Breach at 10 of the World’s Biggest Telecoms, or Follow the Leader

A multi-year attack carried out by Chinese hackers was exposed recently, and the scope of it is beyond anything previously seen in nation-state cyber espionage.

Hacking group APT10, a notorious team that is widely believed to have Chinese government support, is believed to have compromised at least 10 major global carriers and used their networks to track and spy on high-profile business leaders and members of foreign governments.

 What makes this cyber espionage incident unique is that the Chinese hackers appear to have been following their targets as they move from country to country, hopping from one breached network to another as needed. While this ability is not new, this kind of mass scale has not been seen before. more

Apple-knocker Forensic Advancement - iOS & Android are No Longer Secure.

The “arms race” of mobile forensics – ever-tougher encryption and the breakneck operations to crack it – has become more of a public tug-of-war than ever before.

Cellebrite, the largest player in the mobile-forensics industry, unveiled its UFED Premium last Friday. Along with the announcement came the bombshell: that it can now get into any Apple iOS device, and many of the high-end Android devices. 

“An exclusive solution for law enforcement to unlock and extract data from all iOS and Android devices,” the company said in a tweet.

Those devices have historically been the toughest to crack... more

Travel Security Tip from Smart Mexicans - Dummy Phones & Wallets

Armed robberies have gotten so common aboard buses in Mexico City that commuters have come up with a clever if disheartening solution: Many are buying fake cellphones, to hand over to thieves instead of their real smartphones.

Costing 300 to 500 pesos apiece — the equivalent of $15 to $25 — the "dummies" are sophisticated fakes: They have a startup screen and bodies that are dead ringers for the originals, and inside there is a piece of metal to give the phone the heft of the real article.

There were an average of 70 reported violent muggings every day in Mexico City in the first four months of 2019. About two-thirds were committed against pedestrians, with the rest split almost evenly between bus passengers and assaults on motorists stopped at lights or caught in traffic jams. Between 2017 and 2018, such assaults rose by about 22 percent. more

41 Smartphone Security Tips

How to make a fake mugger's wallet. 

Fake cell phone

Click to enlarge.

Make your fake cell phone look real...

Click to enlarge.

FutureWatch: New Mobile App Fends off Espionage Attacks

Innovative technology from the Karlsruhe Institute of Technology (KIT) and the FZI Research Center for Computer Science can put an end to espionage on our cell phones.....

For example, it is possible to give apps wrapped in AVARE access to the contacts in the address book, but not to all of the stored information...

In addition, AVARE can extend the location information to a radius of several kilometers and disguise the exact location. Thus, a weather app can continue to provide reliable forecasts without knowing the exact location of the user...

The AVARE code is available as open source software on the AVARE website and the scientists hope that their program will be taken up by other developers who will help to extend the current beta version to a version 1.0. more  video (cartoon)

Spying - That's WhatsApp

WhatsApp users are being urged to update their apps, after it emerged that hackers are exploiting a software flaw to wiretap people's phones.

The flaw reportedly allows attackers to install malicious code, known as "spyware", on iPhones and Android phones by ringing up the target device. ​

The code can be transmitted even if the user does not answer the phone and a log of the call often disappears, the Financial Times reported. more

Not sure if WhatsApp is spying on your Android phone? Check here.

From Those Wonderful Emperors of Espionage...

A popular GPS tracker used as a panic alarm for elderly people and to monitor children's whereabouts can be hacked to spy on users, researchers have warned.

The white-label location tracker, manufactured in China, is rebranded and sold by multiple UK companies - including Pebbell 2 by HoIP Telecom , OwnFone Footprint , and SureSafeGo.

"There were no signs from the device when this was activated or when you called in, turning this device issued to vulnerable people into a remote listening bug,” said Fidus.

"This issue teamed with the location tracking abilities of the device allows you to conceive some pretty scary potential use cases."

