The carwhisperer project...
Once the connection has been successfully established, the carwhisperer binary starts sending audio to, and recording audio from the headset. This allows attackers to inject audio data into the car. This could be fake traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car.
Ideally, the carwhisperer is used with a toooned dongle and a directional antenna that enhances the range of a Bluetooth radio quite a bit. (more)
Wednesday, August 15, 2007
Bluetooth Sound Bites
When you talk over a hands-free Bluetooth device while driving your car, it is possible that some unwanted persons are listening to your conversation without your knowledge. Jim Stickley, ID theft expert and CTO of TraceSecurity, proved that the devices are vulnerable to eavesdropping.
Appearing on NBC’s TODAY show, Stickley demonstrated how vulnerable the hands-free car devices are even to the most simple of attacks.
During the testing, Stickly followed a car that was equipped with a hands-free Bluetooth device and listened the conversation without the knowledge of the occupants. (more)
Appearing on NBC’s TODAY show, Stickley demonstrated how vulnerable the hands-free car devices are even to the most simple of attacks.
During the testing, Stickly followed a car that was equipped with a hands-free Bluetooth device and listened the conversation without the knowledge of the occupants. (more)
10 things you can do to make sure your data doesn’t walk out the door
This is important. People will sneak into your offices, open your computers and steal your hard drives. How do I know? My client has a CCTV recording of it happening to their top Administrative Assistant's computer just this past weekend.
Debra Littlejohn Shinde says, "Let’s look at what you should be doing to keep your data from walking out the door...
#1: Practice the principle of least privilege
#2: Put policies in writing
#3: Set restrictive permissions and audit access
#4: Use encryption
#5: Implement rights management
#6: Restrict use of removable media
#7: Keep laptops under control
#8: Set up outbound content rules
#9: Control wireless communications
#10: Beware creative data theft methods formats
Remember that your data can walk out in many different formats. A user can print out a document and carry it out in paper form or a thief can steal printed documents from trash cans if the paper hasn’t been shredded. Even if you’ve implemented a technology such as rights management to prevent copying or printing documents, a person could take a digital or film photograph of the content onscreen or even sit and copy the information by hand. Be aware of all the ways your data can leave the premises and take steps to protect against them." (more)
Debra Littlejohn Shinde says, "Let’s look at what you should be doing to keep your data from walking out the door...
#1: Practice the principle of least privilege
#2: Put policies in writing
#3: Set restrictive permissions and audit access
#4: Use encryption
#5: Implement rights management
#6: Restrict use of removable media
#7: Keep laptops under control
#8: Set up outbound content rules
#9: Control wireless communications
#10: Beware creative data theft methods formats
Remember that your data can walk out in many different formats. A user can print out a document and carry it out in paper form or a thief can steal printed documents from trash cans if the paper hasn’t been shredded. Even if you’ve implemented a technology such as rights management to prevent copying or printing documents, a person could take a digital or film photograph of the content onscreen or even sit and copy the information by hand. Be aware of all the ways your data can leave the premises and take steps to protect against them." (more)
SpyCam Story #371 - "Mr. Simpson, I presume."
Tracking down the guy who hid a video camera in a Seattle ladies’ room was made a little easier when the suspect allegedly recorded himself setting it up. (doh!)
The suspect was booked on suspicion of voyeurism after the manager of the downtown movie theater where the camera was found identified the suspect as one of his employees. (more)
The suspect was booked on suspicion of voyeurism after the manager of the downtown movie theater where the camera was found identified the suspect as one of his employees. (more)
Cutting Edge Spies
Gillette has launched a campaign site as part of a campaign for its new Fusion Power Stealth range.
The site includes a spy mission game, involving streamed briefing videos complete with 3D animations, an interactive game and chance to win a trip to a spy school.
The brand has been integrated into the site by challenging the 'spy' users to help recover a stolen razor.
As well as the main game mission, the website provides a breakdown of the stolen gadget's features and has a prominent 'tell a friend' mechanic, where you can 'recruit' others.
Spies can also keep a track on their fellow 'spooks' via a timed leader board. (more) (site)
The site includes a spy mission game, involving streamed briefing videos complete with 3D animations, an interactive game and chance to win a trip to a spy school.
The brand has been integrated into the site by challenging the 'spy' users to help recover a stolen razor.
