Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday February 11 2020, @08:14AM   Printer-friendly
from the capture-all-the-data dept.

Wacom Tablet Data Exfiltration Raises Security Concerns:

[Editors' Note UPDATE 200211-14:16]: It has been pointed out that this story is a duplicate of a previous story. The editor concerned will be made to sit on the naughty step for 15 minutes.]

The Wacom digital drawing tablet appears to be silently exfiltrating user data, according to an investigation by software engineer Robert Heaton – and the company responded on Friday, downplaying the report. However, security researchers say the tablets still pose a risk and a privacy problem.

Wacom devices hook up to a laptop or desktop computer as a plug-and-play peripheral device, just like a keyboard or mouse would. It allows users to "paint," draw, create photo montages, sketch and more, all to be digitally rendered on the associated computer. It's aimed at commercial graphics designers as well as amateur enthusiasts.

The downside, according to Heaton's investigation, is that its drivers also silently track the name of every application that users open while the devices are running.

Heaton scoured the privacy agreement for the device and found that in section 3.1, Wacom asks permission to send information to Google Analytics "[including] aggregate usage data, technical session information and information about [my] hardware device."

The phrase "aggregate usage data" gave Heaton pause due to its vagueness. After investigating, he found that Wacom was recording some innocuous operational data, such as timestamps for "driver started" and "driver shutdown." But it was also recording every time he opened a new application, including the time, "a string that presumably uniquely identifies me," and the application's name.

That information is sent off to Google Analytics, and according to a Wacom statement to the Verge, is used "for quality assurance and development purposes only." The company said that it only tracks which software applications are used when tablets are "in use," and that the data is accessible only in anonymized and unidentifiable formats.

[...] Rui Lopes, engineering and technical support director at Panda Security, told Threatpost that one concern is that such monitoring could be exploited by cybercriminals. "Unfortunately, there are...bad actors who take advantage of this dynamic to collect and sell data without the knowledge of the user, which can have massive [security] repercussions."

Heaton [added] "maybe the very existence of a program is secret or sensitive information," Heaton wrote. "What if a Wacom employee suddenly starts seeing entries spring up for 'Half Life 3 Test Build?' Obviously I don't care about the secrecy of Valve's new games, but I assume that Valve does."

[...] "Many analytics and diagnostics tools leak sensitive user and system data," Jack Mannino, CEO at nVisium, told Threatpost. "As we enable smart capabilities for traditionally 'dumb' devices, we have to be aware of the data we're generating and the consequences of how we collect, transmit and store this information. When building privacy policies, it's important that they match the technical realities of your systems and how they behave in production."

Wacom said that users can choose to opt out of data collection by going to settings: Desktop Center —> clicking "More" on the top-right corner —> Privacy Settings —> and selecting "off" in the "Participate Wacom Experience Program" box.

The opt-out instructions were clearly made available.

Also at The Register


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by kazzie on Tuesday February 11 2020, @05:57PM

    by kazzie (5309) Subscriber Badge on Tuesday February 11 2020, @05:57PM (#956912)

    No, he's a hunny bear. You're clearly thinking of the prime minister of Japan.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2