Apple AirTag: Police Official Accused of Stalking

CA - A high-ranking Los Angeles Police Department official has been demoted and is facing the possibility of termination after being accused of stalking a fellow officer with whom he was romantically involved...

The female officer who accused Labrada of stalking contacted Ontario police after she discovered an AirTag — a small tracking device that can be attached to personal items — among her possessions, according to two sources familiar with the case.

A group of officers from a since-disbanded San Fernando Valley gang unit is under investigation for, among other misconduct, allegedly using the devices to track suspects without court authorization...

Ontario police had been investigating the stalking allegations, but the San Bernardino County district attorney’s office said Wednesday it did not have enough evidence to pursue charges against Labrada. more

Prosecutors: Veteran Deputy was Listening in on Jury Deliberations

NY - An Ontario County Sheriff’s Office veteran, Adam Broadwell, pleaded not guilty on Monday to felony charges of eavesdropping, possession of an eavesdropping device, and official misconduct. 

Broadwell is accused of listening in on a jury deliberation by using a device specifically designed for eavesdropping.

According to Assistant District Attorney Kelly Wolford, the jury was deliberating a felony case when Broadwell listened in on the conversation. The eavesdropping charges brought against Broadwell relate to his use of a device to enhance the sound of people talking in his area. 

However, Broadwell’s defense attorney, Clark Zimmermann, argued that the device used was a Bluetooth earbud set linked to an Android phone, which does not match the definition of an eavesdropping device. more

Our previous reports on Bluetooth earbud eavesdropping.

The Chatter Phone Eavesdropping Bug, or Santa's Latest Spy Trick

Ken Munro, founder of the cybersecurity company Pen Test Partners, told TechCrunch that chief among the concerns are that the Chatter does not have a secure pairing process to stop unauthorized phones in Bluetooth range from connecting to it...

First, we switched on the Chatter phone, which activates its Bluetooth connection, paired a phone over Bluetooth, then switched off Bluetooth to simulate someone walking the phone out of range. We then paired another phone with the Chatter without hindrance, allowing us to remotely control the Chatter’s audio.

Mattel, which makes the Chatter phone, said the phone “will time out if no connection is made or once the pairing occurs — it is only discoverable within a narrow window of time and requires physical access to the device.” We left the Chatter on and found the Bluetooth pairing process did not time out after more than an hour.

Then, Munro asked what would happen if we called the phone connected to the Chatter. Sure enough, the Chatter rang — loudly — as expected. Then we called the Chatter again, this time without properly replacing its receiver. With the handset off the hook, the Chatter automatically answered the call, immediately activating the handset’s microphone and allowing us to hear ambient background audio. more

 

 

A New "Mobile" Phone - Complete with No Apps

Ever wish you had a mobile phone that would really turn heads?
One where you could call your friends, real or imaginary?
One that would look at you with loving eyes? 

Your past is now your future...  

"I found this thing. Is it a bug?"

At Murray Associates we occasionally receive calls asking, "I found this thing. Is it a bug?"

Usually, the identification is easy:

• it's a piece of electronic jewelry (blinky earring, or pin); 
• an old annoy-a-tron; 
• or Bluetooth tag, like a Tile item finder.

Today, a call comes in from a well-respected private investigator in Boston. He has a corporate client whose employee "found this thing."

She takes a photo, sends it to him, who sends it to us... via low resolution text message...

Rough guess...
A Bluetooth item finder, similar to a Tile, but a Chinese knockoff branded with some corporate logo. Possibly a promotional item?

We later learned it was in her bedroom, mounted to the wall, not found in a covert location. She had pulled it off the wall to take the photo. We did not receive a photo of the mounting piece, or a mention of its placement.

Later we eventually received a photo of the flip side...

Hummm... not too helpful, but no evidence of on the front of a pinhole for video, or a microphone on the circuit board. No battery seen, but the two large solder tabs and circles on the circuit board indicate there is a battery on the other side of the board.

Why would someone mount something like this on a bedroom wall?!?!

One possibility emerged... "How to find your lost iPhone with Tile."

Nope. Tiles have their logo on them. Ours looks different.

Another possibility... Yahoo changed their logo last Fall.

Could they have sent out a promotional "Tile" with their newly designed exclamation point logo on it?

Close, but no prize.

Okay, let's start fresh.
Say, the Tile is a MacGuffin.
Look elsewhere.

What other wall-warts do we know of?
HVAC sensors, for one.

Google search....

Ah ha.... that's what this thing is. 
Case closed.

This was a good investigative process refresher for us, and a thing we will all remember next time "this thing" shows up.

Extra Credit:

• If you find a thing and think it's a bug, read this.
• To learn about the other Thing—the famous spy eavesdropping device—read this.

