VC funding of cybersecurity companies hits record $5.3B in 2018

2018 wasn’t all bad. It turned out to be a record year for venture capital firms investing in cybersecurity companies.

According to new data out by Strategic Cyber Ventures, a cybersecurity-focused investment firm with a portfolio of four cybersecurity companies, more than $5.3 billion was funneled into companies focused on protecting networks, systems and data across the world, despite fewer deals done during the year.

That’s up from 20 percent — $4.4 billion — from 2017, and up from close to double on 2016.

Part of the reason was several “mega” funding rounds, according to the company. Last year saw some of the big eight companies getting bigger, amassing a total of $1.3 billion in funding last year. That includes Tanium’s combined $375 million investment, Anchorfree’s $295 million and CrowdStrike’s $200 million.

According to the report, North America leads the rest of the world with $4 billion in VC funding, with Europe and Asia neck-and-neck at around $550 million each, but growing year-over-year.

In fact, according to the data, California — where many of the big companies have their headquarters — accounts for nearly half of all VC funding in cybersecurity in 2018. By comparison, only about $300 million went to the “government” region — including Maryland, Virginia and Washington, DC, where many government-backed or focused companies are located.

“As DC residents, we have to think there is more the city could do to entice cybersecurity companies to establish their headquarters in the city,” the firm said. Virtru, an email encryption and data privacy firm, drove the only funding of cybersecurity investment in Washington, DC last year, they added.

“We’ve seen this trend in the broader tech ecosystem as well, with many, large international funds and investment outside of the U.S.,” the firm said. “Simply put, amazing and valuable technology companies are being created outside of the U.S.”

Looking ahead, Tanium and CrowdStrike are highly anticipated to IPO this year — so long as the markets hold stable.

“It’s still unclear what the public equity markets have in store in 2019,” the firm said. “A few weeks in and we’re already experiencing a government shutdown, trade wars with China, and expected slow down in global economic growth.”

“However, only time will tell what 2019 has in store,” the firm concluded.

Decrypted Telegram bot chatter revealed as new Windows malware

Sometimes it take a small bug in one thing to find something massive elsewhere.

During an investigation recent, security firm Forcepoint Labs said it found a new kind of malware that was found taking instructions from a hacker sending commands over the encrypted messaging app Telegram .

The researchers described their newly discovered malware, dubbed GoodSender, as a “fairly simple” Windows-based malware that’s about a year old, which uses Telegram as the method to listen and wait for commands. Once the malware infects its target, it creates a new administrator account and enables remote desktop — and waits. As soon as the malware infects, it sends back the username and randomly generated password to the hacker through Telgram.

It’s not the first time malware has used a commercial product to communicate with malware. If it’s over the internet, hackers are hiding commands in pictures posted to Twitter or in comments left on celebrity Instagram posts.

But using an encrypted messenger makes it far harder to detect. At least, that’s the theory.

Forcepoint said in its research out Thursday that it only stumbled on the malware after it found a vulnerability in Telegram’s notoriously bad encryption.

End-to-end messages are encrypted using the app’s proprietary MTProto protocol, long slammed by cryptographers for leaking metadata and having flaws, and likened to “being stabbed in the eye with a fork.” Its bots, however, only use traditional TLS — or HTTPS — to communicate. The leaking metadata makes it easy to man-in-the-middle the connection and abuse the bots’ API to read bot sent-and-received messages, but also recover the full messaging history of the target bot, the researchers say.

When the researchers found the hacker using a Telegram bot to communicate with the malware, they dug in to learn more.

Fortunately, they were able to trace back the bot’s entire message history to the malware because each message had a unique message ID that increased incrementally, allowing the researchers to run a simple script to replay and scrape the bot’s conversation history.

The GoodSender malware is active and sends its first victim information. (Image: Forcepoint)

“This meant that we could track [the hacker’s] first steps towards creating and deploying the malware all the way through to current campaigns in the form of communications to and from both victims and test machines,” the researchers said.

Your bot uncovered, your malware discovered — what can make it worse for the hacker? The researchers know who they are.

Because the hacker didn’t have a clear separation between their development and production workspaces, the researchers say they could track the malware author because they used their own computer and didn’t mask their IP address.

The researchers could also see exactly what commands the malware would listen to: take screenshots, remove or download files, get IP address data, copy whatever’s in the clipboard, and even restart the PC.

