Archives

california

UK’s IoT ‘security by design’ law will cover smartphones too

Smartphones will be included in the scope of a planned “security by design” U.K. law aimed at beefing up the security of consumer devices, the government said today.

It made the announcement in its response to a consultation on legislative plans aimed at tackling some of the most lax security practices long-associated with the Internet of Things (IoT).

The government introduced a security code of practice for IoT device manufacturers back in 2018 — but the forthcoming legislation is intended to build on that with a set of legally binding requirements.

A draft law was aired by ministers in 2019 — with the government focused on IoT devices, such as webcams and baby monitors, which have often been associated with the most egregious device security practices.

Its plan now is for virtually all smart devices to be covered by legally binding security requirements, with the government pointing to research from consumer group “Which?” that found that a third of people kept their last phone for four years, while some brands only offer security updates for just over two years.

The forthcoming legislation will require smartphone and device makers like Apple and Samsung to inform customers of the duration of time for which a device will receive software updates at the point of sale.

It will also ban manufacturers from using universal default passwords (such as “password” or “admin”), which are often preset in a device’s factory settings and easily guessable — making them meaningless in security terms.

California already passed legislation banning such passwords in 2018 with the law coming into force last year.

Under the incoming U.K. law, manufacturers will additionally be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.

The government said it will introduce legislation as soon as parliamentary time allows.

Commenting in a statement, digital infrastructure minister Matt Warman added: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.

“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.

“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”

A DCMS spokesman confirmed that laptops, PCs and tablets with no cellular connection will not be covered by the law, nor will secondhand products. Although he added that the intention is for the scope to be adaptive, to ensure the law can keep pace with new threats that may emerge around devices.

Geico admits fraudsters stole customer driver’s license numbers for months

Geico, the second-largest auto insurer in the U.S., has fixed a security bug that let fraudsters steal customer driver’s license numbers from its website.

In a data breach notice filed with the California attorney general’s office, Geico said information gathered from other sources was used to “obtain unauthorized access to your driver’s license number through the online sales system on our website.”

The insurance giant did not say how many customers were affected by the breach but said the fraudsters accessed customer driver’s license numbers between January 21 and March 1. Companies are required to alert the state’s attorney general’s office when more than 500 state residents are affected by a security incident.

Geico said it had “reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.”

Many financially-driven criminals target government agencies using stolen identities or data. But many U.S. states require a government ID — like a driver’s license — to file for unemployment benefits. To get a driver’s license number, fraudsters take public or previously breached data and exploit weaknesses in auto insurance websites to obtain a customer’s driver’s license number. That allows the fraudsters to obtain unemployment benefits in another person’s name.

Earlier this year, San Francisco-based insurance startup Metromile admitted a bug on its website was used to obtain driver’s license numbers for six months before the bug was fixed in January.

If you’ve received correspondence from your state government and haven’t filed for unemployment benefits, there’s a good chance your personal data may have been used fraudulently.

Geico spokesperson Christine Tasher did not return multiple requests for comment.

Tamika Butler, Remix’s Tiffany Chu and Revel’s Frank Reig to discuss how to balance equitability and profitability at TC Sessions Mobility

The race among mobility startups to become profitable by controlling market share has produced a string of bad results for cities and the people living in the them.

City officials and agencies learned from those early deployments of ride-hailing and shared scooter services and have since pushed back with new rules and tighter control over which companies can operate. This correction has prompted established companies to change how they do business and fueled a new crop of startups, all promising a different approach.

But can mobility be accessible, equitable and profitable? And how?

TC Sessions: Mobility 2021, a virtual event scheduled for June 9, aims to dig into those questions. Luckily, we have three guests who are at the center of cities, equity and shared mobility: community organizer, transportation consultant and lawyer Tamika L. Butler, Remix co-founder and CEO Tiffany Chu and Revel co-founder and CEO Frank Reig.

Butler, a lawyer and founder and principal of her own consulting company, is well known for work in diversity and inclusion, equity, the built environment, community organizing and leading nonprofits. She was most recently the director of planning in California and the director of equity and inclusion at Toole Design. She previously served as the executive director of the Los Angeles Neighborhood Land Trust and was the executive director of the Los Angeles County Bicycle Coalition. Butler also sits on the board of Lacuna Technologies.

Chu is the CEO and co-founder of Remix, a startup that developed mapping software used by cities for transportation planning and street design. Remix was recently acquired by Via for $100 million and will continue to operate as a subsidiary of the company. Remix, which was backed by Sequoia Capital, Energy Impact Partners, Y Combinator, and Elemental Excelerator has been recognized as both a 2020 World Economic Forum Tech Pioneer and BloombergNEF Pioneer for its work in empowering cities to make transportation decisions with sustainability and equity at the forefront. Chu currently serves as Commissioner of the San Francisco Department of the Environment, and sits on the city’s Congestion Pricing Policy Advisory Committee. Previously, Tiffany was a Fellow at Code for America, the first UX hire at Zipcar and is an alum of Y Combinator. Tiffany has a background in architecture and urban planning from MIT.

Early Bird tickets to the show are now available — book today and save $100 before prices go up.

Reig is the co-founder and CEO of Revel, a transportation company that got its start launching a shared electric moped service in Brooklyn. The company, which launched in 2018, has since expanded its moped service to Queens, Manhattan, the Bronx, Washington, D.C., Miami, Oakland, Berkeley, and San Francisco. The company has since expanded its focus beyond moped and has started to build fast-charging EV Superhubs across New York City and launched an eBike subscription service in four NYC boroughs. Prior to Revel, Reig held senior roles in the energy and corporate sustainability sectors.

The trio will join other speakers TechCrunch has announced, a list that so far includes Joby Aviation founder and CEO JonBen Bevirt, investor and Linked founder Reid Hoffman, whose special purpose acquisition company just merged with Joby, as well as investors Clara Brenner of Urban Innovation Fund, Quin Garcia of Autotech Ventures and Rachel Holt of Construct Capital and Starship Technologies co-founder and CEO/CTO Ahti Heinla. Stay tuned for more announcements in the weeks leading up to the event.