TalkTalk Super Router Security Fears Persist

Posted on May 26, 2018May 25, 2018 by Rob Burdett

An advisory notice from software and VR Company IndigoFuzz has highlighted the continued potential security risk posed by a vulnerability in the WPS feature in the TalkTalk Super Router.

What Vulnerability Does the Super Router Have?

According to IndigoFuzz, the WPS connection is insecure and the WPS pairing option is always turned on i.e. the WPS feature in the router is always switched on, even if the WPS pairing button is not used.

This could mean that an attacker within range could potentially hack into the router and steal the router’s Wi-Fi password.

Tested

It has been reported that in tests involving consenting parties, IndigoFuzz found a method of probing the router to steal the passwords to be successful on multiple TalkTalk Super Routers.

The test involved using a Windows-based computer, wireless network adapter, a TalkTalk router within wireless network adapter range, and the software ‘Dumpper’ available on Sourceforge. Using this method, the Wi-Fi access key to a network could be uncovered in a matter of seconds.

Scale

The ease with which the Wi-Fi access key could be obtained in the IndigoFuzz tests has prompted speculation that the vulnerability could be on a larger scale than was first thought, and a large number of TalkTalk routers could potentially be affected.

No Courtesy Period Before Announcement

When a vulnerability has been discovered and reported to a vendor, it is normal protocol to allow the vendor 30 days to address the problem before the vulnerability is announced publicly by those who have discovered / reported the vulnerability.

In this case, the vulnerability was first reported to TalkTalk back in 2014, so IndigoFuzz chose to issue the advisory as soon as possible.

Looks Bad After TalkTalk Hack in 2017

News that a vulnerability has remained unpatched after it was reported 4 years ago to TalkTalk looks bad on top of major cyber attack and security breach there back in October 2017. You may remember that the much publicised cyber-attack on the company resulted in an estimated loss of 101,000 customers (some have suggested that the number of lost customers was twice as much as this figure). The attack saw the personal details of between 155,000 and 157,000 customers (reports vary) hacked, with approximately 10% of these customers having their bank account number and sort code stolen.

The trading impact of the security breach in monetary terms was estimated to be £15M with exceptional costs of £40-45M.

What Does This Mean For Your Business?

It seems inconceivable that a widely reported vulnerability that could potentially affect a large number of users may still not have been addressed after 4 years. Many commentators are calling for a patch to be issued immediately in order to protect TalkTalk customers. This could mean that many home and business customers are still facing an ongoing security risk, and TalkTalk could be leaving itself open to another potentially damaging security problem that could impact its reputation and profits.

Back in August last year, the Fortinet Global Threat Landscape Report highlighted the fact that 9 out of 10 businesses are being hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and many even have patches available for them. This should remind businesses to stay up to date with their own patching routines as a basic security measure.

Last year, researchers revealed how the ‘Krack’ method could take advantage of the WPA2 standard used across almost all Wi-Fi devices to potentially read messages, banking information and intercept sensitive files (if a hacker was close to a wireless connection point and the website doesn’t properly encrypt user data). This prompted fears that hackers could turning their attention to what may be fundamentally insecure public Wi-Fi points in e.g. shopping centres / shops, airports, hotels, public transport and coffee shops. This could in turn generate problems for businesses offering WiFi.

CALL US ON 0203 005 9650 FOR SUPERIOR IT SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.

AI Drones: Smaller and Smarter

Posted on May 21, 2018May 29, 2018 by Rob Burdett

Researchers from ETH Zurich, Switzerland and the University of Bologna have built the smallest completely autonomous quadrotor nano-drone that uses AI to fly itself, and doesn’t need human guidance, unlike other drones.

Neural Network Feeds the AI

The technology at the heart of the Crazyflie 2.0 Nano Quadcopter is the DroNet neural network. This is able to processes incoming images from a camera at 20 frames per second. From this, the nano-drone is able to work out how to steer, and calculate the probability of a collision, thereby giving it the ability to know when to stop.

