The O.MG Cable™ — The Smartphone Electro-Leach

via Blue Blaze irregular C.G.

The O.MG Cable™ is the result of months of work that has resulted in a highly covert malicious USB cable. As soon as the cable is plugged in, it can be controlled through the wireless network interface that lives inside the cable.

 

The O.MG Cable allows new payloads to be created, saved, and transmitted entirely remotely. 

 

The cable is built with Red Teams in mind with features like additional boot payloads, no USB enumeration until payload execution, and the ability to forensically erase the firmware, which causes the cable to fall entirely back to an innocuous state. And these are just the features that have been revealed so far. more 

 

Their other "interesting" products of which you should be aware.

Phone Phreaking - The Next Frontier - Elevator Eavesdropping

Next time you’re in an elevator, be advised that someone – besides building security and fellow elevator riders – might be listening.

 

A recent Wired article exposed the hidden world of elevator phreaking. By calling an unsecured elevator phone, a third party can expose a person, and potentially an enterprise, to a major security and privacy risk. 

 

Since elevator phones don’t require anyone to pick up the phone to open the circuit, a third party can make a call and be connected – allowing them to eavesdrop on conversations happening inside the elevator. 

 

Given the competitive nature of industries like banking and technology, it isn’t completely unthinkable for a hacker to eavesdrop this way. more

I know of a hotel in Miami which has bugged elevator—the one nearest the Boardroom; located on the Conference Floor level.

But, if bugged elevators aren't freaky enough, eavesdrop on elevators that talk! ~Kevin

Wallet, Keys, Bag Packed... Ooopps, Forgot the Post-it Notes

When airline seatback entertainment systems started to come bundled with little webcams, airlines were quick to disavow their usage, promising that the cameras were only installed for potential future videoconferencing or gaming apps, and not to allow the crew or airline to spy on passengers in their seats.

Enter Hong Kong's Cathay Pacific, the country's flagship airline, which has just amended its privacy policy to reveal that it is recording its passengers as they fly, as well as gathering data on how individual passengers spend time in airport terminals, and even brokered data on their use of rivals' hotel and airplane loyalty programs.

But don't worry, the company promises it will take "commercially reasonable" cybersecurity measures to keep all that data from leaking. more

Spanish App Works Like Spanish Fly... undercover

Spain’s data protection agency has fined the country’s soccer league, LaLiga, €250,000 (about $280,000) for allegedly violating EU data privacy and transparency laws. The app, which is used for keeping track of games and stats, was using the phone’s microphone and GPS to track bars illegally streaming soccer games...

Using a Shazam-like technology, the app would record audio to identify soccer games, and use the geolocation of the phone to locate which bars were streaming without licenses. more

Spot on ID, or... "The Tell-Tale Heart"

via MIT Technology Review 

A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser. “I don’t want to say you could do it from space,” says Steward Remaly, of the Pentagon’s Combating Terrorism Technical Support Office, “but longer ranges should be possible.”... In the longer run, this technology could find many more uses, its developers believe... more

Like eavesdropping? 
(Spoiler Alert: Israeli scientists did this in 2009, and then improved it in 2014.) ~Kevin

Apple Temporarily Disables Walkie Talkie on Apple Watch Over Eavesdropping Concerns

Less than 24 hours after Apple issued a background update to remove a vulnerability in Zoom’s Mac app that installed a surreptitious web server that could activate the video camera without the user’s permission, Apple has disabled another app for a possible security breach. And this time it’s one of its own: Walkie Talkie.

Walkie Talkie was introduced with watchOS 5 as a quicker way to communicate between Apple Watches. Apple promotes it as “a new, easy way to have a one-on-one conversation with anyone who has a compatible Apple Watch.” However, it might not be as private as you think. Apple announced late Wednesday that it was temporarily disabling the Walkie Talkie on the Apple Watch due to eavesdropping concerns. more

FLIR Black Hornet - US Army Mini-Drones Deployed - Flying Binoculars

• US Army soldiers are, for the first time, getting personal reconnaissance drones small enough to fit on a soldier's utility belt.
• A soldier could send one of these little drones out to get a view of the battlefield all while staying put in a covered, concealed position.
• This awesome technology is a potential game changer, one that is expected to save lives by significantly reducing the risk soldiers take in battle. more  Early promo video.  Want one for your desk. Check eBay.

Military mini-drones have been a holy grail since the 1970's. Since 2009 they have developed rapidly. In 2019 they are a practical reality and are being deployed. 

FutureWatch: Expect many additional capabilities over a short period of time. Poisonous mosquitoes, self-planting eavesdropping bugs, anyone?

