Pay with just your palm at Whole Foods

Amazon is rolling out its Amazon One payment service to 65 Whole Foods stores in California. The service uses high-tech checkout devices that allow customers to pay simply by scanning their palms. Customers sign up for Amazon One by registering their palmprint with a connected credit card and phone number at special kiosks in participating stores. Once registered, customers can pay for their groceries by hovering their bare hand above the checkout device. The Amazon One rollout is part of the company’s campaign to make it easier and faster for customers to pay, such as with Amazon’s Just Walk Out tech. For more on this story, see The Verge. 

Tech support scams are everywhere

Technical support scams continue to fool users into thinking they’ve connected with a well-intentioned cybersecurity expert that will fix their system when in reality they are paying a scammer to poke around in their files and possibly inject malware. Usually, the scam begins with a pop-up window falsely informing the user there is a problem and providing a phone number for support. If the user calls the number, the scammer answers and uses social engineering to persuade the user to grant remote access to their computer. The user then watches as the scammer runs various commands and proclaims the computer fixed. The scammer then leads the user to a payment page where the usual fee is about $300. In worst-case scenarios, the scammers also download malware into the user’s system. To learn more, see TechRepublic. 

WhatsApp adds more privacy features

This week, WhatsApp announced it will soon be adding two new privacy features: the ability to leave a group chat without the entire chat being notified and the ability to control one’s online status. When a user opts out of a WhatsApp group chat currently, everybody in the group gets the notification. But with the new change, only the admin of the group will get a message about the user’s departure. The other change addresses the privacy problem of all family and friends being alerted when a user engages with the app. The new feature will allow users to select who can and cannot see when they are online. Go to ZDNet for more on these features.

Emergency Alert System flaws could allow fake national bulletins

The U.S. Department of Homeland Security has warned of critical security vulnerabilities in the devices used by state authorities to send out national alerts. To prevent malicious actors from compromising the system, the department did not share details, but it did report that there are multiple flaws in the Emergency Alert System encoder/decoder devices. If left unpatched, malicious actors could issue fraudulent emergency alerts on national TV, radio, and cable networks. The issue is expected to be publicized and discussed at this month’s DEF CON conference in Las Vegas. For more, see The Hacker News. 

Tesla collects big data from all drivers

According to the Netherlands Forensic Institute, Tesla vehicles collect more data than any other automotive brand. They keep “gateway logs” which include data on seatbelts, Autopilot, cruise-control settings, and whether the driver’s hands were on the steering wheel or not. This data can also include the VIN, and it is uploaded periodically to Tesla. In addition, while most vehicles have event data recorders that collect speed, acceleration, brake use, steering input, and automatic brake and stability controls, Tesla makes a permanent record of this data on an SD card stored in the car’s infotainment computer. See the report by IEEE Spectrum for more.

This week’s must-read on the Avast blog 

As the internet becomes an inseparable part of childhood for most, there’s no better time than back-to-school to talk about internet safety and privacy. Check out our advice on how to manage your elementary schooler’s digital milestones.