AI Drone, Drones — The Crazyflie 2.0 Nano Quadcopter AI Drone

Fully On-Board Computation

The fact that these new AI drones need no external sensing and computing because all computation is fully on-board thanks to the PULP (Parallel Ultra Low Power) platform, means that it is truly autonomous, and is, therefore, a real first in terms of how a small drone can be controlled.

The new autonomous drone is an improvement on the first test version of the drones, which involved putting the DroNet neural network system in a larger commercial-off-the-shelf, Parrot Bebop 2.0 drone, and using radio contact with a laptop to control it.

AI Trained Using Images

Since AI requires training so that it can learn to become better at a task, the drones’ neural network was trained using thousands of images taken from bicycles and cars driving along different roads.

Only Horizontal Movement

One major drawback at the current time is that, because it was trained using images from a single plane, the drone can only move horizontally and cannot yet fly up or down.

Even Smaller Drones

Technologies involved in making drones have evolved to such a degree that even robot ‘fly’ drones haves now been built.

As the successor to RoboBee, the so-called RoboFly it is so small (the size of a fly) that it can’t support the weight of a battery to power it. The power for flight is currently delivered by a laser being trained on an attached photovoltaic cell.

The tiny device has wings that are flapped by sending a series of pulses of power in rapid succession and then slowing the pulsing down as it gets near the top of the wave (with the whole process in reverse for the downward flap).

The RoboFly drones, developed by a team of researchers based in Australia, can only just take off and travel a very short distance at present. Future plans for RoboFly reportedly include improving the onboard telemetry so it can control itself, and making a steered laser that can follow the bug’s movements and continuously beam power in its direction.

What Does This Mean For Your Business?

Up until now, the main uses for drones have been specialist applications such as within the military, in construction (viewing and mapping sites), film and TV, leisure use, and even for delivery of parcels (Amazon tests). All of these involve the use of larger drones that are remotely controlled.

The ideas that a drone can be made in a miniature size, and / or can control itself using AI could open up many more new areas of opportunity for businesses and other organisations. Such drones could be used in confined spaces or in very specialised situations.

The idea of an AI drone has, however, led to some alarm being expressed by some commentators. Even though AI autonomy could help drones to monitor environments, be used in spying, and develop swarm intelligence for military use, some have expressed worries that they could become better at delivering lethal payloads, and could pose other unforeseen security risks.

Globalnet IT Innovations offer a range of managed IT services and on-demand IT services. Call us on 0203 005 9650 to speak to one of our IT consultants and discover how we can help you reach your business goals.

Police Facial Recognition Software Flawed

Posted on May 21, 2018May 31, 2018 by Rob Burdett

Following an investigation by campaign group Big Brother Watch, the UK’s Information Commissioner, Elizabeth Denham, has said that the Police could face legal action if concerns over accuracy and privacy with facial recognition systems are not addressed.

Which Facial Recognition Systems?

A freedom of information request sent to every police force in the UK by Big Brother Watch shows that The Metropolitan Police used facial recognition at the Notting Hill carnival in 2016 and 2017, and at a Remembrance Sunday event, and South Wales Police used facial recognition technology between May 2017 and March 2018. Leicestershire Police also tested facial recognition in 2015.

What’s The Problem?

The two main concerns with the system (as identified by Big Brother Watch and the ICO) are that the facial recognition systems are not accurate in identifying the real criminals or suspects, and that the images of innocent people are being stored on ‘watch’ lists for up to a month, and this could potentially lead to false accusations or arrests.

How Do Facial Recognition Systems Work?

Facial recognition software typically works by using a scanned image of a person’s face (from the existing stock of police photos of mug shots from previous arrests), and then uses algorithms to measure ‘landmarks’ on the face e.g. the position of features and the shape of the eyes, nose and cheekbones. This data is used to make a digital template of a person’s face, which is then converted into a unique code.

High-powered cameras are then used to scan crowds. The cameras link to specialist software that can compare the camera image data to data stored in the police database (the digital template) to find a potential ‘match’. Possible matches are then flagged to officers, and these lists of possible matches are stored in the system for up to 30 days.

