Research Finds that Cellular Walkie Talkies Put Americans at Risk of Chinese Spying

Haloid Solutions, a leading provider of wireless communications equipment, is warning all business and government agencies about foreign espionage and business disruption risks from China-manufactured cellular two-way radios. These devices were sold in the United States from "pop up companies" that claimed the devices were private.

For the past year, we've researched and investigated the radio over cellular space, also known as Push-to-Talk Over Cellular, or PoC. We've encountered dozens of "pop up" U.S. companies selling China engineered, manufactured, and hosted devices for extremely low prices.

The devices are advertised as encrypted and marketed and sold to businesses and government agencies. 

We estimate millions of these devices are currently in operation. From our research, we've found that many of these companies' claims are misleading or false. For example, one Chinese manufacturer white labels its products under numerous U.S. names, and claims that the servers hosting its radios are on Amazon servers in the U.S. In reality, they are hosted by Alibaba, the Chinese tech conglomerate and are vulnerable to Chinese spying by sending back user data to China. more

Google Warns Millions Of Android Users—These Apps Are Spying On You

Google is narrowing the gap to iPhone on the security and privacy front with Android 15. A raft of welcome changes will better protect users, their devices and their data, including live threat detection to quickly flag malware and permission abuse, cellular network defense, and tighter controls of what apps are doing behind the scenes.

When we talk about permission abuse, we clearly mean the grey area between apps behaving well and outright spyware—of which there’s still plenty on Android. While Apple led the charge to restrict location tracking and access to sensitive phone functions like messaging, cameras and contacts, Google has followed. more

Using a Device to Track medical data?

Are you using a device to track medical data? Here’s who else might be watching...
Wearable technology—smartwatches, smart rings, fitness trackers and the like—monitors body-centric data such as your heart rate, steps taken and calories burned, and may record where you go along the way. Like Santa Claus, it knows when you are sleeping (and how well), it knows when you're awake, it knows when you've been idle or exercising, and it keeps track of all of it...

Health information has become a prime target for hackers seeking to extort health care agencies and individuals after accessing sensitive patient data...

The report "From Skin to Screen: Bodily Integrity in the Digital Age" recommends that existing data protection laws be clarified to encompass all forms of bodily data. It also calls for expanding national health privacy laws to cover health-related information collected from health apps and fitness trackers and making it easier for users to opt out of body-centric data collections. more

AI CCTV - Creating a Surveillance Society

Premiering in New York City in June 2002, Steven Spielberg’s critically acclaimed film Minority Report, starring Tom Cruise, depicted a society where police use psychic mutants to predict and prevent murderers from committing their crimes. Now, South Korean company Electronics and Telecommunications Research Institute (ETRI) is using AI to make it a reality. 

Aptly named ‘Dejaview,’ ETRI’s high-tech platform blends AI with real-time CCTV to predict crimes before they transpire. But whereas the Pre-Crime department Tom Cruise heads in Minority Report focused on criminal intention, Dejaview is instead concerned with probability. 

ETRI says the platform can discern patterns and anomalies in real-time scenarios, allowing it to predict incidents from petty offences to drug trafficking with a sci-fi-esque 82% accuracy rate. more

Fry Spy: What's Done in an Air Fryer Doesn't Stay in an Air Fryer

UK consumer champion Which? wants you to know that your air fryer might be spying on you and sharing your data with third parties for marketing purposes.

The perhaps not-so-surprising findings from the buyer's friend are that smart devices in general are engaged in surveillance of their owners, and that data collection often goes "well beyond" what is necessary for the functioning of the product...

Testing out products across four categories, the outfit discovered that all three air fryers it looked at wanted permission to record audio on the user's phone, for no specified reason.

One wanted to know gender and date of birth when setting up an owner account, while the Xiaomi app linked to its air fryer was found to be connected with trackers from Facebook, Pangle (the ad network of TikTok for Business), and Chinese tech giant Tencent.

