Chinese Spooks Hacking US Mobile Users in Real Time

Millions of US mobile users could be vulnerable to Chinese government spooks who are apparently desperate to know when they are picking up their snowflakes from school and where they order their pizza...

The US intelligence community briefed six current or former senior US officials about the attack. The Chinese hackers believed to be linked to Beijing's Ministry of State Security, have infiltrated the private wiretapping and surveillance system that American telecom companies built exclusively for US federal law enforcement agencies.

The US government believes the hackers likely still have access to the system. Since the breach was first detected in August, the US government and the telecom companies involved have said very little publicly, leaving the public to rely on details trickling out through leaks.

The lawful-access system breached by the Salt Typhoon hackers was established by telecom carriers after the terrorist attacks of September 11, 2001. It allows federal law enforcement officials to execute legal warrants for records of Americans' phone activity or to wiretap them in real-time, depending on the warrant.

Many of these cases are authorised under the Foreign Intelligence Surveillance Act (FISA), which investigates foreign spying involving contact with US citizens. The system is also used for legal wiretaps related to domestic crimes. more

Global Surveillance Free-for-All in Mobile Ad Data

Excellent (long) article on services that track and sell your movements. Via Kreb's on Security

Not long ago, the ability to digitally track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a dangerous power that should remain only within the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites.

Delaware-based Atlas Data Privacy Corp. helps its users remove their personal information from the clutches of consumer data brokers, and from people-search services online. Backed by millions of dollars in litigation financing, Atlas so far this year has sued 151 consumer data brokers on behalf of a class that includes more than 20,000 New Jersey law enforcement officers who are signed up for Atlas services...

Babel Street’s LocateX platform also allows customers to track individual mobile users by their Mobile Advertising ID or MAID, a unique, alphanumeric identifier built into all Google Android and Apple mobile devices.

One unique feature of Babel Street is the ability to toggle a “night” mode, which makes it relatively easy to determine within a few meters where a target typically lays their head each night (because their phone is usually not far away). more

Student Finds 'Hacker-like' Approach to Bypass Cell Phone Security

Forensic investigators face significant challenges in securing crucial data from criminals' phones. University of Amsterdam PhD candidate Aya Fukami has identified hardware vulnerabilities in phones to bypass the security of modern devices, allowing her to extract data from phones in a way that was previously not possible...

"Traditional methods of hacking or scraping data from phones still often yield only encrypted data. Researchers then face great difficulty making that encrypted data usable," Fukami says. "It's a process that also takes a long time and doesn't always result in usable evidence."

To overcome this, Fukami explored ways to bypass vulnerabilities in phone system security. And she succeeded. more

Spies Can Eavesdrop on Phone Calls by...

 ... sensing vibrations with radar.

An off-the-shelf millimetre wave sensor can pick out the tiny vibrations made by a smartphone's speaker, enabling an AI model to transcribe the conversation, even at a distance in a noisy room.

Spies can eavesdrop on conversations by using radar to detect tiny vibrations in smartphones and employing artificial intelligence to accurately transcribe them. The trick even works in noisy rooms, as the radar homes in on the phone’s movement and is entirely unaffected by background hubbub.

Millimetre wave sensing is a form of radar that can measure movements of less than 1 mm by transmitting pulses of electromagnetic wave energy and detecting the reflected beams.

Suryoday Basak at Pennsylvania State University and his colleagues used a commercially available sensor operating between 77 and 81 gigahertz to pick up the tiny vibrations in a Samsung Galaxy S20 earpiece speaker playing audio clips. They then converted the signal to audio and passed it through an AI speech recognition model, which transcribed the speech. more$

Increase Your Spy Resistance - Dumb Down Your Mobile Phone

The MP02 4G phone from Punkt .... It's a 'dumbphone' in the true sense of the word – it can make calls and send messages (though SMS or Pigeon), and offers a calendar too. 

