|
Showing posts with label App. Show all posts
Showing posts with label App. Show all posts
Wednesday, April 29, 2020
New Spy Podcast
Tuesday, April 7, 2020
Taiwan Joins Canada & More in Banning Zoom
Malaysia - The National Security Council (NSC) has warned that hackers could be listening to their conversations amid increasing use of video conferencing applications during the movement control order (MCO) period. more
New York City's education department is directing teachers and staff to “move away from using Zoom as soon as possible” for virtual instruction purposes due to cybersecurity concerns, department spokesperson Danielle Filson said on Saturday. more
Google has banned Zoom from its staffers' devices. Google told its employees last week that it would block Zoom from working on their Google-provided computers and smartphones. This move comes after Taiwan tolds government employees not to use Zoom. Earlier, New York schools told its teachers to "gradually transition" from Zoom to another video-conferencing service. more
Friday, April 3, 2020
Facebook Tried to Buy Controversial Tool to Spy on iPhone Users, Court Filing Reveals
Reported by Motherboard, when Facebook was starting to build its spyware cloaked in a VPN product, Onavo Protect for iOS and Android, the social media company reached out to the controversial company NSO Group that creates spyware for government agencies...
Apple made Facebook remove Onavo Protect from the App Store in August of 2018.
Then in 2019 Facebook repackaged it as a “Research app” and tried to pay teens to sideload it on their devices.
Zoom’s Encryption Is “Not Suited for Secrets” and Has Surprising Links To China, Researchers Discover
Meetings on Zoom, the increasingly
popular video conferencing service, are encrypted using an algorithm
with serious, well-known weaknesses, and sometimes using keys issued by
servers in China, even when meeting participants are all in North
America, according to researchers at the University of Toronto.
The
researchers also found that Zoom protects video and audio content using
a home-grown encryption scheme, that there is a vulnerability in Zoom’s
“waiting room” feature, and that Zoom appears to have at least 700
employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab
— widely followed in information security circles — that Zoom’s service
is “not suited for secrets” and that it may be legally obligated to
disclose encryption keys to Chinese authorities and “responsive to
pressure” from them.
Zoom could not be reached for comment. more
4/15/2020 UPDATE - More top companies ban Zoom following security fears. more
Saturday, March 21, 2020
Surveillance App Reworked for Coronavirus Alerts
Health officials in Britain are building an app that would alert the
people who have come in contact with someone known to have the
coronavirus. The project aims to adapt China’s tracking efforts for
countries wary of government surveillance.
The project is an urgent effort by the British authorities to translate a surveillance tool deployed to fight China’s outbreak into something more palatable in Western democracies. The app is being developed for use in Britain, but could be adapted for other countries, particularly those with similarly centralized health systems, officials said.
The catch... Unlike the smartphone-tracking system used by the Chinese government, the British project would rely entirely on voluntary participation and would bank on people sharing information out of a sense of civic duty. more
The project is an urgent effort by the British authorities to translate a surveillance tool deployed to fight China’s outbreak into something more palatable in Western democracies. The app is being developed for use in Britain, but could be adapted for other countries, particularly those with similarly centralized health systems, officials said.
The catch... Unlike the smartphone-tracking system used by the Chinese government, the British project would rely entirely on voluntary participation and would bank on people sharing information out of a sense of civic duty. more
Friday, January 31, 2020
Five Mile GPS Tracker Doesn't Require Cellular Service
GoFindMe is a real-time GPS tracker that works
without cell service. By built-in GPS & long-range radio technology,
it allows you to stay in touch with people even if your phone fails by
rich handy features such as:
-Real time location tracking
-Send & receive texts, built-in voice and GPS coordinates
-One-button emergency SOS
-Automatic trace record
-Sync up group activity
-Set customized safe zone
-Pin meeting place or home base
-Mesh network to extend connectivity range
more
But what if you can't find it when you need it?
-Real time location tracking
-Send & receive texts, built-in voice and GPS coordinates
-One-button emergency SOS
-Automatic trace record
-Sync up group activity
-Set customized safe zone
-Pin meeting place or home base
-Mesh network to extend connectivity range
more
But what if you can't find it when you need it?
Thursday, January 30, 2020
Facebook Tracks You - You can stop the spying, sort of.
