Normal view

ICE to keep an eye on your eyes under $25M biometric scanner deal

29 May 2026 at 19:35
If you thought US Immigration and Customs Enforcement’s widespread use of face recognition apps was a privacy violation, you’re about to get eye-rate over a new $25 million contract. According to a largely unreported contract summary published last week by ICE parent agency the Department of Homeland Security, US immigration cops have doled out about $25.1 million to a company called Bi2 Technologies for 1,570 biometric recognition devices able to identify people through fingerprints, iris scans, and facial recognition. Additional procurement data indicates that the devices can be used in the field in both mobile and stationary configurations, and they provide ICE agents with access to Bi2’s Inmate Recognition and Identification System (IRIS), which matches biometrics to a database of more than five million booking, arrest, and incarceration records from 47 US states. The Bi2 system is also able to access driver’s license and vehicle plate info. The deal was made without seeking any competing bids, and ICE justified the sole-source acquisition by pointing not only to Bi2’s capabilities being “unmatched by any competitor,” but also to a contract from last year in which it paid the company $4.6 million for what now appears to have been a one-year trial run of its technology on a much smaller scale. Per the FY 2025 contract, which expires at the end of this coming September, ICE got similar access to the IRIS database and mobile/stationary biometric scanning technology as this year’s award, but only 200 devices were deployed across the US. With the addition of this contract, 1,770 of the devices could now be on American streets by the end of May 2027. While the Bi2 contracts have yet to cause a stir on the level of other ICE biometric surveillance technologies, the widespread deployment of eyeball scanners linked to law enforcement databases and other forms of government documentation could end up stirring up more controversy. Senate Democrats have been railing against ICE’s use of biometric identification technology like Mobile Fortify, an app reportedly used by DHS under the Trump administration’s immigration enforcement push to identify people suspected of immigration violations and, potentially, protesters. In a letter last September, senators demanded ICE immediately cease using Mobile Fortify over concerns that the app could be inaccurate, biased, and might have a chilling effect on the legal expression of protected civil rights in the US. Neither ICE nor DHS responded to questions for this story. ®

Can Your Wearable Health Monitors Be Compromised?

13 April 2026 at 20:00

Wearable health devices are designed to give you more control over your body and your data. 

But in 2026, the bigger risk isn’t someone spying on your smartwatch or smartring in real time. It’s what happens if the data connected to that device gets exposed. 

Health data, login credentials, and behavioral patterns tied to wearables can become valuable signals for cybercriminals. And once that data is out, it can fuel everything from identity theft to highly targeted scams. 

Here’s what’s actually at risk, and how to protect yourself. 

What Is Wearable Health Data (and Why It Matters) 

Wearable health data refers to the personal information collected and stored by devices like fitness trackers, smartwatches, and connected medical monitors. 

This can include: 

  • Heart rate and activity levels  
  • Sleep patterns  
  • Location data  
  • Medical metrics (like glucose levels)  
  • Account credentials tied to apps and dashboards  

On its own, this data may seem harmless. But combined, it creates a highly detailed profile of your habits, routines, and health status. 

The Real Risk in 2026 Isn’t the Device. It’s the Data. 

Early conversations around wearable security focused on device hacking or surveillance. 

Today, the bigger concern is data exposure. 

If wearable platforms, apps, or connected services are breached, your data could be: 

  • Sold on the dark web  
  • Used to impersonate you  
  • Leveraged in targeted phishing or health-related scams  

And because this data is personal and specific, scams built from it can feel far more convincing than generic spam. 

How Exposed Wearable Data Can Lead to Scams 

When cybercriminals gain access to personal data, they don’t just sit on it. They use it. 

Here’s how that plays out: 

Scenario  What It Looks Like  Why It Works 
Health-related phishing  “Your insurance claim was denied” or “Update your health profile”  Feels relevant and urgent 
Account takeover attempts  Password reset emails tied to known apps  Uses real account signals 
Personalized scams  Messages referencing routines, devices, or conditions  Builds trust quickly 
Fake alerts or services  “Device security issue detected”  Mimics real product behavior 

 

This is where the risk shifts from data privacy → real-world financial and identity impact. 

6 Smart Ways to Protect Your Wearable Data 

1)Install updates immediately
Security patches fix known vulnerabilities. Delaying updates leaves gaps open.  

2) Use layered protection, not just device settings
A VPN and security software help protect data in transit and block threats before they reach you.  

3) Strengthen your login credentials
Use strong, unique passwords and enable two-factor authentication wherever possible.  

4) Limit what you share
Review app permissions and only connect devices to services you trust.  

5) Verify every message or alert
If you receive a message tied to your device or health data, double-check the source before clicking.  

6) Monitor your accounts regularly
Small signs of unusual activity can be early indicators of larger issues. 