The researchers also found it was possible to remotely reset the GPS tracker without needing a PIN, and kill signal to the device altogether, rendering it effectively useless.

Fidus estimates that there are at least 10,000 of these devices in use in the UK, and thousands more around the world.

The team has informed several of the device makers about the flaws, but there is no way to fix the vulnerabilities without recalling every device. more

My Way or the Huawei - The Hits Just Keep on Coming

Vodafone, Europe's largest phone company, "acknowledged that it found vulnerabilities going back years with equipment supplied by Huawei for the carrier’s Italian business."

Bloomberg reported that Vodafone identified "hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses." more

Pre-Installed Anti Malware Phone App Does More Harm Than Good

Researchers have discovered multiple vulnerabilities in a pre-installed app on phones made by one of the world’s biggest smartphone vendors that potentially impacted the privacy and security of more than 150 million Android users worldwide.

According to security researchers at Check Point Research, the vulnerabilities were found in an app pre-installed on smartphones made by Xiaomi, the biggest mobile phone manufacturer in China and India, and the fourth biggest by market share in the world.

The app in question was a self-proclaimed security app dubbed “Guard Provider,” which promised to protect Xiaomi users from malware.

Xiaomi said last year it had originally hoped to offer its smartphones and other hardware here in the States in 2019, though those efforts may have been delayed for PR reasons... more

Whew!

The War Against Smartphone Spyware is On

Eva Galperin says she's learned the signs: the survivors of domestic abuse who come to her describing how their tormentors seem to know everyone they've called, texted, and even what they discussed in their most private conversations...

Galperin has a plan to end that scourge for good—or at least take a serious bite out of the industry.

In a talk she is scheduled to give next week at the Kaspersky Security Analyst Summit in Singapore, Galperin will lay out a list of demands:

• First, she's calling on the antivirus industry to finally take the threat of stalkerware seriously, after years of negligence and inaction. 
• She'll also ask Apple to take measures to protect iPhone users from stalkerware, given that the company doesn't allow antivirus apps into its App Store. 
• Finally, and perhaps most drastically, she says she'll call on state and federal officials to use their prosecutorial powers to indict executives of stalkerware-selling companies on hacking charges.

"It would be nice to see some of these companies shut down," she says. "It would be nice to see some people go to jail." more

Check here if you need a solution for checking your Android phone for spyware.

Man Admits Placing Camera in Friend's Home - Spied for a Year

FL - A 55-year-old Florida man accused of installing a hidden camera in a family friend’s home and watching them on his phone was arrested and charged Wednesday.

Terry Sumner plugged the camera into a wall outlet in the living room of the home sometime last year, according to the Hillsborough County Sheriff’s Office.

The woman discovered the camera March 5 and contacted authorities.

Sumner, of Plant City, admitted to detectives that he placed the camera there and it had been there for about a year.

“Sumner explained that there was a smartphone application on his phone that he would use to watch, listen and record activity in the victim's home through a live feed...” more

Keep Your Number Private – And Still Receive Calls!

An inexpensive and easy service...

"Keep your real phone number hidden while making calls and sending texts for work, dating, Craigslist sales, and more thanks to Hushed. You'll use their simple and secure app to easily make calls on your second number (you'll even choose the area code) without committing to another long, expensive phone contract. Customize your voicemail and use Wi-Fi or data to talk without expensive service charges. It's true communication anonymity delivered." more

Bonus: 

• The Murray Associates Smartphone Security Tips
• How to Block Caller ID

FutureWatch: Stingrays May Be Stung by Apple Cell Phone Patent

Apple has filed a patent application on a new method of encryption, which complicates obtaining of confidential information.

The patent describes a technology that will not allow any device to keep track of the IMSI (international mobile subscriber identifier)...

Innovation may interfere with the use of Stingray devices, which act as masts for mobile phones. These devices can track the location of users or even to listen to personal calls. They are also sometimes called IMSI catchers. more

FutureWatch: Smartphone Comes with Optical Spy Pen

Click to enlarge.