But the researchers don’t have all the answers. How did the malware get onto victim computers in the first place? They suspect they used the so-called EternalBlue exploit, a hacking tool designed to target Windows computers, developed by and stolen from the National Security Agency, to gain access to unpatched computers. And they don’t know how many victims there are, except that there is likely more than 120 victims in the U.S., followed by Vietnam, India, and Australia.

Forcepoint informed Telegram of the vulnerability. TechCrunch also reached out to Telegram’s founder and chief executive Pavel Durov for comment, but didn’t hear back.

If there’s a lesson to learn? Be careful using bots on Telegram — and certainly don’t use Telegram for your malware.

Researcher shows how popular app ES File Explorer exposes Android device data

Why is one of the most popular Android apps running a hidden web server in the background?

ES File Explorer claims it has over 500 million downloads under its belt since 2014, making it one of the most used apps to date. It’s simplicity makes it what it is: a simple file explorer that lets you browse through your Android phone or tablet’s file system for files, data, documents and more.

But behind the scenes, the app is running a slimmed-down web server on the device. In doing so, it opens up the entire Android device to a whole host of attacks — including data theft.

Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, found the exposed port last week, and disclosed his findings in several tweets on Wednesday. Prior to tweeting, he showed TechCrunch how the exposed port could be used to silently exfiltrate data from the device.

“All connected devices on the local network can get [data] installed on the device,” he said.

Using a simple script he wrote, Robert demonstrated how he could pull pictures, videos, and app names — or even grab a file from the memory card — from another device on the same network. The script even allows an attacker to remotely launch an app on the victim’s device.

He sent over his script for us to test, and we verified his findings using a spare Android phone. Robert said app versions 4.1.9.5.2 and below have the open port.

“It’s clearly not good,” he said.

A script, developed by security researcher , to obtain data on the same network as an Android device running ES File Explorer. (Image: supplied)

We contacted the makers of ES File Explorer but did not hear back prior to publication. If that changes, we’ll update.

The obvious caveat is that the chances of exploitation are slim, given that this isn’t an attack that anyone on the internet can perform. Any would-be attacker has to be on the same network as the victim. Typically that would mean the same Wi-Fi network. But that also means that any malicious app on any device on the network that knows how to exploit the vulnerability could pull data from a device running ES File Explorer and send it along to another server, so long as it has network permissions.

Of the reasonable explanations, some have suggested that it’s used to stream video to other apps using the HTTP protocol. Others who historically found the same exposed port found it alarming. The app even says it allows you to “manage files on your phone from your computer… when this feature is enabled.”

But most probably don’t realize that the open port leaves them exposed from the moment that they open the app.

Schneider’s EVLink car charging stations were easily hackable, thanks to a hardcoded password

Schneider has fixed three vulnerabilities in one of its popular electric car charging stations, which security researchers said could have easily allowed an attacker to remotely take over the unit.

At its worst, an attacker can force a plugged-in vehicle to stop charging, rendering it useless in a “denial-of-service state,” an attack favored by some threat actors as it’s an effective way of forcing something to stop working.

The bugs were fixed with a software update that rolled out on September 2 shortly after the bugs were first disclosed, and limited details of the bugs were revealed in a supporting document on December 20. Now, a fuller picture of the vulnerabilities, found by New York-based security firm Positive Technologies, were released today — almost a month later.

Schneider’s EVLink charging stations come in all shapes and sizes — some for the garage wall and some at gas stations. It’s the charging stations at offices, hotels, shopping malls and parking garages that are vulnerable, said Positive.

At the center of Positive’s disclosure is Schneider’s EVLink Parking electric charging stations, one of several charging products that Schneider sells, and primarily marketed to apartment complexes, private parking area, offices and municipalities. These charging stations are, like others, designed for all-electric and plug-in hybrid electric vehicles — including Teslas, which have their own proprietary connector.

Because the EVLink Parking station can be connected to Schneider’s cloud with internet connectivity, either over a cell or a broadband connection, Positive said that the web-based user interface on the charging unit can be remotely accessed by anyone and easily send commands to the charging station — even while it’s in use.

“A hacker can stop the charging process, switch the device to the reservation mode, which would render it inaccessible to any customer until reservation mode is turned off, and even unlock the cable during the charging by manipulating the socket locking hatch, meaning attackers could walk away with the cable,” said Positive.

“For electric car drivers, this means not being able to use their vehicles since they cannot be charged,” it said.

Positive didn’t say what the since-removed password was, but, given the curiosity, we asked and will update when we hear back.

