Google hardware chief Rick Osterloh told the BBC that guests visiting a home where smart speakers are stored should be warned that their conversations might be overheard and recorded. more
Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts
Thursday, October 17, 2019
Welcome to our home. Your visit may be recorded for no apparent reason. Would you like a glass of wine?
Google hardware chief Rick Osterloh told the BBC that guests visiting a home where smart speakers are stored should be warned that their conversations might be overheard and recorded. more
Tuesday, September 10, 2019
GPS Tracker Bugs Kids... about 600,000 of them.
Serious security flaws in GPS trackers manufactured by a Chinese company have been found to expose location data of nearly 600,000 children and elderly, according to researchers from cybersecurity firm Avast.
The researchers spotted the vulnerabilities in the T8 Mini GPS tracker and nearly 30 other models by the same manufacturer, Shenzhen i365 Tech.
...these devices expose all data sent to the Cloud, including exact real-time GPS coordinates, showed the findings revealed last week.
Further, design flaws can enable unwanted third-parties to spoof the location or access the microphone for eavesdropping.
The researchers estimate that there are about 600,000 of these unprotected trackers in use globally that are using the very generic default password of "123456". more
 |
| T8 Mini GPS Tracker Locator |
...these devices expose all data sent to the Cloud, including exact real-time GPS coordinates, showed the findings revealed last week.
Further, design flaws can enable unwanted third-parties to spoof the location or access the microphone for eavesdropping.
The researchers estimate that there are about 600,000 of these unprotected trackers in use globally that are using the very generic default password of "123456". more
FutureWatch - Non-Public 5G Networks - Network Security via Isolation
The concept of non-public networks is nothing new -- yet the rise of the
internet of things (IoT) and connected assets is driving more and more
companies to investigate the opportunities that non-public 5G networks could offer them...
Non-public 5G networks offer protection against industrial espionage. Data in non-public 5G networks is segregated and processed separately from public 5G networks. This ensures complete privacy protection of process -- and production-related data. more
Non-public 5G networks offer protection against industrial espionage. Data in non-public 5G networks is segregated and processed separately from public 5G networks. This ensures complete privacy protection of process -- and production-related data. more
Tuesday, September 3, 2019
Workplace Covert Recording on the Rise
 |
| Voice activated recorder. Easy to hide. |
Gadgets disguised as leather belts, eyeglasses, pens and USB sticks are all proving popular with employees in a country where abusive behavior by people in power is so pervasive that there is a word for it - “gabjil”...
Auto Jungbo Co.’s sales of voice recorders so far this year have doubled to 80 devices per day, Jang said as he forecast sales to also double this calendar year to 1.4 billion won. more
Kevin's Tips for Management
- Assume your discussions are being recorded.
- Before proceeding, ask if they are recording.
- Be professional. If you would not say it in a courtroom, don’t say it.
- Red Flag – When an employee tries to recreate a previous conversation with you.
- Have an independent sweep team conduct periodic due diligence debugging inspections.
Create a Workplace Recording Policy
Thursday, August 29, 2019
Has Your Doctor (or other Professional) Downloaded Apps With Microphone Access?
via Robinson & Cole LLP -
Linn Foster FreedmanAs I always do when talking to people about their phones, I asked them to go into their privacy settings and into the microphone section and see how many apps they have downloaded that asked permission to access the microphone. How many green dots are there? Almost all of them looked up at me with wide eyes and their lips formed a big “O.”...
I am not picking on them—I do the same thing with lawyers, financial advisors and CPAs, and any other professional that has access to sensitive information.
