CISA Warning: Commercial Spyware & SS7

The long-held assumption among corporate executives and government officials that switching to encrypted messaging apps like Signal or WhatsApp guarantees immunity from surveillance is rapidly eroding...

CISA’s warning touches upon legacy vulnerabilities in the telecommunications infrastructure itself. The agency highlights the continued abuse of Signaling System 7 (SS7), the protocol suite used by phone networks globally to route calls and texts. Despite decades of warnings, SS7 remains vulnerable to interception and location tracking. Sophisticated attackers can exploit these network flaws to intercept the SMS verification codes used to register Signal or WhatsApp accounts. By “porting” the target’s number to a device controlled by the attacker, they can effectively hijack the victim’s identity on these platforms. While Signal has introduced features like Registration Lock to mitigate this, adoption remains low among general users. (more)

Extortionography: Leaked Tape Forces Outcome

Campbell’s said on Wednesday that it no longer employed an executive who was accused in a lawsuit of making offensive comments and disparaging the company’s food products.

An audiotape that was released this month reportedly featured the voice of Martin Bally, a vice president of information technology, saying Campbell’s made processed food for “poor people” and making racist remarks...

A former employee who leaked the tape to the news media, Robert Garza, did so in conjunction with a lawsuit he filed last week in Michigan against Mr. Bally and Campbell’s. The person on the audio also refers to Campbell’s canned soup containing a “piece of chicken that came from a 3-D printer.” (more)

------

“What is corporate extortionography, and why is it important to me?”
Extortionography is a word coined to cover the use of audio, video, or photographic evidence for personal or monetary gain, or to force a desired result or outcome. (more)

See Cruise Headed to Court May Divert to Arbitration

A cruise ship crew member who planted a hidden camera to watch a young girl undress in her cabin may have spied on over 900 passengers, a class action lawsuit alleges. Lawyers who filed the civil lawsuit in a Miami federal court last October want each of those people to be able to hold the company accountable and receive damages. But Royal Caribbean, the world’s second-largest cruise ship company, has pushed back.

Background: Mirasol, a room attendant, regularly cleaned passenger rooms, restocked towels and changed sheets on Royal Caribbean’s Symphony of the Seas, a vessel that carries 5,518 passengers and 2,200 crew members. But that wasn’t all he did, according to court filings and the criminal complaint from the Broward County Sheriff’s office. Searching his electronic equipment including a USB stick device, law enforcement agents found “several videos of naked females undressing in their bathrooms.” One girl seemed to be 10 years old, they said. He’d planted small, secret cameras in passengers’ rooms.

Push Back: Royal Caribbean wrote in a court filing. “Plaintiffs agreed in their digitally signed ticket-contract that all claims for mental or emotional injury must be resolved through arbitration.” Arbitration is a secretive process often favored by companies. (more)

A Load of Code Hits the Road

A former engineering manager misappropriated millions of lines of proprietary source code during the transition period following Elon Musk’s acquisition of the social media platform now known as X... The company reports that it did not become aware of the alleged code exfiltration until nearly two years later. Case Name: X Corp. v. Yue et al. Court Name: U.S. District Court for the Northern District of California Case Number: 4:25-cv-10423 (more)

Three security safeguards recommended: Recording in the Workplace Policy, Storage Media Policy, and Data Movement Monitoring.

Smart Dust Microscopic Spy Sensors...

... Nothing to sneeze at.

In a groundbreaking fusion of science fiction and reality, smart dust technology—tiny, wireless sensors capable of gathering vast amounts of data—promises to revolutionize industries from environmental monitoring to healthcare while raising significant ethical and privacy concerns.

The concept of “smart dust” might sound like something from a science fiction tale, but it’s gradually becoming an integral part of modern technology. Originating as a theoretical proposal for the Defense Advanced Research Projects Agency (DARPA), smart dust has evolved into a promising tool for various industries. From environmental monitoring to intelligence gathering, these microscopic sensors offer a wide range of applications. As they continue to develop, the potential to revolutionize data collection and interaction with our environments becomes increasingly apparent. This article delves into the origins, current developments, and future implications of smart dust technology. (more)

Potty Cam, or Dr. Crapper makes a house call.

Kohler's toilet camera takes things to a new level. The company, which has been developing toilet tech for years, dropped the Dekoda, which aims a camera at the water (and everything else in it) to get various health-related readings...

