Webinar Recap! Trade Secrets Audits: Strengthening Your Company’s IP Protection

In our recent webinar, “Trade Secrets Audits: Strengthening Your Company’s IP Protection,” Seyfarth’s Intellectual Property Partner, Lauren Leipold, along with Trade Secret Attorneys Eddy Salcedo and James Yu, shared essential strategies for enhancing IP protection in today’s complex landscape. 

As corporate espionage and data breaches become increasingly prevalent, the session provided valuable insights on effective methods for safeguarding your company’s intellectual assets. Notably, recent developments surrounding the FTC’s Non-Compete Ban—currently stalled in litigation—highlight the pressing need for proactive measures to secure your business against emerging threats.

Key Insights from the Webinar... more

Chinese Language Phone Keyboard Exploits Leave One Billion Users Exposed

We analyzed the security of cloud-based pinyin keyboard apps from nine vendors — Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi — and examined their transmission of users’ keystrokes for vulnerabilities.

Our analysis revealed critical vulnerabilities in keyboard apps from eight out of the nine vendors in which we could exploit that vulnerability to completely reveal the contents of users’ keystrokes in transit. Most of the vulnerable apps can be exploited by an entirely passive network eavesdropper...

Given the scope of these vulnerabilities, the sensitivity of what users type on their devices, the ease with which these vulnerabilities may have been discovered, and that the Five Eyes have previously exploited similar vulnerabilities in Chinese apps for surveillance, it is possible that such users’ keystrokes may have also been under mass surveillance.

Recommendation: We urge users to install the latest updates to their keyboard apps and that they keep their mobile operating systems up to date. We also recommend that at-risk users consider switching from a cloud-based keyboard app to one that operates entirely on-device. more

How to Hunt Down Malware on Mobile Devices

co-authored by Josh Hickman, Subject Matter Expert Collect and Review, Cellebrite

The ubiquity of mobile devices makes them prime targets for malware attacks. Despite the expertise in incident response and malware detection for PCs and Macs, mobile security, on the other hand, often remains uncharted territory for many organizations and users alike. No longer a question of if but when an attack is going to happen, there is a pertinent need for education in identification, resolution and bolstering defences against future attacks.

What Malware Looks Like and How it Gets There

Mobile malware manifests in various forms, from ransomware encrypting data to spyware surreptitiously monitoring activities. Understanding the modus operandi of mobile malware is critical for detection and mitigation efforts...How it lands on a device and what you can do... more

Spybusters Tip #725: How to Find an Apple AirTag Hidden in Your Car

Apple AirTags are useful devices for locating commonly misplaced items like keys and wallets, but they can also be hijacked for more sinister purposes, such as tracking your whereabouts without your knowledge or consent. 

For a rogue AirTag to reveal meaningful surveillance information to its owner, it must be traveling with you: hidden in a pocket, purse, or vehicle you drive regularly. In most cases, Apple should alert you if it detects an unknown AirTag with a notification to your iPhone (or iPad) like "AirTag Found Moving With You." - Turn on AirTag alerts / Find an AirTag in your car... more

Citizens Warned Against Spy's 'Exotic Beauty' Traps

China has warned its citizens against "exotic beauties" seeking to lure them into the hands of foreign spy agencies.

The Ministry of State Security said a Chinese man, Li Si, went to a nightclub while on an overseas trip and was later blackmailed by foreign spies.

The ministry's WeChat post's title read, "Hunting for beauty? You may become the prey". Analysts say such warnings reflect a sense of insecurity among China's leaders. more

Actually, good advice for any business traveler.

How To Turn On Apple iPhone’s New Anti-Theft Feature

Apple's 'Stolen Device Protection' tool aims to deter cases of phone theft, but you need to enable it first.

Apple's new ‘stolen device protection' tool, was launched as part of its iOS 17.3 release, and plans to squash instances of phone theft by ramping up security requirements and limiting the amount of data thieves have access to...

Activating Apple's new security mechanism is very straightforward. First you need to enable two-factor authentication for your Apple AI and set up a device passcode, Face ID or Touch ID, Find My, and Significant Locations (under Location Services).

Once you have these up, you need to: 

• Go to Settings
• Tap ‘Face ID & PassCode'
• Enter your device passcode
• Tap to turn Stolen Device Protection on

more  video

Spybuster Tip #629: Delete Apps that are 'Spying' Using 'One Day Rule'

Security experts have explained how your phone apps track and collect your data even if they remain unused, but there's a handy hack to avoid data harvesting and potential spying...