Electronic pen device having optical zoom – Patent # US 10,198,649 – Feb. 5, 2019

Abstract

The electric pen device includes an optical system including a lens and an image sensor configured to convert an image signal of light that has passed through the optical system to an electrical signal. The electric pen device includes a control board configured to interact with an electronic device and a communication module configured to communicate by wire or wirelessly with the electronic device, so that an image or a picture taken by a camera is confirmed and an optical zoom is controlled from the external electronic device. more

FutureWatch spy implications: Phone may be concealed in the pocket, backpack, or nearby desk drawer. Take high quality photos by aiming the top of the pen, pressing a button, and automatically transmitting the photo back to the phone. Pretty covert. No word about it transmitting audio, yet. Leaving phones outside of the conference room won't be enough. You'll have to check the pens, too. 

Need a spy pen camera you can actually buy today, or worry about being used to steal your secrets? Check here. ~Kevin

Thanks to our sharp-eyed Blue Blaze Irregular in the shadows of Pennsylvania for this.

Evil Child Watch Spies

In late 2017, the Norwegian Consumer Council published its audit of kids' smart-watches, reporting that the leading brands allowed strangers to follow your kids around and listen in on their conversations; a year later, Pen Test Partners followed up to see if anything had changed (it hadn't).

Now, a year and a half later, Pen Test Partners have done another security audit of kids' smart watches and you'll never guess what they found! Kids' smart-watches are still a dumpster-fire: anyone can access the entire database of kids' data, including "real time child location, name, parents details etc," and since most leading brands use the same back-end from Gator, virtually every kid's smart-watch is vulnerable. more

Smartphone Security Tips

2/4/19 UPDATE: European Commission orders mass recall of creepy, leaky child-tracking smartwatch. more

Tired of Smartphone Security Vulnerabilities? Go Dumb!

Punkt - The MP02 is significantly more complex than the MP01, so we have teamed up with BlackBerry to keep it secure. BlackBerry adds enhanced security to the device at the point of manufacture, which means the MP02 is hardened and highly secure. With BlackBerry’s integrated software components, the MP02 will be built with security from the start so you can trust that your data will be safe. more

The new Nokia 3310 2.4” polarized and curved screen window makes for better readability in sunlight. Remember when you could leave the house without a charger? Well, with the Nokia 3310, you can. It comes with a long-lasting battery, so you can talk all day, or leave the phone on standby for up to a month. When needed, a Micro-USB port makes charging simple. more

The Light Phone 2 is a 4G LTE phone with a beautiful black & white matte display. It's a more reliable, durable, and practical phone than its predecessor. It brings a few essential tools to the Light Phone, like messaging,  an alarm clock, or a ride home, so you can leave behind your smartphone more often... or for good. We call this experience 'going light'. more (An indiegogo project at the moment.)

Another dumb phone, the Alba Flip fits right between the borderline-brain-dead dumbness of the Light Phone and the smarter-than-you’d-think trickery of the Nokia remakes. Plus, it's a flip phone, which you've got to love. The Alba Flip is not designed to be a basic phone. Alba are a brand designed for those who struggle with conventional mobile phones, either through technophobia or because of visual impairments. more (Warning: 2G only which is becoming harder to rely upon as it is phasing out. In the U.S. that means T-Mobile 2G.)


And, the dumbest one I've ever used... The BM70 is the smallest phone which supports 4G network. With built-in Micro SIM card slot, it can store 250 contact numbers. Not only a mini cell phone, also a Bluetooth earphone more (Only $12.99, and yes it really works.) ~Kevin

If you don't go dumb, go smart, and smarter.

FaceTime Bug Lets Callers Hear You Before You Answer

Users have discovered a bug in Apple's FaceTime video-calling application that allows you to hear audio from a person you're calling before they accept the call—a critical bug that could potentially be used as a tool by malicious users to invade the privacy of others.