When a professional downloads an app that allows access to the microphone, all of the conversations that you believe are private and confidential are now not private and confidential if that phone is in the room with you. more
Tuesday, August 27, 2019
Just Another Week in the World of Spies
China - Yang Hengjun, a well-known Australian writer and democracy activist
detained by the Chinese authorities in January, has been formally
charged with spying... more
Russia - A Moscow court has ruled to keep an American man and Marine veteran suspected of spying in prison for two more months. The court ruled on Friday to keep Paul Whelan behind bars at least until late October. more
WWW - Freelance site Fiverr offers illegal private spying services... more
UAE - Why the CIA doesn't spy on the UAE... more
Israel shouldn’t let a little spying undo its economic ties with China, ex-chief analyst argues... more
Iran has sentenced a British-Iranian national to 10 years in jail for spying for Israel... more
China’s spies are waging an intensifying espionage offensive against the United States. more
USA - Patrick Byrne resigned suddenly as CEO of Overstock.com last Thursday, after mounting controversy surrounding his past romantic relationship with alleged Russian agent Maria Butina. Butina is now serving an 18 month prison sentence for conspiring to promote Russian interests through conservative U.S. political groups. more
Australia - Intelligence agencies warn of 'unprecedented scale' of foreign spying within Australia. more
Iran - Environmentalists filming Iran’s endangered cheetahs could be executed for spying. more
India sending spying devices to Pakistan via balloons... more
USA - The spy in your wallet: Credit cards have a privacy problem... In a privacy experiment, we bought one banana with the new Apple Card — and another with the Amazon Prime Rewards Visa from Chase. Here’s who tracked, mined and shared our data. more
Israel shouldn’t let a little spying undo its economic ties with China, ex-chief analyst argues... more
Iran has sentenced a British-Iranian national to 10 years in jail for spying for Israel... more
China’s spies are waging an intensifying espionage offensive against the United States. more
USA - Patrick Byrne resigned suddenly as CEO of Overstock.com last Thursday, after mounting controversy surrounding his past romantic relationship with alleged Russian agent Maria Butina. Butina is now serving an 18 month prison sentence for conspiring to promote Russian interests through conservative U.S. political groups. more
Australia - Intelligence agencies warn of 'unprecedented scale' of foreign spying within Australia. more
Iran - Environmentalists filming Iran’s endangered cheetahs could be executed for spying. more
India sending spying devices to Pakistan via balloons... more
USA - The spy in your wallet: Credit cards have a privacy problem... In a privacy experiment, we bought one banana with the new Apple Card — and another with the Amazon Prime Rewards Visa from Chase. Here’s who tracked, mined and shared our data. more
'Complete Control' Hack Allows Audio / Video Spying and More
All Windows users should update immediately as ‘Complete Control’ hack is confirmed.
In case you were underestimating the tool, it can allow a hacker to remoting shutdown or reboot the system, remotely browse files, access and control the Task Manager, Registry Editor, and even the mouse.
Not only that, but the attacker can also open web pages, disable the webcam activity light to spy on the victim unnoticed and capture audio and video.
Since the attacker has full access to the computer, they can also recover passwords and obtain login credentials using a keylogger as well as lock the computer with custom encryption that can act like ransomware. more
Not only that, but the attacker can also open web pages, disable the webcam activity light to spy on the victim unnoticed and capture audio and video.
Since the attacker has full access to the computer, they can also recover passwords and obtain login credentials using a keylogger as well as lock the computer with custom encryption that can act like ransomware. more
Tuesday, August 20, 2019
Phone Phreaking - The Next Frontier - Elevator Eavesdropping
Next time you’re in an elevator, be advised that someone – besides
building security and fellow elevator riders – might be listening.
A recent Wired article
exposed the hidden world of elevator phreaking. By calling an unsecured
elevator phone, a third party can expose a person, and potentially an
enterprise, to a major security and privacy risk.
Since elevator phones
don’t require anyone to pick up the phone to open the circuit, a third
party can make a call and be connected – allowing them to eavesdrop on
conversations happening inside the elevator.
Given the competitive
nature of industries like banking and technology, it isn’t completely
unthinkable for a hacker to eavesdrop this way. more
I know of a hotel in Miami which has bugged elevator—the one nearest the Boardroom; located on the Conference Floor level.
But, if bugged elevators aren't freaky enough, eavesdrop on elevators that talk! ~Kevin
Sunday, August 11, 2019
FutureWatch: Your Voice Can Give Away What You Look Like
Spying is multifaceted. It includes everything from plain old audio eavesdropping, to spycams (thus adding the visual element), to aggregating all the telltale data about us. Once science fiction, even facial recognition is coming to airports. Is it possible to squeeze more from a spy's cornucopia of tricks?
What if you want to know what a person is thinking, or what they look like?
These two challenges are the future of spying, and they are being worked on today.
We started covering mind reading advancements in 2006. And now, how to tell what a person looks like—and even their environment... just from the sound of their voice.
What if you want to know what a person is thinking, or what they look like?
These two challenges are the future of spying, and they are being worked on today.
We started covering mind reading advancements in 2006. And now, how to tell what a person looks like—and even their environment... just from the sound of their voice.