The researchers Vladimir Kononovich and Vyacheslav Moskvin also found two other bugs that gives an attacker full access over a device — a code injection flaw and an SQL injection vulnerability. Both were fixed in the same software update.

Schneider did not respond to a request for comment. If that changes, we’ll update.

Additional reporting: Kirsten Korosec.

Scooter startup Bird tried to silence a journalist. It did not go well.

Cory Doctorow doesn’t like censorship. He especially doesn’t like his own work being censored.

Anyone who knows Doctorow knows his popular tech and culture blog, Boing Boing, and anyone who reads Boing Boing knows Doctorow and his cohort of bloggers. The part-blogger, part special advisor at the online rights group Electronic Frontier Foundation has written for years on topics of technology, hacking, security research, online digital rights and censorship and its intersection with free speech and expression.

Yet, this week it looked like his own free speech and expression could have been under threat.

Doctorow revealed in a blog post on Friday that scooter startup Bird sent him a legal threat, accusing him of copyright infringement and that his blog post encourages “illegal conduct.”

In its letter to Doctorow, Bird demanded that he “immediately take[s] down this offensive blog.”

Doctorow declined, published the legal threat and fired back with a rebuttal letter from the EFF accusing the scooter startup of making “baseless legal threats” in an attempt to “suppress coverage that it dislikes.”

The whole debacle started after Doctorow wrote about how Bird’s many abandoned scooters can be easily converted into a “personal scooter” by swapping out its innards with a plug-and-play converter kit. Citing an initial write-up by Hackaday, these scooters can have “all recovery and payment components permanently disabled” using the converter kit, available for purchase from China on eBay for about $30.

In fact, Doctorow’s blog post was only two paragraphs long and, though didn’t link to the eBay listing directly, did cite the hacker who wrote about it in the first place — bringing interesting things to the masses in bite-size form in true Boing Boing fashion.

Bird didn’t like this much, and senior counsel Linda Kwak sent the letter — which the EFF published today — claiming that Doctorow’s blog post was “promoting the sale/use of an illegal product that is solely designed to circumvent the copyright protections of Bird’s proprietary technology, as described in greater detail below, as well as promoting illegal activity in general by encouraging the vandalism and misappropriation of Bird property.” The letter also falsely stated that Doctorow’s blog post “provides links to a website where such Infringing Product may be purchased,” given that the post at no point links to the purchasable eBay converter kit.

EFF senior attorney Kit Walsh fired back. “Our client has no obligation to, and will not, comply with your request to remove the article,” she wrote. “Bird may not be pleased that the technology exists to modify the scooters that it deploys, but it should not make baseless legal threats to silence reporting on that technology.”

The three-page rebuttal says Bird used incorrectly cited legal statutes to substantiate its demands for Boing Boing to pull down the blog post. The letter added that unplugging and discarding a motherboard containing unwanted code within the scooter isn’t an act of circumventing as it doesn’t bypass or modify Bird’s code — which copyright law says is illegal.

As Doctorow himself put it in his blog post Friday: “If motherboard swaps were circumvention, then selling someone a screwdriver could be an offense punishable by a five year prison sentence and a $500,000 fine.”

In an email to TechCrunch, Doctorow said that legal threats “are no fun.”

AUSTIN, TX – MARCH 10: Journalist Cory Doctorow speaks onstage at “Snowden 2.0: A Field Report from the NSA Archives” during the 2014 SXSW Music, Film + Interactive Festival at Austin Convention Center on March 10, 2014 in Austin, Texas. (Photo by Travis P Ball/Getty Images for SXSW)

“We’re a small, shoestring operation, and even though this particular threat is one that we have very deep expertise on, it’s still chilling when a company with millions in the bank sends a threat — even a bogus one like this — to you,” he said.

The EFF’s response also said that Doctorow’s freedom of speech “does not in fact impinge on any of Bird’s rights,” adding that Bird should not send takedown notices to journalists using “meritless legal claims,” the letter said.

“So, in a sense, it doesn’t matter whether Bird is right or wrong when it claims that it’s illegal to convert a Bird scooter to a personal scooter,” said Walsh in a separate blog post. “Either way, Boing Boing was free to report on it,” she added.

What’s bizarre is why Bird targeted Doctorow and, apparently, nobody else — so far.

TechCrunch reached out to several people who wrote about and were involved with blog posts and write-ups about the Bird converter kit. Of those who responded, all said they had not received a legal demand from Bird.