But the Punk MP02's secret weapon is its 4G hotspot. This means when I want to switch off, I can stick my sim card in the Punkt phone and 'disconnect'. But if I'm carrying, say, my iPad mini in my bag, I can tether the 4G connection to it at the press of a button, giving my access to the likes of music and maps when needed.

But perhaps the best thing about the Punkt MP02 is the aesthetic. Conceived by industrial designer Jasper Morrison, the phone has a delightful retro and somewhat brutalist 1970s-inspired look. I've been asked whether it's a calculator, which just about sums it up. In a world of 'Y2K' dumbphone designs, it's refreshing to see something that stands out. more

Bonus: The MP02 is the first voicephone to offer a downloadable privacy feature that uses the Signal protocol to provide free, encrypted Internet-based calls and texts worldwide via Wi Fi or mobile data (subject to data charges).

Corporate Espionage: Steward Health Care Deployed Spy Outfits to Thwart Critics

Despite its financial turmoil and eventual bankruptcy, Steward Health Care allegedly spent millions spying on its adversaries, hiring intelligence companies to track and intimidate critics worldwide.

In what resembles a poorly written spy novel, Steward's leadership hired agents who placed tracking devices on the car of a financial analyst, accessed a healthcare executive’s phone to potentially blackmail him and circulated an allegedly false wire transfer to frame a politician, a report said.

The videos and documents with the incriminating details were obtained by journalism outfit the Organized Crime and Corruption Reporting Project and shared with the Boston Globe, who investigated the case further.

According to reporters, Steward executives who deployed these intelligence firms prioritized paying their bills over all others, including invoices from vendors and suppliers. Monthly expenses for intelligence services reached as high as $440,000, and from 2019 to 2023, Steward allocated over $7 million to these operations.

As to the legality of all of this, because the spying and fraud took place in various jurisdictions globally, it may not be possible to prosecute anyone responsible. more

Book: Dark Wire - "Secure Cell Phone" courtesy FBI

The Incredible True Story of the Largest Sting Operation Ever...

...in which the FBI made its own tech start-up to wiretap the world, shows how cunning both the authorities and drug traffickers have become, with privacy implications for everyone.

In 2018, a powerful app for secure communications called Anom took root among organized criminals. They believed Anom allowed them to conduct business in the shadows. Except for one thing: it was secretly run by the FBI. (Tip of the hat to N.C.)

Backdoor access to Anom and a series of related investigations granted American, Australian, and European authorities a front-row seat to the underworld. Tens of thousands of criminals worldwide appeared in full view of the same agents they were trying to evade. International smugglers. Money launderers. Hitmen. A sprawling global economy as efficient and interconnected as the legal one. Officers watched drug shipments and murder plots unfold, making arrests without blowing their cover. more

Harry Hacking: Payout in Phone-Hacking Case Against Mirror Publisher

Prince Harry has won 15 claims in his case accusing Mirror Group Newspapers of unlawfully gathering information for stories published about him. A judge has ruled in his favour on almost half of the sample of 33 stories used in his claims of phone hacking and other methods.

High Court ruling found evidence of "widespread and habitual" use of phone hacking at the Mirror newspapers... He was awarded £140,600 in damages... more

Fake Cell Towers Spy On Phones

The risks associated with fake cell towers are manifold. Firstly, there is the threat of unauthorized access to sensitive personal information. This includes passwords, credit card details, and other private data that can be used for identity theft or financial fraud. Furthermore, fake towers can also listen in on phone calls and gather valuable business intelligence, posing a significant risk to corporate espionage...

The fake tower can intercept this IMSI number and collect other data, such as the mobile device’s location, call records, text messages, and even the content of phone calls. This information can then be used for various purposes, including surveillance, identity theft, and corporate espionage. more

Privacy Risks: Phones Purchased at Police Auctions

Law enforcement agencies nationwide regularly sell items that are seized in criminal investigations or are unclaimed from lost-and-found inventories. 

Many of these items—vehicles, jewelry, watches and electronic devices like cellphones—end up at online auction houses.

People looking for a bargain can bid on cellphones in bulk, snatching up dozens at rock bottom prices for parts or other uses. This ultimately provides revenue for the police agencies, making for a good deal for everyone involved. Or is it?