As well as the main game mission, the website provides a breakdown of the stolen gadget's features and has a prominent 'tell a friend' mechanic, where you can 'recruit' others.
Spies can also keep a track on their fellow 'spooks' via a timed leader board. (more) (site)
Monty Python Security - Man Eating Badgers
Pretend you are John Cleese and read aloud.
"British forces have denied rumours that they released a plague of ferocious badgers into the Iraqi city of Basra.
Word spread among the populace that UK troops had introduced strange man-eating, bear-like beasts into the area to sow panic.
But several of the creatures, caught and killed by local farmers, have been identified by experts as honey badgers.
The rumours spread because the animals had appeared near the British base at Basra airport.
UK military spokesman Major Mike Shearer said: "We can categorically state that we have not released man-eating badgers into the area." (more)
"British forces have denied rumours that they released a plague of ferocious badgers into the Iraqi city of Basra.
Word spread among the populace that UK troops had introduced strange man-eating, bear-like beasts into the area to sow panic.
But several of the creatures, caught and killed by local farmers, have been identified by experts as honey badgers.
The rumours spread because the animals had appeared near the British base at Basra airport.
UK military spokesman Major Mike Shearer said: "We can categorically state that we have not released man-eating badgers into the area." (more)
Break Time - Play Security Problem Excuse Bingo
Please come back after your BINGO BREAK.
"To help vendors focus on their obligations here, Jutta Degener and I present Security Problem Excuse Bingo. Usual bingo rules apply, with vendor press releases, news interviews, and legal notices used as source material. Cards can be generated and downloaded from www.crypto.com/bingo/pr
Because we follow all industry standard practices, you can rest assured that there are no bugs in this software. We take security very seriously." ~ Matt Blaze
"To help vendors focus on their obligations here, Jutta Degener and I present Security Problem Excuse Bingo. Usual bingo rules apply, with vendor press releases, news interviews, and legal notices used as source material. Cards can be generated and downloaded from www.crypto.com/bingo/pr
Because we follow all industry standard practices, you can rest assured that there are no bugs in this software. We take security very seriously." ~ Matt Blaze
Tuesday, August 14, 2007
Your Mobile Phone May Be Bugged if...
The following clues may indicate your cell phone is bugged...
• Software displays "App Closed: Main" error message frequently.
• Unusual additions in your phone's "Application Manager" menu.
• You see unusual entries in you phone's "Call Duration Log."
• Error messages - "message stuck in outbox" / "no sms credit".
• You hear unexpected 'beeps'.
• The phone's screen backlight switches on for no apparent reason.
• Your phone starts acting sluggish; keypad buttons jam.
• You see error messages more frequently than normal.
• Battery life suddenly drops.
Be aware that some cell phone spyware runs cleaner than others; thus, not having these problems does not mean you are free of spyware. Keep alert.
Things you can do to reduce your vulnerability to spyware...
• Use an inexpensive phone. "Smart" phones get bugged.
• Use a cell service which is not GSM. Most spyware is GSM based.
• Keep your phone turned off when not needed.
• Force spies out. Make fake calls and SMS's as a test.
• Switch phones, carriers and numbers occasionally.
• Consider using pre-paid phones.
• NEVER accept a phone as a gift.
• NEVER loan your phone; not even for a few minutes.
• ALWAYS keep your phone in your complete control.
See how easy it is for the general public to obtain spyware. Click here.
Protecting your business against eavesdropping is also easy. Click here.
~Kevin
• Software displays "App Closed: Main" error message frequently.
• Unusual additions in your phone's "Application Manager" menu.
• You see unusual entries in you phone's "Call Duration Log."
• Error messages - "message stuck in outbox" / "no sms credit".
• You hear unexpected 'beeps'.
• The phone's screen backlight switches on for no apparent reason.
• Your phone starts acting sluggish; keypad buttons jam.
• You see error messages more frequently than normal.
• Battery life suddenly drops.
Be aware that some cell phone spyware runs cleaner than others; thus, not having these problems does not mean you are free of spyware. Keep alert.
Things you can do to reduce your vulnerability to spyware...
• Use an inexpensive phone. "Smart" phones get bugged.
• Use a cell service which is not GSM. Most spyware is GSM based.
• Keep your phone turned off when not needed.
• Force spies out. Make fake calls and SMS's as a test.