Apple: "We're aware of this issue, and we have identified a fix that will be released in a software update later this week." An hour or two after this post went live, Apple disabled Group FaceTime to mitigate the bug.

The bug requires you to perform a few actions while the phone is ringing, so if the person on the other end picks up quickly, they might not be affected. Knowledge of how to use the bug is already widespread.

The steps include:

• Tap on a contact on your iPhone to start a FaceTime call with them.
• Swipe up and tap "Add Person."
• Instead of adding a new person, enter your own number and add yourself as another participant in the Group FaceTime call. more

Updates: What we have also found is that if the person presses the Power button from the Lock screen, their video is also sent to the caller — unbeknownst to them. In this situation, the receiver can now hear your own audio, but they do not know they are transmitting their audio and video back to you. From their perspective, all they can see is accept and decline. (Another update: It seems there are other ways of triggering the video feed eavesdrop too.) more

Temporary fix. General smartphone security tips.

Questions We Get - Cell Phone Location Data

"I want to know is whether your location can be tracked if your location based services are turned off?" - from an attorney who reported on the selling of cell phone location data to bounty hunters. more

Good question. The answer is yes.

The information the phone companies are selling is gathered from the phone's administration communications with the cell sites, "Hi. I'm here. I can accept a call." The signal is picked up from multiple cell sites and is evaluated to determine which site is receiving the strongest signal.

Location is determined by triangulation. While not precise, it can get you into the neighborhood.

If they were using the phone's GPS-based location services the location accuracy would be within a few yards. ~Kevin

The Weed of Crime Bears Bitter Fruits - The Worldwide Huawei Wows

Federal prosecutors are pursuing a criminal investigation of China’s Huawei Technologies Co. for allegedly stealing trade secrets from U.S. business partners, including technology used by T-Mobile US Inc. to test smartphones, according to people familiar with the matter.  

The investigation grew in part out of civil lawsuits against Huawei, including one in which a Seattle jury found Huawei liable for misappropriating robotic technology from T-Mobile’s Bellevue, Wash., lab...

On Wednesday, a bipartisan group of congressional lawmakers introduced legislation that would ban the export of U.S. components to Chinese telecommunications companies that are in violation of U.S. export-control or sanctions laws. Backers said the bill was aimed at Huawei and ZTE Corp...

Last month, Canadian authorities arrested Huawei Chief Financial Officer Meng Wanzhou at the request of U.S. authorities...

In another development, Polish authorities last week arrested Huawei executive Wang Weijing and charged him with conducting espionage on behalf of the Chinese government. more

Court: Authorities Can't Force Technology Unlocks with Biometric Features

A judge in California ruled Thursday that U.S. authorities cannot force people to unlock technology via fingerprint or facial recognition, even with a search warrant.

Magistrate Judge Kandis Westmore, of the U.S. District Court for the Northern District of California, made the ruling as investigators tried to access someone's property in Oakland.... (however)

The judge in her ruling stated the request was "overbroad" because it was "neither limited to a particular person nor a particular device." The request could be resubmitted if authorities specify particular people whose devices they'd like to unlock. more

Judge Nails Husband for Spyware and Eavesdropping on Wife's Calls ...with her attorney ...twice!

A federal judge has levied sanctions on a tobacco heiress’ estranged husband for destroying evidence related to spyware that he secretly installed on his wife’s phone and used to listen in on her calls, including conversations she had with her attorney. 

It was the second time that a judge has hit Crocker Coulson, who is locked in a bitter divorce with Anne Resnik in state court, with spoliation sanctions for destroying evidence of bugging Resnik’s phone. more

Last year...
A man locked in bitter divorce proceedings with a tobacco heiress was caught bugging his wife’s phone and listening in to her conversations with her attorney, an infraction that a Brooklyn judge said should cost him any claim on the family’s wealth. more