A real-time automated facial recognition (AFR) system, like the one the police use at events, incorporates facial recognition and ‘slow time’ static face search.

cctv, facial recognition — Big Brother may be watching, but the facial recognition doesn’t work

Inaccuracies

The systems used by the police so far have been criticised for simply not being accurate. For example, of the 2,685 “matches” made by the system used by South Wales Police between May 2017 and March 2018, 2,451 were false alarms.

Keeping Photos of Innocent People On Watch Lists

Big Brother Watch has been critical of the police keeping photos of innocent people that have ended up on lists of (false) possible matches, as selected by the software. Big Brother Watch has expressed concern that this could affect an individual’s right to a private life and freedom of expression, and could result in damaging false accusations and / or arrests.
The police have said that they don’t consider the ‘possible’ face selections as false positive matches because additional checks and balances are applied to them to confirm identification following system alerts.

The police have also stated that all alerts against watch lists are deleted after 30 days, and faces in the video stream that do not generate an alert are deleted immediately.

Criticisms

As well as accusations of inaccuracy and possibly infringing the rights of innocent people, the use of facial recognition systems by the police has also attracted criticism for not appearing to have a clear legal basis, oversight or governmental strategy, and for not delivering value for money in terms of the number of arrests made vs the cost of the systems.

What Does This Mean For Your Business?

It is worrying that there are clearly substantial inaccuracies in facial recognition systems, and that the images of innocent people could be sitting on police watch lists for some time, and could potentially result in wrongful arrests. The argument that ‘if you’ve done nothing wrong, you have nothing to fear’ simply doesn’t stand up if police are being given cold, hard computer information to say that a person is a suspect and should be questioned / arrested, no matter what the circumstances. That argument is also an abdication from a shared responsibility, which could lead to the green light being given to the erosion of rights without questions being asked. As people in many other countries would testify, rights relating to freedom and privacy should be valued, and when these rights are gone, it’s very difficult to get them back again.

The storing of facial images on computer systems is also a matter for security, particularly since they are regarded as ‘personal data’ under the new GDPR which comes into force this month.

There is, of course, an upside to the police being able to use these systems if it leads to the faster arrest of genuine criminals, and makes the country safer for all.

Despite the findings of a study from YouGov / GMX (August 2016) that showed that UK people still have a number of trust concerns about the use of biometrics for security, biometrics represents a good opportunity for businesses to stay one step ahead of cyber-criminals. Biometric authentication / verification systems are thought to be far more secure than password-based systems, which is the reason why banks and credit companies are now using them.

Facial recognition systems have value-adding, real-life business applications too. For example, last year, a ride-hailing service called Careem (similar to Uber but operating in more than fifty cities in the Middle East and North Africa) announced that it was adding facial recognition software to its driver app to help with customer safety.

PGP Encryption Flaw Discovered in Email Security

Posted on May 21, 2018May 29, 2018 by Rob Burdett

A German newspaper has released details of a security vulnerability, discovered by researchers at Munster University of Applied Sciences, in PGP (Pretty Good Privacy) data encryption.

What Is PGP?

PGP (Pretty Good Privacy) is an encryption program that is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and disk partitions, and to increase the security of e-mail communications. As well as being used to encrypt and decrypt email, PGP is also used to sign messages so that the receiver can verify both the identity of the sender and the integrity of the content. PGP works using a private key that is kept secret, and a public key that the sender and receiver share.

The technology is also known by the name of GPG (Gnu Privacy Guard or GnuPG), and is a compatible GPL-licensed alternative.

PGP, email encryption flaw — PGP encryption flaw found

What’s The Flaw?

The flaw, which was first thought by some security experts to affected the core protocol of PGP (which would make all uses of the encryption method, including file encryption, vulnerable), is now believed to be related to any email programs that don’t check for decryption errors properly before following links in emails that include HTML code i.e. email programs that have been designed without appropriate safeguards.

