Brand-Name Wireless Keyboards Open to Silent Eavesdropping

Wireless keyboards from popular hardware vendors are wide open to silent interception at long distances, researchers have found, without users being aware that attackers can see everything they type.

Bastille Research said the keyboards transmit keystrokes across unencrypted radio signals in the 2.4 GHz band, unlike high-end and Bluetooth protocol keyboards, which transmit data in an encrypted format, making it more difficult for attackers to intercept the scrambled keystrokes.

It means attackers armed with cheap eavesdropping devices can silently intercept what users type at distances of 50 to 100 metres away.

Such interception could reveal users' passwords, credit card numbers, security question replies and other personally sensitive information, Bastille said. Users would have no indication that the traffic between the keyboard and the host computer was intercepted.

Furthermore, attackers could inject keystrokes of their own into the signals, and type directly onto users' computers. Again, the attack would be unnoticeable to users in most cases.

Bastille tested eight keyboards from well-known vendors... more

Longtime Security Scrapbook readers may remember my warnings about this beginning in 2007...
https://spybusters.blogspot.com/2007/12/wireless-keyboard-interception.html  
https://spybusters.blogspot.com/2007/12/program-discovers-at-risk-wireless.html
https://spybusters.blogspot.com/2009/01/old-news-still-scary-bugged-keyboards.html

Amazon Mute on Echo Eavesdropping

We may never know if the feds have hijacked Amazon Echo.

Amazon has so far issued two transparency reports since it began declaring how many government data demands and wiretap orders it receives.

Both reports outlined how many subpoenas, search warrants, and court orders the company received to cloud service Amazon Web Services. While its cloud makes up a significant portion of the data that it gathers, the company also collects vast amounts of data from its retail businesses, mobile services, book purchases, and requests made to Echo.

But an Amazon spokesperson wouldn't comment on whether the company will expand its transparency report. more

Kim Kardashian Could Get a Swift Kick for Eavesdropping

Kim Kardashian was apparently bluffing when she said that she has a video of Taylor Swift approving the lyric “I made that bitch famous,” even if the reality star had released a video on Sunday night on her Snapchat.

A legal expert said that the turn of events could lead to a major legal battle between Swift on one hand, and Kanye West and Kim Kardashian on the other hand.

For releasing the recording of West’s conversation with Swift – even minus the alleged approval by Swift of the controversial lyric – because the singer was unaware their conversation was being recorded, West and Kardashian breached California’s law on eavesdropping, noted E! News. more

The Open Microphone Strikes Again

The only thing more embarrassing than having to resign after a political gambit (the Brexit) blew up in your face? Getting caught on a hot mic singing a goofy tune immediately after you resign. Godspeed, David Cameron. more



Moral: Treat microphones like a poisonous snakes. Always know where they are and what they are doing. Always.

P.S. It has happened to him before, and before.

World's Biggest Bug (You need it if you want to bug aliens.)

China Wants To ‘Eavesdrop’ On Aliens With This Giant Radio Telescope

Click to enlarge

China hoisted the final piece into position on what will be the world's largest radio telescope, which it will use to explore space and help in the hunt for extraterrestrial life, state media said.

The Five-hundred-meter Aperture Spherical Telescope, or FAST, is the size of 30 football fields and has been hewed out of a mountain in the poor southwestern province of Guizhou. more

US Federal Wiretap Report 2015

This report covers intercepts concluded between January 1, 2015,

and December 31, 2015, and provides supplementary information on arrests and convictions resulting from intercepts concluded in prior years.

Forty-eight jurisdictions (the federal government, the District of Columbia, the Virgin Islands, Puerto Rico, and 44 states) currently have laws that authorize courts to issue orders permitting wire, oral, or electronic surveillance. Table 1 shows that a total of 28 jurisdictions reported using at least one of these types of surveillance as an investigative tool during 2015. more

Spybusters Textbook Tip: Be Careful What You Say in Public

A man has exposed the cheating antics of a relative stranger after overhearing her making arrangements for a liaison with her lover in a petrol station.

Stevie Wilcock, 22, posted a description of the woman, her car and her license plate online in a post that has gone viral... (he) was on his way to work when he was in a queue for coffee in Chester's Shell garage when he overheard the conversation.

But while Mr Wilcock said he was acting in good will his decision to publicly shame the woman appears to have backfired with some.

One user said: "Maybe Dave is an absolute horror and she needs a little TLC. Or maybe Dave would like to try and repair the relationship. But he won't get the chance now because some' fine upstanding citizen' has decided to put Dave's private business out there for everyone to comment on."

Nevertheless Mr Wilcock stands behind his decision to take action. more

PS - Your confidential business discussions are also vulnerable every time you talk in public. Think your office is a safe location? When was the last time you had it swept?

Spy Alert #734: The Olympic Games Warning

If Zika, political instability and contaminated water weren’t enough,

U.S. intelligence officials are warning Americans traveling to the August Olympic Games in Rio and other destinations abroad that proprietary information stored on electronic devices is at high risk for theft by spies and cyber criminals who are increasingly targeting global events as troughs rich in valuable intelligence.

