google-site-verification=s1JKQUlQigDi_YDaf1obkHeNEXd8IOGKgKblwH93i7o Kevin's Security Scrapbook

Tuesday, September 14, 2021

I've been hacked! Now what?

Check these links for some instant advice and assistance...

FTC Shuts Down Smartphone Spyware App Company

The Federal Trade Commission (“FTC”) reached a settlement with stalkerware app company Support King, LLC d/b/a and its CEO (collectively “SpyFone”) to resolve allegations that it secretly harvested and shared smartphone owners’ physical location data and information about their phone use and other online activities, and that it exposed smartphones to hacker attacks in violation of the FTC Act.

The complaint alleged that SpyFone’s apps provided real-time access to the data of smartphone owners through a hidden device hack that allowed others, including stalkers and domestic abusers, to track the smartphones on which the apps were installed. In addition, SpyFone’s lax security measures, including storing sensitive information without encryption, exposed consumers to hackers and other cyber threats, including through a 2018 breach of SpyFone’s servers in which the personal information of 2,200 consumers was accessed and stolen.

Under the terms of the proposed consent order, SpyFone will disable its stalkerware apps and destroy all personal information collected through these apps. more

Alert: Apple iOS 14.8 Security Update Spikes Spyware Flaw

 Apple on Monday released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company. 

The tech giant's security note for iOS 14.8 and iPadOS 14.8 says: "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." Apple also released WatchOS 7.6.2, MacOS Big Sur 11.6 and a security update for MacOS Catalina to address the vulnerability. 

The fix, earlier reported by The New York Times, stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist's phone had been infected with Pegasus, NSO Group's best-known product. According to Citizen Lab, the zero-day zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple's image rendering library and was effective against the company's iPhones, laptops and Apple Watches. more

Monday, September 13, 2021

Urban Drone Detection is Due to Become Easier Thanks to 5G

The Department of Homeland Security (DHS) Small Business Innovation Research (SBIR) Program awarded $750,000 to Texas-based small business Cobalt Solutions Inc. to develop a detection and tracking sensor system that can identify nefarious small unmanned aerial vehicles (UAV) in an urban environment...

Cobalt’s technology increases the number of exploitable drone signatures for detection and tracking,” said Dr. Jeff Randorf, DHS S&T engineering advisor and SBIR topic manager. “As more 5G mmWave transceivers are deployed in city centers, the ability to detect and track drones in complex urban geometries becomes easier, while not contributing to an already crowded radio frequency spectrum.” more

Friday, September 10, 2021

Top 10 5G Security Concerns

5G security is inherently prone to security vulnerabilities. Previous-generation networks relied on centralized hardware-based functions that provided security choke points that were relatively easy to monitor. Endpoints in distributed software-defined (SD) networks like 5G are more difficult to keep an eye on.

While 5G addresses security issues in previous-generation wireless networks, for example with enhanced encryption, anti-tracking, anti-spoofing and network slicing features, security holes cybercriminals could potentially exploit have been identified. Some of the security vulnerabilities detected early on were linked to previous-generation networks loopholes. These included ones that allowed attackers to expose a user's location, downgrade their service to a less secure legacy that was more easily attacked, run up costly wireless bills and track users’ activities. more

Thursday, September 9, 2021

Spy Tech - Facebook and Rayban (Possibly Raybanned in some locales)

The first thing you'll notice about Facebook’s new camera glasses is that they are not called Facebook Glasses — they are called Ray-Ban Stories. This is because they are made in partnership with Ray-Ban (a cool company that no one hates), and Facebook has had a rough couple of years in the public eye. And “Stories” because, you know, Instagram stories and Facebook stories and also Snapchat "story,"

...the real danger here isn’t to your data — it’s the fact that you’re walking around wearing barely perceptible spy glasses, taking videos and photos of anyone you want, likely without them noticing...

If the idea of camera sunglasses seems familiar, perhaps that’s because it sounds like Snapchat Spectacles, which launched in 2016. In what I can only imagine is a loving tribute, Facebook has named its camera sunglasses “Stories” after the other signature product that Facebook/Instagram lifted from Snapchat. more

Tech stuff: "Dual 5MP camera gives your content new depth and dimension. Takes high resolution photos (2592x1944 pixels) and quality video (1184x1184 pixels at 30 frames per second)."