Once you install the Dekoda and you're ready to use the toilet, you need to sign in. You can do this on the app or you can put your finger on the optional fingerprint scanner. After you use the toilet, the system gets to work on scanning your waste. It develops data related to your gut health and hydration and also detects blood, which can be important to know about...

Of course, it's 2025 and everything has a subscription. To get a look at all of the Dekoda's "insights" and data about your poop on the Kohler Health app, you'll pay a monthly fee. The app is going for $6.99 per month for an individual, or you can play $12.99 a month for the family plan. (more)

Furbo The Robo - Pet Surveillance Camera

Robots don't have to look humanoid. Your pet doesn't care, especially if it tosses treats. Just hope it is not catnip for hackers...

• FULL HD CAMERA WITH 360° ROTATING VIEW 
• REAL-TIME 2-WAY AUDIO & COLOR NIGHT VISION
• FUN ADJUSTABLE TREAT TOSSING
• INSTANT SMART ALERTS
• BARKING SENSOR (Yes, there is a cat version.)
• EASY SETUP, SECURE CONNECTION
• SUBSCRIPTION (wait, what?!?!)

When you can't remote work, remote pet? Next up, a robot that solves the remote walking issue. (more)

10 Years Ago this Month - From the Security Scrapbook

Excellent camera installation. (more)

BTW, infrequent Security Scrapbook posts recently due to working on another project. All ok here.

Spy History - 'The Spy Queen Was A Nympho!" (UPDATE)

On November 23, 2011 the Security Scrapbook featured a post about Martha Dodd. Whatawoman! Well, she is back today with even more juicy background information.

Brendan McNally wrote a book about her; the only one I know of. It is called, Traitor's Odyssey: The Untold Story of Martha Dodd and a Strange Saga of Soviet Espionage. (Go ahead, buy it.)

Brendan and I crossed paths this month. 

This is his story behind the story...

"When I was a reporter in Prague in 1992, I got to know her secretary. Martha was not a nice person, but she actually helped finance Vaclav Havel and the 1989 Velvet Revolution. Go Figure!

"Having spent altogether too much of my post-adolescence researching Martha, what parting thoughts do I have on her? Well, for someone as incredibly guilty as she was, she wasn't actually guilty of very much. Her intent was all there. She was ready, willing, and able, but the officers of the New York rezidentura* were too busy trying to steal the atomic bomb to even have the spare moment about how she could be used as a spy. It's like a dirty movie where the character can't manage to get anyone to have sex with them. She did everything she could: hosting fun country weekends for everyone at the Soviet consulate, pool tennis courts, pony rides, open bar... but nothing!

"Dora, the colleague of mine who'd worked for her, called Martha Dodd, 'a nobody trying to be a somebody.' In the end, she died inadvertently at the hands of the secret police, who'd gotten it into their heads that she had gold!

"If they ever make a movie about this woman's life, I hope John Waters directs it."

I am still laughing.

* In the context of espionage, a rezidentura is a Russian intelligence station in a foreign country, often located within an embassy, that serves as a base for a group of agents known as resident spies.

Spybuster Tip: How to Set Up and Use a Burner Phone

Obtaining and using a true burner phone is hard—but not impossible. Here are the steps you need to take to protect your mobile communications based on the risks you face.

Burner phones, which are often “dumb” flip phones, can be loaded with prepaid minutes and offer anonymity when rotated frequently, purchased with cash, and siloed from any connections to you or your digital life. The idea is that cops, or other actors, are unlikely to be tracking a fresh burner phone in real time. But the crucial additional layer of protection that properly used burner phones offer is that even if they are—or they later tie communications from a burner phone to activity they are investigating—they can’t use digital ties to establish who was using it. (Full article in Wired Magazine.)

Sextortion with a Twist: Spyware takes Webcam Pics of Users Watching Porn

SEXTORTION-BASED HACKING, WHICH hijacks a victim's webcam or blackmails them with nudes they're tricked or coerced into sharing, has long represented one of the most disturbing forms of cybercrime. Now one specimen of widely available spyware has turned that relatively manual crime into an automated feature, detecting when the user is browsing pornography on their PC, screenshotting it, and taking a candid photo of the victim through their webcam.

Researchers at security firm Proofpoint published their analysis of an open-source variant of “infostealer” malware known as Stealerium that the company has seen used in multiple cybercriminal campaigns since May of this year. 

