Imagine...
The bug hidden in the picture frame would never have to have its battery replaced.
Tuesday, August 6, 2013
Solar-Powered Smartphones (and more) Coming Soon
Smartphones should soon be able to charge themselves
using transparent Wysips Crystal photovoltaic panels bonded into their screens. And if the idea takes off, tablets and eventually whole buildings could follow... (more) (more including photovoltaic clothing)
Imagine...
The bug hidden in the picture frame would never have to have its battery replaced.
Imagine...
The bug hidden in the picture frame would never have to have its battery replaced.
Think Changing Your SIM Card Can Mask Who You Are? Think Again
Tech-savvy criminals try to evade being tracked by changing their cellphone's built-in ID code and by regularly dumping SIM cards. But engineers in Germany have discovered that the radio signal from every cellphone handset hides within it an unalterable digital fingerprint — potentially giving law enforcers a simple way of tracking the handset itself.
Developed by Jakob Hasse and colleagues at the Technical Univ. of Dresden the tracking method exploits the tiny variations in the quality of the various electronic components inside a phone.
When analogue signals are converted into digital phone ones, the stream of data each phone broadcasts to the local mast contains error patterns that are unique to that phone's peculiar mix of components. In tests on 13 handsets in their lab, the Dresden team were able to identify the source handset with an accuracy of 97.6 percent. (more)
When analogue signals are converted into digital phone ones, the stream of data each phone broadcasts to the local mast contains error patterns that are unique to that phone's peculiar mix of components. In tests on 13 handsets in their lab, the Dresden team were able to identify the source handset with an accuracy of 97.6 percent. (more)
Windows Phones Susceptible to Password Theft When Connecting to Rogue Wi-Fi
Smartphones running Microsoft's Windows Phone operating system are vulnerable to attacks that can extract the user credentials needed to log in to sensitive corporate networks, the company warned Monday...
"An attacker-controlled system could pose as a known Wi-Fi access point, causing the victim's device to automatically attempt to authenticate with the access point and in turn allowing the attacker to intercept the victim's encrypted domain credentials," the Microsoft advisory warned. "An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials." (more)
Turn on certificate requirement before connecting to WPA2 networks. Now.
Turn on certificate requirement before connecting to WPA2 networks. Now.
CreepyDOL - The sinister Espionage System for $57
Brendan O’Connor is a security researcher. How easy would it be, he recently wondered, to monitor the movement of everyone on the street – not by a government intelligence agency, but by a private citizen with a few hundred dollars to spare?
Mr. O’Connor, 27, bought some plastic boxes and stuffed them with a $25, credit-card size Raspberry Pi Model A computer and a few over-the-counter sensors, including Wi-Fi adapters. He connected each of those boxes to a command and control system, and he built a data visualization system to monitor what the sensors picked up: all the wireless traffic emitted by every nearby wireless device, including smartphones.
Each box cost $57. He produced 10 of them, and then he turned them on – to spy on himself. He could pick up the Web sites he browsed when he connected to a public Wi-Fi – say at a cafe – and he scooped up the unique identifier connected to his phone and iPad. Gobs of information traveled over the Internet in the clear, meaning they were entirely unencrypted and simple to scoop up.
Even when he didn’t connect to a Wi-Fi network, his sensors could track his location through Wi-Fi “pings.” His iPhone pinged the iMessage server to check for new messages. When he logged on to an unsecured Wi-Fi, it revealed what operating system he was using on what kind of device, and whether he was using Dropbox or went on a dating site or browsed for shoes on an e-commerce site. One site might leak his e-mail address, another his photo.
“It could be used for anything depending on how creepy you want to be,” he said.
You could spy on your ex-lover, by placing the sensor boxes near the places the person frequents, or your teenage child, or the residents of a particular neighborhood. You could keep tabs on people who gather at a certain house of worship or take part in a protest demonstration in a town square. Their phones and tablets, Mr. O’Connor argued, would surely leak some information about them – and certainly if they then connected to an unsecured Wi-Fi. The boxes are small enough to be tucked under a cafe table or dropped from a hobby drone. They can be scattered around a city and go unnoticed. (more) (Want your own CreepyDOL?)
Yet another thing a TSCM survey could uncover for you.
Mr. O’Connor, 27, bought some plastic boxes and stuffed them with a $25, credit-card size Raspberry Pi Model A computer and a few over-the-counter sensors, including Wi-Fi adapters. He connected each of those boxes to a command and control system, and he built a data visualization system to monitor what the sensors picked up: all the wireless traffic emitted by every nearby wireless device, including smartphones.
