New 5G flaws can track phone locations and spoof emergency alerts

5G is faster and more secure than 4G. But new research shows it also has vulnerabilities that could put phone users at risk.

Security researchers at Purdue University and the University of Iowa have found close to a dozen vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic or silently disconnect a 5G-connected phone from the network altogether.

5G is said to be more secure than its 4G predecessor, able to withstand exploits used to target users of older cellular network protocols like 2G and 3G like the use of cell site simulators — known as “stingrays.” But the researchers’ findings confirm that weaknesses undermine the newer security and privacy protections in 5G.

Worse, the researchers said some of the new attacks also could be exploited on existing 4G networks.

The researchers expanded on their previous findings to build a new tool, dubbed 5GReasoner, which was used to find 11 new 5G vulnerabilities. By creating a malicious radio base station, an attacker can carry out several attacks against a target’s connected phone used for both surveillance and disruption.

In one attack, the researchers said they were able to obtain both old and new temporary network identifiers of a victim’s phone, allowing them to discover the paging occasion, which can be used to track the phone’s location — or even hijack the paging channel to broadcast fake emergency alerts. This could lead to “artificial chaos,” the researcher said, similar to when a mistakenly sent emergency alert claimed Hawaii was about to be hit by a ballistic missile amid heightened nuclear tensions between the U.S. and North Korea. (A similar vulnerability was found in the 4G protocol by University of Colorado Boulder researchers in June.)

Another attack could be used to create a “prolonged” denial-of-service condition against a target’s phone from the cellular network.

In some cases, the flaws could be used to downgrade a cellular connection to a less-secure standard, which makes it possible for law enforcement — and capable hackers — to launch surveillance attacks against their targets using specialist “stingray” equipment.

All of the new attacks can be exploited by anyone with practical knowledge of 4G and 5G networks and a low-cost software-defined radio, said Syed Rafiul Hussain, one of the co-authors of the new paper.

CONTINUE @ TECH DIRT

Mark Zuckerberg says TikTok is a threat to democracy, but didn’t say he spent 6 months trying to buy its predecessor

Facebook once tried to buy Musical.ly, the Chinese lip-syncing app which was eventually acquired by Chinese social media giant ByteDance and merged with its app Douyin to form viral video app TikTok, according to reports from BuzzFeed and Bloomberg.

Three sources familiar with the talks told BuzzFeed’s Ryan Mac that Facebook spent the second half of 2016 trying to buy the Shanghai-headquartered Musical.ly in an attempt to break into the Chinese market. These sources said that while the talks were “serious” they never came to frutition with Facebook unable to close the deal.

ByteDance bought Musical.ly in 2017.

Bloomberg’s reporting differs, with a source saying that Facebook walked away out of “concern about the app’s young user base and Chinese ownership.”

The reports add a slightly different tenor to Mark Zuckerberg’s recent remarks about TikTok and China.

The Facebook CEO has been sounding the alarm against TikTok, criticizing the platform for censoring its users and scrubbing content that might displease the Chinese government. TikTok has denied censorship.

At the same time US senators are starting to scrutinise ByteDance and TikTok more closely. Earlier this month the company skipped a senate hearing on China and big tech, and were consequently “empty-chaired.”

CONTINUE @ BI

Google: You can trust us with the medical data you didn’t know we already had

Google now has access to detailed medical records on tens of millions of Americans, but the company promises it won’t mix that medical data with any of the other data Google collects on consumers who use its services.

Google provided this statement yesterday shortly after The Wall Street Journal reported that Google is partnering with Ascension, the country’s second-largest health care system, “on a project to collect and crunch the detailed personal-health information of millions of people across 21 states.”

“To be clear: under this arrangement, Ascension’s data cannot be used for any other purpose than for providing these services we’re offering under the agreement, and patient data cannot and will not be combined with any Google consumer data,” Google said in a blog post. That would mean Google won’t use the medical data to target advertisements at users of Google services.

Google also said that its work with Ascension “adheres to industry-wide regulations (including HIPAA) regarding patient data, and come[s] with strict guidance on data privacy, security, and usage.”

“We have a Business Associate Agreement (BAA) with Ascension, which governs access to Protected Health Information (PHI) for the purpose of helping providers support patient care,” Google said. “This is standard practice in health care, as patient data is frequently managed in electronic systems that nurses and doctors widely use to deliver patient care.”

