FutureWatch: New Mobile App Fends off Espionage Attacks

Innovative technology from the Karlsruhe Institute of Technology (KIT) and the FZI Research Center for Computer Science can put an end to espionage on our cell phones.....

For example, it is possible to give apps wrapped in AVARE access to the contacts in the address book, but not to all of the stored information...

In addition, AVARE can extend the location information to a radius of several kilometers and disguise the exact location. Thus, a weather app can continue to provide reliable forecasts without knowing the exact location of the user...

The AVARE code is available as open source software on the AVARE website and the scientists hope that their program will be taken up by other developers who will help to extend the current beta version to a version 1.0. more  video (cartoon)

The Bose Knows... legally

According to a recent decision from a federal district court in Illinois, Bose Corp. may monitor and collect information about the music and audio files consumers choose to play through its wireless products and transmit that information to third parties without the consumers’ knowledge. 

Such action does not violate the federal Wiretap Act or the Illinois Eavesdropping Statute.

As such, the Court granted Bose’s motion to dismiss the plaintiff’s class action claims. more

Corporate Romper Room - Don't Bee a Slack Slacker

More than 10 million people use Slack every day, mostly to communicate with co-workers. The app has gained so much popularity in the five-plus years since its launch that private investors value the company at over $7 billion.

“I love my people, but they never shut up on Slack,” said the CEO of a security company who asked not to be named so he could speak openly about his concerns. “It’s very good for productivity, but the problem is we’re working on security, so we have to be careful about what we say.”

Employees communicate on Slack using “channels” to focus conversations on various topics specific to different departments. It followed corporate chat tools from Microsoft, Google and Cisco as well as a plethora of start-ups, but none gained Slack’s level of adoption or had so much success in pulling workers away from email and into messaging groups. more

Tech-Head Alert: Smartphone Anti-Spyware & Anti-IMSI Catcher Development

We are looking for recommendations of top tier stealthy Spyware Command and Control APKs to place on a testbed of Windows, iOS, Android, Ubuntu handsets and handsets carrying a modded version of the Google Android 7.0 Nougat OS for a test that we wish to conduct to measure the capture rate and automated counter measure response of a mobile adaptive threat defence suite.

We are also looking for a list of non-LE "StingRay" type cellphone-surveillance and cell-site simulators available publicly as part of our testing of our MITM detection, automated counter measures response, and triangulation software suite. more

Neutralizer for Car Infotainment Systems

Privacy4Cars, a mobile app designed to help erase Personally Identifiable Information (PII) from modern vehicles, recently was released as a free download on iOS and Android devices.

The Privacy4Cars app, according to the company, enables consumers and businesses to quickly and efficiently delete personal data retained by modern vehicle infotainment systems. The app was developed by Andrea Amico, an expert in vehicle privacy and cybersecurity.


Privacy4Cars' patent-pending process provides customized, visual step-by-step tutorials to help users quickly erase personal information such as phone numbers, call logs, location history and garage door codes from vehicle infotainment systems. more

Apple Smacks Down Facebook's VPN Spying App

Back in 2013, Facebook acquired Israel-based Onavo, a small mobile analytics company that offered a virtual private network (VPN) app called Onavo Protect. In general, VPN apps seek to give users greater privacy and control around their data by routing traffic through a secure network. In this case, Onavo Protect started sending all that user data back to the Facebook mothership...

In its ongoing quest to protect user privacy, Apple just told Facebook to pull Onavo Protect from its App Store. more

Android Alert: Surveillance Malware Infects Telegram App

A new family of malware capable of comprehensive surveillance is targeting Android devices through the encrypted messaging app Telegram, according to research from antivirus vendor ESET.

The malware – which has mostly been distributed in Iran – ensnares its victims by posing as an application pledging more social media followers, bitcoin, or free Internet connections, according to ESET. Once downloaded, the malware can carry out surveillance tasks ranging from intercepting text messages to recording audio and screen images from devices, ESET researcher Lukas Stefanko explained in a blog post.

Each compromised device is controlled via a bot that the attacker commandeers via Telegram, which recently boasted 200 million monthly users.

“Attackers can control victimized devices by simply tapping the buttons available in the version of the malware they are operating,” Stefanko wrote.

Such nefarious programs have been knocking on Google Play’s door in droves: With the help of machine learning, security specialists removed 700,000 malicious apps from the store last year. more

World's First Ultrasound 'Firewall' for Smartphones

Scientists have developed the first ultrasound-firewall that can prevent hackers from eavesdropping on hidden data transmission between smartphones and other mobile devices.

