Yazılar

Google settles Google Assistant privacy lawsuit for $68 million

/in /tarafından

Google has agreed to pay $68 million to settle a lawsuit alleging that its Google Assistant voice service improperly recorded private conversations, violating users’ privacy. The proposed class action settlement was filed in federal court in San Jose, California, and awaits approval from a U.S. district judge.

The lawsuit accused Google, a unit of Alphabet, of recording and sharing conversations when Google Assistant was unintentionally activated, a phenomenon known as “false accepts.” Plaintiffs said these recordings were later used to deliver targeted advertising, even though users had not deliberately triggered the assistant with hot words such as “Hey Google” or “Okay Google.”

Google denied any wrongdoing but chose to settle to avoid prolonged litigation and associated costs, according to court documents. The settlement applies to users who purchased Google devices or experienced false activations dating back to May 18, 2016. Attorneys for the plaintiffs may seek up to one-third of the settlement amount for legal fees.

Claim That Any Phone Can Be Tracked via Google Maps by Email Is False

/in /tarafından

A viral claim suggesting that anyone can locate a mobile phone simply by emailing Google and using a phone number is inaccurate and misleading, cybersecurity experts say.

Posts circulating online allege that sending an email through Gmail to a specific address can trigger Google Maps to reveal a device’s location, even without internet access. Google does not offer any such service, and there is no official mechanism that allows location tracking of a phone solely via an email request or partial phone number.

Legitimate phone-tracking tools require explicit user consent and account access, such as Google’s “Find My Device” for Android or Apple’s “Find My” for iPhone. These services work only when users are logged in and have location sharing enabled.

Security specialists warn that messages promoting email-based tracking may be linked to scams or data-harvesting attempts. Users who follow such instructions could expose personal information without gaining any real tracking capability.

Authorities and privacy advocates stress that tracking a phone without permission is illegal in many countries. Users are advised to rely only on official tools provided by device makers and to report misleading claims that promise effortless or universal phone tracking.

More Than 56,000 WhatsApp Accounts Exposed by Malicious npm Package

/in /tarafından

A malicious package hosted on Node Package Manager (npm) has compromised more than 56,000 downloads by posing as a legitimate WhatsApp Web API library, allowing attackers to secretly access messages, media files, contacts and session credentials.

The package, identified by cybersecurity firm Koi Security, was published under the name lotusbail and masqueraded as a fork of the popular WhatsApp Web automation library WhiskeySockets Baileys, commonly used by developers to build bots.

According to researchers, the malware intercepts all incoming and outgoing messages by hijacking the legitimate WebSocket connection used by WhatsApp Web. It silently copies authentication tokens and session keys, while normal app functionality continues, making the attack difficult to detect.

Stolen data is encrypted using a custom RSA implementation before being exfiltrated, helping the malware evade network monitoring tools. The package also includes functionality to secretly link an attacker’s device to a victim’s WhatsApp account, granting persistent access to conversations.

Security experts warn that uninstalling the npm package removes the malicious code but does not automatically unlink the attacker’s device. Users are advised to manually review and remove unknown linked devices in WhatsApp’s settings to fully secure their accounts.