The malware, like all infostealers, is designed to infect a target's computer and automatically send a hacker a wide variety of stolen sensitive data, including banking information, usernames and passwords, and keys to victims' crypto wallets. Stealerium, however, adds another, more humiliating form of espionage: It also monitors the victim's browser for web addresses that include certain NSFW keywords, screenshots browser tabs that include those words, photographs the victim via their webcam while they're watching those porn pages, and sends all the images to a hacker—who can then blackmail the victim with the threat of releasing them. more

Maybe Minority Report was a Documentary All Along?

Flock Safety’s CEO Garrett Langley told Forbes he believes his surveillance tech company could curb most US crime in the next decade, which is… quite a statement. 

His $7.5B business is actually off to a strong start, though: eight years in, Flock has 80k+ cameras keeping watch over roads and parking lots nationwide. And now they’re upping their dystopian pursuits, rolling out their own drones — with their cameras mounted on them, naturally. 

For now, Flock is mostly reading license plates and detecting gunshots. For now. more

Hackers Are Using AI to Steal Corporate Secrets and Plant Ransomware

In one of the most recent examples, a hacker discovered an exploit in Anthropic’s Claude chatbot that allowed them to “commit large-scale theft and extortion of personal data” at 17 (and perhaps more) organizations in the health care, emergency services, government, and religion industries.

The hacker then threatened to expose that data, demanding ransoms that, in some cases, topped $500,000. (Anthropic did not name any of the 17 organizations that were impacted by the hack.) more

People Are REALLY Mad at These AI Glasses That Record Everything Constantly

Users on social media have responded with horror and outrage to a pair of smart glasses developed by a startup called Halo that its creators, a pair of Harvard dropouts, claim will feed you live AI-powered insights while logging and transcribing every conversation you take part in. So transformative will it prove to the human brain, the twenty-something-year-old inventors promise, that wearers will soon be not just thinking, but "vibe thinking."

Many were quick to raise alarm over the obvious nightmare this would be for personal privacy — not just for the wearers, crucially, but anyone they interact with. more

Security Director Alert: Employees Are Packing

This media advice to employees may lead to corporate espionage. BOLO

Worried About Losing Your Job? Pack a Digital Go Bag

It’s now more common for layoffs to happen through account lockouts. Every employee needs to download their most important files from work, and update them periodically.

What Is a Digital Go Bag?
A digital go bag or virtual go bag is an electronic version of a traditional go bag—a bag you pack ahead of time that has everything you need in case you have to leave in a hurry—and it's meant specifically for work. If you got laid off or fired without notice, what documents and information would you most want to keep hold of? 

How to Make a Digital Go Bag
First, identify the documents you want to take with you. Second, decide how often you need to download the items in order to keep your go bag up to date. Some, like performance reviews and tax documents, might only be updated once per year. Others, such as emails between you and your supervisor, might pile up quickly enough that you decide to download them quarterly. more

Spybuster Tip: iPhone 'secret code' reveals if someone is spying on your text message

Apple has a little-known security feature, often described as a hidden 'secret code,' that can reveal if someone is snooping on your private conversations. 

Every iMessage chat generates a unique security code, like a digital fingerprint. If you and your contact see the same code, your messages are safe and fully encrypted.

To make this process easier, Apple introduced Contact Key Verification, found under Settings and Apple ID, which displays a verification code that you and your iMessage contacts can compare. 

If the codes line up, you can tap Mark As Verified, which saves the code to that person's contact card. more

Recent Spy Camera News

• Student’s Federal Suit Claims URI Defamed Her After She Was Victim of Video Voyeurism in Bathroom

A University of Rhode Island (URI) student has sued the school, after she says a man in a unisex bathroom on campus recorded her while she was showering - and that the university subsequently “defamed” her...She has filed the lawsuit as “Jane Doe,” and she is seeking “an order that the Defendants make whole the Plaintiff with appropriate compensation for emotional and physical distress, loss of consortium, and interest, in amounts to be proved at trial, and other affirmative relief necessary to eradicate the effects of their conduct.” more

• London teacher banned from classroom after changing room voyeurism conviction
UK - A teacher who tried to take photos inside some female changing rooms has been banned from the classroom indefinitely. Christopher Arnold, 40, was convicted of a voyeurism offence and placed on the sex offenders register for five years in 2022 after holding up his phone camera to the window of some changing rooms, but maintains he did not actually manage to photograph anyone. more

• Stalker escapes jail after installing covert camera in his ex-wife’s home

NI - A Co. Antrim man whose “appalling behaviour” saw him cable-tie a tracking device to his ex-wife’s car and install a covert camera in her home during a two-month stalking campaign escaped jail today...The stalking was uncovered in April last year when his ex-wife found a tracking device attached to her car. Initially there was no evidence linking Dougan, but two days later she produced proof the device had been cable-tied behind her rear wheel.