‘Efail’ Attacks

The flaw leaves this system of encryption open to what have been called ‘efail’ attacks. This involves attackers trying to gain access to encrypted emails (for example by eavesdropping on network traffic), and compromising email accounts, email servers, backup systems or client computers. The idea is to reveal the plaintext of encrypted emails (in the OpenPGP and S/MIME standards).

This type of attack can be carried out by direct exfiltration, where vulnerabilities in Apple Mail, iOS Mail and Mozilla Thunderbird can be abused to directly exfiltrate the plaintext of encrypted emails, or by a CBC/CFB gadget. This is where vulnerabilities in the specification of OpenPGP and S/MIME are abused to exfiltrate the plaintext.

What Could Happen?

The main fear appears to be that the vulnerabilities could be used to decrypt stored, encrypted emails that have been sent in the past (if an attacker can gain access). It is thought that the vulnerabilities could also create a channel for sneaking personal data or commercial data and business secrets off devices as well as for decrypting messages.

What Does This Mean For Your Business?

It is frustrating for businesses to learn that the email programs they may be using, and a method of encryption, supposed to make things more secure, could actually be providin a route for criminals to steal data and secrets.

The advice from those familiar with the details of the flaw is that users of PGP email can disable HTML in their mail programs, thereby keeping them safe from attacks based on this particular vulnerability. Also, users can choose to decrypt emails with PGP decryption tools that are separate from email programs.

More detailed information and advice concerning the flaw can be found here: https://efail.de/#i-have

Globalnet IT Innovations offer a range of managed IT services and on-demand IT services, including secure Outlook 365 email. Call us on 0203 005 9650 to speak to one of our IT consultants and discover how we can help you reach your business goals.

Fewer Shop Visits Due To Digital. But More Spending

Posted on May 21, 2018 by Rob Burdett

British Retail Consortium (BRC) figures show that footfall in retail stores fell by 3.3% in April 2018 compared to last year, marking a further shift in consumer behaviour towards digital adoption.

Two Consecutive Months

The drop in footfall numbers for April was the second consecutive month where the trend away from visiting the physical high street could be observed, and in comparison to this time last year when footfall was on the up, it is seen by analysts as being significant.

Visiting Even Less – But Still Spending

The last time such a significant drop in footfall occurred (3.8%) was recorded was in 2009 when the UK was in recession and consumers were spending less as a result. Even compared to that, this year’s drop in the numbers of people visiting physical store locations is larger at 4.8%.

Despite the apparent fall in physical store visits, Barclays bank data shows that consumer spending is still on the increase.

What’s Happening?

Retail experts have noted a shift in consumer behaviour towards digital shop visits rather than physical ones, based on a number of benefits including flexibility (in what goods they purchase and when), product / service ranges available, convenience, digital innovations enhancing customer experiences, and a predisposition towards leisure rather than retail spend.

This changing consumer behaviour is forcing the retail industry to evolve and re-structure.

Increased Leisure Spending

One key trend that has been noted by analysts is the increase in leisure rather than retail spending by consumers. For example, a report by Deloitte based on the quarterly survey of more than 3,000 UK adults found that 2017 (last quarter) ended positively for the leisure sector, with consumer spending increasing in 7 out of 11 leisure categories compared to the previous year.

The areas that have shown an increase include experience-led activities, short break holidays, going to the gym, drinking in pubs and bars and attending live sporting events.

What Does This Mean For Your Business?

For retail businesses, these figures mean that the digital retail environment is posing many challenges, but the changes can also be embraced as part of a restructured strategy to remain competitive.

Many retailers understand that they now need to rebalance investment in physical and digital infrastructure, and change the way stores are used e.g. by adopting technology to engage people, and to make stores more like centres for experiences rather than just places for purchasing goods. This is particularly important for younger consumer groups.

Retailers can embrace technology as an opportunity to deliver more value to customers whether in store, at home or on the move. Retail commentators frequently talk about the importance of the need to create a seamless customer experience between online and offline, and to develop an omni-channel platform. Improving and optimising the current experience that retailers offer customers, and replicating these as effectively as possible across all channels could be the key to staying competitive in the evolving retail business environment.