The permanent networking of mobile devices can endanger the privacy of users and lead to new forms of monitoring. New technologies such as Google Nearby and Silverpush use ultrasonic sounds to exchange information between devices via loudspeakers and microphones.

More and more of our devices communicate via this inaudible communication channel. Ultrasonic communication allows devices to be paired and information to be exchanged. It also makes it possible to track users and their behavior over a number of devices, much like cookies on the Web. Almost every device with a microphone and a loudspeaker can send and receive ultrasonic sounds. Users are usually unaware of this inaudible and hidden data transmission.

Researchers from the St Polten University of Applied Sciences in Austria has developed a mobile application that detects acoustic cookies, brings them to the attention of users and if desired, blocks the tracking. The app is, in a sense, the first available ultrasound-firewall for smartphones and tablets... more

How Domestic Abusers Use Smartphones to Spy on Their Partners

There’s more creepy spyware out there than you think — and regulating it is a legal and technological challenge.

More and more people who commit violence against their intimate partners are using technology to make their victims’ lives worse...

News media, academic researchers, and victim advocates have long acknowledged the threat of spyware in domestic abuse situations. But our research (conducted with our students) brings to light the ease with which spyware can be deployed by abusers, and the broad scope of software usable as spyware...

Installing powerful spyware is just a few clicks away. Search on the web for “track my girlfriend” and you’ll find plentiful links to software, how-to guides, and forums all aimed at making it easy for abusers to spy on victims. (Protection advice is also available.) All the tools an abuser needs are present on Google and Apple’s app stores; installation is as simple as grabbing the victim’s device, typing the password (possibly stolen), and downloading an app. Many such apps require a fee, but in some cases, you can spy free of charge.

And our research shows that current anti-malware programs most often don’t identify such software as problematic. (ours does) more

Click the "our research" link above for the research paper. ~Kevin

Beware the Venmo

Nicole found out the guy she was dating was already in a committed relationship. Abby learned that her ex had most likely hooked up with someone new, and Ben discovered that a long-ago casual fling had apparently developed a drug habit.

The sleuthing tool that cracked these relationship mysteries was not a private investigator, but the peer-to-peer payment app Venmo.

The mobile payment service, which processed more than $35 billion in payments last year, is a no-fuss solution for splitting the dinner bill after a night out with friends.

But Venmo users have found it’s also an extremely effective tool for keeping tabs on friends, partners and exes, researching crushes, and in some cases, uncovering infidelity. Some even say Venmo is a better method for watching people than more explicitly public social media platforms like Facebook or Instagram.

Some users seem to forget that their transactions are public by default, and their payment activity provides an unfiltered paper trail of what’s really happening in their lives. more

Is Facebook Eavesdropping? A "Scientific" Test & A Possible Explanation

(no spoilers, just teasers)
 
+++++

Testing the long-held belief that Facebook listens to your conversations to advertise stuff...

For years, people have speculated that Facebook and Facebook Messenger use your phone’s microphone to listen to your conversations and send you targeted adverts based on your IRL chats...

To put the rumor to rest, we at the New Statesman engaged in a very scientific test. Each employee had a scripted conversation in front of their phone with Facebook or Messenger open (after changing their settings to ensure that Facebook and Facebook Messenger had access to their microphones)...

Here's what went down... more

+++++

Facebook Really Is Spying on You...

A conspiracy theory has spread among Facebook and Instagram users: The company is tapping our microphones to target ads...

“Facebook does not use your phone’s microphone to inform ads or to change what you see in News Feed,” says Facebook.

Yeah, sure, and the government swears it isn’t keeping any pet aliens at Area 51. So I contacted former Facebook employees and various advertising technology experts, who all cited technical and legal reasons audio snooping isn’t possible... more

Tinder Hackers May Find Out How Desperate You Are

Eavesdroppers could be able to peek in on mobile flirts.

A lack of security protections in Tinder's mobile app is leaving lonely hearts vulnerable to eavesdropping.

That's according to security biz Checkmarx this week, which claimed Android and iOS builds of the dating app fail to properly encrypt network traffic, meaning the basic actions of peeps looking to hookup – such as swipes on profiles – could be collected by anyone on the same Wi-Fi or carrying out similar snooping. more

Stop Your Apps from Spying on Your TV Viewing

That innocent-looking mobile game you just downloaded might just have an ulterior motive. Behind the scenes, hundreds of different apps could be using your smartphone's microphone to figure out what you watch on TV, a new report from The New York Times reveals...

Basically, a bunch of apps with innocuous names like "Pocket Bowling 3D" include extra software that's designed to listen for recognizable audio from your TV, including specific shows and commercials...