• Five MSPs 'filmed by spy cam hidden in parliament toilet

UK - At least five MSPs along with several journalists and staff have been contacted by police over alleged secret toilet recordings in Parliament. Detectives have begun interviewing people already identified in footage understood to be from a covert camera hidden in a cubicle in the Holyrood building. more

• Hidden camera in the women’s toilets at his workplace

Greece - The case came to light when a 50-year-old female coworker at the office in Pallini, in eastern Athens, discovered the device and filed a complaint with local police. Officers recovered a memory card from the camera containing footage of the man adjusting the device. (doh! Darwin Award) more

• Police arrest man after recording device found in North Grenville daycare

Canada - Ontario Provincial Police are investigating the discovery of a recording device inside a daycare in North Grenville.

Police say officers with the Grenville County OPP Detachment received a report on Aug. 20 that a recording device was found and an investigation was launched into the “apparent act of voyeurism.” 

more

•  Foot Cam Man

Australia - A man has been charged after allegedly filming teenage girls with video cameras hidden inside his shoes (photo) in Sydney’s inner west. Police allege the 49-year-old man placed modified cameras within the lacings of his shoes and filmed teenage girls in public without their consent. The girls were believed to be aged between 12 and 15, police said. more

Eavesdropping Prevention: Acoustical Leakage Attenuator - Stick it Up Your Air Duct

The Phase Gradient Ultra-Open Metamaterial developed at Boston University has the potential to solve a long-standing problem in acoustics.

A new breakthrough from the Zhang Lab at Boston University is making waves in the world of sound control...making the technology viable in new environments such as factories, offices, and public spaces, where diverse and unpredictable sound frequencies are common and airflow remains essential.

Their latest advance centers on broadband silencing...the use of phase-gradient metamaterials, giving rise to the Phase Gradient Ultra-Open Metamaterial (PGUOM).

“PGUOM takes a smarter approach — more like noise-canceling headphones — effectively silencing a broadband of unwanted sounds,” said Zhang. “It remains highly effective even as the noise shifts in pitch or volume, making it far more practical in dynamic settings like open offices, ventilation systems, or transportation hubs, where sound sources are unpredictable and span a wide range of frequencies.” more

Recent Spy News

U.S. military contractor accused of trying to spy for China charged with espionage in Germany
CBS News
An American man who worked at a U.S. military facility in Germany has been indicted for allegedly offering to supply sensitive information to ...

Australia expels Iranian ambassador after spy agency finds Iran directed antisemitic attacks on its soil
CNN
Australia is expelling the Iranian ambassador to Canberra after the country's intelligence agency found that Iran was behind at least two ...

Schools' safety tools are spying on kids — even at home - Fox News
Fox News
Schools' safety tools are spying on kids — even at home. UC San Diego study finds early one-third of school safety companies rate students based on ...

Popular free VPN caught spying on users | Information Age | ACS
Information Age | ACS
A popular free VPN has been accused of spying on its userbase after security researchers observed it taking non-consenting screenshots of user ...

YouTuber appears in Hisar court in spying case - The Tribune
The Tribune
YouTuber Jyoti Malhotra, who is facing allegations of spying for Pakistan, appeared in person before a Hisar court on Monday after spending 95 ...

Corporate Leaders Targeted by Android Spyware Masquerading as Security Apps

Security experts at Doctor Web have uncovered the spread of a sophisticated Android spyware campaign aimed at Russian business leaders...

Distributed through APK files disguised as security programs, the spyware is most commonly presented as an application called GuardCB, complete with an icon that mimics the emblem of the Central Bank of the 

Other versions carry names such as “SECURITY_FSB” or simply “FSB,” in an attempt to masquerade as software from law enforcement or regulatory bodies. 

With an interface available only in Russian, the malicious application is clearly designed for a narrow target audience rather than the global user base. more

Guess who might be behind this.

Corporate Espionage: Apple vs Oppo Legal Battle

Apple and Oppo are embroiled in a major corporate espionage battle that has raised questions about the theft of trade secrets in the global tech industry. 

Apple has just lodged a federal lawsuit against Oppo, claiming the Chinese tech titan purloined vital trade secrets. The allegations are grave, and Apple had delivered a compelling evidence in support of the allegations.

