Concerned about Sony's PS5 spying on you? Here is What You Can Do...

Sony's always-on PS5 DualSense mics are sparking privacy concerns. The PlayStation 5's DualSense controller comes with a built-in mic that's on by default, and it records what you say to help Sony "analyze" key data points. Here's how to change those settings, and what they mean.

Gamers are a bit concerned about privacy on the PS5. 

It was recently confirmed the DualSense's mic auto-records anything you say when unlocking an in-game trophy. This is just the tip of the iceberg, really.

As a PS5 owner you can limit the data that Sony collects. But you can't turn data collection off entirely.

Here's how to adjust your data collection settings:
Settings -> Users and Accounts -> Privacy -> Data You Provide more

Estimated Lifespan of Your Passwords

Click to enlarge.

Facebook "Bug" Bugged iPhone Camera - Bugged Instagram'er Sues

Facebook has got itself in trouble again as the California-based tech giant has been allegedly sued for spying on Instagram users using the camera on the phone, Bloomberg reported.

According to the lawsuit, which has come following reports from July, the photo-sharing application had been accessing the camera on the iPhone to spy on users even when they weren’t activated.

Facebook has denied the claim and blamed a bug saying that it’s correcting the problem. more

Espionage Alert: Children's Smartwatch is a Trojan Horse

A popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time, a researcher said.

The X4 smartwatch is marketed by Xplora, a Norway-based seller of children’s watches...

The backdoor is activated by sending an encrypted text message. Harrison Sand, a researcher at Norwegian security company Mnemonic, said that commands exist for surreptitiously reporting the watch’s real-time location, taking a snapshot and sending it to an Xplora server, and making a phone call that transmits all sounds within earshot. 

Sand also found that 19 of the apps that come pre-installed on the watch are developed by Qihoo 360, a security company and app maker located in China. more  (q.v. our 2017 post  & etc.)

iRobot Picked the Wrong Person to Roomba With!

One of our Blue Blaze irregulars alerted us to some slick social engineering.

He recently purchased an iRobot Roomba 960 Robot Vacuum Cleaner. He writes...

"What is "odd" is that when we first bought the thing we didn't have any screens requiring registration. Then about two weeks later the entire user interface changed that required registration. 

These two screens were strategically placed among "required information" even though this information was not mandatory. If you weren't paying attention you'd fill this out. Clever!"

I had a look at their Privacy Policy. Dig deep enough and you find this...

Some of our Robots are equipped with smart technology which allows the Robots to transmit data wirelessly to the Service...

• When you register your Robot with the online App, we collect information about the Robot, such as a Robot name (how cute) and device number, and information about the Robot and/or App usage (reveals when might you not be home), such as battery life and health.

• Certain Robot models are equipped to collect information about the environment in which the Robot is deployed. For example, the Robot collects information about the level of dirt detection and the Wi-Fi signal strength in each location and information about its movement throughout the environment to create a location ‘map’ of the Robot’s domain and the existence and type of objects (chair, desk, fridge etc.) or obstacles encountered.

 

Security Issues

1. Do you really want a map of your home and belongings sent who-knows-where?
2. Do you really want someone to know all your router information and password which connects to one of their apps on the internal side of your firewall?
3. What happens when their database gets hacked?
   

I am guessing you don't. I'm also guessing you didn't know this was going on in the Internet-of-Things.

Ah, for the good old Jetson days when robots only talked to themselves.

Apple's iOS 14 Now Alerts You To Eavesdropping & Spycam'ing

Any time an app access your microphone, a little amber dot will appear in the status bar, over by where the Wi-Fi and cellular connection symbols are. 

When an app access the camera, a green dot will appear. 

These are fairly universally understood as “recording” lights and they will clearly point out when an app you’re using is accessing the camera or microphone at times it shouldn’t.

Just since the release of the iOS 14 beta, the lights have already revealed sketchy behavior in several apps that have gone on to promise updates to fix the “bugs.” (good word to use)

This and six other new privacy features can be found here... more

Employer Best Practices For Monitoring Remote Devices

It is generally known that individuals have reduced privacy rights for work-related activity than they have in their personal lives, and that these reduced privacy rights extend to devices owned or provided by their company.

As just one example, consider the federal Electronic Communications Privacy Act, or ECPA, which permits employers to: 

(1) monitor employees' oral and electronic communications to the extent that they relate to a legitimate business purpose;
(2) monitor any communications for which the employee has provided consent; and
(3) access emails that are stored by the employer.

All of these exceptions decrease an individual's privacy rights and reasonable expectation of privacy in work-related matters. However, is "exceptions" the correct word? Exceptions to what? Does this reference a specific privacy law or privacy rights in general? 