Bill Evanina, the nation’s chief counter-intelligence executive, is urging travelers to carry “clean’’ devices, free of potentially valuable archives that could be tapped for economic advantage, personal data or security information.

Just as the Olympics draw the world’s most talented athletes, Evanina said the games and other international events represent a "great playground’’ for government intelligence services and criminals, if only because of the “sheer number of devices.’’ more

The Great Seal Bug - Excellent Synopsis

In 1946, a group of Russian children from the Vladimir Lenin All-Union Pioneer Organization (sort of a Soviet scouting group) presented a carved wooden replica of the Great Seal of the United States to Averell Harriman, the U.S. Ambassador to the Soviet Union.

Click to enlarge

The gift, a gesture of friendship to the USSR's World War II ally, was hung in the ambassador’s official residence at Spaso House in Moscow. It stayed there on a wall in the study for seven years until, through accident and a ruse, the State Department discovered that the seal was more than a mere decoration.

It was a bug.

The Soviets had built a listening device—dubbed “The Thing” by the U.S. intelligence community—into the replica seal and had been eavesdropping on Harriman and his successors the whole time it was in the house. “It represented, for that day, a fantastically advanced bit of applied electronics,” wrote George Kennan, the ambassador at the time the device was found. “I have the impression that with its discovery the whole art of intergovernmental eavesdropping was raised to a new technological level.” more

The full story.

Security Director Alert: Check the Settings on your Video Teleconferencing Equipment

Closed-door meetings by Canada's Quebec Liberal Party were exposed to trivial eavesdropping thanks to flaws in its video conferencing software.

The flaws, found and reported by a resident white hat researcher, are being fixed.

The researcher speaking on the condition of anonymity told local tabloid Le Journal de Montreal (French) he accessed the video streams using a vulnerability and the default password which was in use.

They were able to gain on-demand access to two meeting rooms in Quebec and Montreal, and supplied screen captures as evidence of the exploit.

"It was just too easy," the researcher told the paper. "It is as if they had stuck their PIN on their credit card."

Party communications director Maxime Roy says nothing relating to national security was discussed at the meetings... "We are working with our supplier." more

Need help? 
Call me.

A Technology that lets Companies Eavesdrop on Mobile Calls Made on their Premises.

Ever sought a bit of privacy by stepping away from your desk to make a personal call on your cell phone?

Soon, that may not be enough to prevent the boss from listening in -- at least not in Russia.

A Moscow security firm has developed technology that lets companies eavesdrop on mobile calls made on their premises. InfoWatch says the product is legal in Russia and that it’s scouting for other markets where customers -- banks, government agencies, or anyone else trying prevent leaks of confidential information -- would be allowed to use it.

“These technologies have been used by secret services or the military in certain countries,” said Natalya Kaspersky, chief executive officer of InfoWatch. “Our breakthrough is in applying them for corporate security.”The product expands an employer’s arsenal for fighting industrial espionage but is also likely to further fuel the global debate about data privacy. more

"Emergency! Everybody to get from street!"

Eavesdropping History: Wiretapping Observations in the 1890's

via Futility Closet...

Click to enlarge.(sic)

In 1890, as the telephone’s influence spread across the United States, Judge Robert S. Taylor of Fort Wayne, Ind., told an audience of inventors that the telephone had introduced an “epoch of neighborship without propinquity.” Scientific American called it “nothing less than a new organization of society.” The New York Times reported that two Providence men “were recently experimenting with a telephone, the wire of which was stretched over the roofs of innumerable buildings, and was estimated to be fully four miles in length”:

They relate that on the first evening of their telephonic dissipation, they heard men and women singing songs and eloquent clergymen preaching ponderous sermons, and that they detected several persons in the act of practising (sic) on brass instruments. This sort of thing was repeated every evening, while on Sunday morning a perfect deluge of partially conglomerated sermons rolled in upon them. … The remarks of thousands of midnight cats were borne to their listening ears; the confidential conversations of hundreds of husbands and wives were whispered through the treacherous telephone. … The two astonished telephone experimenters learned enough of the secrets of the leading families of Providence to render it a hazardous matter for any resident of that city to hereafter accept a nomination for any office.

In 1897 one London writer wrote, “We shall soon be nothing but transparent heaps of jelly to each other.” (From Carolyn Marvin, When Old Technologies Were New, 1988.)

Spycam, Blackmail and a former Waffle House CEO (surprise ending)

Mye Brindle, a housekeeper for Joe Rogers, former CEO of the Waffle House restaurant chain, was indicted on Friday, for allegedly trying to extort millions of dollars from her boss. 
 
Her lawyers, John Butters and David Cohen, were charged as well. According to the Associated Press, all three were indicted for secretly videotaping Brindle and Rogers having sex in Rogers’ home, and then trying to blackmail him with the recording...

Records indicated that the video, made with a spy camera Brindle received from a private investigator, did not show that Brindle did anything against her will.

