Monday, August 15, 2011

Cell Phone Eavesdropping Alert - Android Trojan Snoop

A nasty Android Trojan capable of stealing text messages and eavesdropping on conversations has, like all movie monsters worth their weight, morphed into an even more dangerous opponent. The security firm CA Technologies detected a piece of Android malware that hid in corrupt apps and recorded and stored users' conversations on the targeted devices, which could then be uploaded to remote servers.

"Before answering the call, it puts the phone on silent mode to prevent the affected user from hearing it. It also hides the dial pad and sets the current screen to display the home page. During testing, after the malware answered the phone, the screen went blank," Trend Micro wrote on its blog.

TIP: The auto-answering feature only targets Android's running version 2.2, not the new version 2.3; to update your operating system, go to the "Settings" tab under "Menu." (more)

Sunday, August 14, 2011

Tap Tap Revolution - The Smartphone Spyware Version

The slight movements of your smartphone every time you tap on the touchscreen could be giving away what you are typing.

Eavesdropping on a computer user's keyboard input is called keylogging...

Keylogging is much harder to pull off on smartphones because most mobile operating systems allow only whatever app is on screen to access what you are typing, says security researcher Hao Chen of the University of California, Davis.

However, Chen and his colleague Liang Cai have got around that hurdle and created a keylogger that runs on Android smartphones. It uses the phone's motion sensors to detect vibrations from tapping the screen. Since mobile operating systems do not treat the motion-sensor output as private or in need of protection, it presents a target for hackers wanting to create an innocent-looking app that secretly monitors phone users. (more)

Can Ya Catch My Cheating Spouse? In Kenya Ya Can - Bugging cell phones is apparently legal there!?!?

Kenya - Are you suspicious your lover, spouse, children, employees or business partner could be hiding something? Relax. A solution is finally here.

All you need is a high-end wap-enabled mobile phone, which you will present as a gift to your partner, whom you want to investigate.

Charles Chepkonga, the director of IT company, Smuffet Outsourcing, says with Sh15,000, he could install a software that could help you get a copy of all SMS, call log, location of the phone and all the names saved in the phonebook.

"The phone does not need to be expensive. We have done with phones worth as low as Sh8,000," he says.

Dubbed Mobispy, the software will send information to a preset email address managed by the buyer.

"Let’s say your husband tells you he is working late within the central business district but you doubt. All you will need to do is log in to the email and trace the location of the phone. Unless he left it in the office, you can know his location because it gives a radius of 10m," said Chepkonga. The IT expert says the technology can also be used to keep track on the location of students who lie they are in libraries or by managers who suspects their employees could be sabotaging the company by giving out classified information.

"The most popular reasons for using this application are finding out if your partner is cheating on you, keeping an eye on your children or teens, protecting your old parents, and using it to ensure your employees are doing what they are expected," said Chepkonga.

He says he started offering the service two months ago and has so far done more than 20 mobile phones bought by suspecting partners.

"We have also had innumerable enquiries from many people but who would want to remain anonymous," he said.

He said the idea came up as a result of the many attempts by Kenyans to bust their cheating partners. (more)

You'll Look So Dorky Nobody Will Think You Are a Spy

Real spy gear disguised as a kid's toy - with NIGHT VISION!

The SpyNet Night Vision Mission Video Watch's secret... It looks like a children's toy, but is a whole lot more. Let's run through the features... sound recorder, video recorder, still picture cam (with time lapse) - check, check, and check. Downloadable spy missions, games, and apps. Check. And, it tells time, too! 

If you really need to go covert, there is the Snake Cam Add-On. It plugs into the watch and lets you look around corners (or hide it in your sleeve and have it peek out a button whole).

Modes:
Time Mode
Alarm Mode
Timer Mode
Stop Watch Mode
Video Recorder Mode - preview or super-spy mode (watch face just shows time)
Audio Recorder Mode - wave form preview or super-spy mode (watch face just shows time)
Still Picture Recorder Mode - still image (again, with preview or without) or time lapse mode (5 seconds, 10 seconds, 30 seconds, 1 minute, 5 minutes, 10 minutes)
Secrets Mode
Missions Mode - downloadable from SpyNet HQ
Games Mode
Spy Apps Mode
Playback Mode
Capacity: Up to 20 mins of video; over 4 hours of audio; up to 2000 pics!
Snake Cam Add-On: Allows you to record pics/video around corners or hides in a button hole for super covert missions (unable to film using night vision, however). Can also be used as a plug and play USB webcam.
Watch Includes: Watch (duh), USB connector, and instructions.
Dimensions: Watch - 2.5" x 2.25" x 1" (watch body) - 1.4" TFT display.
Snake Cam - bendy part: 20"; overall length: 38" 

Why do I mention it?