According to Apple, Chen Shi, former Apple employee, moved the sensitive files to a USB drive one day before he parted ways with the company. Apple said Shi had viewed sensitive content in the middle of the night days before he left. The case itself is known as Oppo corporate espionage, and the phrase has started to pop up amongst the hot tech news outlets of today. more

Of Taiwan’s Inspected Hotels 50% use Measures to Detect Hidden Cameras

 (In the other half you could be an Only Fans free trial.)

Taiwan - The Consumer Protection Committee on Thursday announced the results of a May inspection of 21 hotels across seven cities and counties, finding that 11 had adopted measures to detect hidden cameras.

Of the hotels inspected, nine carried out hidden-camera detection on a regular schedule and two did so irregularly. Two others claimed to provide such services, but only one met its stated standards.

Inspectors ordered the removal of related signage at hotels that failed to meet their claims. more

Message to Innkeepers: Click here.

UNDERCOVER VIBES (The TSCM Song)

This is my experiment to show the developing power of artificial intelligence. 

Lyrics, music and vocal were all created in 2 minutes, by asking AI, ” Create a song about TSCM inspections.”

AI also suggested the following in order to make the song into a radio play hit: English, Upbeat Pop/Dance-Pop, energetic and accessible, with memorable hooks and singable melodies. Classic verse-chorus-verse-chorus-bridge-chorus structure. Production: polished vocals, punchy drums, bright synths, catchy bass lines.

You can listen to two versions of the song here.

The Arduino Bug - Want to make one?

In this project, we are going to build an audio bug using Arduino and NRF24L01. 

This audio spy bug is highly customizable and can be easily integrated with other devices and systems. The NRF24L01 module allows transmission over specific channel, ensuring that our transmissions remain private up to a level. 

This device is perfect for monitoring a baby room, keeping an eye on a pet, or even for professional surveillance. With its small size and easy portability, this audio spy bug is a must-have for anyone in need of discreet and reliable audio recording. more  video

Our variation on the theme... more

The Irishman Caught in 'Biggest Corporate Espionage Case of the Century'

Secret messages, codewords and a phone smashed with an axe...

The story of Dublin man Keith O’Brien made international headlines when his employer, a major US HR services firm, set a “trap” to identify how confidential information was being leaked – and the saga is not over yet. His 13-page confession was read to the High Court, where he told how he spied on his multinational employer for a rival for a fee of over €5,000 a month. That is, until he was caught.

In an affidavit filed with the High Court, Keith O’Brien, who was global payroll compliance manager of Rippling, said he was induced into spying and passing sensitive company information to the CEO of rival US firm Deel Inc.

The admission was disclosed during an application to join Deel, its French chief executive Alex Bouaziz and two solicitors working for Deel – Italian national Andrea David Mieli and UK-based Asif Malik – as co-defendants in corporate espionage proceedings taken by Rippling against Mr O’Brien last month. more

NYC woman found a phone buried in her lawn...

 — and police say it’s a new tactic thieves use to spy on homeowners.

Scientists use Vibration Detection to Eavesdrop on Smartphones

An emerging form of surveillance, “wireless-tapping,” explores the possibility of remotely deciphering conversations from the tiny vibrations produced by a cellphone’s earpiece. 

With the goal of protecting users’ privacy from potential bad actors, a team of computer science researchers at Penn State demonstrated that transcriptions of phone calls can be generated from radar measurements taken up to three meters, or about 10 feet, from a phone. 

While accuracy remains limited — around 60% for a vocabulary of up to 10,000 — the findings raise important questions about future privacy risks. more

Ian Fleming and His Spy Scheme Inspired a Broadway Show

The James Bond spy novels dreamed up by Ian Fleming were rooted in his World War II experiences as a British intelligence officer. 

In one instance, Fleming had an idea that was so wild it’s still hard to believe it actually worked. To misdirect the Nazis, he suggested outfitting a corpse with fake military plans and strategically placing it off the coast of Spain.

Because truth can be stranger than fiction, that scheme is now the subject of the rollicking Broadway musical “Operation Mincemeat.”

The show, a hit in England before arriving in New York last spring, gets big laughs from this absurd tale of deception. In a rousing number, “God That’s Brilliant,” the conspiring spies sing rapturously as they plot to kill Hitler. (Fleming paints a picture of a martini-drinking, tuxedo-wearing assassin who “kills the guards, snogs the girl and says something cool.”) more

Security Advice of the Week

Luke Bencie advises...