We asked Bird why it sent the letter, and if this was a one-off letter or if Bird had sent similar legal demands to others. When reached, a Bird spokesperson did not comment on the record.

Two hours after we published this story, Bird spokesperson Rebecca Hahn said the company supports freedom of speech, adding: “In the quest for curbing illegal activities related to our vehicles, our legal team overstretched and sent a takedown request related to the issue to a member of the media. This was our mistake and we apologize to Cory Doctorow.”

All too often, companies send legal threats and demands to try to silence work or findings that they find critical, often using misinterpreted, incorrect or vague legal statutes to get things pulled from the internet. Some companies have been more successful than others, despite an increase in awareness and bug bounties, and a general willingness to fix security issues before they inevitably become public.

Now Bird becomes the latest in a long list of companies that have threatened reporters or security researchers, alongside companies like drone maker DJI, which in 2017 threatened a security researcher trying to report a bug in good faith, and spam operator River City, which sued a security researcher who found the spammer’s exposed servers and a reporter who wrote about it. Most recently, password manager maker Keeper sued a security reporter claiming allegedly defamatory remarks over a security flaw in one of its products. The case was eventually dropped, but not before more than 50 experts, advocates and journalist (including this reporter) signed onto a letter calling for companies to stop using legal threats to stifle and silence security researchers.

That effort resulted in several companies — notably Dropbox and Tesla — to double down on their protection of security researchers by changing their vulnerability disclosure rules to promise that the companies will not seek to prosecute hackers acting in good-faith.

But some companies have bucked that trend and have taken a more hostile, aggressive — and regressive — approach to security researchers and reporters.

“Bird Scooters and other dockless transport are hugely controversial right now, thanks in large part to a ‘move-fast, break-things’ approach to regulation, and it’s not surprising that they would want to control the debate,” said Doctorow.

“But to my mind, this kind of bullying speaks volumes about the overall character of the company,” he said.

How Trump’s government shutdown is harming cyber and national security

It’s now 18 days since the U.S. government unceremoniously shut down because Congress couldn’t agree on a bill to fund a quarter of all federal departments — including paying their employees.

But federal workers are starting to feel the pinch after not getting paid for two weeks, and this will have a knock-on effect to U.S. national security. The longer the shutdown goes on, the greater the damage will be.

The “too long, didn’t read” version is that before Christmas, President Trump wanted $5 billion for a wall on the southern border with Mexico to fulfill a campaign promise. Despite the Republicans having a majority in both houses of Congress, they didn’t have the votes to pass the spending bill in the Senate, which would’ve kept the government going when existing funding expired on midnight on December 22. No vote was held, even after a successful vote in the House, and the government shut down. When the Democrats took the majority in the House last week following their midterm wins, they were ready to pass a funding bill — without the $5 billion (because they think it’s a gigantic waste of money) — and get the government going again. But Trump has said he won’t sign any bill that doesn’t have the border wall funding.

More than two weeks later, some 800,000 federal workers are still at home — yet, about half were told to stay and work without pay. Worse, there’s no guarantee that federal workers will get paid for the time the government was shut down unless lawmakers intervene.

Unless the Democrats get a veto-proof majority, the impasse looks set to continue.

A crew works replacing the old border fence along a section of the U.S.-Mexico border, as seen from Tijuana, in Baja California state, Mexico, on January 8, 2019. (Photo by GUILLERMO ARIAS/AFP/Getty Images)

Government shutdowns don’t happen very often — usually — or really at all outside the U.S., and yet this is the first time in four decades that the government has been closed three times in one year. That doesn’t mean cyber or national security threats conveniently stop. Granted, most of the government is functioning and ticking over. There are still boots on the ground, cops on the street, NSA analysts fighting hackers in cyberspace and criminals still facing justice.

But while most of the core government departments — State, Treasury, Justice and Defense — are still operational, others — like Homeland Security, which takes the bulk of the government’s cybersecurity responsibility — are suffering the most.

And the longer the shutdown goes on, the greater chance of tighter budgets and that more staff could be furloughed.

Here’s a breakdown:

Homeland Security’s new cybersecurity unit got off to a rough start: The newly established Cybersecurity and Infrastructure Security Agency, a division of Homeland Security, has only been operational since November 16, but about more than half of its staff have been furloughed, according to Homeland Security. The division is designed to lead the national effort to defend critical national infrastructure from current, ongoing threats. By our count at the time of writing, the CISA has been shut down for one in 10 days of its two-month tenure.