~Kevin

Now Santa's Toys Know if You Are Naughty or Nice

Christmas is over, which means there may be a few extra toys for children in the house.

Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.

...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more

Security Director IT Alert: New Corporate Network Attack Vulnerability

Called BleedingBit, this vulnerability impacts wireless networks used in a large percentage of enterprise companies. 

Two zero-day vulnerabilities in Bluetooth Low-Energy chips made by Texas Instruments (and used in millions of wireless access points) open corporate networks to crippling stealth attacks.

Adversaries can exploit the bugs by simply being approximately 100 to 300 feet from the vulnerable devices. A compromised access point can then lead to an attacker taking control of the access point, capturing all traffic, and then using the compromised device as a springboard for further internal attacks.

The issue impacts Wi-Fi access points made by Cisco, Cisco Meraki and Hewlett-Packard Enterprise’s Aruba, accounting for a large percentage of hardware used in corporations, according to researchers at Israeli security firm Armis. The firm discovered the two bugs earlier this year and publicly disclosed them on Thursday.

“Attacks can be devastating and carried out by unauthenticated users who can exploit these bugs and break into enterprise networks undetected while sitting in the company’s lobby,” said Ben Seri, head of research at Armis.

...there is concern that the BleedingBit vulnerabilities could impact a larger universe of BLE devices, such as smart locks used in hotel chains and point-of-sale hardware.

Last year, Armis discovered a nine zero-day Bluetooth-related vulnerabilities, dubbed BlueBorne, in Bluetooth chips used in smartphones, TVs, laptops and car audio systems. The scale of affected devices was massive, estimated to impact billions of Bluetooth devices. more

Recommendation: If your company uses devices made by the manufacturers mentioned, contact them for software patches. ~Kevin

New Clickless Bluetooth Attack - Billions of Devices Vulnerable

Researchers have devised an attack that uses the wireless technology to hack a wide range of devices, including those running Android, Linux, and, until a patch became available in July, Windows.

BlueBorne, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. Virtually any Android, Linux, or Windows device that hasn't been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet. It doesn't require device users to click on any links, connect to a rogue Bluetooth device, or take any other action, short of leaving Bluetooth on. The exploit process is generally very fast, requiring no more than 10 seconds to complete...

"Just by having Bluetooth on, we can get malicious code on your device," Nadir Izrael, CTO and cofounder of security firm Armis, told Ars. "BlueBorne abuses the fact that when Bluetooth is on, all of these devices are always listening for connections."
Patch now, if you haven't already. more

Bose Knows... what you're listening to.

At least that's the claim of a proposed class-action lawsuit filed late Tuesday in Illinois that accuses the high-end audio equipment maker of spying on its users and selling information about their listening habits without permission.

The main plaintiff in the case is Kyle Zak, who bought a $350 pair of wireless Bose headphones last month. He registered the headphones, giving the company his name and email address, as well as the headphone serial number. And he download the Bose Connect app, which the company said would make the headphones more useful by adding functions such as the ability to customize the level of noise cancellation in the headphones.

But it turns out the app was also telling Bose a lot more about Zak than he bargained for. more

The Zak attack is a cautionary tale. Perhaps we should all create alter egos to nullify this type of privacy invasion. ~Kevin

German Parents told to Destroy Cayla

An official watchdog in Germany has told parents to destroy a talking doll called Cayla because its smart technology can reveal personal data.

The warning was issued by the Federal Network Agency (Bundesnetzagentur), which oversees telecommunications.

Researchers say hackers can use an insecure bluetooth device embedded in the toy to listen and talk to the child playing with it.

Manufacturer Genesis Toys has not yet commented on the German warning. more

Gang Using Spy Cam, Bluetooth for Exam Paper Leaks Busted

India - Police have busted a New Delhi-based gang involved in assembling spy cameras and bluetooth devices in undergarments and shirts to facilitate question paper leaks in important competitive exams across the country.

...the accused used to assemble spy cams and bluetooth devices in shirts, briefs and vests, mobile hardware kits, and other equipment to get the question papers leaked out from the exam centres...

...the kit included an android smartphone which was connected with a spy cam in cuff of a shirt. The question paper was clicked by some candidate or a staff member through spy camp and smuggled outside the examination centre through drop box application.

The paper was then distributed through e-mails or WhatsApp to a team of six to eight teachers, who solved the paper. The candidates, who paid for the solved paper, were given a bluetooth ear device which did not require mobile handset and acted just as receiver. The accused had assembled a set with 40 mobile phones through which the answers were dictated to the candidates... more

Handy Bluetooth Store and Forward Mini Microphone (OK, who said bug?)

A new device is aiming to do for audio recording what the GoPro did for video recording. The Instamic is a small, self-contained, high-quality sound recorder. It is aimed at musicians, filmmakers, journalists, bloggers and other people who need a simple and effective means of capturing sound.