To protect yourself, aka think like a spy, you can use the following checklist to stay alert and avoid getting pulled under by scammers: 

• Pause before acting on urgent claims.
• Question the logic—does it make sense, or is it just dramatic? 
• Verify facts across multiple reliable sources.
• Ask who benefits if you act right now.

His upcoming course is entitled, Thrown to the Wolves: The Art of Thinking Fast and Speaking Smart, offered by the University of South Florida's Office of Corporate Training and Professional Education is worth your attendance.

Security / IT Director Alert: Browser-Based AI Agents

Browser-Based AI Agents: The Silent Security Threat Unfolding

Some of the most revolutionary advances in artificial intelligence include browser-based AI agents, which are self-sustaining software tools integrated into web browsers that act on behalf of individuals. Because these agents have access to email, calendars, file drives, and business applications, they have the potential to turbocharge productivity. From scheduling meetings to processing emails and surfing sites, they are transforming how we interact with the internet. 

But while their abilities increase, so does the risk: threats to browser-based AI agents is not hypothetical; it already exists.

Cybercriminals are increasingly using AI agents to stage highly advanced attacks that are intelligent, adaptive, and capable of attacking systems at scale. Programmed to simulate human decision-making, AI agents can be manipulated to execute malicious functions without the user’s awareness. more

Priyom: An International Short Wave Spy Numbers Organization You Can Join

Priyom.org is an international organization intending to research and bring to light the mysterious reality of intelligence, military and diplomatic communication via shortwave radio: number stations.

Cartoon from 1973 about government spies. So, grab your short wave radio and track back!

Looks Like a Smoke Detector - Hackers Say Audio Bug - Brilliant for Building Security

A pair of hackers found that a vape detector often found in high school bathrooms contained microphones—and security weaknesses that could allow someone to turn it into a secret listening device...

...the Halo 3C goes beyond detecting smoke and vaping—including a distinct feature for discerning THC vaping in particular. It also has a microphone for listening out for “aggression,” gunshots, and keywords such as someone calling for help...

Now, after months of reverse engineering and security testing, Vasquez-Garcia and a fellow hacker he’s partnered with who goes by the pseudonym “Nyx,” have shown that it’s possible to hack one of those Halo 3C gadgets—which they’ve taken to calling by the nickname “snitch puck”—and take full control of it...

At the Defcon hacker conference today, they plan to show that by exploiting just a few relatively simple security vulnerabilities, any hacker on the same network could have hijacked a Halo 3C to turn it into a real-time audio eavesdropping bug, disabled its detection capabilities, created fake alerts for vaping or gunshots, or even played whatever sound or audio they chose out of the device’s speaker.

Motorola said it has since developed a firmware update to address those security flaws that will automatically push to cloud-connected devices by Friday...

“To the credit of the company, the microphones sound great,” says Nyx. “From up on the ceiling, you could totally listen to what somebody was saying, and we’ve made this happen.”

Motorola told the hackers in an email that it has worked on a new firmware update that should fix the vulnerabilities. But the hackers argue that doesn’t, and can’t, address the underlying concern: that a gadget loaded with hidden microphones is installed in schools around the country. Motorola also advertises its Halo sensors for use in public housing—including inside residents’ homes—according to marketing material. more

Hacking issues aside, this is a brilliant device to enhance building security. Here is a video showing one feature. Many additional videos are on YouTube.com.

Hackers Love These 7 Smart Home Devices

Although everyone wants a convenient home, there’s little that’s less convenient than a hacked smart home appliance. When it comes to the best smart home devices, the hard and fast rule is: if it’s connected to Wi-Fi you’re going to need to make sure it's secured because there’s going to be a way to hack it.

The good news is that once you've figured out how to lock down one, it's pretty easy to repeat the process for the rest of them. Here's a list of seven of the most vulnerable smart devices in your home, and the steps you can take to make sure they're more secure than they are right now...

1. Wi-Fi Routers
2. Security Cameras
3. Baby Monitors
4. Smart Speakers
5. Video Doorbells
6. Smart Thermostats
7. Smart Appliances

Counterespionage recommendations from the article are here.

And, do not forget about robot vacuums, refrigerators, washing machines, and anything that can automatically order from Amazon.

Hackers Found Backdoor in High-Security Safes—Opens in Seconds

Security researchers found two techniques to crack at least eight brands of electronic safes—used to secure everything from guns to narcotics.