(The short version.) Ultimately then, the best practice for employees is to keep work and personal devices and communications entirely separate even in COVID-19 times. more

Open Mike Strikes Out

As the New York Mets and Miami Marlins mulled over whether to play a game on Thursday night, a man who appeared to be Mets general manager Brodie Van Wagenen unknowingly let the public know of a plan from Major League Baseball.

Cameras were rolling on the Mets' page of the MLB app Thursday afternoon and picked up a candid conversation from someone believed to be the Mets general manager.

"Baseball is trying to come up with a solution," the man says. "You know what would be super powerful?"

The man then pauses to tell the two people he's speaking to that this doesn't leave the room, unaware that the camera is rolling. more

Clearly Creepy - The Billboards are Watching You

 Clear Channel Outdoor, one of the world’s largest billboard companies, will in coming days roll out technology across Europe capable of letting advertisers know where people go and what they do after seeing a particular billboard.

 Sounds creepy, no?

Well, brace yourself. Clear Channel has been quietly using this technology in the United States for the last four years, including in Los Angeles.

“They’re spying on you in your own neighborhood,” said Jeff Chester, executive director of the Center for Digital Democracy.

“You don’t know it’s happening,” he told me. “You don’t know who they’re sharing the information with.”

Chester and other privacy advocates said Clear Channel’s system is an example of how private companies are building out commercial surveillance networks right under our noses. more

Stacey Dooley Investigates, Spycam Sex Criminals - BBC

This story broke in the Security Scrapbook on March 24th. Unfortunately, the full BBC video could not be viewed outside of the UK at that time. A part of it is now available on YouTube.

This BBC report examines the "molka" phenomenon in South Korea: the proliferation of hidden wireless cameras in toilets and hotel rooms, and the culture of blackmail and revenge porn around it. "How many spycams can Stacey Dooley find in a love motel bedroom?"

Why Corporations Need a TSCM Consultant On-Board

Nowadays more than ever, corporate espionage and hacking and stealing of IP has become a business discipline – with the threat not only coming from Asia. Desperation of many businesses due to dire economic outlooks, isolationism of nations and the new security gaps have amplified the willingness to obtain competitor information.

Take car manufacturers. These companies typically go through great lengths to get hold of their competitors’ newly released models to test and often dismantle them to get more information on the parts used and build process. This is mostly seen as legal. 

Daimler, for example, used a cover entity to rent and test Deutsche Post DHL’s own electric van Streetscooter. Deutsch Post discovered what Daimler was doing through the van’s location data as it had made numerous laps around Daimler’s test track. The company later accused Daimler of industrial espionage. Daimler argued, however, that it was just “Mystery shopping”.

The impact of the pandemic

The sudden shift to remote work has massively amplified the problem of protecting proprietary information. As companies had to implement remote access technologies fast (or upgrade existing infrastructures) to ensure business continuity, they often fell back on improvisation. This led to the frequent neglect of even the most basic security and compliance protocols. more

An educated and credentialed Technical Surveillance Countermeasures (TSCM) specialist can help solve your security concerns, some of which you didn't even know existed!

Privacy Alert - Scammers Pretending to be COVID-19 Contact Tracers

Be aware of scammers pretending to be COVID-19 contact tracers.
Legitimate contact tracers will never ask for your Medicare Number or financial information. If someone calls and asks for personal information, like your Medicare Number, hang up and report it to 1-800-MEDICARE. medicare.gov & more

Verizon Launches Hyper-Precise GPS Location Technology

Verizon launched its Hyper Precise Location using Real Time Kinematics (RTK), a location technology that provides location accuracy within 1-2 centimeters, on the Verizon network. 

Verizon has built and deployed RTK reference stations nationwide to provide pinpoint level accuracy to RTK compatible internet of things (IoT) devices. RTK will also support emerging technologies that depend on high level location accuracy such as delivery drones and customer-approved location data for first responders during emergencies...Additionally, the rollout of hyper-precise location services paired with Verizon’s 5G Ultra Wideband (UWB) network and 5G Edge, will pave the way for more autonomous technologies. more

Attack Can Decrypt 4G (LTE) Calls to Eavesdrop on Conversations

A team of academics has detailed this week a vulnerability in the Voice over LTE (VoLTE) protocol that can be used to break the encryption on 4G voice calls.

 Named ReVoLTE, researchers say this attack is possible because mobile operators often use the same encryption key to secure multiple 4G voice calls that take place via the same base station (mobile cell tower)...

Researchers say that the equipment to pull off a ReVoLTE attack costs around $7,000. While the price might seem steep, it is certainly in the price range of other 3G/4G mobile interception gear, usually employed by law enforcement or criminal gangs...

A scientific paper detailing the ReVoLTE attack is also available for download as PDF from here and here. The paper is titled "Call Me Maybe: Ea­ves­drop­ping En­cryp­ted LTE Calls With Re­VoL­TE." more

1650 Kircher Musurgia Listening Devices

The book Musurgia Universalis is famous and has been since it appeared in 1650. 