A recent study by University of Maryland security experts found that many of the phones sold at police property auction houses are not properly wiped of personal data. The study, conducted over two years with cellphones bought from the largest police auction house in the U.S., uncovered troves of personal information from previous owners that was easily accessible. more

Spybuster Tip #712 - Stop Smartphone Eavesdropping - Cap The App

Remember to check from time to time which apps have access to the microphone.

Here’s how to do it on iPhone:

• Open the Settings app 
• Scroll to Privacy & Security 
• Tap Microphone 
• Review the apps that have access to your microphone and toggle them on or off 

Here’s how to do it on an Android handset:

• Open the Settings app 
• Tap Privacy 
• Tap Permission Manager 
• Tap on Microphone 
• Review the apps that have access to your microphone and toggle them on or off | more

Why is this important and timely?

A hacking group linked to the North Korean government has been caught using new wiretapping malware in recent surveillance attacks, according to an advisory from cybersecurity firm AhnLab. more

Eavesdropping: Advanced Aliens Could Detect life on Earth...

Only aliens with more advanced technology would be able to ‘eavesdrop’ on the signals transmitted on Earth – but apparently that’s more likely than you’d think.

While we work hard to search for extra-terrestrial life beyond our planet, radiation leaked from Earth’s mobile towers could be helping aliens find us. Put your tinfoil hat away: this isn’t anything to do with 5G. And the radiation being leaked isn’t the cancer-causing kind – it's the same type of energy used in radio and TV signals.

New research shows that this radio leakage from mobile towers is not currently strong enough on its own to be detectable by alien civilisations – assuming they are using the same technology as we are to find them. But if aliens have more advanced systems and are looking at radiation from more sources – such as Wi-Fi networks – we could soon be discovered by extra-terrestrials living on nearby stars. more

Prosecutors: Veteran Deputy was Listening in on Jury Deliberations

NY - An Ontario County Sheriff’s Office veteran, Adam Broadwell, pleaded not guilty on Monday to felony charges of eavesdropping, possession of an eavesdropping device, and official misconduct. 

Broadwell is accused of listening in on a jury deliberation by using a device specifically designed for eavesdropping.

According to Assistant District Attorney Kelly Wolford, the jury was deliberating a felony case when Broadwell listened in on the conversation. The eavesdropping charges brought against Broadwell relate to his use of a device to enhance the sound of people talking in his area. 

However, Broadwell’s defense attorney, Clark Zimmermann, argued that the device used was a Bluetooth earbud set linked to an Android phone, which does not match the definition of an eavesdropping device. more

Our previous reports on Bluetooth earbud eavesdropping.

Cautionary Tale: Secreted Cell Phones

UK - Match of the Day presenter Gary Lineker has laughed off the moment sex noises transmitted by a YouTube prankster disrupted the show's live coverage.

Noises from a porn clip were heard as Lineker presented pre-match build-up before the Wolves v Liverpool fixture.

A frenzied studio hunt uncovered a planted mobile phone - and YouTube prankster Daniel Jarvis claimed he was behind the stunt on Tuesday's show. The BBC apologised to any viewers who were offended.

But Lineker, who later tweeted a picture of the mobile phone he said was "taped to the back of the set", said he thought there was nothing to apologise for. Calling it a "good prank", he said: "As sabotage goes it was quite amusing." more

In another environment a hidden cell phone could well have been used as an eavesdropping bug. 

We're not talking expensive iPhones here. Cheap, mini-sized phones can do the job too. Short-term, quick-drop, and expendable. Another good reason to conduct Technical Surveillance Countermeasures inspections in corporate offices and conference rooms.

EarSpy Attack Can Use Motion Sensors Data to Pry on Android Devices

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for eavesdropping on a targeted user’s conversations, according to a team of researchers from several universities in the United States.

The attack method, named EarSpy, is described in a paper published just before Christmas by researchers from Texas A&M University, Temple University, New Jersey Institute of Technology, Rutgers University, and the University of Dayton.