If you’ve ever thought Facebook is listening or watching you when you’re not on the social media site, you are right. ... The Washington Post says Facebook-owned apps like Instagram and Messenger are tracking you, too.
But now developers at the social media giant have rolled out a tool that may stop most of it, or at least tell you how Facebook is spying on users’ daily lives. It’s called off-Facebook activity...
Click the small triangle at the top right of Facebook and go to settings. Then click “Your Facebook Information” on the left column, then select Off-Facebook Activity to manage the information the company gleans from your life. Here you can either manage it or clear the entire history from your account.
But the company also has a caveat. You may clear your current history, but new activity will be shared back to Facebook in the future. more
But now developers at the social media giant have rolled out a tool that may stop most of it, or at least tell you how Facebook is spying on users’ daily lives. It’s called off-Facebook activity...
Click the small triangle at the top right of Facebook and go to settings. Then click “Your Facebook Information” on the left column, then select Off-Facebook Activity to manage the information the company gleans from your life. Here you can either manage it or clear the entire history from your account.
But the company also has a caveat. You may clear your current history, but new activity will be shared back to Facebook in the future. more
 |
| Geez... just like barnacles. |
Tuesday, January 21, 2020
Android Users Beware: These Top Camera Apps May Secretly Be Spying
The latest warning has come from the research team at CyberNews, exposing “camera apps with billions of downloads [that] might be stealing user data and infecting them with malware.”
...But that’s exactly what some of the top beauty camera apps have been found guilty of doing. more
...But that’s exactly what some of the top beauty camera apps have been found guilty of doing. more
- BeautyPlus – Easy Photo Editor & Selfie Camera
- BeautyCam
- Beauty Camera – Selfie Camera
- Selfie Camera – Beauty Camera & Photo Editor
- Beauty Camera Plus – Sweet Camera & Makeup Photo
- Beauty Camera – Selfie Camera & Photo Editor
- YouCam Perfect – Best Selfie Camera & Photo Editor
- Sweet Snap – Beauty Selfie Camera & Face Filter
- Sweet Selfie Snap – Sweet Camera & Beauty Cam Snap
- Beauty Camera – Selfie Camera with Photo Editor
- Beauty Camera – Best Selfie Camera & Photo Editor
- B612 – Beauty & Filter Camera
- Face Makeup Camera & Beauty Photo Makeup Editor
- Sweet Selfie – Selfie Camera & Makeup Photo Editor
- Selfie camera – Beauty Camera & Makeup camera
- YouCam Perfect – Best Photo Editor & Selfie Camera
- Beauty Camera Makeup Face Selfie, Photo Editor
- Selfie Camera – Beauty Camera
- Z Beauty Camera
- HD Camera Selfie Beauty Camera
- Candy Camera – selfie, beauty camera & photo editor
- Makeup Camera-Selfie Beauty Filter Photo Editor
- Beauty Selfie Plus – Sweet Camera Wonder HD Camera
- Selfie Camera – Beauty Camera & AR Stickers
- Pretty Makeup, Beauty Photo Editor & Selfie Camera
- Beauty Camera
- Bestie – Camera360 Beauty Cam
- Photo Editor – Beauty Camera
- Beauty Makeup, Selfie Camera Effects & Photo Editor
- Selfie cam – Bestie Makeup Beauty Camera & Filters
Monday, January 13, 2020
Spybuster Tip #632: Fortify Your Two-factor Authentication
Two-factor authentication is a must, but don't settle for the SMS version. Use a more secure authenticator app instead.
The most popular authenticator apps are Google Authenticator and Authy, but password managers 1Password and LastPass offer the service as well, if that helps you streamline. If you're heavy into Microsoft's ecosystem, you might want Microsoft Authenticator. While they all differ somewhat in features, the core functionality is the same no matter which one you use. more
Thursday, November 21, 2019
Spybuster Tip #734: Don't Store Incriminating Photos on Your Android Phone
This time around, a team of security researchers found a terrifying flaw with the Android camera apps that could let malicious apps completely take control over a phone’s camera to spy on users without their knowledge.
It doesn’t take a genius to know that photos and videos can contain extremely sensitive information, and therefore, you should think twice about giving an app permission to use a camera...
