The Harman Spark aftermarket connected-car device is the first product to get certification in CTIA’s IoT cybersecurity program, said the trade group Thursday. Certification testing took place at Ericsson’s lab in Richardson, Texas, and verified that the Spark met industry cybersecurity “best practices,” said CTIA. Device manufacturers may seek one of three certification levels, “depending on the sophistication of the device and the security characteristics desired or needed for its use,” it said. AT&T exclusively began offering the Spark in the fall at $79.99 under a variety of rate plans (see 1809250047). The Spark works on cars 1996 and newer to deliver emergency crash assistance, roadside assistance manager, geofencing, a Wi-Fi hot spot and other connectivity features.

AT&T Communications CEO John Donovan met FCC Chairman Ajit Pai about the company’s “ongoing 5G deployment and the importance of millimeter wave spectrum to 5G technologies,” said a filing posted Friday in docket 14-177. Donovan and other AT&T executives also discussed the national security NPRM (see 1812120043): "Any measures to address national security threats related to the communications supply chain should be proportionate to the risk and applied to all networks and providers, not to just entities that use Universal Service Support.” The Telecommunications Industry Association called for action on security rules in a meeting with Wireline Bureau staff. The record the FCC is building “provides details about specific concerns,” TIA said in docket 18-89, in a meeting handout. “Marketplace needs certainty as 5G is being rolled out in earnest.” The USF proceeding should target specific suppliers of concern, the group said.

“Nest was not breached,” a spokesperson emailed us, after reports by a customer in Orinda, California, that a Nest security camera blasted a warning claiming to be from Civil Defense of ballistic missiles headed to three U.S. cities. The third-party hack was the result of a compromised password exposed through “breaches on other websites,” the Google spokeswoman said. In December, a Houston family reportedly heard a stranger’s voice over a baby monitor saying sexual expletives through a Nest security camera and then threatening to kidnap the child. “In nearly all cases, two-factor verification eliminates this type of security risk,” the spokeswoman said: Google takes security in the home “extremely serious and we’re actively introducing features that will reject compromised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials.”

Addressing state and nonstate actors engaged in malicious cyber activities is the fourth in a list of seven mission objectives Director of National Intelligence Dan Coats outlined Tuesday in the administration's national intelligence strategy. The objective calls for understanding adversarial leadership plans, intentions, capabilities and operations. It includes expansion of “tailored production and appropriate dissemination and release of actionable cyber threat intelligence” and expanding abilities to “enable diplomatic, information, military, economic, financial, intelligence, and law enforcement plans and operations” to deter and counter bad actors.

Sixteen percent of U.S. broadband households admit to sharing their passwords for video service accounts with other people, blogged Parks Associates Wednesday. Fewer than a third are willing to use a non-password authentication method such as voice or thumbprint to access service, vs. 54 percent willing or very willing to use the password method once and then save it on a device, making it difficult for service providers to move subscribers to new methods of password-free authentication, Parks said. Though passwords are risks to users and service providers because of piracy and password sharing, “the password concept is ingrained in consumers' conception of the online video experience," said analyst Billy Nayden. The push to quash password sharing is driving initiatives to “grade” interactions based on prior user behavior, using data points such as geography, time and watching behavior, Nayden said. Grading ensures that interactions requiring a high level of security receive it while routine interactions are “frictionless,” he said. “The authentication process will become virtually invisible to users, except when they attempt to access services outside their normal behavior." Password managers like LastPass and physical security keys are fulfilling the need for better management and security around passwords, said the analyst, and Google entered the physical security key market in 2018 to compete with Yubico and Feitian. New authentication methods need to be frictionless and bring a more personalized, secure approach to authentication, he said. "Poor experiences with authentication and personalization technologies will drive consumers back to traditional methods and increase churn for video services.” The smartphone will likely be a “gateway device” toward a biometric approach, he said.

Two Ukrainian men were charged with computer-related conspiracy for allegedly hacking into SEC computer systems and profiting from stolen data, DOJ said Tuesday. The 16-count indictment against Artem Radchenko, 27, and Oleksandr Ieremenko, 26, included securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud and computer fraud charges.

Zix agreed to pay $275 million cash for the AppRiver cybersecurity firm, the email security provider announced Tuesday. The deal is expected to more than double Zix revenue and adjusted cash flow. True Wind Capital will invest $100 million once the takeover is complete, with some of the tech private equity firm's staff joining the Zix board (see the personals section of this publication). The deal is expected to close in Q1, a Zix spokesperson emailed us.

Marriott erred in taking nearly three months to alert customers about its data breach (see 1901040048), nearly 180 plaintiffs from 50 states, the District of Columbia, Puerto Rico and the Virgin Islands said in a lawsuit Wednesday. Plaintiffs have evidence of fraud allegedly linked to the breach, said Hausfeld's James Pizzirusso: It took Marriott four years to discover the breach on Sept. 8. The lawsuit is in U.S. District Court in Greenbelt, Maryland (docket 19-cv-00094). Monday, Marriott declined comment.

Verizon is offering Fios customers McAfee security for its Home Network Protection (HNP), it said Monday. It's said to protect against malicious websites, includes parental controls and protects devices connected to the home network. Users can monitor security activity through the MyFios app. HNP is available through Verizon’s Quantum Gateway Router.

Hate speech and election interference create problems that “can never fully be solved,” Facebook CEO Mark Zuckerberg wrote Friday. But the platform altered its “DNA” to address harmful issues like interference, harmful speech, misinformation and data control, he added. It will be more than a “one-year” challenge, he said, but the transformation is underway. The platform now employs more than 30,000 staffers to focus on safety, and Facebook invests billions in security annually, he said. “In the past we didn't focus as much on these issues as we needed to, but we're now much more proactive.”