There are two versions of the Instamic: the Go and the Pro. Both offer mono and dual mono recording, with the Pro boasting stereo recording as well. The Pro is also waterpoof up to 5 ft (1.5 m) for a maximum three hours (in accordance with IP68), whereas the Go is only splash-proof. Other than those differences, the models are pretty much identical.

They each provide ultra-low power digital signal processing, with a sample rate of 48 kHz and a 24-bit bitrate. Their microphones capture between the frequencies of 50 and 18,000 Hz, with a reasonable signal-to-noise ratio of 67 dB and and maximum sound pressure level of 120 dB. more

The Top Cyber Espionage Devices You Don't Want to See

... unless you are using them.

The Pwn Plug Academic Edition is the Industry’s First Enterprise Penetration Testing Drop Box

• Wireless (802.11b/g/n) high gain Bluetooth & USB Ethernet adapters
• Fully-automated NAC/802.1x/Radius bypass
• One-click EvilAP, stealth mode & passive recon

The Pwn Plug Academic Edition acts as a penetration testing drop box that covers most of a full-scale pentesting engagement, from physical-layer to application layer. The Pwn Plug Academic Edition is controlled through a simple web-based administration and comes preloaded with an array of penetration testing tools and Wireless, Bluetooth, and USB Ethernet adapters.
 

The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor.

• Onboard high-gain 802.11a/b/g/n wireless
• Onboard Bluetooth
• External 4G/GSM cellular
• Greatly improved performance and reliability

The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor. With onboard high-gain 802.11a/b/g/n wireless, onboard Bluetooth, external 4G/GSM cellular, ruggedized case design, and greatly improved performance and reliability, the Pwn Plug R3 is the enterprise penetration tester’s dream tool. 

The MiniPwner
The MiniPwner is described as a penetration testing “drop box”. You (or maybe a cleaner you’ve bribed) needs to plug it into an Ethernet plug in the target’s building, and then you can slurp all the data out of their network via a wifi link.

The penetration tester uses stealth or social engineering techniques to plug the MiniPwner into an available network port. (common locations include conference rooms, unoccupied workstations, the back of IP Telephones, etc.)
Once it is plugged in, the penetration tester can log into the MiniPwner and begin scanning and attacking the network. The MiniPwner can simultaneously establish SSH tunnels through the target network, and also allow the penetration tester to connect to the MiniPwner via Wifi. 


WiFi Pineapple Mark V
Slightly larger than a smartphone the WiFi Pine-apple Mark V is the “ultimate” cyber surveillance device. It uses an “intuitive” web interface to enable hackers to break into a corporate’s IT networks through its wifi connections. It costs $100. 

USB Switchblade
The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc.

A gadget that looks like a USB stick has a program that swings into action when it’s inserted into the USB drive and can then begin its naughty work without the user knowing it by exploiting a flaw in USB autorun settings. How about dropping it in the car park of your target’s offices, seeing if someone will pick it up and plug it in to see what’s on it… 

USB 8GB Flash Drive Cufflinks

The thing about these is that the bad guy can carry a load of malware, ready for use at any time. These go for less than $50. Easy to smuggle in. 

The Rubber Ducky
The Rubber Ducky is becoming the “field-weapon of choice” for cyber spies. It’s the size of a normal USB stick but when you plug it in to a PC it pretends to be a keyboard and starts ‘typing’ away, possibly trying to break into systems or maybe stealing passwords.  If you get a few seconds alone with someone’s phone you can get an adapter to plug it in and maybe hack that too. (The last five items courtesy of Financial News.)

No more, "Gee, I thought you said..." — Record Your Cell Phone Calls

Here's a useful item for PIs, Security and LEOs — a way to document important cell phone calls, without app sapping charges. No more, "Gee, I thought you said..." 

Recording Cell Phone conversations using apps is not possible on iPhone, Droid or BlackBerry without paying per minute charges. The Call Mynah Cell Phone Recorder gives you complete control of Recording Cell Phone Calls. You decide to Record Mobile Phone Calls or not, set up your Call Mynah to Record Cell Phone (all calls) or only as you choose.

• 340 hours of Cell Phone Recording storage
• Connects to any mobile phone via Bluetooth to create a simple Cell Phone Call Recorder
• Automatically Record Cell Phone Calls (manual recording options too)
• Saves all Cell Phone Records, call details (date, time, number, duration, call type)
• Add comments to calls and flag as 'Important'
• Upload calls to your PC for easy management (software supplied)
• 150 Hours standby, 8 hours talking before battery charge
• Call recording warn tone or prompt can be sent to callers (optional)
• Handset, Speakerphone or Headset (supplied) operation
• Security features to prevent unauthorized listening to your calls (more)

Blue Bugging - An old topic and growing problem

When you pair your smart phone with your vehicle's audio system and leave that connection open, you may become the target of Blue-bugging.

