Kina

https://www.theguardian.com/world/2023/oct/09/chinese-programmer-ordered-to-pay-1m-yuan-for-using-virtual-private-network

A programmer in northern China has been ordered to pay more than 1m yuan to the authorities for using a virtual private network (VPN), in what is thought to be the most severe individual financial penalty ever issued for circumventing China’s “great firewall”.

The programmer, surnamed Ma, was issued with a penalty notice by the public security bureau of Chengde, a city in Hebei province, on 18 August. The notice said Ma had used “unauthorised channels” to connect to international networks to work for a Turkish company.

https://www.theguardian.com/technology/2023/jun/07/communist-party-accessed-hong-kong-protesters-tiktok-data-former-executive-says

A former executive at TikTok’s parent company, ByteDance, has alleged that the Chinese Communist party accessed user data from the social video app belonging to Hong Kong protesters and civil rights activists.

Yintao Yu, a former head of engineering at ByteDance’s US operation, claimed in a legal filing that a committee of Communist party members accessed TikTok data that included the users’ network information, Sim card identifications and IP addresses in a bid to identify the individuals and their locations.

The claims, in a wrongful dismissal lawsuit brought by Yu in a California court and reported by the Wall Street Journal, also allege the party accessed TikTok users’ communications, monitored Hong Kong users who uploaded protest-related content and that Beijing-based ByteDance maintained a “backdoor channel” for the party to access US user data.

Yu alleges in the filing that members of a Communist party committee inside ByteDance had access to a “superuser” credential which was also called a “God credential” and allowed them to view all data collected by ByteDance.

https://www.forbes.com/sites/alexandralevine/2023/05/30/tiktok-creators-data-security-china/

TikTok has stored the most sensitive financial data of its biggest stars — including those in its “Creator Fund” — on servers in China. Earlier this year, CEO Shou Chew told Congress “American data has always been stored in Virginia and Singapore.”

https://www.bleepingcomputer.com/news/security/android-phones-are-vulnerable-to-fingerprint-brute-force-attacks/

Researchers at Tencent Labs and Zhejiang University have presented a new attack called ‘BrutePrint,’ which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device.

Brute-force attacks rely on many trial-and-error attempts to crack a code, key, or password and gain unauthorized access to accounts, systems, or networks.

…

The attacker needs physical access to the target device to launch a BrutePrint attack

https://restofworld.org/2023/ai-image-china-video-game-layoffs/

Recent breakthroughs in AI image generation have created widespread anxiety in China’s video game art industry.

Given the high quality of AI-produced artwork, many illustrators are losing their jobs to AI image generators such as Stable Diffusion and DALL-E 2.

The gaming industry’s job market was already precarious after the Chinese government’s licensing freeze in 2021 threw thousands of game developers out of business.

https://arstechnica.com/information-technology/2023/03/android-app-from-china-executed-0-day-exploit-on-millions-of-devices/

Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.

Android apps digitally signed by China’s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal personal data and install malicious apps, researchers from security firm Lookout have confirmed.

https://mjtsai.com/blog/2023/01/30/safe-browsing/

https://www.nbcnews.com/news/us-news/lights-massachusetts-school-year-no-one-can-turn-rcna65611

The lighting system was installed at Minnechaug Regional High School when it was built over a decade ago and was intended to save money and energy. But ever since the software that runs it failed on Aug. 24, 2021, the lights in the Springfield suburbs school have been on continuously, costing taxpayers a small fortune.

…

Paul Mustone, president of the Reflex Lighting Group, said the parts they need to replace the system at the school have finally arrived from the factory in China and they expect to do the installation over the February break.

https://www.forbes.com/sites/emilybaker-white/2022/12/22/tiktok-tracks-forbes-journalists-bytedance/

An internal investigation by ByteDance, the parent company of video-sharing platform TikTok, found that employees tracked multiple journalists covering the company, improperly gaining access to their IP addresses and user data in an attempt to identify whether they had been in the same locales as ByteDance employees.

According to materials reviewed by Forbes, ByteDance tracked multiple Forbes journalists as part of this covert surveillance campaign, which was designed to unearth the source of leaks inside the company following a drumbeat of stories exposing the company’s ongoing links to China.

https://www.theguardian.com/technology/2022/nov/02/tiktok-tells-european-users-its-staff-in-china-get-access-to-their-data

TikTok is spelling out to its European users that their data can be accessed by employees outside the continent, including in China, amid political and regulatory concerns about Chinese access to user information on the platform.