Monday, August 5, 2019
Wallet, Keys, Bag Packed... Ooopps, Forgot the Post-it Notes
When airline seatback entertainment systems started to come bundled with little webcams, airlines were quick to disavow their usage, promising that the cameras were only installed for potential future videoconferencing or gaming apps, and not to allow the crew or airline to spy on passengers in their seats.
Enter Hong Kong's Cathay Pacific, the country's flagship airline, which has just amended its privacy policy to reveal that it is recording its passengers as they fly, as well as gathering data on how individual passengers spend time in airport terminals, and even brokered data on their use of rivals' hotel and airplane loyalty programs.
But don't worry, the company promises it will take "commercially reasonable" cybersecurity measures to keep all that data from leaking. more
But don't worry, the company promises it will take "commercially reasonable" cybersecurity measures to keep all that data from leaking. more
Amazon Alexa's New Dump the Human Eavesdropping Switch
Alexa users who don’t want their recordings reviewed by third-party contractors finally have an option to opt-out...
Unfortunately, Amazon has never made opting-out of data collection on its devices particularly easy, and this new policy doesn’t buck that trend.
According to Bloomberg, users need to dig into their settings menu, then navigate to “Alexa Privacy,” and finally tap “Manage How Your Data Improves Alexa” to see the following text: “With this setting on, your voice recordings may be used to develop new features and manually reviewed to help improve our services. Only an extremely small fraction of voice recordings are manually reviewed.” more
Unfortunately, Amazon has never made opting-out of data collection on its devices particularly easy, and this new policy doesn’t buck that trend.
According to Bloomberg, users need to dig into their settings menu, then navigate to “Alexa Privacy,” and finally tap “Manage How Your Data Improves Alexa” to see the following text: “With this setting on, your voice recordings may be used to develop new features and manually reviewed to help improve our services. Only an extremely small fraction of voice recordings are manually reviewed.” more
Tuesday, July 23, 2019
Android Smartphone Alert: Spearphone Eavesdropping
A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that’s played on speakerphone, including calls, music and voice assistant responses.
A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android devices’ on-board accelerometers (motion sensors) to infer speech from the devices’ speakers.
An acronym for “Speech privacy exploit via accelerometer-sensed reverberations from smartphone loudspeakers,” Spearphone was pioneered by an academic team from the University of Alabama at Birmingham and Rutgers University.
They discovered that essentially, any audio content that comes through the speakers when used in speakerphone mode can be picked up by certain accelerometers in the form of sound-wave reverberations. And because accelerometers are always on and don’t require permissions to provide their data to apps, a rogue app or malicious website can simply listen to the reverberations in real time, recording them or livestreaming them back to an adversary, who can analyze and infer private data from them. more
A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android devices’ on-board accelerometers (motion sensors) to infer speech from the devices’ speakers.
An acronym for “Speech privacy exploit via accelerometer-sensed reverberations from smartphone loudspeakers,” Spearphone was pioneered by an academic team from the University of Alabama at Birmingham and Rutgers University.
They discovered that essentially, any audio content that comes through the speakers when used in speakerphone mode can be picked up by certain accelerometers in the form of sound-wave reverberations. And because accelerometers are always on and don’t require permissions to provide their data to apps, a rogue app or malicious website can simply listen to the reverberations in real time, recording them or livestreaming them back to an adversary, who can analyze and infer private data from them. more
Spycam Report from China
Sales of spy cameras are rampant at Shenzhen’s gadget paradise, Huaqiangbei, according to a report by state broadcaster CCTV. The report, secretly filmed (ironically) by CCTV reporters, found vendors selling secret cameras disguised as pens, lighters and alarm clocks, among a number of other things. This is in spite of the fact that it's illegal in China to sell “espionage equipment” that can be used for secretly monitoring and photographing people.
In one case, the CCTV reporter bought a fake power socket with a camera hidden in one of the holes and double-sided tape on the back to allow for mounting on a wall. It included an SD card socket and a charging port at the bottom...
In another example from the report, one shop demonstrated a different power socket that hides the camera in a small hole in the bottom-right corner. The video can also be watched in real time from a smartphone app.
In recent months, a series of events that show just how easy it is to secretly film people in hotels has unnerved people in China. The apparent prevalence of the practice has raised concerns about people’s privacy and safety...