• Switch phones, carriers and numbers occasionally.
• Consider using pre-paid phones.
• NEVER accept a phone as a gift.
• NEVER loan your phone; not even for a few minutes.
• ALWAYS keep your phone in your complete control.
See how easy it is for the general public to obtain spyware. Click here.
Protecting your business against eavesdropping is also easy. Click here.
~Kevin
Monday, August 13, 2007
The Science of Wiretapping (NPR)
On August 5, 2007, President Bush signed the Protect America Act of 2007 into law. The law, an amendment to the Foreign Intelligence Surveillance Act of 1978 (FISA), extends the government's authority to wiretap without a warrant. In light of the new law, Science Friday (Ira Flatow) consulted wiretap experts Matt Blaze, a technologist and professor of computer and information science at University of Pennsylvania, in Philadelphia and Susan Landau, Distinguished engineer at Sun Microsystems Laboratories about the science of wiretapping.
Matt Blaze explains old-style wiretapping
Susan Landau explains where NSA tapping might take place
(more)
Matt Blaze explains old-style wiretapping
Susan Landau explains where NSA tapping might take place
(more)
How to remotely disable security cameras nondestructively from quite a distance…
Cell Phone Activated DIY CCTV Camera Blinding Project - from c-h-a-o-s.com
"It’s no secret. A lot of my inspiration comes from movies and for quite some time I have become more and more annoyed by Hollywood's sometimes rather silly solutions for an agent to shut down security cameras in order to remain undetected: e.g. blowing up the nearby power-plant or rigging up gadgets in sewers, where they can be detected by renovation workers and the sorts. If you blow something up or otherwise break it, your counterpart will immediately know it is sabotage and rule out a simple technical malfunction.
Another thing that got me to write this article is the abundant usage of surveillance cameras everywhere which makes me want to burst the bubble about security of surveillance cameras by exposing their weakness. Switching point of view will also often lead to improvement…" (more)
"It’s no secret. A lot of my inspiration comes from movies and for quite some time I have become more and more annoyed by Hollywood's sometimes rather silly solutions for an agent to shut down security cameras in order to remain undetected: e.g. blowing up the nearby power-plant or rigging up gadgets in sewers, where they can be detected by renovation workers and the sorts. If you blow something up or otherwise break it, your counterpart will immediately know it is sabotage and rule out a simple technical malfunction.
Another thing that got me to write this article is the abundant usage of surveillance cameras everywhere which makes me want to burst the bubble about security of surveillance cameras by exposing their weakness. Switching point of view will also often lead to improvement…" (more)
$10 hack can unlock nearly any office door
Cut a couple of wires, insert a small, easy-to-make device between them, and you can walk right through all those supposedly card-protected locked office doors.
At the Defcon security conference over the weekend, a hacker and Defcon staffer who goes by the name Zac Franken showed off how a small homemade device he calls Gecko can perform a classic man-in-the-middle attack on the type of access card readers used on office doors around the country.
What's more, making a Gecko is easy and cheap. Franken says the hardware costs about $10.
According to Franken, the hack subverts the Wiegand protocol, commonly used for communication between the card reader and the back-end access control system... (more)
At the Defcon security conference over the weekend, a hacker and Defcon staffer who goes by the name Zac Franken showed off how a small homemade device he calls Gecko can perform a classic man-in-the-middle attack on the type of access card readers used on office doors around the country.
What's more, making a Gecko is easy and cheap. Franken says the hardware costs about $10.
According to Franken, the hack subverts the Wiegand protocol, commonly used for communication between the card reader and the back-end access control system... (more)
Reverse Engineer Your Spy Ear
- You can buy a Spy Ear for a dollar! (or less)
- It can amplify sounds up to 60 dB or a factor of a 100.
- It has a self limiting property and adjusts the gain so that the amplified signal volume is always just right.
- It runs of two LR44 1.5 volt button cell alkaline battery, so it's perfect for portable projects.
- Many of today's projects, such as in robotics, require analogue front end for sensing the environment and the Spy Ear circuit is just right to fill in as a multi-purpose front end amplifier.
- It is simple enough to reverse engineer.
So, the Spy Ear is a fantastic cheap, small and rugged circuit for modding and hacking! (more)
- It can amplify sounds up to 60 dB or a factor of a 100.