The rule involves simply deleting one unused app a day which the expert says can massively improve your phone efficiency and free up your storage space. Doing this will help you manage how your data is used and stop it from being harvested...

To delete an app on the iPhone, find the app on your home screen, touch and hold down the icon and tap "Remove app." If you are an Android user, go to the Google Play store, tap the profile icon in the top right, and go to Manage Apps and Devices > Manage. Tap the name of the app you want to delete and choose to uninstall. more

Spybuster Tip # 823: Store Your Car Key Fobs in a Metal Can

Thieves have perfected the art of stealing the code from that key fob sitting on a kitchen counter or hung on a hook by the door. And tools that make theft fast and easy can be purchased on the internet. Worse, the latest theft devices allow criminals to amplify a vehicle's radio signal so that thieves can better access and copy the key fob signal to steal a vehicle...

The Relay Attack, a two-person attack, is when a thief walks up to the victim’s home with a piece of equipment that captures the signal from the key fob and then transmits the signal from a car key fob. "An accomplice waits nearby at the car door, usually with another device, to open the car when the signal is received," the AARP website said. The copied signal can fool the car into starting the ignition.

Spybuster Tip #823: Store your car key fobs in a metal container when not in use.

Your other fobs are at risk too. Learn more here.

Spybuster Tip #712 - Stop Smartphone Eavesdropping - Cap The App

Remember to check from time to time which apps have access to the microphone.

Here’s how to do it on iPhone:

• Open the Settings app 
• Scroll to Privacy & Security 
• Tap Microphone 
• Review the apps that have access to your microphone and toggle them on or off 

Here’s how to do it on an Android handset:

• Open the Settings app 
• Tap Privacy 
• Tap Permission Manager 
• Tap on Microphone 
• Review the apps that have access to your microphone and toggle them on or off | more

Why is this important and timely?

A hacking group linked to the North Korean government has been caught using new wiretapping malware in recent surveillance attacks, according to an advisory from cybersecurity firm AhnLab. more

Journalist Plugs in Unknown USB Drive Mailed to Him

...it exploded in his face

Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos. more

In case you missed our memo...

USB Memory Security Recommendations

• Block ports with a mechanical port block lock.
• Place security tape over that.
• Create a “no USB sticks unless pre-approved” rule.
• Warn employees that a gift USB stick could be a Trojan Horse gift.
• Warn employees that one easy espionage tactic involves leaving a few USB sticks scattered in the company parking lot. The opposition knows that someone will pick one up and plug it in. The infection begins the second they plug it in.
• Don’t let visitors stick you. Extend the “no USB sticks unless pre-approved” rule to them as well. Their sticks may be infected.

Trending… IBM Takes The USB Memory Security Lead

“IBM has allegedly issued a worldwide ban against the the use of removable drives, including Flash, USB, and SD cards, to transfer data.

This new policy is being instituted to prevent confidential and sensitive information from being leaked due to misplaced or unsecured storage devices.

According to a report by The Register, IBM’s global chief Information security officer Shamla Naidoo issued an advisory stating that the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).” This advisory further stated that this policy is already in effect for some departments, but will be further enforced throughout the entire company.” more

Spybuster Tip #823 - Remote Control Duplicators

Never let your door / gate opener fob out of your control.

Here's why... Anyone (service person, neighbor, guest, valet, etc.) only needs to have access to your fob for a few seconds to make one for themselves.

Fob duplicators are cheap, available and easy to use... (more detailed version here)

17 CIA Tips - Think like a spy and stay safe while on vacation

The CIA is releasing these tips – or travel tradecraft, in spy parlance – as part of its ongoing effort to demystify its work in assisting the American public, according to agency spokesperson Walter Trosin.

I found the CIA's best practices, culled from the experience of its officers in the field, are exceptionally helpful, easy to adopt and especially relevant to Americans in these fraught times.

Here’s how to think like a spy on the ground overseas... more

Spybuster Tip # 712: How to Thwart Off-Site Meeting Spies

The National Executive Council of the Academic Staff Union of Universities, on Sunday, changed the venue of the meeting... A reliable source said the venue was changed due to the fear of bugging of the auditorium by secret agents of the Nigerian government. more

Reasons You Should Never Connect To Public Wifi

There Are Too Many Risks
Put simply, the risks you take when you connect to Wifi in public places such as libraries, stations, cafes, and shopping malls are often too great to make the benefits worthwhile...

• Misuse of personal data Distribution of malware
• Insecure connection
• Online attacks on business
• Eavesdropping
  

Hackers or anyone with a sound knowledge about internet software and applications can eavesdrop on your personal data if they are using the same public Wi-Fi connection as you are...