James Rowley and Mark Omo got curious about a scandal in the world of electronic safes...

In the process, they'd find something far bigger: another form of backdoor intended to let authorized locksmiths open not just Liberty Safe devices, but the high-security Securam Prologic locks used in many of Liberty’s safes and those of at least seven other brands. 

More alarmingly, they discovered a way for a hacker to exploit that backdoor—intended to be accessible only with the manufacturer's help—to open a safe on their own in seconds. 

In the midst of their research, they also found another security vulnerability in many newer versions of Securam's locks that would allow a digital safecracker to insert a tool into a hidden port in the lock and instantly obtain a safe’s unlock code. more

BBC Star Recorded by Landlord on Hidden Spy Camera

A BBC actress has told of her horror after discovering her landlord planted a spy cam in her bathroom. The Scots star — who has appeared in prime-time comedies and dramas — found the recording device hidden in a washing basket after taking a shower.

She fled the flat before watching back the footage and finding intimate clips of herself — plus an image of the creep changing the memory card.

“I always used to notice this little black dot in the washing basket across from the shower. I never in a million years thought he’d be spying on me. But given what had happened the night before, I went to have a closer look. My heart just stopped and I burst into tears. There was a green light flashing on the camera. I knew that it was on and I was being recorded.” Cops have launched a probe. more

Somikon Wireless HD Sareview Camera

Security Director FYI: Disclaimr.AI Monitors Security News

Security Intelligence Aggregation

(from website) Disclaimr uses AI to monitor every security source that matters so you're always the first to know, never the last to respond. Sends out a sharp 6AM daily security brief distilled from 500+ sources, so that you never miss a critical update. Coming soon.

Notes: There is a waitlist for the launch. No information about the company behind the project appears on the website. Signup requires answering a few reasonable marketing questions. Previous offerings appear to include "spreadsheet to map" and general newsletter aggregation services.

 

While this is not unusual for startups finding the right markets for themselves, consider using a blind email address until the service is proven to be legitimate and necessary for you.

RIP: Stella Rimington, First Woman to Lead U.K.’s MI5, Dies at 90

Widely regarded as the inspiration for the recast of the James Bond character “M,” she was the first British spy chief to be publicly named and photographed.

Stella Rimington, who battled a fiercely protective old boy’s network to become the first woman to lead MI5, Britain’s domestic intelligence service, and whose tenure as the country’s spymaster was widely seen as an inspiration for James Bond’s first female boss in the movie franchise, died on Sunday. She was 90.

The Security Service announced her death in a statement on Monday without specifying the cause or place of death.

Her cool demeanor and reputation for quiet competence, according to Bond aficionados, helped shape the character of “M” starting with Judi Dench’s portrayal in “GoldenEye” in 1995. (The Bond movies involved a fictional agent of MI6, Britain’s foreign intelligence agency.) more

Weird Science

Scientists Shine a Laser Through a Human Head 

It’s the first step toward an inexpensive new medical imager...

For the most part, anyone who wants to see what’s going on inside someone else’s brain has to make a trade-off when it comes to which tools to use. The electroencephalograph (EEG) is cheap and portable, but it can’t read much past the outer layers of the brain, while the alternative, functional magnetic resonance imaging (fMRI), is expensive and the size of a room, but can go deeper. Now, a research group in Glasgow has come up with a mechanism that could one day provide the depth of fMRI using equipment as affordable and portable as an EEG. The technology will rely on something that previously seemed impossible—shining light all the way through a person’s head. more

Magnetocaloric Refrigerator - Runs on magnets instead of harmful gases.
Very few companies have mastered the science of magnetocalorics sufficiently to develop a commercial refrigerator, but perhaps none have also been successful in making the concept “cool” from a marketing standpoint. Now, though, a young academic spinoff company from Darmstadt, Germany is changing the landscape with its Polaris beverage refrigerator. The company is MagnoTherm Solutions GmbH, a pioneering upstart in sustainable cooling. It recently took part in ChangeNOW in Paris, a global event that unites change-makers from around the world to drive positive transformation for our planet. more

A Stratosphere Cell Tower

Starting next year, Tokyo’s SoftBank Corp. will be beaming a prototype 4G and 5G phone and broadband service from the stratosphere to Japanese end users. Floating 20 kilometers above the Earth, the company’s airship-based mast will be using energy-regeneration tech and newly allocated spectrum. And the tech could ultimately pose a real, competitive threat to satellite-based platforms like Starlink. more

Man Is Controls iPad With His Thoughts

You can officially control an Apple device with your thoughts, as long as you have the Stentrode brain implant made by NYC-based Synchron. First announced in May, the capability connects brain-computer interfaces (BCI) to Apple products through a Bluetooth connection. It works with iOS, iPadOS, and visionOS, so that means iPads, iPhones, and the Vision Pro can recognize a BCI just like a keyboard or mouse. Apple designed it to be a standard connection for all implants, including Elon Musk's Neuralink, but Synchron is the first to offer the capability to its patients. more

Documentary: The Thing (No, not the 1951 & 1982 monster movies. The Russian Spy Thing.)