Mini-Drone History
Early 2014 Army version.
The British Army version from 2013. 
2009 DARPA version.
1970's CIA version.
For all of our drone posts, click here.  
Enjoy. ~Kevin

From Those Wonderful Emperors of Espionage...

A popular GPS tracker used as a panic alarm for elderly people and to monitor children's whereabouts can be hacked to spy on users, researchers have warned.

The white-label location tracker, manufactured in China, is rebranded and sold by multiple UK companies - including Pebbell 2 by HoIP Telecom , OwnFone Footprint , and SureSafeGo.

"There were no signs from the device when this was activated or when you called in, turning this device issued to vulnerable people into a remote listening bug,” said Fidus.

"This issue teamed with the location tracking abilities of the device allows you to conceive some pretty scary potential use cases."

The researchers also found it was possible to remotely reset the GPS tracker without needing a PIN, and kill signal to the device altogether, rendering it effectively useless.

Fidus estimates that there are at least 10,000 of these devices in use in the UK, and thousands more around the world.

The team has informed several of the device makers about the flaws, but there is no way to fix the vulnerabilities without recalling every device. more

Just Like Your Phone - Your Car is Spying on You

If you’re driving a late model car or truck, chances are that the vehicle is mostly computers on wheels, collecting and wirelessly transmitting vast quantities of data to the car manufacturer not just on vehicle performance but personal information, too, such as your weight, the restaurants you visit, your music tastes and places you go.

A car can generate about 25 gigabytes of data every hour and as much as 4,000 gigabytes a day, according to some estimates. The data trove in the hands of car makers could be worth as much as $750 billion by 2030, the consulting firm McKinsey has estimated. But consumer groups, aftermarket repair shops and privacy advocates say the data belongs to the car’s owners and the information should be subject to data privacy laws.

Yet Congress has yet to pass comprehensive federal data privacy legislation. more

The Surprising Cost of a GPS Tracking & Cellular Eavesdropping Bug

As described on eBay...

Ultra Mini GF-07 GPS Long Standby Magnetic SOS Tracking Device for Vehicle/Car/Person Location Tracker Locator System Anti-lost Device 

Features:
1. Small size and light weight, easy for carry.

2. Black shell, easy to hide, perfect for tracking vehicles, teens, spouses, elderly persons or assets. With two powerful magnets inside, easy to attach to vehicle firmly, no extra installation need.

3. All you need is a working SIM card (NOT included!) to insert into the device, then you can track and map (with Google Maps) in real-time over the Internet.

4. Dial SIM card number, then you can hear voice around this tracker, with no light and no noise, you can monitoring and spy what's going on around the tracker silently and secretly.

5. Voice Recording Function: Send text message 555 to SIM card number, it will reply a message “Snd” and start recording, SIM card and TF card are not included.

 

Electronic surveillance devices, like this one, are flooding into the country. Below is just one of the many ads on eBay alone. At these prices (as low as $11.99, and cheaper from the China and Hong Hong listings) they are throwaway items. Set it and forget it. No need to risk retrieving it to recharge the battery. 

Businesses especially need to be concerned. Imagine competitors tracking your sales people, delivery trucks, or your top executives. Learn more about these types of devices and what you can do about them.

Click to enlarge.

German Football Club Caught Spying with a Drone

‘We didn‘t do anything illegal!‘
Spy games: German club admit to spying on rivals using drones

German football was stunned at the news that Werder Bremen one of the biggest clubs in the Bundesliga spied on training sessions of rivals Hoffenheim by using drones piloted by club officials...

And remarkably, Werder Bremen has issued a statement taking responsibility for the incident, admitting it was they who arranged for the drone to conduct surveillance of Hoffenheim‘s training session.

An official statement was released, explaining that the drone was piloted by a member of club staff, while the club‘s general manager Frank Bauman made a formal apology and took full responsibility for the incident. more

FutureWatch: Spy Technology of the Future

An Exciting Future for Spy Technology

1. Real-Time Facial Surveillance That Doesn't Require Clear, Unobstructed Images
2. Tools That Detect Activity Based on a Phone's Characteristics
3. Increased Uses for Artificial Intelligence
4. Technology to Detect Suspicious Body Language



Although it's not possible to know exactly how espionage experts will depend on the things on this list and others, it's evident that technology will help spies achieve their missions. It may also allow them to diversify their responsibilities as tech takes care of past tasks. more

Spy Rule #629 - Don't Order Bugs Using Company Email

Eavesdropping charges have been filed against a central Illinois schools administrator who allegedly planned to secretly record a closed session of the school board.

The News-Gazette reports Champaign County State's Attorney Julia Rietz alleged Thursday that Samuel Byndom used a device disguised as a pen to record an Oct. 28 closed session of the school board. The 35-year-old Byndom is Urbana District 116's assistant superintendent of learning and instruction.