What can Google see? Pretty much everything

Patient data shared with Google includes names, birth dates, addresses, family members, allergies, immunizations, radiology scans, hospitalization records, lab tests, medications, medical conditions, “and some billing claims and other clinical records,” according to a followup article in the Journal. The partnership “covers the personal health records of around 50 million patients of Ascension,” the Journal wrote.

The Journal said that “Neither doctors nor patients have been formally notified of the arrangement” and that Google and Ascension began the project “in secret last year.”

Google seems to be correct that the partnership doesn’t violate HIPAA (the Health Insurance Portability and Accountability Act). As the Journal noted, that law “generally allows hospitals to share data with business partners without telling patients, as long as the information is used ‘only to help the covered entity carry out its health care functions.'” An expert quoted by the Journal noted that Google would be at risk of violating the law “if it uses the health data to perform independent research outside the direct scope of patient care.”

CONTINUE @ ARS

Facebook is secretly using your iPhone’s camera as you scroll your feed

iPhone owners, beware. It appears Facebook might be actively using your camera without your knowledge while you’re scrolling your feed.

The issue has come to light after a user going by the name Joshua Maddux took to Twitter to report the unusual behavior, which occurs in the Facebook app for iOS. In footage he shared, you can see his camera actively working in the background as he scrolls through his feed.

The problem becomes evident due to a bug that shows the camera feed in a tiny sliver on the left side of your screen, when you open a photo in the app and swipe down. TNW has since been able to independently reproduce the issue.

Here’s what this looks like:

Maddux adds he found the same issue on five iPhone devices running iOS 13.2.2, but was unable to reproduce it on iOS 12. “I will note that iPhones running iOS 12 don’t show the camera (not to say that it’s not being used),” he said.

CONTINUE @ TNW

White House to use webcams to create live feed of border wall construction

Jared Kushner and other senior Trump administration officials are planning to set up web cameras to live-stream construction of President Trump’s border wall, going against objections from the U.S. Army Corps of Engineers and senior U.S. Customs and Border Protection officials, according to four people familiar with the White House proposal.

“There will be a wall cam, and it’ll launch early next year,” said a senior White House official involved in the initiative, which aims to rally public support for hundreds of miles of new border barrier Trump wants in place by next year’s election.

The project, which already has cost $10 billion in taxpayer funds, is behind schedule and faces major hurdles, including the need to acquire miles of privately held land in Texas where barriers are slated to be built.

Kushner floated the idea during meetings in July, part of a messaging effort to push back against criticism that Trump has failed to deliver on the signature proposal of his 2016 campaign. The U.S. Army Corps and U.S. Customs and Border Protection have told Kushner that construction contractors do not want their proprietary techniques visible to competitors, according to four people who spoke on the condition of anonymity to describe the internal discussions.

Officials at the Army Corps and CBP also were concerned the cameras would show U.S. work crews violating Mexican sovereignty because they sometimes must stray south of the border to maneuver their vehicles and heavy equipment in the desert. Because some of the remote border areas lack network access, the cameras will require their own web connectivity and attendants who could frequently reposition them to keep the lens pointed at the action.

CONTINUE @ MSN

Health Minister Wants Full-Genome Sequencing Of Every Newborn Child In UK To Become Routine

The cost of sequencing every DNA “letter” in a human genome has fallen faster than Moore’s Law, from around $100 million in 2001, to under $1,000 today (although some say the overall cost in a clinical context is higher). This brings with it the prospect of routinely carrying out full-genome sequencing for everyone. That’s precisely what Matt Hancock, the UK’s Health Secretary, has said he wants to see as a part of the country’s National Health Service (NHS), reported here by The Telegraph:

“My ambition is that eventually every child will be able to receive whole genome sequencing along with the heel prick test [a basic test for genetic conditions],” he told the conference.

“We will give every child the best possible start in life by ensuring they get the best possible medical care as soon as they enter the world. Predictive, preventative, personalised healthcare — that is the future of the NHS — and whole genome sequencing and genomics is going to play a huge part in that,” he said.

Creating a massive database of near-complete genomes will probably ring alarm bells for Techdirt readers. Just recently, US police have started obtaining warrants to search entire DNA databases, even of people who opted out of allowing law enforcement to access their genomic data. That’s despite the fact that “touch DNA” is mostly guesswork, and that crime lab testing is beset with problems. Moreover, a mistaken belief that DNA is infallible can lead to innocent people being charged with serious crimes like murder.

It’s true that DNA can be a very powerful tool for solving crimes by finding distant matches in publicly-available genetic data, and then constructing family trees to narrow down the possible suspects. But that fact also exposes why routinely obtaining someone’s DNA, as Hancock proposes for newborns in the UK, has an important impact on anyone related to the person whose whole genome is sequenced.