• Try not to share your personal data while you are using a personal Wi-Fi connection.
• Avoid logging in to websites that involve your personal or bank credentials.
• Try using a VPN (virtual Private Network) service that will help you to encrypt all the data you receive or send.
• Use 2-Factor authorizations that will make your connection secure and prevent the risk of data loss.” more
  

Spy Tip 592 - How to Eavesdrop More Effectively

Dr Anthony Youn explained that there is a way you can listen into a chat that wasn’t meant for you.

He explained: “Try listening with your right ear and not your left – your right ear is connected to the left side of your brain which processes speech and language.”

His posts on body hacks have gone viral and include a range of tricks and trips.

He also revealed how you can get rid of hiccups. more

How Grandma Hears Everything...

 …and why your business should care. 

There is a new eavesdropping spy trick in town. You could get burned unless you know about it.

Let’s start with Grandma. She is hard of hearing. A while back the family gave her money to buy two new hearing aids. Nice. Now she has stopped saying, “WHAT!” all the time. She hears everything clearly. 

There is only one problem. She seems to  hear everyone’s conversations even when she is not in the room. Sometimes she is in her room with the door closed. 

It’s a mystery, but we’ll figure it out soon. more

The Most Secure and Anonymous Communication Tools Available

 via David Koff, Tech Talk - The Technology Newsletter for Everyone...

What I’m about to share with you here is… kind of fringe. Like, “Edward Snowden” fringe.

Hopefully, that got your attention.

For some years now, the hacker, privacy, and journalism communities have all been debating, discussing, and using the tools I’m about to share with you in this installment. These tools are used not only to lock down your security and anonymity on the known internet, but also to access the portions of the internet that are normally hidden — “The Dark Web.” 

Despite their usefulness, I haven’t really seen information about these tools shared with the general public in a straightforward, easy-to-understand way. I think it’s worth changing that; while most of us don’t need the same high-privacy, high-security tools that confidential informants, journalists, and whistleblowers use, we should all know about these tools in case the time comes when we actually need them. more

Check Your Holiday Rental for Hidden Surveillance Cameras

Australia - There's something unsettling about the idea of being watched while you and your loved ones kick back on holidays. If you've searched online to find whether holiday rental landlords spy on their guests, there's plenty to feed your paranoia...

Still, if something feels off or you want to sweep the house, there are some steps you can take. Although without professionals and high-tech gear involved, it can't be 100 per cent accurate...

Julian Claxton, a counter-espionage specialist, recommended a hidden camera detector — small devices that project a light that will reflect off the lens of a covert camera... "The reality is, that's how a lot of these cameras can be found — through anomalies. Things that just don't look right within an environment," he explained.

Tips:

1. Inspect what's on the Wi-Fi network... Many cameras sold in consumer electronic stores need an internet connection so they can be viewed remotely from a computer or app. This could provide a clue.
   
   
2. Try to spot the camera lens... Julian Claxton, a counter-espionage specialist, recommended a hidden camera detector — small devices that project a light that will reflect off the lens of a covert camera.
   
   
3. Check the power points... Hidden cameras need ongoing power, so Mr Claxton suggested looking at what's connected to power points.
    
4. Look for oddly placed objects... Hidden cameras can be built into just about anything, but for the lay person, Mr Claxton suggested using "a bit of common sense". more

Also, consider taking a one-hour, on-line, video Spycam Detection Training course.

Concerned about Sony's PS5 spying on you? Here is What You Can Do...

Sony's always-on PS5 DualSense mics are sparking privacy concerns. The PlayStation 5's DualSense controller comes with a built-in mic that's on by default, and it records what you say to help Sony "analyze" key data points. Here's how to change those settings, and what they mean.

Gamers are a bit concerned about privacy on the PS5. 

It was recently confirmed the DualSense's mic auto-records anything you say when unlocking an in-game trophy. This is just the tip of the iceberg, really.

As a PS5 owner you can limit the data that Sony collects. But you can't turn data collection off entirely.

Here's how to adjust your data collection settings:
Settings -> Users and Accounts -> Privacy -> Data You Provide more

The FBI Hotel Wi-Fi Security Checklist

The Federal Bureau of Investigation is issuing this announcement to encourage Americans to exercise caution when using hotel wireless networks (Wi-Fi) for telework. FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels. 

US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks. 

Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cyber security practices can minimize some of the risks associated with using hotel Wi-Fi for telework. more