šŸ§™ Doctor Strange Defeats HIPAA & Phishing Schemes Get Stranger

Apple faces regulatory friction in EU + Send secret notes with PrivacySafe Link

šŸ‘Øā€āš•ļø Doctor Strangeā€™s Multiverse of Privacy Madness

When we rewatched Marvelā€™s 2016 film Doctor Strange, we couldnā€™t help but notice a glaring issue. Why does the wizard protagonist, Doctor Stephen Strange, continually trample on healthcare privacy?

Strangeā€™s journey into wizardry is motivated by his near-fatal car crash ā€” featuring a baffling scene where he casually examines patient X-rays on a display inside his supercar. Setting aside the obvious dangers, Strangeā€™s decision to review medical results while driving raises serious ethical questions. Itā€™s hard to imagine patients would be thrilled knowing their critical health info is being handled so carelessly.

While recovering from his injuries, Strange clashes with a hospital orderly who challenges the grim prognosis for his hands. The orderly, determined to prove Strange wrong, mentions the name of a former patient, Jonathan Pangborn, who miraculously cured his quadriplegia. Then the orderly escalates the situation, offering to grab Pangbornā€™s file and share it with Strange.

Under HIPAA, sharing a patientā€™s protected health information (PHI) without authorization is illegal unless specific exceptions apply. For example, data can be disclosed for treatment purposes, research (with specific safeguards), or when required by law. None of these apply in the filmā€™s scenario.

Even if Strange used to work for the hospital that treated Pangborn, HIPAA requires stringent controls on PHI access. Employees can only view patient records when necessary for their specific job tasks. Strange, no longer practicing medicine at this point in the story, wouldnā€™t have had any legitimate reason to access Pangbornā€™s file. If this scenario occurred in real life, both the orderly and the hospital would face severe penalties.

The cinematic origin of the Sorcerer Supreme offers all the trappings of a great superhero story: arrogance, downfall, redemption, andā€¦ blatant violations of patient privacy. Our hero stomps over healthcare regulations (and common sense) faster than he can conjure a portal.

šŸŽ© Avoid Big Techā€™s Spells in Our Social Network

If youā€™re sick of your life being studied by nosy wizards with selfish intentions, join our social space and connect with millions of users:

šŸ”† PrivacySafe Social https://privacysafe.social ā€” A free app with No Ads, No Spyware, No Timeline or AI Manipulation. We have 8 simple rules and honest, human moderation.

šŸ“± Apple Grapples with USB Cable Laws & Exploits

Appleā€™s relationship with USB-C has been anything but smooth, especially in the European Union. The drama concluded last year with the EU Common Charging Directive, which took effect at the end of December and mandates USB-C ports for most gadgets. The regulation is aimed to increase interoperability and simplify device charging. Proponents hope to reduce electronic waste and planned obsolescence, as well as limit vendor lock-in from device-specific cables.

As a result, Apple had to yank the iPhone 14, iPhone 14 Plus, and third-gen iPhone SE from EU shelves. The iPhone 15 lineup has USB-C ports, but Appleā€™s compliance strategy (or lack thereof) has been a bumpy road.

While Apple grapples with regulatory changes, security researchers have their eyes on something more electrifying: Appleā€™s new ACE3 USB-C controller, introduced with the iPhone 15. Apple beefed up security for the ACE3 compared to its predecessor, the ACE2, adding cryptographic validation and personalized firmware. Despite these additions, security researchers managed to crack the system using techniques like electromagnetic fault injection to bypass its defenses.

Though the attacks arenā€™t easy to pull off (at least not yet) the results are scary. Hacking the ACE3 can mean untethered ā€œjailbreaksā€ and persistent firmware implants, which basically means that attackers can install all kinds of nasties on your iDevice. Malware injected via these methods could not only allow bad actors to snoop on your data, they could take full control of your device.

These hacking techniques also highlight a growing trend: as software gets harder to exploit, attackers must turn to hardware and ā€œside channelā€ attacks. Apple now faces pressure to rethink its chip shielding and detection measures.

Maybe the solution is re-introducing Appleā€™s lightning cable? šŸ˜‰

šŸÆ Phishing Scams Trap Australian Cat Chasers

It all starts with an innocent question: ā€œAre Bengal Cats legal in Australia?ā€ Maybe youā€™re daydreaming about owning a colorful feline ā€” but type that question into Google and it could be the start of a cyber nightmare. Hackers have begun to turn seemingly-niche queries into the bait for sophisticated cyberattacks, proving that even the most innocent searches can have serious consequences.