Handy Location Tracker

Posted on May 21, 2018 by Rob Burdett

A peanut-shaped, hand-held, smart, long-range tracking device called LynQ has been launched that can tell you how far and in what direction your friends are, all without the need for a data connection, and without monthly fees.

Why?

As well as being used for outdoor activities to replace traditional maps and location methods, a ‘LynQ’ can be used as a safety device for tracking children or pets, for rescue workers, or for making sure dementia sufferers don’t wander too far. It can also be used as a fun / leisure device e.g. to find each other in festival crowds, or to keep track of each other when hiking or skiing.

How Does It Work?

Powered by a rechargeable power cell that can offer up to three days of battery life between charges, a LynQ can reportedly track other LynQ users from up to 3 miles (5km) away.

Being marketed as a kind of smart compass for the 21st century, the LynQ doesn’t need an app, phone or Wi-Fi network. Instead, it uses what is described as “a new approach to GPS”. This means that LynQ devices send their GPS coordinates directly to each other. The GPS data has a compression algorithm applied to it in order to make it possible to send that data more frequently and reliably.

2 To 12 People Can Use

LynQ allows 2 or more people (up to 12 can link up) to use a one-button control and simple digital interface to find each other. The display shows a simple display of distance and direction that changes accurately as you move towards or away from your target, and the single button allows you to switch between people you’re tracking.

The display turns off automatically when you let it go to hang by its clip, thus saving battery life, but the LynQ is always receiving the data.

Other Features

The device allows you to create a “home” location that linked devices can point toward. It also allows you to set a safe zone (a radius from your device) that will warn you if the other person leaves that safe zone. You can also send basic preset messages like “meet up” or “help.”

The price is $154 / £114.30 per pair (early bird), going up to $200 / £148.40.

What Does This Mean For Your Business?

This is another smart device that shows how a combination of technologies can be used to create something that can meet a real need and has multiple applications e.g. leisure, sport, safety, and even defence. For example, the Thai Ministry of Defence tested LynQ and found that it helped soldiers find each other much faster while radio silent, and helped them quickly get into formation for a search mission.

This could also represent another possible way to keep track of those in the care of others e.g. dementia sufferers being tracked by carers. Back in 2016 for example, a barcode tagging system for tracking elderly dementia sufferers was being tested in Tokyo, but the LynQ could provide an even simpler and more practical system.

Quite simply as a gadget, the LynQ appears to have multiple applications, thereby offering many opportunities to business and personal users. The fact that the LynQ requires no monthly fees, and doesn’t require a data connection will increase its appeal.

The hope is that the LynQ device is secure and that signals can’t be intercepted and used by criminals to track victims e.g. for attack or abduction. There are still widespread fears about the vulnerability of many smart / IoT devices to hacking, but the fact that LynQ doesn’t need a connection could make it safer.

Tech Tip – Play Almost Any File Format

Posted on May 21, 2018 by Rob Burdett

If you sometimes have trouble opening and playing certain file formats e.g. for videos, free and open-sourced VLC software makes it easy to play almost any file format you throw at it.

To download the app, which works with Mac, PC, Linux, Android, and iOS, and states that it doesn’t deliver ads or engage in user tracking:

– Go to https://www.videolan.org/vlc/features.html

– Click on the appropriate Operating System.

– Read the details and click on the orange download button.

Twitter Says Change Your Password

Posted on May 15, 2018May 17, 2018 by Rob Burdett

Twitter has advised all users to change their passwords after a bug caused the passwords to be stored in easily readable, plain text on an internal computer log.

The Bug – Passwords Visible Before ‘Hashing’

Twitter reported on their own blog that the bug that stored passwords had been ‘unmasked’ in an internal log. The bug is reported to have written the passwords into that internal log before Twitter’s hashing process had been completed.

The hashing process disguises Twitter passwords, making them very difficult to read. Hashing uses the ‘bcrypt’ function which replaces actual passwords with a random set of numbers and letters. It is this set of replaced characters that should be stored in Twitter’s system, as these allow the systems to validate account credentials without revealing customer password.

Millions Affected?

