Showing posts with label App. Show all posts
Showing posts with label App. Show all posts

Monday, October 7, 2024

Harvard Hackers Turned Meta's Smart Glasses into Creepy Stalker Specs

via The Neuron
A few weeks ago, Meta announced the ability to use its new Ray-Ban Meta glasses to get information about your surroundings. Innocent things, like identifying flowers.

Well, two Harvard students just revealed how easy it is to turn these new smart glasses into a privacy nightmare.

Here’s what happened: students Anhphu Nguyen and Caine Ardayfio cooked up an app called I-XRAY that turns these Ray-Bans into a doxxing machine. We're talking name, address, phone number—all from looking at someone with the glasses.

Here's how it works:
The Ray-Bans can record up to three minutes of video, with a privacy light that's about as noticeable as a firefly in broad daylight.

This video is streamed to Instagram, where an AI monitors the feed.

I-XRAY uses PimEyes (a facial recognition tool) to match these faces to public images, then unleashes AI to dig up personal details from public databases.

Their demo had strangers freaking out when they realized how easily identifiable they were from public online info.
-----I-XRAY Antidote-----

How to Remove Your Information

Fortunately, it is possible to erase yourself from data sources like Pimeyes and FastPeopleSearch, so this technology immediately becomes ineffective. We are outlining the steps below so that you and those you care about can protect themselves.


  1. Removal from Reverse Face Search Engines:

The major, most accurate reverse face search engines, Pimeyes and Facecheck.id, offer free services to remove yourself. 

  1. Removal from People Search Engines

Most people don’t realize that from just a name, one can often identify the person’s home address, phone number, and relatives’ names. We collected the opt out links to major people search engines below:

  1. Preventing Identity Theft from SSN data dump leaks

Most of the damage that can be done with an SSN are financial. The main way to protect yourself is adding 2FA to important logins and freezing your credit below:

Extensive list of data broker removal services

Wednesday, August 14, 2024

FutureWatch: The AI Polygraph, or Who's Zoomin' You

PolygrAI - A Technology That Provides Real-Time Risk Assessment And Sentiment Analysis

How it Works

PolygrAI is a fusion of advanced computer vision algorithms and extensive psychological research designed to discern the validity of human expressions. The software meticulously analyzes a spectrum of physiological and behavioral indicators correlated with deceit. For instance, when a person tells a lie, they might unconsciously exhibit decreased blinking or an erratic gaze—these are the tell-tale signs that PolygrAI detects.

The system vigilantly computes a ‘trustfulness score’ by monitoring and interpreting subtle changes in facial expressions, heart rate variability, and eye movement patterns. This score is adjusted in real-time, offering a dynamic gauge of credibility.

Furthermore, PolygrAI assesses the voice for sudden shifts in tone and pitch—parameters that could betray an individual’s composure or reveal underlying stress. more Lifetime access ($100) for beta testers.
Click to enlarge.




Monday, July 1, 2024

Lawsuit Claim: Shopping App Temu - “Dangerous Malware,” Spying on Your Texts

Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday.

Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place." more

App Slammed for Spying at Popular Nightclubs Using 'Hidden Cameras'

A new app has sparked extreme blowback after enabling users to use cameras to watch partiers at trendy nightclubs and bars across San Francisco.


2night, the startup behind the app, had hoped that the service would promote nightlife in the area, allowing users to check livestreams of the bars and clubs to determine if they had the right vibe.

But bargoers were quick to lash out after they learned that they were being recorded without their permission, with some going so far as to liken the service to 'Big Brother.' more

Thursday, March 21, 2024

Signal App - New Usernames Keeps Cops Out of Your Data

Ephemeral usernames instead of phone numbers safeguard privacy — and makes Signal even harder to subpoena...


Signal is the gold standard for secure messaging apps because not only are messages encrypted, but so is pretty much everything else. Signal doesn’t know your name or profile photo, who any of your contacts are, which Signal groups you’re in, or who you talk to and when...

With the long-awaited announcement that usernames are coming to Signal — over four years in the making — Signal employed the same careful cryptography engineering it’s famous for, ensuring that the service continues to learn as little information about its users as possible. more

Sunday, January 14, 2024

Spybuster Tip #629: Delete Apps that are 'Spying' Using 'One Day Rule'

Security experts have explained how your phone apps track and collect your data even if they remain unused, but there's a handy hack to avoid data harvesting and potential spying...

The rule involves simply deleting one unused app a day which the expert says can massively improve your phone efficiency and free up your storage space. Doing this will help you manage how your data is used and stop it from being harvested...

