After numerous failed legal attempts, the law sought help in third-party devices like GrayKey, which supposedly tackled iPhone’s passcode by implanting a loader on the device which then slowly tries to crack the device’s lock.
However, this solution doesn’t entirely block the chances of an attack; for example, GrayKey apparently needs the device to be connected for 2 minutes only, since the implanted loader can work without it being connected. This could tackle the transfer if the timing is right, but it’s probably an attempt to fend lesser technologies off. In the end, Apple has stated that their end-goal isn’t to make the enforcer’s work hard, but to provide their users with the best protection possible against malicious agents.
The Cyber-Scams That Uber Faces Daily
Wherever there is an online service, there is someone trying to exploit it. Ticketfly was a recent victim of ransomware; governmental websites are being hijacked and injected with cryptojackers to mine the visitor’s resources for cryptomining; and so on.
Well, Uber is not the exception and today we’re going to take a look at the scams and cyber-scams that shady people try to pull off to take advantage of the platform, and how Uber counters them.
Most of the scams originated from a single event: scammers were using stolen credit cards and two accounts to take themselves for a ride and cashing stolen dollars in the process. But this wasn’t enough, and when they discovered they could exploit this, scammers started developing ways of pushing the profits to the limit.
That’s when GPS spoofing came into play. Scammers started to fake rides by spoofing the phone’s position, meaning they could milk stolen cards without leaving their homes, and pushing Uber’s reward system to the limit.
Quite the loophole, right? Well, Uber managed to keep it at bay by relying on machine learning to detect odd patterns on these devices locations. The tipping point was when Uber discovered that these fake location’s altitude was inconsistent, cars where literally flying to their destination. What’s more, they weren’t just flying, they were speeding through their trips extremely fast!
With that, Uber gained a direction it could point its machine learning to, and the results were amazing. Uber started feeding its detection tool, waiting until the last minute before suspending scammers so that the tool could gather, learn, and grow. Since its deployment, they managed to reduce these scams by a staggering 85 percent, which left them with time to focus on other secondary scams that are affecting the platform, like third-party fake discount re-sellers, and drivers who try to exploit the cancellation fee.
As we said, behind most cyber-attacks, there’s someone trying to take advantage of a situation to generate easy money.