Click to enlarge.

Rietz said Urbana police have been investigating Byndom since a school district employee found an email order confirmation on a school district computer for a voice-activated recorder pen from a company called "SpyGuy."

Members of the school board members went forward with the closed session after learning about the recording device order, but searched the room before starting. They found the device and removed it. more

Walmart Awarded Eavesdropping Patent

Walmart this week was awarded a US patent for a new listening system for its stores that could raise serious privacy concerns from its shoppers and workers.

According to the filing, the system would capture a variety of sounds in the store to figure out employees' performance and effectiveness at checkout.

For instance, the system can be used to capture beeps produced by a scanner and the rustling of bags at checkout to find out the number of items in a transaction or even the number of bags used.

More alarmingly, the patent mentions that the system could be used to listen to guests' conversations to determine the lengths of checkout lines.

"Additionally, the sound sensors can capture audio of conversations between guests and an employee stationed at the terminal," the patent states. "The system can process the audio of the conversation to determine whether the employee stationed at the terminal is greeting guests."

The new concept hasn't been implemented in Walmart stores and Walmart didn't say whether it ever will be. more

Android Alert: Surveillance Malware Infects Telegram App

A new family of malware capable of comprehensive surveillance is targeting Android devices through the encrypted messaging app Telegram, according to research from antivirus vendor ESET.

The malware – which has mostly been distributed in Iran – ensnares its victims by posing as an application pledging more social media followers, bitcoin, or free Internet connections, according to ESET. Once downloaded, the malware can carry out surveillance tasks ranging from intercepting text messages to recording audio and screen images from devices, ESET researcher Lukas Stefanko explained in a blog post.

Each compromised device is controlled via a bot that the attacker commandeers via Telegram, which recently boasted 200 million monthly users.

“Attackers can control victimized devices by simply tapping the buttons available in the version of the malware they are operating,” Stefanko wrote.

Such nefarious programs have been knocking on Google Play’s door in droves: With the help of machine learning, security specialists removed 700,000 malicious apps from the store last year. more

Alexa - Busted for Eavesdropping

A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa -- the voice-controlled smart speaker -- and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family’s contact list.


"My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who did not want us to use her last name.

Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system.

But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. "The person on the other line said, 'unplug your Alexa devices right now,'" she said. "'You're being hacked.'"

That person was one of her husband's employees, calling from Seattle.

"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'" more

Scientists Develop Tiny Tooth-Mounted Sensors That Can Track...

...what you eat!

Monitoring in real time what happens in and around our bodies can be invaluable in the context of health care or clinical studies, but not so easy to do. That could soon change thanks to new, miniaturized sensors developed by researchers at the Tufts University School of Engineering that, when mounted directly on a tooth and communicating wirelessly with a mobile device, can transmit information on glucose, salt and alcohol intake...

Tufts engineers sought a more adoptable technology and developed a sensor with a mere 2mm x 2mm footprint that can flexibly conform and bond to the irregular surface of a tooth. In a similar fashion to the way a toll is collected on a highway, the sensors transmit their data wirelessly in response to an incoming radio-frequency signal. more

Just in case you were disappointed that this was not a story about a mysterious tooth implant...

Facial Recognition Glasses Used by Police to Identify Suspects

Chinese police are using dark sunglasses equipped with facial recognition technology to spot criminal suspects.

The glasses, which are being worn by police at a busy train station ahead of the Chinese New Year travel rush, are linked to a central database which contains details of criminal records.

Wearing the technology, police can almost instantly view an individual's personal details, including name, ethnicity, gender and address.

The scene would not look out of place in an episode of science fiction television drama Black Mirror, which often depicts dark scenarios of humans being overcome by technology.

China is deploying new technologies to monitor people in ways that would unnerve many in the West. more

Reward if Found?

Lost in Space: Highly Classified Spy Satellite

An expensive, highly classified U.S. spy satellite is presumed to be a total loss after it failed to reach orbit atop a Space Exploration Technologies Corp. rocket on Sunday, according to industry and government officials.

Lawmakers and congressional staffers from the Senate and the House have been briefed about the botched mission, some of the officials said. The secret payload—code-named Zuma and launched from Florida on board a Falcon 9 rocket—is believed to have plummeted back into the atmosphere, they said, because it didn’t separate as planned from the upper part of the rocket. more

Amazon Echo ‘Drop In’ Feature - Easy Eavesdropping?

As voice-based “personal assistants” are becoming ubiquitous in modern, connected American homes, so is the feeling they might be listening in on people when they least expect it or want it.

Amazon Echo, Dot and Show users know that Alexa is always listening. With a simple command she can turn on your lights, play music and even order pizza.

But do you know who else might be listening in to everything going on in your home? more