The fact that the passwords were revealed on an internal server, albeit for what is estimated to be for several months, and that there appears to be no evidence of anyone outside the company seeing the passwords, and no evidence of a theft or passwords turning up for sale on hacker site, indicates that it is unlikely that many of the 330 million Twitter users have anything real to fear from the breach.

Big Breaches

In this case, Twitter appears to have behaved responsibly and acted quickly by reporting the bug to regulators, fixing the bug, and quickly and publicly advising all customers to change their passwords.

Twitter’s behaviour appears to be in stark contrast to the way other companies have handled big breaches. For example, back in November 2017 Uber was reported to have concealed a massive data breach from a hack involving the data of 57 million customers and drivers, and then paid the hackers $100,000 to delete the data and to keep quiet about it.

Breaches can happen for all kinds of reasons, and while Twitter’s breach was very much caused and fixed by Twitter internally, others have been less lucky. For example, an outsourcing provider of the Red Cross Blood Service in Australia accidentally published the Service’s entire database to a public web server, thereby resulting in Australia’s largest ever data breach.

What Does This Mean For Your Business?

If you have a Twitter account, personal or business, the advice from Twitter is quite simply to change your password, and change it on any other service where you may have used the same password. Twitter is also advising customers to make the new password a strong one that isn’t reused on other websites, and to enable two-factor authentication. You may also want to use a password manager to make sure you’re using strong, unique passwords everywhere.

In this case, Twitter has acted quickly, appropriately and transparently, thereby minimising risks to customers and risks to its own brand reputation. Twitter will want this message of responsibility to be received loud and clear, particularly at a time where GDPR (and its hefty fines) is just around the corner, and a time when other competing social networks i.e. Facebook have damaged customer trust by acting less responsibly with their data through the Cambridge Analytica scandal.

8 More Security Flaws Found In Processors

Posted on May 15, 2018 by Rob Burdett

Following on from the revelation in January that 2 major security flaws are present in nearly all modern processors, security researchers have now found 8 more potentially serious flaws.

Eight?

According to reports by German tech news magazine c’t, the 8 new security flaws in chips / processors were discovered by several different security teams. The magazine is reported to have been given the full technical details of the vulnerabilities by researchers and has been able to verify them.

The new ‘family’ of bugs have been dubbed Spectre Next Generation (Spectre NB), after the original Spectre bug that was made public along with the ‘Meltdown’ bug at the beginning of the year.

90 Days To Respond

The researchers who discovered the bugs have followed bug disclosure protocols, and have given chip-makers and others 90 days to respond and to prepare patches before they release details of the bugs. The 90 day time limit ran out on Monday 7th May.

Co-ordinated Disclosure

Intel is reported to have been reluctant to simply acknowledge the existence of the bugs, preferring to have what it calls a ‘co-ordinated disclosure’, presumably near the end of the protocol time limit, when there has been time to prepare patches and to mitigate any other issues.

It is not yet clear if AMD processors are also potentially vulnerable to the Spectre-NG problems.

How Serious Are The Flaws?

There have been no reports, as yet, of any of the 8 newly-discovered flaws being used by cyber-criminals to attack firms and extract data. According to the magazine C’t, however, Intel had classified half of the flaws as “high risk”, and the others as “medium risk”.

It is believed that one of the more serious flaws could provide a way for attackers access a vulnerable virtual computer, and thereby reach the server behind it, or reach other software programs running on that machine. It has been reported that Cloud services like Amazon’s AWS may be at risk from this flaw.

Meltdown and Spectre

The original Meltdown and Spectre flaws were found to have been present in nearly all modern processors / microchips, meaning that most computerised devices are potentially vulnerable to attack, including all iPhones, iPads and Macs.

Meltdown was found to leave passwords and personal data vulnerable to attacks, and could be applied to different cloud service providers as well as individual devices. It is believed that Meltdown could affect every processor since 1995, except for Intel Itanium and Intel Atom before 2013.

Spectre, which was found to affect Intel, AMD and ARM (mainly Cortex-A) processors, allows applications to be fooled into leaking confidential information. Spectre affects almost all systems including desktops, laptops, cloud servers, and smartphones.