Android camera apps often store photos and videos to an SD card, granting an app permission to storage gives it access to the entire contents of that card, according to the researchers. And the truly terrifying thing is that attackers wouldn’t even need to request access to the camera.
To demonstrate the vulnerability, the team at Checkmarx recorded a proof-of-concept video. Using a mockup Weather app, the team was able to not only take photo and video from a Pixel 2 XL and Pixel 3, it also was able to glean GPS data from those photos.
The team was able to detect when the phone was face down and could then remotely direct the rear camera to take photos and video. Another creepy bit is that attackers could potentially enact a “stealth mode,” where camera shutter noises are silenced and after taking photos, return the phone to its lock screen like nothing happened.
But perhaps most disturbingly, the video demonstrates a scenario where attackers could start recording a video while someone was in the middle of call, record two-way audio, and take photos or video of the victim’s surroundings—all without the target knowing. more
It doesn’t take a genius to know that photos and videos can contain extremely sensitive information, and therefore, you should think twice about giving an app permission to use a camera...
Android camera apps often store photos and videos to an SD card, granting an app permission to storage gives it access to the entire contents of that card, according to the researchers. And the truly terrifying thing is that attackers wouldn’t even need to request access to the camera.
To demonstrate the vulnerability, the team at Checkmarx recorded a proof-of-concept video. Using a mockup Weather app, the team was able to not only take photo and video from a Pixel 2 XL and Pixel 3, it also was able to glean GPS data from those photos.
The team was able to detect when the phone was face down and could then remotely direct the rear camera to take photos and video. Another creepy bit is that attackers could potentially enact a “stealth mode,” where camera shutter noises are silenced and after taking photos, return the phone to its lock screen like nothing happened.
But perhaps most disturbingly, the video demonstrates a scenario where attackers could start recording a video while someone was in the middle of call, record two-way audio, and take photos or video of the victim’s surroundings—all without the target knowing. more
Tuesday, November 19, 2019
WhatsApp? Eavesdropping. That's WhatsApp.
WhatsApp parent company Facebook has issued a warning about a new vulnerability on its hugely-popular chat app, which could let hackers take control of their device remotely and eavesdrop on your every conversation.Facebook has warned users about a potential vulnerability within its WhatsApp chat app that allows cyber-criminals to take control of your device remotely. The security flaw could also allow them to eavesdrop on your conversations.
And if that wasn’t worrying enough, all you’d have to do to let the hackers access your handset is watch a single video... This security flaw affects all versions of WhatsApp, from Windows Phone to iOS. It even includes the enterprise-focused WhatsApp Business. That suggests the issue was found in the underlying code that powers all versions of the chat app...
WhatsApp has closed the loophole with the latest updates to WhatsApp. If you haven’t already got automatic app updates set on your smartphone, you should head to your respective app store and download the latest software to make sure you’re sa
According to Facebook, the potential issue only impacts the following versions of WhatsApp:
fe from attack.
- Android versions of WhatsApp before 2.19.274
- iOS versions of WhatsApp before 2.19.100
- Enterprise Client versions of WhatsApp before 2.25.3
- Windows Phone versions of WhatsApp before and including 2.18.368
- Business for Android versions of WhatsApp before 2.19.104
- Business for iOS versions of WhatsApp before 2.19.100
Wednesday, October 30, 2019
Kettle Gets Called Black... or, Who's Zoomin' Who
Facebook launched a new front in the battle over encryption yesterday by suing the Israeli spyware firm NSO Group for allegedly hacking WhatsApp, its encrypted messaging service, and helping government customers snoop on about 1,400 victims...
The lawsuit marks the first time a messaging service has sued a spyware company for undermining its encryption and it could prompt a slew of suits against companies that have developed encryption workarounds bolstering governments' ability to spy on their citizens. more
The lawsuit marks the first time a messaging service has sued a spyware company for undermining its encryption and it could prompt a slew of suits against companies that have developed encryption workarounds bolstering governments' ability to spy on their citizens. more
Thursday, October 24, 2019
Turning Amazon and Google Smart Speakers into Smart Spies
Researchers at Germany’s SRLabs found two hacking scenarios — eavesdropping and phishing — for both Amazon Alexa
and Google Home/Nest devices. They created eight voice apps (Skills for
Alexa and Actions for Google Home) to demonstrate the hacks that turns
these smart speakers into smart spies. The malicious voice apps created
by SRLabs easily passed through Amazon and Google’s individual screening
processes...