Threat intelligence sharing will take a hit: A little-known program inside Homeland Security, known as the Automated Indicator Sharing, has also sent home more than 80 percent of it staff, according to Duo Security. AIS allows private industry and government agencies to share threat intelligence, which is shared with Homeland Security’s government partners, to ensure that any detected attack can only ever be used once. The shutdown is going to heavily impact the data exchange program.

New NIST standards to face delays: More than 85 percent of National Institute of Standards and Technology employees have been sent home without pay, leaving just a handful of essential staff to keep NIST’s new advice and guidance work going. NIST is responsible for giving all government departments necessary and up-to-date security advice. It also means that FIPS testing, used to grant devices and new technologies security certifications to run on government networks, has completely stopped during the shutdown.

Underpaid TSA agents are now entirely unpaid: The TSA, found at every U.S. airport security screening area, is still working despite the shutdown. More than 90 percent of the TSA’s workforce of 60,078 employees will go unpaid — on top of already low pay, which has resulted in a high turnover rate. Despite Trump’s remarks to the contrary, several news agencies say TSA workers are calling out sick in droves. And that’s going to harm airport security. Many worry that the already low morale could put airline security at risk. One traveler/passenger at Minneapolis-Saint Paul International Airport tweeted this week: “I asked TSA agent if I should take out my laptop out of its case and she said, ‘I don’t care, I’m not getting paid’.”

Secret Service staff are working unpaid: And, whether you like them or not, keeping the president and senior lawmakers and politicians alive is a paramount national security concern, yet the vast majority of front-line and back office Secret Service agents currently protecting senior administration staff are going unpaid during the shutdown.

And that’s just some of the larger departments.

The shutdown isn’t only hampering short-term efforts, but could result in long-lasting damage.

“Cyber threats don’t operate on Washington’s political timetable, and they don’t stop because of a shutdown,” Lisa Monaco, former homeland security advisor to the president, told Axios on Wednesday. And security firm Duo said that trying to keep all of the cyber-plates spinning at once while not at full-strength is “risky,” especially given nobody knows how long the shutdown will last.

All this for a border wall that Trump says will prevent terrorists from pouring into the U.S.

Critics say that the cost-benefit to building the wall vis-à-vis the shutdown doesn’t add up. Experts say that there hasn’t been a single case of a known terrorist to have crossed illegally into the U.S. from the Mexican border. In fact, since the September 11 attacks, more than three-quarters of all designated acts of terror were carried out by far-right extremists and not Islamic violent extremists, according to a government watchdog. The vast majority of terrorist incidents were U.S. citizens or green card holders.

A border wall might keep some terrorists out, but it’s not going to stop the terrorists who are already in the U.S. Yet, right now it seems the White House wants the appearance of security rather than the security from a quarter of what the government already has at its disposal.

How Trump’s government shutdown is harming cyber and national security

It’s now 18 days since the U.S. government unceremoniously shut down because Congress couldn’t agree on a bill to fund a quarter of all federal departments — including paying their employees.

But federal workers are starting to feel the pinch after not getting paid for two weeks, and this will have a knock-on effect to U.S. national security. The longer the shutdown goes on, the greater the damage will be.

The “too long, didn’t read” version is that before Christmas, President Trump wanted $5 billion for a wall on the southern border with Mexico to fulfill a campaign promise. Despite the Republicans having a majority in both houses of Congress, they didn’t have the votes to pass the spending bill in the Senate, which would’ve kept the government going when existing funding expired on midnight on December 22. No vote was held, even after a successful vote in the House, and the government shut down. When the Democrats took the majority in the House last week following their midterm wins, they were ready to pass a funding bill — without the $5 billion (because they think it’s a gigantic waste of money) — and get the government going again. But Trump has said he won’t sign any bill that doesn’t have the border wall funding.

More than two weeks later, some 800,000 federal workers are still at home — yet, about half were told to stay and work without pay. Worse, there’s no guarantee that federal workers will get paid for the time the government was shut down unless lawmakers intervene.

Unless the Democrats get a veto-proof majority, the impasse looks set to continue.

