Technology Trump's WeChat and TikTok App Store Bans Are a Cybersecurity Nightmare

14:30  19 september  2020
14:30  19 september  2020 Source:   gizmodo.com

What’s Going on With Trump’s TikTok Ban and the Microsoft Deal?

  What’s Going on With Trump’s TikTok Ban and the Microsoft Deal? As TikTok users continue to hold their looped breath, Microsoft is again trying to acquire the app after dealing with some Trump-prompted confusion.Trump also weighed in — somewhat confusingly — on a developing (seemingly White House-backed) deal aimed at avoiding the ban between ByteDance, the Chinese internet company which owns the app, and Microsoft. “[It’s] not the deal that you have been hearing about,” Trump continued, “that they are going to buy and sell, and this and that — and Microsoft and another one. We’re not an M&A [mergers and acquisitions] country.

The Trump administration has barely even bothered to back up its case that its use of emergency powers to strong-arm Beijing-based ByteDance into selling TikTok’s U.S. operations to an American company is based on cybersecurity concerns. It’s actually setting the stage for a meltdown of its own making.

a hand holding a cellphone © Photo: Drew Angerer (Getty Images)

While the White House officially cited cybersecurity concerns when it threatened TikTok and Chinese conglomerate Tencent’s WeChat with bans earlier this year, its rhetoric has made it obvious that they’re more interested in coming off as tough on China and its ruling Communist Party and the coerced TikTok sale is an opportunity for a lucrative shakedown. The administration’s latest move, an announcement on Friday that U.S. app stores must cease hosting TikTok or WeChat in the coming weeks, makes that crystal clear.

What a WeChat ban would mean for Americans

  What a WeChat ban would mean for Americans For Zhang Lianping, a 72-year-old retired small business owner in College Park, Maryland, WeChat is a lifeline for staying in touch with relatives, old classmates and friends spread across Beijing, Shandong and Liaoning provinces in China. © Andrew Harrer/Bloomberg/Getty Images The Tencent Holdings Ltd. WeChat app is displayed in the App Store on a smartphone in an arranged photograph taken in Arlington, Virginia, U.S., on Friday, Aug. 7, 2020. President Donald Trump signed a pair of executive orders prohibiting U.S.

The U.S. Commerce Department, which chairs the committee on foreign investment that will determine whether a deal will go through, said that as of Sept. 20, venues like Google’s Play Store or Apple’s App Store must cease distributing TikTok or WeChat, as well as suspend any payment processing via the latter app. On Sept. 20, web hosts, content delivery networks, and other service providers will be ordered to stop providing “functioning or optimization” to WeChat. The same measures will kick in on Nov. 20 for TikTok—an unpopular decision for the app’s 100 million estimated U.S. users, but one that conveniently kicks in after the presidential election—unless ByteDance sells off a majority stake in TikTok to a U.S. firm or reaches another arrangement that satisfies the Commerce Department. Trump-allied enterprise firm Oracle appears close to clinching such a deal, but whether it’s actually bargaining for majority U.S. control or settling for something less is unclear, and the ban could be a sign the White House is dissatisfied with the results.

Trump to block U.S. downloads of TikTok, WeChat on Sunday

  Trump to block U.S. downloads of TikTok, WeChat on Sunday Trump to block U.S. downloads of TikTok, WeChat on Sunday Reuters See more videos SHARE SHARE TWEET SHARE EMAIL What to watch next Apple delivers blowout earnings amid COVID-19, market shrugs off iPhone delays Reuters Google's $2.1 billion Fitbit deal faces EU antitrust probe: sources Reuters Google's $2.1 billion Fitbit deal faces EU antitrust probe: sources Reuters Facebook, Google absorb U.S.

The new prohibitions on Apple, Google, and other U.S. app stores won’t just prevent new users from downloading either app, they will actively undermine security by preventing developers from fixing vulnerabilities. If TikTok contains any bugs known to criminals now or discovered by them later, American users will be prevented from downloading security patches from Google Play or the App Store, exposing their private information and their phones to compromise by hackers.

This would be a situation functionally equivalent to what’s known as a zero-day exploit—a situation in which a malicious actor discovers a vulnerability before the developer has a chance to patch it out. In this case it wouldn’t matter if TikTok developers found out about the bug before an exploit is utilized, because they wouldn’t be able to fix it unless the ban was lifted. It will also force anyone looking to download TikTok or WeChat towards alternate, riskier methods like jailbreaking devices and sideloading apps from third-party repositories that may be fronts for malware.