Not as dorky as past creepy-peepies, these glasses may not be recognized as spy glasses at first glance. (Maybe a Buddy Holly or Maurice Moss meets Zuck mash-up instead.) In fact, "Facebook says it's a violation of the Terms of Service to cover up the light that comes on when you're recording." Right, like that's gonna work. Additionally, "Facebook is discussing building facial recognition into its upcoming smart glasses product..." What could possibly go wrong? more

FutureWatch: Laser Through a Keyhole Can Expose Everything in a Room (somewhat)

If you're worried about privacy, it might be time to cover up your front door's peephole.

Being able to see inside a closed room was a skill once reserved for super heroes. But researchers at the Stanford Computational Imaging Lab have expanded on a technique called non-line-of-sight imaging so that just a single point of laser light entering a room can be used to see what physical objects might be inside...

It’s an incredibly clever technique, and one day it could be a very useful technology for devices like autonomous cars that would potentially be able to spot potential hazards hidden around corners long before they’re visible to passengers in a vehicle, improving safety and obstacle avoidance...

The research could one day provide a way for police or the military to assess the risks of entering a room before actually breaking down the door and storming their way inside, using nothing but a small crack in the wall or a gap around a window or doorway.  more

‘Havana Syndrome ’ and the Mystery of the Microwaves

Doctors, scientists, intelligence agents and government officials have all been trying to find out what causes "Havana syndrome" - a mysterious illness that has struck American diplomats and spies. Some call it an act of war, others wonder if it is some new and secret form of surveillance - and some people believe it could even be all in the mind. So who or what is responsible?

It often started with a sound, one that people struggled to describe. "Buzzing", "grinding metal", "piercing squeals", was the best they could manage.   

...Havana syndrome first emerged in Cuba in 2016. The first cases were CIA officers, which meant they were kept secret. But, eventually, word got out and anxiety spread...

Uncovering the truth has now become a top US national security priority - one that an official has described as the most difficult intelligence challenge they have ever faced.  more  history

Wednesday, September 8, 2021

Martian Helicopter - Coincidence or Espionage? You Decide.

China’s National Space Science Center is working on an aerial drone that bears a striking resemblance to NASA’ Ingenuity helicopter, currently on Mars.
It’s got four outstretched wiry legs, two rotors stacked atop each other, and a simplified fuselage. It’s China’s take on NASA’s wildly successful aerial drone.

A press release from China’s National Space Science Center suggests the vehicle, called the “Mars cruise drone,” has passed acceptance and will presumably advance to the next stage of development. Eventually, the Chinese aerial drone could make it to Mars, where it will patrol the landscape and further China’s exploration of the Red Planet. To that end, the Mars cruise drone will be equipped with a spectrometer for performing aerial surveys and for studying the Martian geology. more

Espionage - It Still Happens and it Still Matters

The Director General of Mi5 noted in his annual threat update hostile states seeking to spy on certain governments is as old as the hills. Nevertheless, it still happens, and it still matters. Hostile States utilising someone on the ‘inside’ to acquire privileged information makes their job so much easier.  Recently we have seen media coverage of a security officer at the British Embassy in Berlin arrested on suspicion of acting on behalf of a foreign intelligence agency.    

This blog serves as a reminder that traditional spycraft does exist and importantly provides you with some high-level protective security principles that your organisation should consider.  more


Friday, September 3, 2021

Security Director Alert: Wireless Key-Logger Hides in USB-C to Lightning Cable

A USB-C to Lightning cable with a hidden wireless key-logger can enable an attacker to capture everything you type from a distance of up to a mile.

Any tech-literate person knows you should never plug a USB key into any of your devices unless you trust the person giving it to you, but fewer know that the same applies to USB cables...

“We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile,” he added...

...the new cables now have geofencing features, where a user can trigger or block the device’s payloads based on the physical location of the cable.  more

These spy cables come in various configurations, including standard USB charging cables. They look exactly like authentic cables. An electronic test can identify a malicious spy cable easily. In fact, you can do it yourself. Click here for instructions.