Secretly recording someone in their bedroom is considered eavesdropping, which is a felony in Georgia.

Brindle, Butters, and Cohen are all charged with conspiracy to commit extortion, conspiracy to commit unlawful eavesdropping, and eavesdropping, each facing a sentence of up to five years of incarceration. more

The Future of Eavesdropping Past – The Thought Recorder

ELECTRICAL EXPERIMENTER May, 1919

Click to enlarge.

more

Russian Hi-Tech Spy Devices Under Attack Over Privacy Fears

New Russian technologies, including phone call interception and a facial recognition app, have stirred a fierce debate about privacy and data monitoring. 
 
Infowatch, a Moscow-based IT security company managed by businesswoman Natalya Kasperskaya, found itself in hot water last month after it revealed it had invented a system that companies can use to intercept employees' mobile phone conversations...

The goal behind phone call interception, Kasperskaya said, is to provide large businesses with a tool to prevent information leaks, including companies whose success depends on protecting corporate secrets. more

34 Officials Pardoned for Wiretapping 20,000 People... now unpardoned.

President Gjorge Ivanov on Monday revoked pardons he had granted to 34 officials implicated in a wire-tapping scandal that has thrown Macedonia into political turmoil, meeting demands from the opposition, the European Union and the United States.

In an EU-brokered deal last year, Macedonia's political parties agreed to hold an early election and that a special prosecutor should investigate allegations that former prime minister Nikola Gruevski and his close allies authorized eavesdropping on more than 20,000 people.

Ivanov's decision in April to pardon 56 officials prosecuted over their involvement in the scandal drew nationwide protests that led to the cancellation of an election set for June 5. more

Spy on Any Phone, Anywhere... for a price.

With just a few million dollars and a phone number, you can snoop on any call or text that phone makes – no matter where you are or where the device is located.

That’s the bold claim of Israel’s Ability Inc, which offers its set of bleeding-edge spy tools to governments the world over. And it’s plotting to flog its kit to American cops in the coming months.

Ability’s most startling product, from both technical and price perspectives, is the Unlimited Interception System (ULIN). Launched in November last year, it can cost as much as $20 million, depending on how many targets the customer wants to surveil.

All a ULIN customer requires is the target’s phone number or the IMSI (International Mobile Subscriber Identity), the unique identifier for an individual mobile device. Got those? Then boom – you can spy on a target’s location, calls and texts.

This capability is far more advanced than that of IMSI-catchers (widely known as StingRays), currently used by police departments in the United States. IMSI-catchers can help acquire a target’s IMSI number, as well as snoop on mobiles, but only if the target is within range. more

Trump Campaign Manager Asked if Trump Offices Are Being Bugged - Bizarre Response

Donald Trump’s controversial campaign manager, Corey Lewandowski, appeared on “Fox News Sunday” this week to answer questions about the Republican front-runner’s strategy as the primary season winds down...

...with seconds remaining in the interview, host Chris Wallace asked a question that produced a response no one likely anticipated.

Wallace asked Lewandowski to comment on reports that some Trump associates are suspicious that the campaign’s Trump Tower offices are being bugged. At first the campaign manager ignored the question, but Wallace pressed further.

“Is there any bugging going on at the Trump Tower?” Wallace asked, with 10 seconds remaining in the interview.

“I think that’s a lot of speculation,” Lewandowski began. “I don’t think that’s the case at all — I think we’re very happy with the way that our offices are set up.”

It’s not quite clear what Lewandowski was trying to suggest, and given that there was no time for a follow-up question, the bizarre response was left alone. more

Russian Election Monitor Sets Trap To Test NTV For Wiretapping

In March 2012, Michael McFaul, then the U.S. ambassador to Russia, famously accused journalists from the state-controlled network NTV of hacking his phone or e-mails to access his schedule after they approached him as he arrived at a private meeting with an opposition activist.

Four years later, those same journalists have been purportedly tripped up in a sting operation by an embattled Russian election-monitoring group seeking to prove that security services are wiretapping its phones and leaking details of its meetings with foreign diplomats to the Kremlin-loyal network.

Golos, an independent election monitor that has documented widespread violations at Russian ballot boxes in recent years, says it has concluded that NTV journalists are surreptitiously obtaining information about its employees’ movements from Russian law enforcement or intelligence agencies.

Using this information, Golos alleges, the journalists are able to track the group’s itinerary and wait for them -- cameras and microphones in hand -- outside embassies and other Moscow venues where they meet foreign diplomats to discuss the country’s elections. more

New Old News - Official Warning - Wall Wart Eavesdropping Device

(My clients received their warning on January 14, 2015. ~Kevin)

FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.

FURTHER READING

MEET KEYSWEEPER, THE $10 USB CHARGER THAT STEALS MS KEYBOARD STROKES

Always-on sniffer remotely uploads all input typed into Microsoft Wireless keyboards.

The FBI's Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks.

To lower the chances the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers that are nearly ubiquitous in homes and offices.

"If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information," FBI officials wrote in last month's advisory. "Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen." more