What Does This Mean For Your Business?

The discovery of a family of 8 more flaws on top of the original 2 ‘Spectre’ and ‘Meltdown’ flaws is more bad news for businesses, particularly when they are trying to make things as secure as possible for the introduction of GDPR. Sadly, it is very likely that your devices are affected by the several or all of the flaws because they are hardware flaws at architectural level, more or less across the board for all devices that use processors. The best advice now is to install all available patches and make sure that you are receiving updates for all your systems, software and devices.

Although closing hardware flaws using software patches and updates is a big job for manufacturers and software companies, it is the only realistic and quick answer at this stage to a large-scale problem that has present for a long time, but has only recently been discovered.

Regular patching is a good basic security habit to get into anyway. Research from summer 2017 (Fortinet Global Threat Landscape Report) shows that 9 out of 10 impacted businesses are being hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and there are already patches available for them.

Facebook Loyalty Intact Says Survey

Posted on May 15, 2018 by Rob Burdett

Even after all the publicity surrounding Facebook’s selling of the personal data of 87 million users to Cambridge Analytica, a Reuters/Ipsos survey has found that most users are still loyal to the social media giant.

Just A Public Relations Problem

The survey conducted April 26-30 was based in the US, the home country of Facebook and the place where the vast majority of those whose data was sold live. Far from indicating that any users have been outraged by the selling of their personal data property without their permission, the survey appears to show that Facebook has so far suffered no ill effects from the scandal, other than a public relations headache.

A Quarter Using Facebook More!

The survey showed that half of US Facebook users said they had not recently changed the amount that they used the site, and, incredibly, a quarter of those surveyed said they were using it more!

The remaining 25% said that they were using it less recently, had stopped using it, or deleted their account.

64% of those surveyed said they still used Facebook at least once a day, down only slightly from the 68% recorded in a similar poll in late March.

The results appear to show, therefore, that the numbers of those using Facebook more has balanced out the numbers of any respondents who said they used the platform less, meaning that, according to the survey, Facebook appears to have suffered no real damage other than a PR hit from the scandal.

Wait Until 2nd Quarter

Facebook actually showed a near 50% increase its sales in the first quarter of this year, with profits up to $4.9bn from $3bn last year. Some commentators have stressed, however, that any of the financial effects of the scandal are likely to be evident in the second quarter.

Cambridge Analytica Closed

While Facebook, a social media giant, appears to have suffered no real damage other than a PR hit, Cambridge Analytica has been forced to go into liquidation blaming negative media attention. Some commentators have pointed out that Cambridge Analytica portrayed themselves as victims of unwarranted press activity, thereby deflecting blame from their activities involving the use of the personal data of millions to influence election and referendum outcomes.

Trusted With Dating Information?

It may appear that customer loyalty is still intact to a large extent now, but the next test for Facebook could be whether customers will trust them with their privacy when Facebook rolls out its dating service app later this year.

What Does This Mean For Your Business?

This story shows what many tech commentators had predicted – that the fact that Facebook was so much a part of peoples’ daily routine with no real alternative among the other social media platforms, that it could weather the storm and come out the other end with little real impact on its user numbers. It seems strange that, even though customers personal details were harvested and sold to a third party, without the permission of users, and then used to potentially influence how they voted in the US election (and in the Brexit referendum in the UK) that very few people appear to be prepared to see that as grounds to reject Facebook and the service and value that it offers in their lives.

People actively use Facebook as an integral part of their friendship networks and as a source of news, thereby allowing it unprecedented access to their personal lives and interests, as well as allowing it to help shape their view of the world, and it may be this investment and yes, loyalty, that has allowed them to apparently forgive Facebook for its part in the scandal, and to allow the value that Facebook offers in their lives to outweigh Facebook’s indiscretions.

From a business point of view, this shows how powerful loyalty can be, especially if a service can offer value that links strongly to ‘self’ and things that have emotional and personal connections and importance, and allow and enable real engagement.