To delete an app on the iPhone, find the app on your home screen, touch and hold down the icon and tap "Remove app." If you are an Android user, go to the Google Play store, tap the profile icon in the top right, and go to Manage Apps and Devices > Manage. Tap the name of the app you want to delete and choose to uninstall. more

Friday, October 13, 2023

Smartphone Security: Delete These Apps

Smartphone owners have been urged to remove certain apps that could be spying on their activity.

Some of the most popular apps you love and have come to rely on could be posing more of a danger than they're worth. Here's what you need to know. ...some of those apps that you love and have come to rely on could actually be putting you at risk... We’ve (Reader's Digest) collected information about some of the worst offenders so that you can make an educated decision about which apps you trust with your privacy and which ones need to go...

CamScanner
Ana Bera is a cybersecurity expert with Safe at Last. She identified CamScanner, an app meant to imitate a scanner with your phone, as one of the apps consumers should be concerned about. “Cybersecurity experts have found a malicious component installed in the app that acts as a Trojan Downloader and keeps collecting infected files,” she explains. “This kind of app can seriously damage your phone and should be de-installed instantly. Luckily, once you remove it from your phone, it is highly unlikely that it will continue harming you.”

Weather apps
“Check your weather app,” says Shayne Sherman, CEO of TechLoris. “There have been several different weather apps out there that have been laced with Trojans or other malwares.” While the most benign of these claims to take your information purely for weather accuracy, he calls that questionable. “Watch your local forecast instead, and if you have Good Weather, delete it now,” he advises. “That one is especially dangerous.”

Facebook
Look, we all love our social networking apps. But cybersecurity expert Raffi Jafari, cofounder and creative director of Caveni Digital Solutions, says, “If you are looking for apps to delete to protect your information, the absolute worst culprit is Facebook. The sheer scale of their data collection is staggering, and it is often more intrusive than companies like Google. If you had to pick one app to remove to protect your data, it would be Facebook.”

WhatsApp
“This is a call to action for users who may be living under a rock and unaware of the vulnerabilities that were disclosed earlier this year,” says Michael Covington, VP of Product for mobile security leader Wandera. “The vulnerabilities with WhatsApp—both iOS and Android versions—allowed attackers to target users by simply sending a specially crafted message to their phone number. Once successfully exploited, the attackers would be granted access to the same things WhatsApp had access to, including the microphone, the camera, the contact list, and more.”

Instagram
Whatsapp and Instagram are both owned by Facebook, which is part of what makes them all a risk. Dave Salisbury, director of the University of Dayton Center for Cybersecurity and Data Intelligence, says that Instagram “requests several permissions that include but are not limited to modifying and reading contacts and the contents of your storage, locating your phone, reading your call log, modifying system settings, and having full network access.” Plus Nine More

Thursday, June 29, 2023

From the What Goes Around Files: Phone Spy App Hacked

LetMeSpy, a phone tracking app spying on thousands, says it was hacked...

A data breach reveals the spyware is built by a Polish developer hacker has stolen the messages, call logs and locations intercepted by a widely used phone monitoring app called LetMeSpy, according to the company that makes the spyware.

The phone monitoring app, which is used to spy on thousands of people using Android phones around the world, said in a notice on its login page that on June 21, “a security incident occurred involving obtaining unauthorized access to the data of website users​​.”

“As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” the notice read.

LetMeSpy is a type of phone monitoring app that is marketed for parental control or employee monitoring. The app is also specifically designed to stay hidden on a phone’s home screen, making it difficult to detect and remove. Also known as stalkerware or spouseware, these kinds of phone monitoring apps are often planted by someone — such as spouses or domestic partners — with physical access to a person’s phone, without their consent or knowledge. more

Wednesday, May 31, 2023

Delete Alert - Android App iRecorder has Morphed Into Spyware

A screen recording app available in the Google Play store that was installed over 50,000 times functioned normally for months before it started spying on users, researchers say.


The app, iRecorder – Screen Recorder, was first uploaded to the Google Play store on September 19, 2021, according to Lukas Stefanko, a malware researcher with cybersecurity firm ESET.

Stefanko said that the app had no harmful features until a later update changed the code, likely in August 2022. After that date, malicious code allowed bad actors to make secret audio recordings and secretly transfer images, videos, saved web pages, and other files off of devices, according to ESET. 

Anyone who had downloaded the app before August 2022, might still have been exposed if they updated the app manually or automatically. It’s not yet clear if the developer or another actor is responsible for the update that converted the app into a Trojan horse.

The app is no longer available in the Google Play store, TechCrunch reports, but if you already have it on your phone you should uninstall it and clear the app’s files. more

Friday, February 24, 2023

Qphone Claims to Secure Communications

Highly Secure Communications Platform Enables Encrypted, End-to-End Voice, Messaging, and Video


Global Integrity announced the immediate availability of Qphone, a secure communications software platform that encrypts and protects voice, text, and video conversations between mobile devices, laptops, and desktop computers. Supporting iOS and Android, the Qphone app ensures total privacy of communications using end-to-end quantum-resistant encryption.