Even when DNA databases of a complete population are not set up for the purposes of mass surveillance, as Kuwait proposed (but then scaled back), and as China is implementing in Xinjiang as a way of controlling the local Uyghur population, there are other serious issues that need to be considered.

CONTINUE @ TECH DIRT

‘Unlimited’ Data Plans With Very Obvious Limits Are Only Getting More Confusing

Back in 2007, Verizon was forced to strike an agreement with the New York State Attorney General for marketing data plans as “unlimited” when the plans had very clear limits. Twelve years later and it’s not clear the industry has learned much of anything.

After their efforts to strictly monetize usage didn’t go well with consumers, wireless carriers around 2012 or so returned to offering unlimited data plans. But much like the unlimited data plans of old, these plans have all manner of bizarre restrictions. Verizon, for example, bans users from even watching videos in HD unless they sign up for more expensive plans. Carriers also throttle usage after you reach a certain amount of data for the remainder of your billing cycle. There are also limitations on how frequently you can use your phone as a tethered modem or hotspot.

AT&T’s latest updates to its “unlimited” wireless data plans are no exception, and require an industry-lingo decoder ring and a few hours of fine print reading to actually understand. Here, for example, is how CNET framed the changes:

“Those looking for a mobile hotspot will need to jump to AT&T’s Unlimted Extra Plan, which runs $40 per line, per month for a family of four. This plan adds 15GB of mobile hotspot per line and you won’t have your data slowed until you’ve already used 50GB in a month and are in “congested” areas like a stadium (the Starter plan will slow down data if you’re in a congested area and have passed 22GB).

CONTINUE @ TECH DIRT

Wisconsin County Briefly Considers (Then Drops) Resolution To Threaten Journalists With Prosecution For Not Reprinting Entirety Of Gov’t Report

It’s kind of stunning how frequently we see elected officials proposing things that are so blatantly unconstitutional that you wonder how they were proposed in the first place. Take, for example, a situation in southwest Wisconsin. Last week it was reported that the Lafayette County’s board would be considering a hilariously overbroad resolution that threatened to prosecute journalists if they did not report on the local “Review Board of the Water Quality Study.” The proposed resolution did not mince words, noting that it was put in place because of worries about “slander”:

WHEREAS, in the past, Southwest Wisconsin has been falsely slandered by the press due to a county board leak of confidential information of the collaborative three county water study the following protocols must be followed:

So, right from the start this is problematic. Claiming that the press “slandered” you already suggests a bad outlook. Second, any demand for “protocols” that “must be followed” for journalists is inherently a violation of the 1st Amendment that anyone — even a lowly county board member — should recognize. Among the protocols are the insane requirement that any reporting on the report must simply repost the entire press release crafted by the Review Board, and they are not allowed to even quote it.

An appropriate statement will be crafted by the Review Board. It will be crafted in a press release and shared with the press with this specific statement included at the top: “Please do not alter, edit, cut or adjust this press release in anyway. Please print the content provided in full.” Under no circumstances is the media allowed to glean information and selectively report it in order to interpret the results for their own means.

Yeah, so beyond the mixing up of “any way” and “anyway”, telling journalists that they’re not allowed to “glean information” or report on it how they want is kind of insane. It also undermines the “Please” at the beginning of the “specific statement included at the top” which makes it sound like a request. Oh, also undermining the “please” is the sentence after the part quoted above:

CONTINUE @ TECH DIRT

9 of the Best Retirement Locations in the US

Dear Rich Lifer,

When it comes to retirement destinations, you can find an endless number of lists ranking the best and worst spots to live out your golden years.

My take is it really depends on how you want your retirement to look.

Of course, you want to stretch your dollar as far as it will go, but you’re also not going to do it at the expense of losing friends and family.

A survey by Merrill Lynch and Age Wave, found that the top reason people move in retirement is to be closer to family.

So, if your kids and grandkids are living in Michigan and you have your eyes set on sunny Florida, you might not be renting that U-Haul so fast.

That said there are some key factors to consider when choosing where to live in retirement.

Two of the most common factors you should consider are cost of living and quality of life. Other factors to be weighed are:

  • Housing costs
  • Tax rates
  • Health care
  • Climate
  • Overall happiness of residents

As I said, the best place to retire will ultimately depend on the retiree but here are my top 9 destinations in the US.

Most of the cities on this list have a moderate to low cost of living, and all are located in states that exempt all or a portion of retirement income from taxes, with the exception of one.