All of these apps need to get your permission before they can record in the background. So the easiest way is just to deny that permission. However, it's possible that you might approved the request without realising it, or your kid might do it while playing with your phone. In that case, switching it off is pretty easy...

Just head into Settings on your device and check the permissions for the app in question. If the app has microphone access when it doesn't need to (why would a bowling game need to use your microphone?), just toggle that permission off. more

The Catch Santa in the Act App, by Snowden?!?!

Earlier this year, NSA whistleblower Edward Snowden met with Jacqueline Moudeina, the first female lawyer in Chad and a legendary human rights advocate... 

Snowden told Moudeina that he was working on an app that could turn a mobile device into a kind of motion sensor in order to notify you when your devices are being tampered with.

The app could also tell you when someone had entered a room without you knowing, if someone had moved your things, or if someone had stormed into your friend’s house in the middle of the night.

Snowden recounted that pivotal conversation in an interview with the Verge. “She got very serious and told me, ‘I need this. I need this now. There’s so many people around us who need this.’”

Haven, announced today, is an app that does just that. Installed on a cheap burner Android device, Haven sends notifications to your personal, main phone in the event that your laptop has been tampered with.

If you leave your laptop at home or at an office or in a hotel room, you can place your Haven phone on top of the laptop, and when Haven detects motion, light, or movement — essentially, anything that might be someone messing with your stuff — it logs what happened. It takes photos, records sound, even takes down changes in light or acceleration, and then sends notifications to your main phone.

None of this logging is stored in the cloud, and the notifications you receive on your main phone are end-to-end encrypted over Signal. more

Eavesdropping App Lawsuit Allowed to Proceed

A federal judge denied the Golden State Warriors’ motion to dismiss an amended lawsuit 
alleging that the NBA champions recorded private conversations through their mobile app.

Jeffrey White, a judge for the Northern District of California, originally dismissed the class action complaint, which was filed by New York resident LaTisha Satchell last year, but ruled recently that the revised suit can proceed against the Warriors and beacon-technology company Signal360 for a possible violation of the Wiretap Act. more

Intelligence Bureau to Soldiers – Delete These Apps

India - In a fresh advisory issued to the troops posted at the international border, the Intelligence Bureau (IB) has warned that China could be collecting vital information about the Indian security installations through its popular mobile phone apps and devices...

The IB advisory contains a list of about 42 popular Chinese apps, including: WeChat, Truecaller, Weibo, UC Browser and UC News, which pose a grave threat to India's security. more

Buy an App - Bug a Phone

Commercial spying apps for Android devices are being openly advertised on Google and – upon installation – can be used to snoop on text messages, calls and Facebook chats.

While they are advertised as a way for parents to keep track of their children, or businesses to watch employees, experts warn they could be used for more nefarious – potentially illegal – purposes. According to security firm Kaspersky Lab, the popularity of such services is spiking.

Now, there is often no need for the dark web or sophisticated hacking attacks – surveillance software can be quickly discovered with a simple Google search and purchased online for well under £100 ($133.00)...

One company, FlexiSpy, was even advertising 20% off its services for 2017's Black Friday. more

There is also an app to detect this.

Eavesdropper: The coding mistake that may be in your phone.

A simple coding error made in hundreds of apps may have exposed as many as 180 million smartphone users to having their text messages and phone conversations intercepted by hackers, security researchers warned.

The warning comes from experts at the cybersecurity firm Appthority, who spotted an error plaguing as many as 685 mobile apps—including one used for secure communications by a federal law enforcement agency...

The issue, which has been dubbed Eavesdropper...

Eavesdropper is an especially troublesome problem for a number of reasons. First, most users are likely unaware of what API their mobile apps use to handle certain features like texts and calls so it is unlikely the average person would be able to spot if an app they are using is vulnerable. more

End-to-End Encryption App for Business Customers

End-to-end encrypted messaging app Wire has introduced a version of its service for business customers...

Wire CEO Alan Duric told ZDNet that the company had 300 firms on the Teams pilot and that businesses were using the service for their top managers or M&A teams and issues like crisis communications.

Wire is also eyeing the Internet of Things, arguing that end-to-end encryption could be applied to messages to devices as well as chats with your colleagues.

"There is quite a bit of awareness that industrial espionage is not a myth and that they need to protect their data," he said. more

Google 500+ Spy Apps - Update

Google has removed over 500 apps that included mobile games for teenagers from its Play Store on account of a spyware threat.

The decision came after US-based cyber-security firm Lookout discovered more than 500 apps that could spread spyware on mobile phones, Fortune reported late on Wednesday.

According to Lookout, the apps used certain software that had the ability to covertly siphon people's personal data on their devices without alerting the app makers.  more