Vol. 2 (Af-x.10): plate between pages 302 & 303

The illustration depicts a piazza-listening device.

The voices from the piazza are taken by the horn up through the mouth of the statue in the room on the piano nobile above, allowing both espionage and the appearance of a miraculous event. more

The modern eavesdropping equivalent is the ventilation plenum. Acoustical ducting is something most people don't consider when concerned about eavesdropping. We do.

Satellite Comms Globally Open to $300 Eavesdropping Hack

Satellite internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. And all they need is $300 worth of off-the-shelf equipment to pull it off...

Essentially what this means is that if they were able to perform an interception, adversaries could eavesdrop on vast sections of the globe. more

Recent Spycam News

FL - A Bradenton man was arrested July 24 for shooting video of a girl undressing in a beach changing station. more & more

FL - Justin Stueve is accused of rape and video voyeurism of his then-wife, who said she found a thumb drive full of explicit photos of herself. A judge has ruled that defense attorneys will be allowed to review photos allegedly taken by their client of his ex-wife while she was unconscious. more 

Japan - Police in Tokyo have arrested a 34-year-old man and his 35-year-old common-law wife on suspicion of extortion after they threatened a man that they would report him to police for taking upskirt videos of the woman unless he paid them money...The man agreed to pay 1.1 million yen in return for not being reported to the police. more

WA - Former Arlington Christian teacher charged with voyeurism. more

UT - Deputies arrest 26-year-old for suspected voyeurism after parents find him on roof. more

WA - Outlook man charged with voyeurism of 15-year-old girl. more

LA - A Bossier Parish school teacher...at Benton Elementary School faces 30 new charges...(including) 10 counts of video voyeurism. more

UK - Firm pursues damage claims for victims of disgraced doctor...Given the large number of images taken it is possible many women who saw Dr Altaii were covertly filmed yet remain unaware of that fact even today. more

S. Korea - South Korean singer A investigated for illegally filming women...A is suspected of secretly filming the bodies of several women, including sex scenes, using hidden cameras until early this year...South Korea is notorious for illegal filming crimes also known as molka crimes. more

(BTW - Spycam Detection Training now has Korean sub-titles.)

Canada - A suspended Mountie charged with sex crimes by two different police services across the country is alleged to have secretly filmed women 34 times inside the bathroom of his south Ottawa apartment, during sex and in hotel rooms. more

FL - Robert Privette, 49, was staying at the DoubleTree resort in Key West when he is alleged to have heard two women in the room next door returning from the beach. Privette is then said to have managed to slide a tiny spy camera surreptitiously under the door of the room in order to film the pair, aged 24 and 27, as they undressed after a day on the sands. more

AR - A 41-year-old man accused of secretly videotaping a female teenager with a hidden camera in a Bluetooth speaker is facing video voyeurism and child pornography charges. more

India - A man arrested for voyeurism jumped into the sea while being taken to the beach by the police to collect evidence on Wednesday. His hands were cuffed. His body is yet to be found. more

UK - A former presenter of BBC News...who has shifted his career from being a British TV news personality to evangelical preaching, said most of these offences were committed with children during the past 30 years...He also admitted to two counts of making explicit videos of children... more

UK - A man has admitted using a hidden camera to film people using the toilet in Bristol...Prosecutor May Li said Andrews was discovered when one of the victims noticed a green light above a doorway and saw it was a hidden camera. When she looked at what was in the memory card, she saw Andrews’ face in the footage. (Darwin Award) more

You too can find hidden spy cameras. more

Personal Alert: Home Sellers Eavesdropping on Buyers

You never want to reveal too much enthusiasm when home shopping. But now many are giving away their hand before they ever get inside. more

NSA Tells Mobile Users Beware of Find-My-Phone

Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users

And don't forget to limit ad tracking. Advisory contains a host of recommendations.

The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps.

“Location data can be extremely valuable and must be protected,” an advisory published on Tuesday stated. “It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.” more

How to Hide from Drones in the Age of Surveillance

Drones of all sizes are being used by environmental advocates to monitor deforestation, by conservationists to track poachers, and by journalists and activists to document large protests. As a political sociologist who studies social movements and drones, I document a wide range of nonviolent and pro-social drone uses in my new book, “The Good Drone.” I show that these efforts have the potential to democratize surveillance...

...it’s time to think about how many eyes are in the sky and how to avoid unwanted aerial surveillance. One way that’s within reach of nearly everyone is learning how to simply disappear from view.

How to disappear

The first thing you can do to hide from a drone is to take advantage of the natural and built environment.  more tips 

DRONE SURVIVAL GUIDE (with info-graphics)

More Security Scrapbook drone posts