Even when he didn’t connect to a Wi-Fi network, his sensors could track his location through Wi-Fi “pings.” His iPhone pinged the iMessage server to check for new messages. When he logged on to an unsecured Wi-Fi, it revealed what operating system he was using on what kind of device, and whether he was using Dropbox or went on a dating site or browsed for shoes on an e-commerce site. One site might leak his e-mail address, another his photo.
“It could be used for anything depending on how creepy you want to be,” he said.
You could spy on your ex-lover, by placing the sensor boxes near the places the person frequents, or your teenage child, or the residents of a particular neighborhood. You could keep tabs on people who gather at a certain house of worship or take part in a protest demonstration in a town square. Their phones and tablets, Mr. O’Connor argued, would surely leak some information about them – and certainly if they then connected to an unsecured Wi-Fi. The boxes are small enough to be tucked under a cafe table or dropped from a hobby drone. They can be scattered around a city and go unnoticed. (more) (Want your own CreepyDOL?)
Yet another thing a TSCM survey could uncover for you.
Thursday, August 1, 2013
Mystery Car Thefts - Solved
Remember this post from June?
---
The news media is overflowing with reports of "High Tech" car burglars. They
appear to be opening locked cars while holding a "black box" which "has
police all over the nation stumped as to how it works."
Here, at the Spybusters Countermeasures Compound, we believe the black box is nothing more than a radio signal jammer.
---
The spybusters tracked down the tool they probably used to pull off the heists...
You can read all about it here.
---
The news media is overflowing with reports of "High Tech" car burglars. They
appear to be opening locked cars while holding a "black box" which "has
police all over the nation stumped as to how it works."Here, at the Spybusters Countermeasures Compound, we believe the black box is nothing more than a radio signal jammer.
---
The spybusters tracked down the tool they probably used to pull off the heists...
Corporate Sleuths on Edge after China Detains Foreign Consultants
The detention by Chinese authorities of a British corporate investigator and his American wife in the wake of a corruption probe into pharmaceutical giant GlaxoSmithKline has had a chilling effect on other risk consultants working in China.
It's unclear why Peter Humphrey and Yu Yingzeng, whose firm ChinaWhys has done work for GSK and other drug makers, were detained. But corporate investigators said they were concerned about the repercussions for the industry.
Multinationals, banks and investors rely on corporate investigators for information about potential partners and investments in China, where a lack of transparency is a hurdle to doing business. Restrictions in the flow of such background information could potentially leave foreign investors exposed to greater risk in the world's second-largest economy. (more)
Multinationals, banks and investors rely on corporate investigators for information about potential partners and investments in China, where a lack of transparency is a hurdle to doing business. Restrictions in the flow of such background information could potentially leave foreign investors exposed to greater risk in the world's second-largest economy. (more)
Men's Room Leaks Prompt Eavesdropping Fears
Canada - Men are forced to use the women’s washroom at Peterborough city hall when council is in closed door meetings. The reason? Fear of people eavesdropping.
Peterborough city council thinks there is more than one kind of leak happening in the men’s bathroom.
City officials are closing down the washroom — which shares a wall with council chambers — for fear that people could eavesdrop on proceedings.
That means men needing the washroom during any closed-door meeting are being asked to use the ladies’ room instead — and a security guard is positioned in the hallway to make sure of that.
City clerk John Kennedy defended the decision to close down the washroom, saying it happens whenever there is a confidential meeting. (more)
Peterborough city council thinks there is more than one kind of leak happening in the men’s bathroom.
City officials are closing down the washroom — which shares a wall with council chambers — for fear that people could eavesdrop on proceedings.
That means men needing the washroom during any closed-door meeting are being asked to use the ladies’ room instead — and a security guard is positioned in the hallway to make sure of that.
City clerk John Kennedy defended the decision to close down the washroom, saying it happens whenever there is a confidential meeting. (more)
Warrantless Cellphone Tracking Is Upheld
In a significant victory for law enforcement, a federal appeals court on Tuesday said that government authorities could extract historical location data directly from telecommunications carriers without a search warrant.