Air fryers from brands Aigostar and Xiaomi both sent the owner's personal data to servers in China – although this was flagged in the privacy notice, for what it's worth. more

Spies Can Eavesdrop on Phone Calls by...

 ... sensing vibrations with radar.

An off-the-shelf millimetre wave sensor can pick out the tiny vibrations made by a smartphone's speaker, enabling an AI model to transcribe the conversation, even at a distance in a noisy room.

Spies can eavesdrop on conversations by using radar to detect tiny vibrations in smartphones and employing artificial intelligence to accurately transcribe them. The trick even works in noisy rooms, as the radar homes in on the phone’s movement and is entirely unaffected by background hubbub.

Millimetre wave sensing is a form of radar that can measure movements of less than 1 mm by transmitting pulses of electromagnetic wave energy and detecting the reflected beams.

Suryoday Basak at Pennsylvania State University and his colleagues used a commercially available sensor operating between 77 and 81 gigahertz to pick up the tiny vibrations in a Samsung Galaxy S20 earpiece speaker playing audio clips. They then converted the signal to audio and passed it through an AI speech recognition model, which transcribed the speech. more$

Chinese Hackers Breached US Court Wiretap Systems

Chinese hackers accessed the networks of U.S. broadband providers and obtained information from systems the federal government uses for court-authorized wiretapping, the Wall Street Journal reported on Saturday.

Verizon Communications, AT&T and Lumen Technologies), are among the telecoms companies whose networks were breached by the recently discovered intrusion, the newspaper said, citing people familiar with the matter.

The hackers might have held access for months to network infrastructure used by the companies to cooperate with court-authorized U.S. requests for communications data, the Journal said. It said the hackers had also accessed other tranches of internet traffic. more

Thousands of Corporate Secrets Were Left Exposed

This Guy Found Them All...

If you know where to look, plenty of secrets can be found online. Since the fall of 2021, independent security researcher Bill Demirkapi has been building ways to tap into huge data sources, which are often overlooked by researchers, to find masses of security problems. This includes automatically finding developer secrets—such as passwords, API keys, and authentication tokens—that could give cybercriminals access to company systems and the ability to steal data.

In total, Demirkapi has found more than 15,000 active secrets of all kinds.

Within the vast number of exposed keys were those that could give an attacker access to the digital assets of companies and organizations, including the potential to obtain sensitive data. For instance, a member of Nebraska’s Supreme Court had uploaded details of usernames and passwords linked to its IT systems, and Stanford University Slack channels could be accessed using API keys. more

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers

IN MODERN MICROCHIPS, where some transistors have been shrunk to less than a 10th of the size of a Covid-19 virus, it doesn't take much to mess with the minuscule electrical charges that serve as the 0s and 1s underpinning all computing. 

A few photons from a stray beam of light can be enough to knock those electrons out of place and glitch a computer's programming. Or that same optical glitching can be achieved more purposefully—say, with a very precisely targeted and well timed blast from a laser. Now that physics-bending feat of computer exploitation is about to become available to far more hardware hackers than ever before.

At the Black Hat cybersecurity conference in Las Vegas next week, Sam Beaumont and Larry “Patch” Trowell, both hackers at the security firm NetSPI, plan to present a new laser hacking device they're calling the RayV Lite. 

Their tool, whose design and component list they plan to release open source, aims to let anyone achieve arcane laser-based tricks to reverse engineer chips, trigger their vulnerabilities, and expose their secrets—methods that have historically only been available to researchers inside of well-funded companies, academic labs, and government agencies. more

Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS

IPsec tunnels are employed by Voice over Wi-Fi (VoWiFi) technology to route IP-based telephony from mobile network operators’ core networks via the Evolved Packet Data Gateway (ePDG).

This process consists of two main phases: negotiation of encryption parameters and performing a key exchange using the Internet Key Exchange protocol, followed by authentication....