A crew works replacing the old border fence along a section of the U.S.-Mexico border, as seen from Tijuana, in Baja California state, Mexico, on January 8, 2019. (Photo by GUILLERMO ARIAS/AFP/Getty Images)

Government shutdowns don’t happen very often — usually — or really at all outside the U.S., and yet this is the first time in four decades that the government has been closed three times in one year. That doesn’t mean cyber or national security threats conveniently stop. Granted, most of the government is functioning and ticking over. There are still boots on the ground, cops on the street, NSA analysts fighting hackers in cyberspace and criminals still facing justice.

But while most of the core government departments — State, Treasury, Justice and Defense — are still operational, others — like Homeland Security, which takes the bulk of the government’s cybersecurity responsibility — are suffering the most.

And the longer the shutdown goes on, the greater chance of tighter budgets and that more staff could be furloughed.

Here’s a breakdown:

Homeland Security’s new cybersecurity unit got off to a rough start: The newly established Cybersecurity and Infrastructure Security Agency, a division of Homeland Security, has only been operational since November 16, but about more than half of its staff have been furloughed, according to Homeland Security. The division is designed to lead the national effort to defend critical national infrastructure from current, ongoing threats. By our count at the time of writing, the CISA has been shut down for one in 10 days of its two-month tenure.

Threat intelligence sharing will take a hit: A little-known program inside Homeland Security, known as the Automated Indicator Sharing, has also sent home more than 80 percent of it staff, according to Duo Security. AIS allows private industry and government agencies to share threat intelligence, which is shared with Homeland Security’s government partners, to ensure that any detected attack can only ever be used once. The shutdown is going to heavily impact the data exchange program.

New NIST standards to face delays: More than 85 percent of National Institute of Standards and Technology employees have been sent home without pay, leaving just a handful of essential staff to keep NIST’s new advice and guidance work going. NIST is responsible for giving all government departments necessary and up-to-date security advice. It also means that FIPS testing, used to grant devices and new technologies security certifications to run on government networks, has completely stopped during the shutdown.

Underpaid TSA agents are now entirely unpaid: The TSA, found at every U.S. airport security screening area, is still working despite the shutdown. More than 90 percent of the TSA’s workforce of 60,078 employees will go unpaid — on top of already low pay, which has resulted in a high turnover rate. Despite Trump’s remarks to the contrary, several news agencies say TSA workers are calling out sick in droves. And that’s going to harm airport security. Many worry that the already low morale could put airline security at risk. One traveler/passenger at Minneapolis-Saint Paul International Airport tweeted this week: “I asked TSA agent if I should take out my laptop out of its case and she said, ‘I don’t care, I’m not getting paid’.”

Secret Service staff are working unpaid: And, whether you like them or not, keeping the president and senior lawmakers and politicians alive is a paramount national security concern, yet the vast majority of front-line and back office Secret Service agents currently protecting senior administration staff are going unpaid during the shutdown.

And that’s just some of the larger departments.

The shutdown isn’t only hampering short-term efforts, but could result in long-lasting damage.

“Cyber threats don’t operate on Washington’s political timetable, and they don’t stop because of a shutdown,” Lisa Monaco, former homeland security advisor to the president, told Axios on Wednesday. And security firm Duo said that trying to keep all of the cyber-plates spinning at once while not at full-strength is “risky,” especially given nobody knows how long the shutdown will last.

All this for a border wall that Trump says will prevent terrorists from pouring into the U.S.

Critics say that the cost-benefit to building the wall vis-à-vis the shutdown doesn’t add up. Experts say that there hasn’t been a single case of a known terrorist to have crossed illegally into the U.S. from the Mexican border. In fact, since the September 11 attacks, more than three-quarters of all designated acts of terror were carried out by far-right extremists and not Islamic violent extremists, according to a government watchdog. The vast majority of terrorist incidents were U.S. citizens or green card holders.

A border wall might keep some terrorists out, but it’s not going to stop the terrorists who are already in the U.S. Yet, right now it seems the White House wants the appearance of security rather than the security from a quarter of what the government already has at its disposal.

Drone sighting halts flights at UK’s Heathrow Airport

All flights departing Heathrow, the U.K.’s largest airport, have been suspended following a reported drone sighting.

An airport spokesperson told TechCrunch that staff are “working closely” with London’s Metropolitan Police, “to prevent any threat to operational safety.”

“As a precautionary measure, we have stopped departures while we investigate,” the spokesperson told TechCrunch. “We apologize to passengers for any inconvenience this may cause.”

The airport did not say who reported the drone, or to whom.