"They have paired their car and they leave their Bluetooth pairing open and then they get out of the car…they come out of the car and go to a store or something like that and the Bluetooth capability is still on," explains Mike Rohrer with the Arkansas Better Business Bureau.

The BBB advises you switch your Bluetooth into "Not discoverable" mode when you aren't using it…especially in crowded, public places.

Always use at least eight characters in your pin.

When pairing devices for the first time, do it at home or in the office. And download the latest security updates. (more) (video)

There is also a chapter (Bluetooth® Eavesdropping) devoted to the subject of Bluetooth vulnerabilities in, "Is My Cell Phone Bugged?"

Cell Phone Door Key App?!?!

via Gizmodo.com...

"The UniKey app transmits a Bluetooth signal from the user’s iPhone, Android or BlackBerry smartphone, which is picked up by a paired UniKey deadbolt lock as it is approached by the user. 

All the user has to do when they subsequently reach the door is simply touch the outer surface of the lock, at which point the bolt will electronically withdraw. A touch of the lock can likewise be used to engage it when the user is leaving.

While not having to dig out a key and stick it in the lock may be somewhat convenient, what’s more intriguing is the system’s ability to send, revoke, and limit access to virtual “copies” of the key." (more)

14 Counterespionage Tips for Your Next China Trip

via The New York Times...

When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.

He leaves his cellphone(1) and laptop(2) at home and instead brings “loaner” devices(3), which he erases(4) before he leaves the United States and wipes clean the minute he returns(5). In China, he disables Bluetooth(6) and Wi-Fi(7), never lets his phone out of his sight(8) and, in meetings, not only turns off his phone(9) but also removes the battery(10), for fear his microphone could be turned on remotely. 

He connects to the Internet only through an encrypted(11), password-protected(12) channel, and copies and pastes his password from a USB thumb drive(13). He never types in a password directly(14), because, he said, “the Chinese are very good at installing key-logging software on your laptop.” 

What might have once sounded like the behavior of a paranoid is now standard operating procedure for officials at American government agencies, research groups and companies that do business in China and Russia... (more)

$250 million “Bluetooth Jacking” Scam Ring Busted

The video above is a scam known as the “Bluetooth Jacking” scam, where the criminal takes your cellphone’s ID via a bluetooth device, and they force your phone to call a high premium phone line where you get charged by the minute. The criminal may get away with $20 – $50 before you realize what happened.

The crime is not just for low level criminals, an even more sophisticated type of scam actually clones your entire phone and allows the criminals to make calls to International numbers and could possibly take your identity. The Secret Service just busted a ring of people pulling off this kind of crime.

On February 1, the U.S. Attorney for the Southern District of New York announced charges against 12 defendants for participating in a $250 million cell phone cloning scheme. (more)

Spybusters Tip #416: Keep your Bluetooth turned off when you are not using it.

Wireless Cell Phone Recorder ...doubles as wiretap

The device puts the end user in complete control over when, where, and how calls are recorded. Recording telephone conversations has never been easier or more efficient.

This digital voice recorder comes packed with every feature imaginable. The user simply wirelessly pairs their existing mobile phone via Bluetooth and the Cell Corder handset is used in place of the mobile phone.

With 150 hours of standby time and 8 hours of talk time the Cell Corder handset can be used within 10 meters (30 feet) of the user’s mobile phone while recording every detail from both sides of the conversation to the Caller ID information along with time, date, and call duration. And with a huge recording capacity of up to 340 hours, the unit memory will take quite some time to fill up. (more) (sing-a-long)

Handy, but imagine this in an office setting where the boss (or any employee of interest) uses a mobile phone for confidential calls. If someone has a few seconds to pair this up with their phone. Instant wiretap.

Tips:

• Always password protect your phone.

• Never let it out of your possession.

• Check your Bluetooth settings periodically. Know what you are connected to.

• If the IT department supplies you with a new company phone, reinstall the software yourself before using it.

The Car Whisperers

With a modest amount of expertise, computer hackers could gain remote access to someone's car -- just as they do to people's personal computers -- and take over the vehicle's basic functions, including control of its engine, according to a report by computer scientists from UC San Diego and the University of Washington.

Although no such takeovers have been reported in the real world, the scientists were able to do exactly this in an experiment conducted on a car they bought for the purpose of trying to hack it. Their report, delivered to the National Academy of Sciences' Transportation Research Board, described how such unauthorized intrusions could theoretically take place.

Because many of today's cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features -- like the car locks and brakes -- as well as to track the vehicle's location, eavesdrop on its cabin and steal vehicle data, the researchers said. They described a range of potential compromises of car security and safety. (more) (research paper) (the other car whisperers)