A top UK cybersecurity firm sounded the alarm, warning Internet users to steer clear of search results about bengal cats in Australia. The top links might look legitimate, like a blog or legal guide, but theyā€™re anything but safe. Clicking them allows hackers to deploy malware that can steal personal information like bank details or lock you out of your own computer. Cybersecurity experts call this kind of attack ā€œSEO poisoning.ā€ Malicious hackers figure out clever ways to manipulate search engine algorithms and push their dodgy sites to the top of the results.

Itā€™s not just cat queries that cyber criminals are exploiting. Scammers are constantly upping their game and targeting the devices in our pockets. iPhone users are now being sent ā€œsmishingā€ SMS texts disguised as urgent notices. Topics might include threats about unpaid road tolls or shipping issues ā€” a message that spurs reflexive action on the part of the recipient. A victim could be convinced, for example, to disable iMessage safeguards.

Some messages warn of ā€œexcessive late feesā€ and a ā€œpossible lawsuitā€ if payment isnā€™t made immediately. The odd phrasing might raise a red flag for some, but victims who are worried or distracted will trigger the malicious trap. Once the scammer gets a reply, they know the number is active, opening the door to more targeted attacks.

The lesson? Pause and take 9 seconds before you click, download, or share. If youā€™re concerned about an issue, try to find an official website or verified source that confirms the information youā€™ve been told. Remember: curiosity doesnā€™t have to kill the cat.

šŸ•µļø Create Secret Notes with PrivacySafe Link

Last week we released a free app ā€” PrivacySafe Link, your tool for sharing secret notes via a password-protected link: https://privacysafe.link

Back by popular demand, weā€™re giving you a rundown of its key features, below.

Self-Destructing Notes: By default, notes disappear after one view by the person you share the link with. You can also set a custom number of views.

Client-Side Encryption: Your note is encrypted inside your web browser, on your device, so our server has no idea what you type or paste.

Strong Passwords: Your PrivacySafe Links are automatically secured by a strong password generated on your device, not our server.

Go-Go-Gadget Privacy

Remember Inspector Gadget, the 80ā€™s cartoon detective with the exploding messages? Now your messages can self-destruct too!

āœļø Write Your Mission Brief Visit privacysafe.link and type your note. Choose how many times it can be viewed or set a time limit (in seconds).

šŸ”— Copy Your PrivacySafe Link Your note is encrypted on your own device, creating a PrivacySafe Link that can be shared. You can copy the link and the password separately (best practice) or copy them both together as a long URL (simpler).

šŸ’Œ Deliver Your Message Share with your recipient ā€” preferably in an app with strong encryption. If you share over an insecure channel like email, at least you know the data will self-destruct.

šŸø Mission Accomplished Once the PrivacySafe Link self-destructs, sit back and enjoy a vodka martini.

Donā€™t Get Burned!

Share Smart: Use encrypted messaging apps to share with your recipient. If you use Tor Browser, you can also try our Tor .onion hidden service.

Be Patient: Avoid the urge to check your link so it wonā€™t self-destruct early.

Split the Info: If both the link and password are intercepted, someone could read the note before your intended recipient. Splitting the information over separate apps or communication channels is better operational security.

Keep Backups: Your data will self-destruct and is gone forever ā€” our server canā€™t read the note, canā€™t identify the link, and doesnā€™t make copies.

Why Youā€™ll Love It

Need to pass along a heartfelt message, your class notes, or a funny meme? PrivacySafe Link is for messages you want to stay private and temporary, with the simplicity and security that would make Inspector Gadget say, ā€œWowzers!ā€ šŸ’„

šŸ™ Thank You For Reading!

Join PrivacySafe Social to keep up with our app releases. Weā€™ve got more public apps fresh out of the oven and youā€™ll be the first folks who get a taste as we announce them.

šŸŒ Find Us Around the Web

Weā€™re getting our message out on: šŸŒž PrivacySafe Social: @bitsontape ā€¢ Telegram: Bits On Tape ā€¢ Blue Sky: @bitsontape.com ā€¢ Twitter X: @BitsOnTape ā€¢ LinkedIn: Bits On Tape

Bits On Tapeā„¢ is a twice-weekly replay of science & technology stories by cyber experts. These bits are put to screen by Sean Oā€™Brien, leading voice behind privacy and cybersecurity at Yale Law School and founder of Yale Privacy Lab, and edited by Cherise Labonte, science researcher and licensed Registered Nurse.

Ā© Ivy Cyber Consulting LLC. This project is dedicated to ethical Free and Open Source Software and Open Source Hardware. Ivy Cyberā„¢ and Bits On Tapeā„¢ are pending trademarks and PrivacySafeĀ® is a registered trademark. All content, unless otherwise noted, is licensed Creative Commons BY-SA 4.0 International.

Substack: https://bitsontape.com | Medium: https://bitsontape.net