Wednesday, September 1, 2021

Last Month in Spycam News

FL - Pembroke Pines Police said Thursday that the owner of Master Franco’s Taekwondo Academy on Pines Boulevard is facing additional video voyeurism charges. Robert Franco, 64 was already facing charges for placing nanny cameras in the bathroom of his Pembroke Pines facility. more

UK - A vile sexual deviant who snooped on a woman as she got changed at a swimming pool was found to possess 30 more videos of people getting changed - including children... unaware victim was getting changed...when she noticed a towel from the cubicle next to her along with a hidden mobile phone. more

WY - A Casper man (Douglas Michael Dickey) facing accusations that he recorded multiple videos of people using the restroom at a restaurant where he used to work has changed his plea in the case... “Dickey’s face [was] also observed when he started the recording of the video,” detectives write in the affidavit. “Setting up his cell phone by placing it next to the toilet and covering the cell phone from his victims. The videos also showed Dickey wearing his [uniform] and his employee name tag. Each of the videos ended with Dickey looking into the cell phone as he recovered the phone and ended the recording.” more

FL - Former Gulf Breeze Mayor Edward “Ed” Merrill Gray III has been sentenced to five years in state prison for secretly recording teen boys in his shower. more 

FL - A 34-year-old Port Orange man is charged with 25 counts of Video Voyeurism for secretly videotaping his child's nanny in his home... A digital clock in that bathroom struck the nanny as "weird." She explained that the clock "faced directly towards the shower and a blank wall. more

UK - Louise was nearly six months' pregnant when she spotted something suspicious after having had a massage - a digital clock wired up to a laptop computer. Immediately afterwards Louise - not her real name - searched online for "digital clock, hidden camera". The first result confirmed her worst fears. more

UK - A GREATER Manchester Police employee has today been sentenced for voyeurism in the workplace after secretly filming colleagues on the toilet. more

NY - According to arrest records from Seneca Police...Andrew Ballenger Johns, age 26 of West Union, was booked into jail on a charge of voyeurism... Judge Susan Harris alleged that Johns “knowingly video recorded the victim, a 26-year old female, without her knowledge or consent while she was in a place that she had reasonable expectation of privacy…and that he did position a cell phone set to record inside a bathroom of a residence.” more

N. Ireland - A Belfast-based private tutor is to stand trial over allegations that he secretly recorded a group of schoolgirls, a judge ordered today. more

UK - Cheshire pervert secretly filmed women and young girls on the toilet in pubs...A search at the scene and his home address...revealed 20 video clips of adults being filmed without their knowledge: 16 of which featured men and women using the toilets at Creamfields - where Smith was working and had set up a covert camera... more

LA - Michael Jackson was convicted of video voyeurism and sentenced to 80 years in prison after he was convicted as a habitual offender from a July 2016 arrest. Jackson got caught at a fast-food restaurant sticking a camera under a bathroom stall to film females. The registered sex offender had multiple other convictions on his record. more

Mauritius - The Mauritius Football Association and local police are investigating a complaint of voyeurism after a female FA employee found a mobile phone in video recording mode in the women's toilets at the FA headquarters. ...the device hidden in a blue basket above the toilet water tank. more

China - The China Cyberspace Administration (CAC) announced on Monday that dozens of people were arrested and 25,000 illegally hacked webcams were seized as part of a crackdown on illegal voyeurism in Asian countries. In a statement, Cyber ​​Security Watchdog announced the detention of 59 suspects allegedly using camera cracking software to illegally control webcams, eavesdrop on individuals and commit illegal acts. more

UK - For months voyeur Christopher Adam Robinson, 35, secretly put his mobile phone in the shop’s changing room where it could film others without them knowing, said Howard Shaw, prosecuting... Robinson said he needed to “set up” the changing room and went briefly into it before letting people use it. As they tried the clothes on, they spotted the phone half hidden behind curtains and realised they were being filmed. more

FL - A girl’s discovery of hidden cameras in a Pembroke Pines martial arts studio’s restroom led to the arrest of the 64-year-old head instructor, Pembroke Pines police announced Saturday... a student noticed two cameras “discretely placed within picture frames on a shelf located in the academy’s restroom.” more

UK - Doctor Metwally also pleaded guilty to two offences of voyeurism which took place between 2013 and 2014 after he covertly filmed two patients who were in a state of undress whilst attending medical appointments. more

NY - Philip Close, the former owner of the Close School of Music, was sentenced Tuesday to 50 years in prison for child pornography, according to federal officials... He admitted to hiding spy cameras to secretly record students, parents and teachers in the building... Close also put hidden cameras in the music school’s only bathroom, one under the toilet and one in front of the toilet. These cameras were used to record young girls using the bathroom. more