Every day there are new instances of eavesdropping, corporate espionage, and compromised systems initiated from bad actors, leaving organizations vulnerable,” explained Bill Marlow, CEO of Global Integrity. “Messaging apps and cybersecurity infrastructure available today are mostly compromised in some fashion. Qphone offers a new approach, delivering a native phone app that is easy to use yet highly secure. In short, Qphone makes privacy simple.” more

Friday, December 23, 2022

Eavesdropping & Anti-Eavesdropping Apps

Two new apps to be aware of…

The iEavesdrop app redirects internal microphone, external wired microphone or line input input audio to any Bluetooth audio device such as AirPods so that you can use your phone as a stealth listening device.

Using the correct line input cables, audio from any device such as an external microphone, in-flight entertainment or portable gaming device can be routed to your AirPods or other Bluetooth device. iEavesdrop will work with all iOS devices.

THIS APP CAN ALSO BE USED FOR MANY OTHER PURPOSES SUCH AS A BABY MONITOR, HEARING AID OR ANY OTHER APPLICATION THAT REQUIRES YOU TO LISTEN IN OR ROUTE MICROPHONE AUDIO TO A BLUETOOTH DEVICE.
(iOS)


———


(ANDROID)

About this app...
Ever thought someone might eavesdrop through your smart phone? Skewy is a privacy protection method, which is more than just a software setting. With Skewy you can mask your conversation with a simple – yet effective method. Simply making the audio data picked up by your phone unusable. Additionally, Skewy can detect ultrasonic signals to indicate the presence of device tracking technologies.

Wednesday, October 19, 2022

Police Use New Tool to Track People Without a Warrant

Government agencies and private security companies in the U.S. have found a cost-effective way to engage in warrantless surveillance of individuals, groups and places: a pay-for-access web tool called Fog Reveal.

The tool enables law enforcement officers to see “patterns of life” – where and when people work and live, with whom they associate and what places they visit. The tool’s maker, Fog Data Science, claims to have billions of data points from over 250 million U.S. mobile devices. more

Sunday, June 5, 2022

FutureWatch: An App to Find Wi-Fi Spycams & More

Hidden IoT devices are increasingly being used to snoop on users in hotel rooms or AirBnBs. We envision empowering users entering such unfamiliar environments to identify and locate (e.g., hidden camera behind plants) diverse hidden devices (e.g., cameras, microphones, speakers) using only their personal handhelds.

Imagine a user walking into an unfamiliar environment such as a hotel room or Airbnb. Nowadays, the user has to be wary of wireless Internet-of-Things (IoT) devices being used to spy on them. These devices could be installed by the owner or by a previous guest. This threat is not just hypothetical...

...we want to empower users so that as they enter an unfamiliar space, they can run an app on their personal handheld (e.g., phone or tablet). This app would report a list of detected and identified devices and their corresponding locations. 

“Detect,” here, means knowing that there is some device (i.e., binary notification), “identify” entails knowing what type of device it is (e.g., type=camera), and “localize” entails knowing the device’s location in the physical space (e.g., behind the plants). While cameras in particular are imminent privacy threats, in general we want to detect/identify and localize diverse hidden IoT devices, as these could also be potential threats for tracking users. more

Friday, August 27, 2021

Controversial Tool That Lets Kids Spy on Their Parents

A new tool that may give one or two parents -- and many, many kids -- pause for thought.

It's called Parent Track and it's the mindchild of environmentally caring soap brand Gelo.

The idea is that kids can install the Parent Track ad tracker onto their parents' devices. This will, well, guilt them into not buying environmentally questionable products and drive them to eco-positive awareness tools...

Not everyone will be positively moved by the message Gelo sends when a parent's device is signed up. 

It reads: "You just signed up this device, allowing us to follow your parents around the internet, reminding them to quit single-use plastics for good. By doing so, you set them on a more sustainable path and may very well have saved the planet. Our thanks just don't feel like enough."

Perhaps more parents buying Gelo products -- so that Gelo would make more money -- would feel like enough. more

Monday, March 8, 2021

Privacy and the Clubhouse App

Clubhouse might be the hottest app that's not even publicly available yet, but privacy issues are already being discussed online. Some of the people who are particularly upset? Those who say they have profiles without even having used the app before...

Clubhouse reportedly requests access to your phone's contacts, under the pretense that you can connect with other users of the social network. But people are claiming that Clubhouse takes information from your contact list and builds "shadow profiles" of people who have never signed up...