Bella Vista, AR

Located in the northwest corner of Arkansas, 200 miles south of Kansas City, Bella Vista is a scenic town in the Ozarks.

The median home price is $171,000, 31% below the national median. Cost of living is 4% below the national average.

Pros: Good air quality, warm climate. Many lakes. Low crime rate. Good economy. Adequate doctors per capita. No state income tax on Social Security and up to $6,000 of other retirement income per person. No state estate or inheritance tax.

Cons: Not very walkable.

Delray Beach, FL

Delray Beach is a beach town with a population of 69,000, just north of Fort Lauderdale. Median home price is $205,000, 18% below the national median. Cost of living is 10% above the national average.

Pros: Abundant doctors per capita. Good air quality. Walkable and bikeable for the most part. Good economy. No state income or estate/inheritance tax.

Cons: Serious crime rate above the national average.

Clearwater, FL

Population 116,000 and wedged between the Gulf of Mexico and Tampa Bay, the sun is always shining in Clearwater. Median home price $211,000, 15% below the national median. Cost of living is 5% above the national average.

Pros: Good air quality. High number of doctors per capita. Highly bikeable, somewhat walkable. Strong economy. No state income tax or estate/inheritance tax.

Cons: Serious crime rate somewhat above the national average.

Pittsburgh, PA

Home of Carnegie Mellon University, University of Pittsburgh, Duquesne University, and Chatham University, Pittsburgh is clustered around three major rivers. The population is 303,000.

Median home price is $151,000, 39% below the national median. Cost of living is 6% below the national average.

Pros: High number of doctors per capita. Great for biking and walking. Strong volunteer community. Good economy. No state income tax on Social Security or most retirement income.

Cons: Cold winters. Poor air quality. Serious crime rate above the national average.

CONTINUE @ DR

Neiman Marcus Cuts More Jobs…

Neiman Marcus eliminated fewer than 100 jobs, both through layoffs and by not filing vacant or requested positions, the Dallas Morning News reported last week.

More than half of the positions came from eliminating unfilled jobs, the Dallas-based company confirmed with the Morning News.

The luxury retailer made the cuts last Wednesday, the DMN reported, and those who lost jobs received severance and outplacement services.

CONTINUE @ BIZ JOURNAL

Richard Branson apologises for using photo with only white people to celebrate South Africa project launch

British billionaire and Virgin founder Richard Branson apologised on Tuesday for posting a picture on Twitter he admitted “clearly lacked diversity” as he launched his new entrepreneurship development centre in South Africa.

On Monday he tweeted a picture of himself and eight others captioned “We aim to become the heart of entrepreneurship in Southern Africa”.

It featured no black people in a country where 80 per cent of the population is black.

That sparked outrage as racial tensions remain high and the majority black population is still economically marginalised 25 years after the demise of apartheid.

“Where did you find so many white people in South Africa?” one tweet said.

CONTINUE @ SCMP

Millennials on track to die faster than Gen X, thanks to mental health

They’re seeing their physical and mental health decline at a faster rate than Gen X did as they age, a new Blue Cross Blue Shield report found.

The report used a baseline projection representing historical outcomes of “health shocks” and an adverse projection of current trends. It’s possible this decline could be rectified with proper management and treatment, but without intervention, millennials could see a 40% increase in mortality compared with Gen Xers of the same age, the adverse projection showed.

In this scenario, millennials could end up shelling out a third more in treatment costs than Gen Xers of the same age, because of a greater need for treatment and rising healthcare costs.

Healthcare is one of four key costs plaguing millennials. In 1960, the average annual cost of healthcare per person was $146 — in 2016, it hit $10,345. When adjusted for inflation, that’s a ninefold increase. Costs are expected to further increase to $14,944 in 2023.

Poorer health could also make millennials less likely to participate in the US labor market, resulting in higher unemployment and a loss of annual income by more than $4,500 per person, the Blue Cross report said.

The report attributed this millennial health decline to both physical conditions, such as hypertension and high cholesterol, and behavioral health — particularly rises in rates of depression, hyperactivity (such as anxiety or ADHD), and substance abuse.

Rises in depression and ‘deaths of despair’

The report found that rates of depression and hyperactivity among American millennials increased by about 30% from 2014 to 2017.

These findings are underscored by previous reports that analyzed data from Blue Cross Blue Shield’s Health Index. One found that major-depression diagnoses were rising at a faster rate for millennials and teens than they were for any other age group.