In another case, a couple found a hidden camera in the TV in their hotel room in the city of Zhengzhou. Police later determined one person had installed hidden cameras in at least five rooms. Then they detained a manager at the hotel when he claimed more than 80% of the hotels in the city have hidden cameras. more
In one case, the CCTV reporter bought a fake power socket with a camera hidden in one of the holes and double-sided tape on the back to allow for mounting on a wall. It included an SD card socket and a charging port at the bottom...
In another example from the report, one shop demonstrated a different power socket that hides the camera in a small hole in the bottom-right corner. The video can also be watched in real time from a smartphone app.
In recent months, a series of events that show just how easy it is to secretly film people in hotels has unnerved people in China. The apparent prevalence of the practice has raised concerns about people’s privacy and safety...
In another case, a couple found a hidden camera in the TV in their hotel room in the city of Zhengzhou. Police later determined one person had installed hidden cameras in at least five rooms. Then they detained a manager at the hotel when he claimed more than 80% of the hotels in the city have hidden cameras. more
Tuesday, July 16, 2019
Information Security: Privacy Tips for Business Travelers
The Basics...
- Beware of shoulder surfers. Get one of these.
- Know when to shut your mouth. Don't give strangers any confidential information.
- Use a Virtual Private Network (VPN).
- Change any passwords you used while on your tip.
- Keep your device with you to reduce info-suck opportunities.
- Avoid using public charging stations (unless you have one of these).
- Read Murray Associates' Guide to Off-Site Meeting Information Security.
Monday, July 15, 2019
Spanish App Works Like Spanish Fly... undercover
Using a Shazam-like technology, the app would record audio to identify soccer games, and use the geolocation of the phone to locate which bars were streaming without licenses. more
Thursday, July 11, 2019
Apple Temporarily Disables Walkie Talkie on Apple Watch Over Eavesdropping Concerns
Less than 24 hours after Apple issued a background update to remove a vulnerability in Zoom’s Mac app that installed a surreptitious web server that could activate the video camera without the user’s permission, Apple has disabled another app for a possible security breach. And this time it’s one of its own: Walkie Talkie.
Walkie Talkie was introduced with watchOS 5 as a quicker way to communicate between Apple Watches. Apple promotes it as “a new, easy way to have a one-on-one conversation with anyone who has a compatible Apple Watch.” However, it might not be as private as you think. Apple announced late Wednesday that it was temporarily disabling the Walkie Talkie on the Apple Watch due to eavesdropping concerns. more
Tuesday, July 9, 2019
Kieffer Ramirez Shares His Favorite Niche Investigations Resources (most are free)
SpyDialer
Cost: Free
Search people via their phone number, name, address, and/or e-mail address by using SpyDialer which contains billions of phone numbers obtained using social media and user-contributed address books.
Concerned about your information showing up on SpyDialer?!?! Check and see. If you appear there, you have the option of deleting your information... anonymously.
The 17 other resources appear here.
More Than 1,000 Android Apps Spy... even when you deny permission!
Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don't want a flashlight app to be able to read through your call logs, you should be able to deny that access.But... even when you say no, many apps find a way around: Researchers discovered more than 1,000 apps that skirted restrictions, allowing them to gather precise geolocation data and phone identifiers behind your back...
Google said it would be addressing the issues in Android Q, which is expected to release this year. more
Monday, June 17, 2019
Apple-knocker Forensic Advancement - iOS & Android are No Longer Secure.
The “arms race” of mobile forensics – ever-tougher encryption and the breakneck operations to crack it – has become more of a public tug-of-war than ever before.Cellebrite, the largest player in the mobile-forensics industry, unveiled its UFED Premium last Friday. Along with the announcement came the bombshell: that it can now get into any Apple iOS device, and many of the high-end Android devices.
“An exclusive solution for law enforcement to unlock and extract data from all iOS and Android devices,” the company said in a tweet.
Those devices have historically been the toughest to crack... more
Monday, May 20, 2019
FutureWatch: New Mobile App Fends off Espionage Attacks
For example, it is possible to give apps wrapped in AVARE access to the contacts in the address book, but not to all of the stored information...
In addition, AVARE can extend the location information to a radius of several kilometers and disguise the exact location. Thus, a weather app can continue to provide reliable forecasts without knowing the exact location of the user...
The AVARE code is available as open source software on the AVARE website and the scientists hope that their program will be taken up by other developers who will help to extend the current beta version to a version 1.0. more video (cartoon)
Subscribe to:
Posts (Atom)