So you'll know what you're up against, or the holidays are coming.
...Keep an eye out for the snake coming over the cubicle wall.

Staying Safe Abroad - The Blog, Edward L. Lee II

In 2008, I gave all my clients a free copy of Edward L. Lee's book: Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World Yes, it was that good!

The feedback I received spanned from: "Thank you so much..." to one security director saying, "I am buying copies for all our key executives who travel."


If you travel, or know someone who does, buy the book and get FREE updates by following Staying Safe Abroad - The Blog.

"What makes Ed Lee the big expert?"
Ed Lee retired from the US State Department in April 2006, after a career as a special agent, Regional Security Officer, director of training, chief investigator of the Cyprus Missing Persons Program, director of security of the U.S. Agency for International Development and as a senior advisor in the Office of Anti-Terrorism Assistance.


Most of his work now is devoted to educating global companies and governmental entities in how to be successful and keep their people safe abroad.

His career also includes 15 years as an international security consultant; for ten years he served as the security advisor to the Inter-American Development Bank. Additionally, Ed served six years in the Marines before joining the US State Department as a special agent.

"Why the plug?"
I hear you say.
Just a film noir PI's cliche, "Dead clients don't pay."

Saturday, August 13, 2011

Privacy Journal - Keep Abreast of Privacy Issues and Laws

The Compilation of State and Federal Privacy Laws is now available in different formats. This book cites and describes more than 600 state and federal laws affecting the confidentiality of personal information and electronic surveillance. The laws are listed by state, grouped in categories like medical, credit, financial, security breaches, tracking technologies, employment, government, school records, Social Security numbers, marketing, telephone privacy and many more. Canadian laws are also included.

The Consumer's Handheld Guide to Privacy Protection, an abridged, consolidated version for use on handheld devices. Lawyers and other professionals are finding this handy for searching privacy laws while out of the office, in conferences, in court, on the street.

P.S. Would you like a free sample copy of Privacy Journal monthly newsletter? Contact: Lee Shoreham, Assistant to the Publisher, PRIVACY JOURNAL, PO Box 28577, Providence, RI  02908  Phone: 401-274-7861  Fax: 401-274-4747  orders@privacyjournal.net

Friday, August 12, 2011

Tips to Protect Your Voice Mail from Hacking

via Forbes...
While there’s been extensive coverage of the News Corp. phone hacking cases during the past few weeks, nobody has really addressed two relevant elements of the story: the legal liability (both criminal and civil) for such conduct and the underlying problem which allowed the media to gain access to confidential information: the insecurity of most voice mail systems...

Personal actions

• Do not use default passwords;
Use more than a four digit PIN, and make them random. Do not use your date of birth, year of birth, or set the digits in ascending or descending order;
Make sure your carrier requires the use of a PIN every time you access your voice mail;
Have your carrier require a special password to access information about your account;
Demand that your carrier immediately notify you of any attempt to improperly access your account via email or SMS;
Ask your carrier to block multiple invalid PIN attempts on your account, which will then requires a call to customer service to reset it;
Delete sensitive message once you retrieve them, and do not store them in the system any longer than necessary. Remember, there is no way to determine who has accessed your account or listened to your messages;
Check the settings on your system to determine if messages are being forwarded to numbers you do not recognize;
Use the most complicated password that is possible to set up, and change it frequently. (more)

USA Today - "Don't bank on your phone to evade virus"

Trojans can enter a smartphone in many devious ways. All you have to do is click on a link or attachment that contains the virus, and within seconds it can secretly seize control of the phone. That link might be a tinyurl in Twitter. The attachment could be a vCard, the standard format for sending a business card to a phone.

Or you could be accessing a website in a cafe. At Wi-Fi hotspots, fraudsters create bogus gateways, known as "evil twins", to which the latest mobile phones will automatically connect. Once a connection is established, all the information passing through the gateway can be read directly or decrypted, allowing fraudsters to harvest user names, passwords and messages.

Until now, these attacks have been rare. But experts say that's just because smartphones are still taking off. "We're walking into a minefield," said Mr Fidgen, who has been warning about the risks of mobile banking for several months, "but nobody's bloody listening". (more)

Thursday, August 11, 2011

The Spy in the Condé Nast Elevator

Following a day of speculation about the identity of the person behind @CondeElevator, the account appears to have gone dark. "Girl or Guy #1 [in elevator alone]: This got really crazy. Love my job. Better stop," the account tweeted on Wednesday...