It’s the second reported drone sighting at a U.K. airport in as many months. Gatwick Airport south of London faced two days of disruption following a reported drone sighting just before Christmas. In the end, more than 1,000 flights were cancelled, leaving tens of thousands of passengers stranded.

U.K. police were given new powers to fight drones, including an expansion of exclusion zones around airports.

A spokesperson for the Civil Aviation Authority, which regulates U.K. airspace, did not immediately respond to a request for comment.

More as it comes in…

Millions of Android users tricked into downloading 85 adware apps from Google Play

Another day, another batch of bad apps in Google Play.

Researchers at security firm Trend Micro have discovered dozens of apps, including popular utilities and games, to serve a ton of deceptively displayed ads — including full-screen ads, hidden ads and running in the background to squeeze as much money out of unsuspecting Android users.

In all, the researchers found 85 apps pushing adware, totaling at least 9 million affected users.

One app — a universal TV remote app for Android — had more than five million users alone, despite a rash of negative reviews and complaints that ads were “hidden in the background.” Other users said that there were “so many ads, [they] can’t even use it.”

The researchers tested each app and found that most shared the same or similar code, and often the apps were similarly named. At every turn, tap or click, the app would display an ad, they found. In doing so, the app generates money for the app maker.

Some of the bad adware-ridden apps found by security researchers. (Image: Trend Micro)

Adware-fueled apps might not seem as other apps packed with malware or hidden functionality, such as apps that pull malicious payloads from another server after the app is installed. At scale, that can amount to thousands of fraudulent ad dollars each week. Some ads also have a tendency to be malicious, containing hidden code that tries to trick users into installing malware on their phones or computers.

Some of the affected apps include: A/C Air Conditioner Remote, Police Chase Extreme City 3D Game, Easy Universal TV Remote, Garage Door Remote Control, Prado Parking City 3D Game, and more. (You can find a full list of apps here.)

Google told TechCrunch that it had removed the apps, but a spokesperson did not comment further.

We tried reaching out to the universal TV remote app creator but the registered email on the since-removed Google Play store points to a domain that no longer exists.

Despite Google’s best efforts in scanning apps before they’re accepted into Google Play, malicious apps are one of the biggest and most common threats to Android users. Google pulled more than 700,000 malicious apps from Google Play in the past year alone, and has tried to improve its back-end to prevent malicious apps from getting into the store in the first place.

Yet the search and mobile giant continues to battle rogue and malicious apps, pulling at least 13 malicious apps in sweep in November alone.

Court says Vizio’s secret smart TV tracking class-action settlement can move forward

A long-running class-action lawsuit filed after consumer electronics giant Vizio was caught spying on customer viewing habits can be settled, subject to a final approval, a court has ruled.

The group of Vizio customers alleged in its 2016-filed complaint that the company was covertly collecting viewing data from customers’ internet-connected smart TVs.

U.S. District Judge Josephine Staton said in a ruling on Friday that the settlement is preliminarily approved, subject to any final complaints or objections from Vizio. That will secure a settlement of $17 million for an estimated 16 million Vizio customers affected by the television tracking.

That should amount to a little over a dollar per affected customer, but will be drastically less after attorneys fees and expenses.

Vizio will also be compelled to make “certain business practice changes,” including displaying on-screen prompts and give the customer the ability to opt-out of data collection. Any historical viewing data collected to date must also be deleted, the proposed order says.

A spokesperson for Vizio did not immediately respond to a request for comment

The proposed settlement comes almost two years after the Federal Trade Commission took a shot at the company, fining the company a total of $2.2 million for its covert tracking.

According to the FTC, the company’s covert customer data collection was vast. Vizio collected a portion of the television display “on a second-by-second basis” to see if “matched to a database of TV, movie, and commercial content,” allowing the company to know exactly what consumers were watching at any given time.

Vizio captured “as many as 100 billion data points each day from millions of TVs,” according to the FTC’s initial complaint.

The company said that this was part of its “smart interactivity,” part of which was to suggest television and movie content based on what a customer has already watched.

But the FTC said that Vizio “turned that mountain of data into cash by selling consumers’ viewing histories to advertisers and others.” Not only that, this data was provided to data aggregators to build up profiles on unwitting consumers who were further targeted by trackers and advertisers.

And it did this without the user’s consent or knowledge. The FTC forced the company to stop tracking what its customers watch. Yet, as part of the FTC’s settlement, Vizio neither admitted nor denied the allegations.

A final decision on the class action suit will be held before the next hearing on May 31.