'The Thing' a captivating short film that uncovers one of history's most astonishing espionage incidents of the 20th Century. The documentary uncovers the amazing story behind the Great American Seal bug. 

John Little of TSCM Consulting tells this complex story of spying, counter spying, genius, betrayal, political wrangling and espionage. 

£15.50 donation supporting The National Museum of Computing.
✓ Full access pass to the documentary
✓ Access to future releases & updates
✓ Stream & watch anytime
✓ Donate to The National Museum of Computing

View it HERE... https://tscmconsulting.co.uk/stream-the-thing

You can live in a spy movie if...

...you’ve got some cash sitting around: 

British underwater jetpack maker CudaJet has done what you’d expect an underwater jetpack maker to do: they made an underwater jetpack.

 The 31-pound hands-free, backpack-like device, which is made to order and starts at ~$31k, will help rich people live out their dolphin dreams — diving 130+ feet down and propelling them forward 7 mph at a time. 

CudaJet says it comes with a controller and that it all takes five minutes to get comfortable with it. more

Weird Spy News: A Son Bugging Dad? (technically speaking)

India - PMK founder leader S Ramadoss on Saturday alleged his son Anbumani spied on him.

Asked whether it would be appropriate to allege that it was Anbumani who had planted a listening device as the police probe was still on, Ramadoss shot back, asking, “Who else could have planted it?"

He alleged it was his son Anbumani who had planted the bugging device at his residence. Ramadoss said complaints had been filed by him with Kiliyanur police (Villupuram district) and the cybercrime wing as well. The bugging device and its parts had been handed over to the police. more

Spies Demise Times Two

...Swedish diplomat found dead.

A veteran Swedish diplomat recently arrested on suspicion of espionage has died days after being released from police custody, his lawyer has revealed. 

Sweden's Sapo security service detained the man, who has not been named, on Sunday and kept him for questioning until Wednesday. He was released the same day, subject to investigation the country's prosecution service has said.

Police told Swedish outlet Svenska Dagbladet they had now opened an investigation into his death, but “there is no suspicion a crime has been committed”. more

Top Somali spy investigating assassination attempt on president killed...
A senior officer with Somalia’s National Intelligence and Security Agency (NISA), who was leading a sensitive investigation into a recent assassination attempt on President Hassan Sheikh Mohamud, has been mysteriously killed in Mogadishu, Caasimada Online news website reported on Saturday. more

Quote of the Week: "Nobody with Sensitive Information is Immune to Espionage"

Australian Security and Intelligence Organisation director-general Mike Burgess said that in the “prevailing threat environment, national security truly is national security – everybody’s business”.

He said foreign intelligence agencies were “aggressively targeting” three key areas: science and technology, particularly advanced technology; public and private sector projects to gain a commercial advantage; and Antarctic research, green technology, critical minerals, and rare earths extraction and processing.
What information are spies taking?

Mr Burgess warned this meant “nobody with sensitive information is immune” and gave examples of recent operations investigated by ASIO. more

The Farmhouse Spy

A simple farmhouse and a mysterious dish set the stage for a real-world spy thriller. When French counterintelligence spotted that setup, they realised someone was tapping into high-value space communications.

The homeowner, Dong H., was no ordinary resident. A former employee of Beijing’s Academy of Science and Technology and president of Stahd Europe—a subsidiary of Emposat, the Chinese communications specialist—she had all the credentials for espionage. Emposat’s failed bid to install a ground station in the Czech Republic underscored how wary governments are of hidden antennas.

French investigators couldn’t prove data theft outright, but they confirmed the dish was finely tuned to CNES frequencies. Instead of a raid, authorities filed legal charges for illegal antenna installation, quietly dismantling the operation. Dong’s rural hideout shows how easy it can be to set up covert surveillance right under everyone’s nose. more