The account, which presents all tweets as if they are true, was launched just last Saturday, but it already has amassed more than 50,000 followers. In less than a week, @CondeElevator has become a dishy fly-on-the-wall at a company known for its strict rules, shone a light on the intimidating culture that still exists in the rarified halls of Old Media, and incited a massive witch hunt as outlets race to unveil the author. (more)

Why this is important.
It doesn't matter if the tweets are fact, or self-promoting fiction, it proves Twitter is a powerful technology. Your marketing people may see it as a boon. Your security people may see it as a nightmare. Point is, you need to see it, and keep an eye on it. See who's talking about your company.

Last Laugh - Briton, SpyCam Capital of the World

Can you think of a worse place in the world to riot in the streets?
SHOP A MORON - Name and shame a rioter
Click to enlarge.
These are just some of the 2,000 suspects being hunted today over Britain's riot mayhem. Police issued the CCTV shots and appealed to witnesses to identify anyone they recognise. Sun readers are urged to name and shame any morons they saw looting or committing arson and wrecking property. (more)

FutureWatch: A flood of RFP's for High-Def SpyCams. Darwin Awards.
N.B. Not to be confused with Photoshoplooter... 
(more)


Quote of the Day: “If I get my hands on someone’s lost phone, it could take me ten minutes to find an account username and password.”

An uncomfortably large percentage of mobile applications are storing sensitive user account information unencrypted on owners’ smartphones, according to a new survey of 100 consumer smartphone apps.

Click to enlarge.
Some 76 percent of the apps tested stored cleartext usernames on the devices, and 10 percent of the tested applications, including popular apps LinkedIn and Netflix, were found storing passwords on the phone in cleartext.

Conducted by digital security firm ViaForensics, the testing occurred over a period of over eight months and spanned multiple categories, ranging from social networking applications to mobile banking software. The firm tested apps only for iOS and Android, the market’s leading mobile platforms.

If I get my hands on someone’s lost phone, it could take me ten minutes to find an account username and password,” said Ted Eull, techology services vice president at ViaForensics, in an interview. (The Bad App List.)

Read up on what to do about it, here.

Wednesday, August 10, 2011

FBI, Texas Rangers Search City Offices for Bugging Devices

TX - Tenaha Mayor George Bowers has confirmed that Texas Rangers and FBI agents searched city property for bugging devices this week.

Bowers said he was present on Monday as the state and federal agents scoured the workplace for bugging devices. The search was conducted after city work hours, according to Bowers...

There are rumors several bugging devices were found inside the police station. City Marshall Tom Reader acknowledged the searches, but would not confirm or deny that any were found in the police station. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Security Flaws in Feds’ Radios Make for Easy Eavesdropping

via The Wall Street Journal...
The portable radios used by many federal law enforcement agents have major security flaws that allowed researchers to intercept hundreds of hours of sensitive traffic sent without encryption over the past two years, according to a new study being released today.

While studying the technology, researchers from the University of Pennsylvania overheard conversations that included descriptions of undercover agents and confidential informants, plans for forthcoming arrests and information on the technology used in surveillance operations...

Their research also shows that the radios can be effectively jammed using a pink electronic child’s toy and that the standard used by the radios “provides a convenient means for an attacker” to continuously track the location of a radio’s user.

The authors say they are extremely concerned about the security lapses found in the radios, which are used by the FBI and Homeland Security as well as state and local law enforcement. “We strongly urge that a high priority be placed” on a “substantial top-to-bottom redesign” of the system, dubbed P25, they write. (more) (study)

Tuesday, August 9, 2011

Today in Spy History

On Aug. 9, 1974, President Richard Nixon resigned following damaging revelations in the Watergate scandal. (more)

Faulty Towers, or The Young Ones strike back

Scarborough bed-and-breakfast owner Paul Williams has been jailed for 18 weeks for spying on his guests through secret peepholes and making audio recordings of their most intimate moments.

Paul Williams, 60, watched three couple from holes which he had drilled in the doors of the rooms at his bed-and-breakfast in Scarborough, North Yorkshire.

He was discovered when one of his victims, a 16-year-old student, spotted a poster placed over one of the holes begin to move. Her boyfriend investigated and found a hole which provided a view directly on to the bed. He then heard movement in the corridor outside and discovered Williams who was wearing just a dressing gown.

Audio recording equipment was then discovered at the Sandsea guest house. Guests were left feeling ''sick and horrified'' when they discovered what had happened.

Williams, of Devonshire Drive, Scarborough, pleaded guilty to charges of voyeurism and was sentenced at the town's magistrates' court today. (more)