Canada - A trial has been scheduled for Moose Jaw businesswoman Kyra Klassen, who is facing two charges of voyeurism...Klassen is facing allegations that she secretly photographed two nude women last year and posted the images to an online chat group without their permission. more

TN - Police said a man has been charged with three counts of video voyeurism after they found a phone under a bathroom sink in a Middlesboro hospital, with a motion-activated app that police said would take live footage. more

Japan - Tokyo Metropolitan Police have arrested a 42-year-old man over the alleged sale on the internet of illicit footage of female sex workers...allegedly sold footage of several sex workers on the pay-to-view site... (He had) mounted a hidden camera on the frame of his glasses to take tosatsu (voyeur) footage during encounters with them... Upon his arrest (he) admitted to the allegations. “I thought that if I made money, I could visit more sex shops,” the suspect told police. more

These stories are presented to raise awareness.

Spycam Facts:

  • Only the failed video voyeurs make the news.
  • Most spycam attacks go undetected.
  • A few are discovered... almost all by accident.
  • Only a few of these are reported to the police.
  • Only a few of these cases are solved.
  • Only few of these make it to my desk.
  • I only share just a few of them with you.
Any organization with expectation of privacy areas needs this to protect their employees, visitors and customers... and themselves, from forseeability law suits.

Tuesday, August 31, 2021

A Spy, a Botanist, and a Strawberry

The year was 1712. An engineer in the French Army Intelligence Corps named Amédée-François Frézier was sent by King Louis XIV on a reconnaissance mission to Chile. Between covert visits to Chilean military fortifications where he posed as a tourist in order to gain access, Frézier was also charged with documenting the local flora and fauna. One day he came upon a familiar sight: a berry that looked similar to one he knew from Europe, but significantly larger...

Frézier packed up some of these plants and took them back to France where they were planted among other species. The crossing of Fragaria chilenosis with another species from the new world, Fragaria virginiana, resulted in a hybrid that would eventually become the strawberry we know today... Eventually the hybrid made its way back across the Atlantic and took hold in North and South America.

Did you happen to notice our French spy's name, Frézier? That might sound familiar because the French word for strawberry is fraise. An ancestor of Frézier’s was knighted and bestowed the name by the king of France in the year 916 after offering his highness a gift of ripe strawberries. Seems it was Amédée’s destiny to become intertwined with this noble berry. more

Monday, August 30, 2021

Weird Files: Somewhat Covert Microphone is a Blast & Bugged Bugs

The GREEN12 is a cardioid directional, small diaphragm electret condenser microphone that is a great choice for users that are looking for a slim profile, high-quality microphone which is perfect for most professional, semi-professional, and home-recording applications. 

Its cardioid capsule and machined vents allow for high off-axis rejection and a focused recording, great for stringed acoustic instruments. 

The GREEN12 is handmade from an actual discharged 12Ga shell. more


The first Asian giant hornet nest of 2021 was found Thursday morning, Aug. 19, in a rural area east of Blaine, about one-quarter mile from where a resident reported a sighting of a live Asian giant hornet on Wednesday, Aug. 11.

The state agriculture staff netted, tagged with a tracker and released three of hornets Aug. 11, to Tuesday, Aug. 17, according to a news release from the Washington State Department of Agriculture. One of the so-called “murder hornets” slipped out of the tracking device, another hornet was never located and one eventually led the team to the nest. more

Read more here:

Friday, August 27, 2021

Controversial Tool That Lets Kids Spy on Their Parents

A new tool that may give one or two parents -- and many, many kids -- pause for thought.

It's called Parent Track and it's the mindchild of environmentally caring soap brand Gelo.

The idea is that kids can install the Parent Track ad tracker onto their parents' devices. This will, well, guilt them into not buying environmentally questionable products and drive them to eco-positive awareness tools...

Not everyone will be positively moved by the message Gelo sends when a parent's device is signed up. 

It reads: "You just signed up this device, allowing us to follow your parents around the internet, reminding them to quit single-use plastics for good. By doing so, you set them on a more sustainable path and may very well have saved the planet. Our thanks just don't feel like enough."

Perhaps more parents buying Gelo products -- so that Gelo would make more money -- would feel like enough. more