The risk is that these vulnerabilities could expose VoWiFi communications to MITM attacks, compromising data integrity or confidentiality, which is essential for better security in implementing VoWiFi solutions...

These findings highlight the systemic flaws in the implementation of VoWiFi, which could make users vulnerable to man-in-the-middle attacks, and communication security is compromised on a global scale, consequently requiring better security measures in VoWiFi protocols and implementations. more

Interesting: AI Can Reveal What’s on Your Screen (sort of)

Hackers can intercept electromagnetic radiation leaking from the cable between your monitor and computer and decode what you are seeing on screen with the help of artificial intelligence. Such attacks are probably taking place in the real world, says the team behind the work, but ordinary computer users have little to worry about...

Federico Larroca at the University of the Republic in Montevideo, Uruguay, and his colleagues have developed an AI model that can reconstruct an image from digital signals that were intercepted a few metres away from an HDMI cable...

Around 30 per cent of characters were misinterpreted by the eavesdropping process, but that is low enough that humans can read most of the text accurately, the team says. This error rate is about 60 per cent lower than the previous state-of-the-art attack, the researchers add. more

Karma Files: Multi-platform Spyware Provider Spytech Gets Hacked

Second spyware provider hacked this month...

Minnesota-based spyware provider Spytech has been hacked, with files stolen from the company's servers containing detailed device activity logs from a global pool of mostly Windows PCs but also some Macs, Chromebooks, and even Android devices. 

The total number of spyware victims impacted by Spytech and noted by TechCrunch analyzing the scale of the breach is "more than 10,000 devices since 2013," and this cross-platform invasion of privacy stretches across the entire globe, including the US, EU, the Middle East, Africa, Asia, and Australia. 

Spytech provides a brand of spyware best known as "stalkerware" since it's typically installed by a person with physical access to the victim's device. more

One Way Corporate Espionage Spies Cover Their Tracks

Residential proxy IP: The invisible cloak in corporate espionage.
From the IP vendor's ad...

"In the fiercely competitive business battlefield, information is power, and how to obtain and use this information has become a problem that every company needs to face. In this spy war without gunpowder, residential proxy IP is like an invisible cloak, providing strong protection and support for enterprises.

Imagine that you are an intelligence analyst at an emerging technology company, and your task is to collect and analyze the latest developments of competitors so that the company can make more informed decisions. However, the online world is not a smooth road, and your IP address can easily expose your true identity and intentions, making your actions subject to various restrictions. At this time, residential proxy IP is like a capable assistant, helping you to move forward invisibly in this spy war.

Residential proxy IP, as the name suggests, is to use the IP address of an ordinary home network environment for network access. Because these IP addresses come from real home users, they are difficult to identify and track. By using residential proxy IP, enterprises can hide their real IP address and avoid being discovered by competitors or network monitoring agencies. In this way, enterprises can access target websites, crawl data, analyze competitors' strategies, etc. more freely without worrying about being blocked by anti-crawler mechanisms or IP being blocked." more

Karma Files: Data Breach Exposes Millions of mSpy Spyware Customers

A data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it.

Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. While hacks of spyware purveyors are becoming increasingly common, they remain notable because of the highly sensitive personal information often included in the data, in this case about the customers who use the service.

The hack encompassed customer service records dating back to 2014, which were stolen from the spyware maker’s Zendesk-powered customer support system.

mSpy is a phone surveillance app that promotes itself as a way to track children or monitor employees. Like most spyware, it is also widely used to monitor people without their consent. more

Silicon Valley Steps Up Screening on Chinese Employees to Counter Espionage

Leading U.S. technology companies reportedly have increased security screening of employees and job applicants, which experts say is necessary to counter the cyber espionage threat from China.

While the enhanced screening is being applied to employees and applicants of all races, those with family or other ties to China are thought to be particularly vulnerable to pressure from the Beijing government.