For eavesdropping, the researchers used the same horoscope app for Amazon’s smart speaker. The app tricks the user into believing that it has been stopped while it silently listens in the background. more
For eavesdropping, the researchers used the same horoscope app for Amazon’s smart speaker. The app tricks the user into believing that it has been stopped while it silently listens in the background. more
Monday, October 7, 2019
Signal Users - Time to Patch
A security flaw in the privacy-focused encrypted messaging service
Signal could enable a threat actor to listen to the audio stream
recorded by the Android device of another Signal user, without their
knowledge...The attack does not work with Signal video calls.
The issue was discovered last month by a researcher with Google Project Zero. Signal has already released a patch. more
Tuesday, October 1, 2019
Uber’s Next Big Safety Feature... Eavesdropping
Uber is apparently testing a feature that will allow riders to record audio through the app when they feel unsafe during a ride.
There are a lot of details we don’t know about this feature yet, as Uber hasn’t said anything official about it. more
Thursday, August 29, 2019
Has Your Doctor (or other Professional) Downloaded Apps With Microphone Access?
via Robinson & Cole LLP -
Linn Foster FreedmanAs I always do when talking to people about their phones, I asked them to go into their privacy settings and into the microphone section and see how many apps they have downloaded that asked permission to access the microphone. How many green dots are there? Almost all of them looked up at me with wide eyes and their lips formed a big “O.”...
I am not picking on them—I do the same thing with lawyers, financial advisors and CPAs, and any other professional that has access to sensitive information.
When a professional downloads an app that allows access to the microphone, all of the conversations that you believe are private and confidential are now not private and confidential if that phone is in the room with you. more
Tuesday, July 23, 2019
Android Smartphone Alert: Spearphone Eavesdropping
A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that’s played on speakerphone, including calls, music and voice assistant responses.
A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android devices’ on-board accelerometers (motion sensors) to infer speech from the devices’ speakers.
An acronym for “Speech privacy exploit via accelerometer-sensed reverberations from smartphone loudspeakers,” Spearphone was pioneered by an academic team from the University of Alabama at Birmingham and Rutgers University.
They discovered that essentially, any audio content that comes through the speakers when used in speakerphone mode can be picked up by certain accelerometers in the form of sound-wave reverberations. And because accelerometers are always on and don’t require permissions to provide their data to apps, a rogue app or malicious website can simply listen to the reverberations in real time, recording them or livestreaming them back to an adversary, who can analyze and infer private data from them. more
A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android devices’ on-board accelerometers (motion sensors) to infer speech from the devices’ speakers.
An acronym for “Speech privacy exploit via accelerometer-sensed reverberations from smartphone loudspeakers,” Spearphone was pioneered by an academic team from the University of Alabama at Birmingham and Rutgers University.
They discovered that essentially, any audio content that comes through the speakers when used in speakerphone mode can be picked up by certain accelerometers in the form of sound-wave reverberations. And because accelerometers are always on and don’t require permissions to provide their data to apps, a rogue app or malicious website can simply listen to the reverberations in real time, recording them or livestreaming them back to an adversary, who can analyze and infer private data from them. more
Apple Watch Walkie-Talkie is Fixed
The latest release fixes a security flaw in the Walkie-Talkie app that could potentially allow users to listen in on others’ conversations. Apple disabled the app until it could fix the problem, which watchOS 5.3 apparently does. more
Monday, July 15, 2019
Spanish App Works Like Spanish Fly... undercover
Using a Shazam-like technology, the app would record audio to identify soccer games, and use the geolocation of the phone to locate which bars were streaming without licenses. more
Tuesday, July 9, 2019
More Than 1,000 Android Apps Spy... even when you deny permission!
Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don't want a flashlight app to be able to read through your call logs, you should be able to deny that access.But... even when you say no, many apps find a way around: Researchers discovered more than 1,000 apps that skirted restrictions, allowing them to gather precise geolocation data and phone identifiers behind your back...
Google said it would be addressing the issues in Android Q, which is expected to release this year. more
Subscribe to:
Posts (Atom)