EarSpy relies on the phone’s ear speaker — the speaker at the top of the device that is used when the phone is held to the ear — and the device’s built-in accelerometer for capturing the tiny vibrations generated by the speaker. more

Spybuster Tip #823 - The Car Thief Cell Phone Trick

Another reason not to leave personal belongings inside your vehicle. Memphis police say car thieves are using their cell phone cameras to look through tinted windows.

During a crime forum in the Cooper-Young neighborhood, Crump station officers said it was a new tool being used by the bad guys looking for items to steal.

They told the group it doesn’t matter how dark the tint is on your windows; when you put a cell phone in camera mode up to the windows, you can see right through them.

We (WREG-TV) put a cell up to a back window; sure enough, you could see everything in the backseat. more

Extra Credit: The reverse of this technique is how spy cameras, hidden behind black plastic, can see you when you can't see them. Learn more.

A New "Mobile" Phone - Complete with No Apps

Ever wish you had a mobile phone that would really turn heads?
One where you could call your friends, real or imaginary?
One that would look at you with loving eyes? 

Your past is now your future...  

3G Cell Phone Service - The End is Near

All of the major cellphone carriers — AT&T, Verizon and T-Mobile — are planning to shut their older 3G networks in 2022. Like millions of people in the United States who use 3G phones and other 3G devices, you will have to buy a new device if you want to text, make calls or even reach 911...

The shutdown dates start in January 2022 and are spread out throughout the year. more

• Sprint’s 3G: Jan. 1, 2022
• AT&T’s 3G: Feb. 22, 2022
• Sprint’s LTE: June 30, 2022
• Verizon’s 3G: Dec. 31, 2022
• T-Mobile’s 2G and 3G: Not yet announced

 Also a bummer for all those folks that are using 2G & 3G cellular bugging devices.

The "Encrypted" Cell Phones Had One Flaw: The FBI Controlled Them

The criminals texted each other about drug deals and money laundering, confident in special encrypted devices using a platform dubbed Anom. There was just one problem for the crime rings: The FBI was being copied on every message — millions of them worldwide. In fact, the agency had sent the Anom devices into the black market in the first place.

Those are the details and allegations that are now emerging about Operation Trojan Shield, an international effort coordinated by the FBI that has resulted in more than 800 arrests.

With the help of Europol, the FBI identified "over 300 distinct TCOs [transnational criminal organizations] using Anom, including Italian organized crime, Outlaw Motorcycle Gangs, and various international narcotics source, transportation, and distribution cells," according to a search warrant affidavit filed in court by Nicholas Cheviron*, an FBI special agent in San Diego. The document was unsealed Monday.

In addition to heading the investigation, FBI Special Agent, Nic Cheviron (son of the best corporate security director ever), wrote the search warrant. It is a fascinating read.

Privoro Launches Audio Masking Chamber & RF Shield for Mobile Devices

(Press release) 
Privoro, today revealed its latest product, Vault, a first-of-its-kind defense against remote data capture. The Vault case is a two-in-one portable Faraday enclosure and audio masking chamber for smartphones, providing unsurpassed protection against not only wireless attacks and location tracking but also eavesdropping and spying.

Vault eliminates smartphone signals more effectively than portable, fabric-based Faraday products, delivering a minimum of 100 dB of radio frequency (RF) attenuation – 10 billion times signal reduction. When a smartphone is placed in the Vault case, the smartphone can no longer be reached via cellular, WiFi, Bluetooth, near-field communication (NFC) and radio-frequency identification (RFID).

In addition to RF shielding, Vault's user-controlled audio masking prevents the extraction of intelligible speech up to voice levels of 90 dBA through independent noise signals. Users will have the assurance that conversations in the vicinity of Vault cannot be deliberately captured by bad actors through the enclosed smartphone's cameras and microphones.

Privoro developed Vault to meet the requirements of nation-state customers seeking to tackle the long-standing unique and critical security risks that mobile devices pose. more