What we know about Trump’s ‘ban’ on TikTok and WeChat

  What we know about Trump’s ‘ban’ on TikTok and WeChat When the Department of Commerce said Friday that it would soon bar all new downloads of WeChat and TikTok from US App Stores, it marked the latest escalation in the weeks-long saga over TikTok’s future in America. The drama has been playing out since early August, when Donald Trump first said he intended to ban the app if it didn’t sell its US operation to an American company. But there are still many unanswered questions and a total ban of the app is far from guaranteed. Here’s what we know about where things stand — for now. A U.S. flag is seen on a smartphone in front of displayed Tik Tok and WeChat logos in this illustration taken September 18, 2020.

“Allowing users to retain use of the app, and keep it installed, while cutting off access to security updates is incredibly irresponsible and dangerous—likely creating a larger security problem than this action is trying to avoid,” Topher Tebow, cybersecurity analyst at Acronis, told Gizmodo. “Without security updates, any new vulnerability becomes a well-known way to attack American citizens, creating a huge opportunity for any malicious actor, from basic script kiddies to nation state attackers.”

Exposing TikTok’s 100 million estimated monthly active users in the U.S. to this risk is equal to, if not greater than, the security threat the White House has used to justify the ban: the theoretical possibility Chinese intelligence agencies could order ByteDance to hand over U.S. user data. TikTok does collect a lot of data, but similar practices are rampant across the web, and as Gizmodo has reported, Chinese spies could obtain similar and even more granular data by simply purchasing, scraping it, or intercepting it while it’s bouncing around the worldwide adtech network.

TikTok download ban temporarily blocked by US judge in a blow to the Trump administration

  TikTok download ban temporarily blocked by US judge in a blow to the Trump administration A federal judge on Sunday ruled in favor of TikTok, just hours before the download ban was scheduled to go into effect.On Wednesday, TikTok filed for the preliminary injunction against the Justice Department order, which would ban downloads of the TikTok app in the US beginning at 11:59 p.m. on Sunday. As Business Insider's Paige Leskin previously reported, lawyers for TikTok filed the request as part of TikTok's lawsuit against the US government, which challenges the legality of the president's proposed ban.

Obsidian Security tech chief Ben Johnson, a former National Security Agency engineer, warned that the internet had created a globally connected world but is now reaching a stage of “fragmentation and compartmentalization.” Johnson pointed to restrictions around Chinese apps and the introduction of tighter privacy laws in regions like Europe.

“Online technologies, data sharing, and how we use our smart devices day to day will continue to look different depending on where you are in the world,” Johnson wrote to Gizmodo.

“With the recent TikTok and WeChat restrictions, the primary security concern at the individual level will be the unavailability of security upgrades thus creating an even more vulnerable population of consumer smart devices,” Johnson added. “Until this all plays out, it is best to have a better grasp of the applications you are using and more importantly, why you need them.”

This is all on top of other massive red flags on how the White House has handled the TikTok and WeChat bans. Those include Trump’s blatantly illegal attempt to extort “very significant” payments from TikTok’s eventual purchaser, the completely arbitrary process that led to Trump allies at Oracle closing in on a deal that doesn’t come close to meeting the terms of Trump’s original directives, and the innumerable prior examples of the White House abusing emergency powers for nakedly partisan aims. The Department of Justice has also failed to explain why it’s not touching other Tencent apps with tens of millions of users in the U.S.

“This order violates the First Amendment rights of people in the United States by restricting their ability to communicate and conduct important transactions on the two social media platform,”ACLU National Security Project director Hina Shamsi wrote to Gizmodo. ”The order also harms the privacy and security of millions of existing TikTok and WeChat users in the United States by blocking software updates, which can fix vulnerabilities and make the apps more secure.”

“In implementing President Trump’s abuse of emergency powers, [Commerce Secretary Wilbur Ross] is undermining our rights and our security,” Shamsi added. “To truly address privacy concerns raised by social media platforms, Congress should enact comprehensive surveillance reform and strong consumer data privacy legislation.”

How TikTok could be used for disinformation and espionage .
The popular video-sharing app avoided a nationwide ban this week. But experts say its national security risks remain.The Trump administration's deadline for TikTok to find a new owner came and went this week, a missed milestone that would have rendered the social media app effectively banned in the U.S. as of November 12. Instead, the administration granted the video-sharing app a 15-day reprieve. This gives TikTok until November 27 to be divested from its parent company, ByteDance, possibly through convincing government officials to approve a proposed acquisition deal with Walmart and Oracle.

usr: 3
This is interesting!