How McAfee Helps Protect Your Data Beyond the Device 

Protecting your wearable doesn’t stop at the device itself. It extends to what happens if your data is exposed or targeted. 

Identity Monitoring 

McAfee helps track your personal information across known breach sources and alerts you if your data appears where it shouldn’t. 

This gives you early warning if wearable-related accounts or associated data are compromised. 

Scam Detector 

If your data is exposed, scammers often follow. 

McAfee’s Scam Detector helps identify suspicious messages, links, and communications before you engage, and explains why something was flagged, so you can make informed decisions quickly. 

Together, these tools help protect not just your device, but the chain reaction that can follow a data breach. 

The post Can Your Wearable Health Monitors Be Compromised? appeared first on McAfee Blog.

Kimwolf Botnet Swamps Anonymity Network I2P

11 February 2026 at 16:08

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet’s control servers.

Kimwolf is a botnet that surfaced in late 2025 and quickly infected millions of systems, turning poorly secured IoT devices like TV streaming boxes, digital picture frames and routers into relays for malicious traffic and abnormally large distributed denial-of-service (DDoS) attacks.

I2P is a decentralized, privacy-focused network that allows people to communicate and share information anonymously.

“It works by routing data through multiple encrypted layers across volunteer-operated nodes, hiding both the sender’s and receiver’s locations,” the I2P website explains. “The result is a secure, censorship-resistant network designed for private websites, messaging, and data sharing.”

On February 3, I2P users began complaining on the organization’s GitHub page about tens of thousands of routers suddenly overwhelming the network, preventing existing users from communicating with legitimate nodes. Users reported a rapidly increasing number of new routers joining the network that were unable to transmit data, and that the mass influx of new systems had overwhelmed the network to the point where users could no longer connect.

I2P users complaining about service disruptions from a rapidly increasing number of routers suddenly swamping the network.

When one I2P user asked whether the network was under attack, another user replied, “Looks like it. My physical router freezes when the number of connections exceeds 60,000.”

A graph shared by I2P developers showing a marked drop in successful connections on the I2P network around the time the Kimwolf botnet started trying to use the network for fallback communications.

The same day that I2P users began noticing the outages, the individuals in control of Kimwolf posted to their Discord channel that they had accidentally disrupted I2P after attempting to join 700,000 Kimwolf-infected bots as nodes on the network.

The Kimwolf botmaster openly discusses what they are doing with the botnet in a Discord channel with my name on it.

Although Kimwolf is known as a potent weapon for launching DDoS attacks, the outages caused this week by some portion of the botnet attempting to join I2P are what’s known as a “Sybil attack,” a threat in peer-to-peer networks where a single entity can disrupt the system by creating, controlling, and operating a large number of fake, pseudonymous identities.

Indeed, the number of Kimwolf-infected routers that tried to join I2P this past week was many times the network’s normal size. I2P’s Wikipedia page says the network consists of roughly 55,000 computers distributed throughout the world, with each participant acting as both a router (to relay traffic) and a client.

However, Lance James, founder of the New York City based cybersecurity consultancy Unit 221B and the original founder of I2P, told KrebsOnSecurity the entire I2P network now consists of between 15,000 and 20,000 devices on any given day.

An I2P user posted this graph on Feb. 10, showing tens of thousands of routers — mostly from the United States — suddenly attempting to join the network.

Benjamin Brundage is founder of Synthient, a startup that tracks proxy services and was the first to document Kimwolf’s unique spreading techniques. Brundage said the Kimwolf operator(s) have been trying to build a command and control network that can’t easily be taken down by security companies and network operators that are working together to combat the spread of the botnet.

Brundage said the people in control of Kimwolf have been experimenting with using I2P and a similar anonymity network — Tor — as a backup command and control network, although there have been no reports of widespread disruptions in the Tor network recently.

“I don’t think their goal is to take I2P down,” he said. “It’s more they’re looking for an alternative to keep the botnet stable in the face of takedown attempts.”

The Kimwolf botnet created challenges for Cloudflare late last year when it began instructing millions of infected devices to use Cloudflare’s domain name system (DNS) settings, causing control domains associated with Kimwolf to repeatedly usurp AmazonAppleGoogle and Microsoft in Cloudflare’s public ranking of the most frequently requested websites.

James said the I2P network is still operating at about half of its normal capacity, and that a new release is rolling out which should bring some stability improvements over the next week for users.

Meanwhile, Brundage said the good news is Kimwolf’s overlords appear to have quite recently alienated some of their more competent developers and operators, leading to a rookie mistake this past week that caused the botnet’s overall numbers to drop by more than 600,000 infected systems.

“It seems like they’re just testing stuff, like running experiments in production,” he said. “But the botnet’s numbers are dropping significantly now, and they don’t seem to know what they’re doing.”

❌