CONTINUE @ BI

Sears Is Closing Half of Its Stores…

Hedge fund manager and longtime Sears Holdings chairman Eddie Lampert spent more than a decade trying to merge and then turn around the storied Sears and Kmart brands. Along the way, he raised billions of dollars of capital through asset sales and spinoffs — most notably, the creation of retail REIT Seritage Growth Properties (NYSE:SRG). However, those efforts ended in failure, as Sears Holdings filed for bankruptcy protection a little over a year ago.

Despite this poor track record, Lampert’s ESL Investments fund bought Sears and Kmart out of bankruptcy earlier this year, with plans to keep both chains alive in a slimmed-down format. Yet once again, Lampert overestimated the prospects of these dying retail brands. As a result, Sears and Kmart are poised to close the majority of their remaining stores between the last few months of 2019 and the first few months of 2020.

As part of the latest round of store closures, Sears and Kmart will close more than half of their Seritage-owned stores in February. However, Seritage has done so much work to redevelop its properties already that the pending store closures will have a negligible impact on the REIT.

Another massive round of store closures

At the time it bought Sears and Kmart out of bankruptcy, ESL expected to continue operating about 425 stores combined between the two chains. For comparison, Sears Holdings had about 1,000 stores at the beginning of 2018, many of which were closed before the bankruptcy filing.

It didn’t take long for Sears and Kmart to start missing ESL’s projections. As a result, the company closed a handful of stores during the spring and summer. In August, it announced that it would close another 26 stores between late October and mid-November. Soon thereafter, the company quietly made plans to close about 100 stores — mainly Kmarts — near the end of the year.

Last Thursday, the ESL affiliate that controls Sears and Kmart announced plans to shutter 96 additional stores next February, split roughly evenly between the two banners. Liquidation sales will begin on Dec. 2. This will leave a grand total of just 182 Sears and Kmart stores, less than half the number Lampert and his team thought could be salvaged.

Seritage gets hit hard — but not that hard

At the time it became independent in mid-2015, Seritage Growth Properties held interests in 266 properties, with all but a dozen occupied primarily by either Sears or Kmart. Over time, it has trimmed its holdings to 217 properties. Furthermore, before its bankruptcy filing, Sears Holdings had exercised termination rights for 87 properties, and Seritage fully recaptured dozens of others. Additional Sears and Kmart stores in Seritage’s portfolio closed during the bankruptcy process.

CONTINUE @ MOTLEY FOOL

Biggest U.S. Milk Company Dean Foods Files for Chapter 11 Bankruptcy

Got milk? Increasingly, Americans don’t, and that led the nation’s biggest milk producer to file for bankruptcy Tuesday.

Dean Foods blamed a decadeslong drop in milk consumption that has seen people turn to alternatives like soda, juice and almond milk.

The Dallas company said it may sell itself to the Dairy Farmers of America, a marketing cooperative owned by thousands of farmers.

“Despite our best efforts to make our business more agile and cost-efficient, we continue to be impacted by a challenging operating environment marked by continuing declines in consumer milk consumption,” CEO Eric Berigause said in a statement.

Since 1975, the amount of liquid milk consumed per capita in the U.S. has tumbled more than 40%. Americans drank around 24 gallons a year in 1996, according to government data. That dropped to 17 gallons in 2018.

An increasing variety of beverages, including teas and sodas, has hurt milk consumption. So have protein bars, yogurts and other on-the-go breakfasts, which take the place of a morning bowl of cereal.

More recently, health and animal-welfare concerns have also contributed, as more shoppers seek out non-dairy alternatives.

Oat milk, for example, saw U.S. sales rise 636% to more than $52 million over the past year, according to Nielsen data. Sales of cow’s milk dropped 2.4% in that same time frame.

Not all dairy products have been affected. U.S. butter and cheese consumption is up since 1996, for example.

“We’re eating our dairy, not drinking it,” said Mark Stephenson, director of dairy policy analysis at the University of Wisconsin-Madison.

The downturn has had an outsize effect on Dean Foods, which derived 67% of its sales from fluid milk last year, according to its annual report. The company has lost money in eight of its last 10 quarters and posted declining sales in seven of the last eight.

Dean employs 16,000 people and operates 60 processing facilities across the country. On any given day, it is running 8,000 refrigerated delivery trucks on U.S. roads.

It supplies milk for its own brands, like Dairy Pure, Meadow Gold and TruMoo, as well as store brands. One big blow came last year, when Walmart opened its own milk processing plant in Indiana.

CONTINUE @ YAHOO