- It has a self limiting property and adjusts the gain so that the amplified signal volume is always just right.
- It runs of two LR44 1.5 volt button cell alkaline battery, so it's perfect for portable projects.
- Many of today's projects, such as in robotics, require analogue front end for sensing the environment and the Spy Ear circuit is just right to fill in as a multi-purpose front end amplifier.
- It is simple enough to reverse engineer.
So, the Spy Ear is a fantastic cheap, small and rugged circuit for modding and hacking! (more)
Sunday, August 12, 2007
China Enacting a High-Tech Plan to Track People
(Modern Canterbury Tales. On our way to 1984.)
At least 20,000 police surveillance cameras are being installed along streets here in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity.
Starting this month in a port neighborhood and then spreading across Shenzhen, a city of 12.4 million people, residency cards fitted with powerful computer chips programmed by the same company will be issued to most citizens.
Data on the chip will include not just the citizen’s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number. Even personal reproductive history will be included, for enforcement of China’s controversial “one child” policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card.
Security experts describe China’s plans as the world’s largest effort to meld cutting-edge computer technology with police work to track the activities of a population and fight crime. But they say the technology can be used to violate civil rights.
The Chinese government has ordered all large cities to apply technology to police work and to issue high-tech residency cards to 150 million people who have moved to a city but not yet acquired permanent residency. (more)
At least 20,000 police surveillance cameras are being installed along streets here in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity.
Starting this month in a port neighborhood and then spreading across Shenzhen, a city of 12.4 million people, residency cards fitted with powerful computer chips programmed by the same company will be issued to most citizens.
Data on the chip will include not just the citizen’s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number. Even personal reproductive history will be included, for enforcement of China’s controversial “one child” policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card.
Security experts describe China’s plans as the world’s largest effort to meld cutting-edge computer technology with police work to track the activities of a population and fight crime. But they say the technology can be used to violate civil rights.
The Chinese government has ordered all large cities to apply technology to police work and to issue high-tech residency cards to 150 million people who have moved to a city but not yet acquired permanent residency. (more)
Spycam catches CCTV operator (snicker)
UK - CCTV operator Wayne Tomlin spends his working day helping to catch criminals on camera, but he was caught out driving at more than twice the speed limit by a spycam.
The 25-year-old computer technician, who works for Sunderland Council's surveillance team, was rushing to carry out urgent repairs when he was caught speeding.
A mobile police camera clocked him doing 66mph in a 30mph zone on Springwell Road, Grindon.
He has been banned from driving for 42 days and ordered to pay a £400 fine.
Brian Chapman, defending, said "Mr. Tomlin had accidentally broken the speed limit while hurrying to repair a camera which protected council staff at a city centre office." (more)
The 25-year-old computer technician, who works for Sunderland Council's surveillance team, was rushing to carry out urgent repairs when he was caught speeding.
A mobile police camera clocked him doing 66mph in a 30mph zone on Springwell Road, Grindon.
He has been banned from driving for 42 days and ordered to pay a £400 fine.
Brian Chapman, defending, said "Mr. Tomlin had accidentally broken the speed limit while hurrying to repair a camera which protected council staff at a city centre office." (more)
Who's on the Line? These Days, It Could Be Everyone
Eavesdropping techniques have changed dramatically in recent years. So has society's perception that eavesdropping is an immoral and unacceptable business practice.
Old-school wiretapping was captured most perfectly in "The Lives of Others," last year's Oscar winner for Best Foreign Film, about surveillance by Stasi agents of the former East Germany: the long hours listening to conversations as a reel of tape wound round and round. Those were the days when "wiretap" meant using alligator clips to literally tap into a phone wire.
Watching wiretapping, Hollywood-style, has become so scintillating that some people fear we are being inured to the potentially sinister and abusive side of its uses. (more)
Old-school wiretapping was captured most perfectly in "The Lives of Others," last year's Oscar winner for Best Foreign Film, about surveillance by Stasi agents of the former East Germany: the long hours listening to conversations as a reel of tape wound round and round. Those were the days when "wiretap" meant using alligator clips to literally tap into a phone wire.
Watching wiretapping, Hollywood-style, has become so scintillating that some people fear we are being inured to the potentially sinister and abusive side of its uses. (more)
Subscribe to:
Posts (Atom)