But at least one Chinese computer science graduate student at a U.S. university is hoping to make his ties to China an asset. Zheng, who does not want to reveal his first name for fear of retaliation from the Chinese government, says he recently changed his focus to cybersecurity in hopes of improving his job prospects in the United States. more

Security Director Alert: China Enforcing Electronic Device Inspection Law

China is enforcing a new law on Monday that allows national security authorities to inspect electronic devices on suspicion of espionage.

The Ministry of State Security is implementing the legislation that stipulates powers to crack down on spying.

The law states procedures to inspect mobile phones, personal computers and other devices of individuals and organizations. more

TeamViewer Confirms Cyberattack

TeamViewer, the prominent provider of remote access tools, has confirmed a significant cyberattack on its corporate network. 

This attack has been attributed to APT29, a hacking group allegedly linked to Russian intelligence. The breach, discovered on June 26, involved compromised credentials of an employee account, marking another sophisticated cyber-espionage campaign executed by state-sponsored hackers.

According to TeamViewer’s investigation, the breach began with the compromise of credentials from a standard employee account within their corporate IT environment. 

The company has emphasized that the attack was contained within its corporate network, assuring that their internal network and customer systems are separate...Despite these assurances, the company’s investigation is ongoing. more

THOR: Disables Drone Swarm Attacks

The Department of Defense is exploring options to protect our warfighters further. Enter THOR, stage right. Tactical, High-power, Operational Responder (THOR), is a high-power microwave counter-drone weapon that the Air Force Research Lab has demonstrated for effective use against realistic targets. Watch this video to see how THOR tracks and turns off entire drone swarms. video

Surveillance News in the Digital World

• AI companies, including Google and OpenAI, are intensifying their screening of new hires due to the threat of Chinese espionage. more

• MICROSOFT ADMITS THAT MAYBE SURVEILING EVERYTHING YOU DO ON YOUR COMPUTER ISN’T A BRILLIANT IDEA... After announcing a new AI feature that records and screenshots everything you do, Microsoft is now delaying its launch after widespread objections. The company broke the news in a blog post detailing its decision not to ship the feature, dubbed Recall, on new computers so that it can continue to "leverage the expertise" of its Windows Insider Program (WIP) beta-testing community. more

• Zoom wants to make sure you’re paying attention. The company filed a patent application for “scrolling motion detection” in video calls.

• Chinese Spy Tech Driving Junta Internet Crackdown: Justice For Myanmar... China supplied the spy technology and technicians that allowed Myanmar’s junta to intensify its internet surveillance and censorship late last month, Justice for Myanmar (JFM) said on Thursday, warning that China’s increased support for the junta will cost more lives. This support will allow the junta – which has imprisoned more than 25,000 people since the 2021 coup – to identify and jail more people who express dissent. more

• Canada - Public servants uneasy as government 'spy' robot prowls federal offices... A device federal public servants call "the little robot" began appearing in Gatineau office buildings in March. It travels through the workplace to collect data using about 20 sensors and a 360-degree camera, according to Yahya Saad, co-founder of GlobalDWS, which created the robot. "Using AI on the robot, the camera takes the picture, analyzes and counts the number of people and then discards the image," he said. more

Book: Dark Wire - "Secure Cell Phone" courtesy FBI

The Incredible True Story of the Largest Sting Operation Ever...

...in which the FBI made its own tech start-up to wiretap the world, shows how cunning both the authorities and drug traffickers have become, with privacy implications for everyone.

In 2018, a powerful app for secure communications called Anom took root among organized criminals. They believed Anom allowed them to conduct business in the shadows. Except for one thing: it was secretly run by the FBI. (Tip of the hat to N.C.)

Backdoor access to Anom and a series of related investigations granted American, Australian, and European authorities a front-row seat to the underworld. Tens of thousands of criminals worldwide appeared in full view of the same agents they were trying to evade. International smugglers. Money launderers. Hitmen. A sprawling global economy as efficient and interconnected as the legal one. Officers watched drug shipments and murder plots unfold, making arrests without blowing their cover. more