If you allow Clubhouse to use your contact list, the app then reportedly has access to your contacts' names, phone numbers and how many friends they have on Clubhouse. But that's not all. Privacy advocates note Clubhouse records voice chats of the virtual rooms, which also doesn't sit well with some current users of the app.

Clubhouse's Community Guidelines states: "Solely for the purpose of supporting incident investigations, we temporarily record the audio in a room while the room is live." more

More privacy considerations...
Clubhouse app technology runs on the platform of Agora.io, an audio tech startup in Shanghai, China.

• Voice recordings may be paired with personal account details, and transferred into a government dossier for future voice identification surveillance purposes.
• What is said using the app may not be very private given hackers, lurkers and government interests. Not a good way to communicate confidentially.

“I refuse to join any club that would have me as a member” Groucho Marx

 

Monday, December 14, 2020

Exercise Like Your Walter Mitty Secret Agent Life Depended On It

via Justin Harper, Business reporter, BBC News, Singapore

I was the hero in my very own spy story, speeding from one checkpoint to another to foil the bad guys.

The plot came from a running app called Running Stories, which casts you as a secret agent in a story playing out with a heart-thumping soundtrack.

It is one of the latest apps designed to make exercise more entertaining, using real-time data that integrates the plot with your surroundings.

Key events in the storyline are triggered when a runner passes specific GPS markers and landmarks.

From being shot at by snipers to racing to catch a speedboat along the river, the plot kept me engaged and burned plenty of calories. more



Friday, August 7, 2020

National Security Concerns — Executive Orders Against TikTok

President Trump issued two executive orders late Thursday against China-based TikTok and messaging app WeChat, citing national security concerns in a sweeping order that could prevent the companies from doing most business in the United States....

“This data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information — potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage,” the TikTok order reads. more

Monday, August 3, 2020

Block TikTok, or Microsoft to the Rescue

U.S. Secretary of State, Mike Pompeo, claimed that TikTok sends user data to China, exerting pressure on the video-sharing social networking service. Pompeo brought attention to the fact that if personal information flows across a Chinese server, it will eventually end up in the hands of the Chinese Communist Party which he calls an “Evil Empire”.

TikTok has denied U.S. allegations but a report by cyber experts at ProtonMail says otherwise. The report is more a warning as it states – “Beware, the social media giant not only collects troves of personal data on you, but also cooperates with the CCP, extending China’s surveillance and censorship reach beyond its borders.” more

In other news...
Microsoft said Sunday it will continue talks to buy short-form video app, TikTok after its chief executive spoke with President Trump, following a weekend of uncertainty clouding the future of the Chinese-owned app. more

Connect the Dots...
When Microsoft bought Skype, Wired Magazine noted, "The Skype client itself is written almost as if it were a piece of malware, using complex obfuscation and anti-reverse engineering techniques, and it would be disquieting for Microsoft to release something that behaved in such a shady way; at the very least, the client would surely have to be rewritten to avoid the obfuscation and outright hostility to managed networks that Skype currently has... Ultimately, it's hard to see how the Skype purchase is worthwhile from a technology or user-access perspective. The technology isn't good enough and the users aren't lucrative enough or plentiful enough to justify it. more

Pure Conjecture Disguised as Analysis...
Microsoft already had Windows Live Messenger. Did it really need Skype? Skype you might recall was a predominately Estonian-based encrypted platform. It was giving governments fits worldwide. Then, in 2011, Microsoft bought it. Guess what happened.

TikTok, it appears, is also giving government fits. Who ya gonna call?

Wednesday, July 15, 2020

The Atlas of Surveillance

Documenting Police Tech in Our Communities. 

Explore 5,300 datapoints in the U.S. collected by hundreds of researchers.

TOGGLE the Legend to reveal how each technology is spreading. ZOOM into any region to see the technologies in greater detail. If an area has no markers, it means it hasn't been researched yet.
Click to enlarge. Go to website to explore. Wired article here.

Monday, July 6, 2020

US Court Rules Facebook Widgets can be Considered Wiretaps

After a nine-year-long legal battle, a federal appeals court has ruled that Facebook’s practice of collecting data through its widgets could be considered a violation of anti-wiretapping laws.

The social media firm has long defended its actions by quoting the part of the federal Wiretap Act that defines wiretapping as interception of communications. According to a Gizmodo report, in Facebook’s logic, gathering user data isn’t the same as wiretapping without that active interception.

However, a panel of judges on the 9th Circuit Court of Appeals in the US has dismissed this technicality as it was found that the Facebook widget was collecting information from people who didn’t click on it. Such actions, they ruled, count as interception. more