The ruling is the first that squarely addresses the constitutionality of warrantless searches of the historical location data stored by cellphone service providers. (more)
The ruling is the first that squarely addresses the constitutionality of warrantless searches of the historical location data stored by cellphone service providers. (more)
Tuesday, July 30, 2013
Russian Metro to Track Lost / Stolen Phones
(подталкивать, подтолкнуть, подмигивание)
A major Russian newspaper reported that Moscow’s metro system is planning what appears to be a mobile phone tracking device in its metro stations—ostensibly to search for stolen phones.
According to Izvestia (Google Translate), Andrey Mokhov, the operations chief of the Moscow Metro system’s police department, said that the system will have a range of five meters (16 feet). “If the [SIM] card is wanted, the system automatically creates a route of its movement and passes that information to the station attendant,” Mokhov said.
Many outside experts, both in and outside Russia, though, believe that what local authorities are actually deploying is a “stingray,” or “IMSI catcher”—a device that can fool a phone and SIM into reading from a fake mobile phone tower. (IMSI, or an International Mobile Subscriber Identity number, is a 15-digit unique number that sits on every SIM card.) Such devices can be used as a simple way to see what phone numbers are being used in a given area or even to intercept the audio of voice calls. (more)
A major Russian newspaper reported that Moscow’s metro system is planning what appears to be a mobile phone tracking device in its metro stations—ostensibly to search for stolen phones.
Many outside experts, both in and outside Russia, though, believe that what local authorities are actually deploying is a “stingray,” or “IMSI catcher”—a device that can fool a phone and SIM into reading from a fake mobile phone tower. (IMSI, or an International Mobile Subscriber Identity number, is a 15-digit unique number that sits on every SIM card.) Such devices can be used as a simple way to see what phone numbers are being used in a given area or even to intercept the audio of voice calls. (more)
Monday, July 29, 2013
And, the winner of Who's Got the Biggest Electronic Ear is...
"According to the Max Planck Institute, you're 100 times more likely to be surveilled by your own government if you live in the Netherlands or you live in Italy," Baker said.
"You're 30 to 50 times more likely to be surveilled if you're a French or a German national than in the United States." (more)
"You're 30 to 50 times more likely to be surveilled if you're a French or a German national than in the United States." (more)
Israel's Verint to Get Indian Government Contract for Interception Tools
India - Verint's leadership team recently met communications minister Kapil Sibal
in Israel and indicated the company's desire to work with the
government to intercept all forms of encrypted communications to address
India's cyber security needs.
Sibal has also apprised Israel's
IT & communications minister Gilad Erdan about engaging Verint to
implement an interception solution. "Verint is willing to work with the
Indian government to address the issue of intercepting encrypted
communications like Gmail, Yahoo-. mail and others. It will shortly
co-ordinate with DoT's security wing and CERT-In teams to implement a customized interception solution," says an internal telecom department
note, a copy of which was reviewed by ET. (more)
But wait! There's more!
India - Worried over increasing tiger deaths each year and many due to poaching and poisoning, India plans to start round-the-clock electronic surveillance of some of the tiger habitats using high definition cameras. (more)
But wait! There's more!
India - Worried over increasing tiger deaths each year and many due to poaching and poisoning, India plans to start round-the-clock electronic surveillance of some of the tiger habitats using high definition cameras. (more)
Surveillance Camera Hack to be Reveled at Black Hat
A US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military, something that could potentially allow hackers to spy on facilities or gain access to sensitive computer networks.
Craig Heffner, a former software developer with the National Security Agency (NSA) who now works for a private security firm, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet...
He plans to demonstrate techniques for exploiting these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas.
Craig Heffner, a former software developer with the National Security Agency (NSA) who now works for a private security firm, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet...
He plans to demonstrate techniques for exploiting these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas.
ISPs Grossed as Feds Net Passwords
The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.
If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. (more)
If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused. (more)
Saturday, July 27, 2013
Wiretap Evidence Included in SAC Capital Case
The evidence of insider trading at SAC Capital Advisors LP includes court-authorized wiretaps, a U.S. prosecutor said at the $14 billion hedge fund’s arraignment in federal court in Manhattan.
“The discovery will be voluminous, including a large number of electronic recordings, including electronic messages, instant messages, court-authorized wiretaps and consensual recordings,” Assistant U.S. Attorney Antonia Apps told U.S. District Judge Laura Taylor Swain yesterday about the pretrial evidence-gathering process. “In short, a tremendous volume.” (more)
“The discovery will be voluminous, including a large number of electronic recordings, including electronic messages, instant messages, court-authorized wiretaps and consensual recordings,” Assistant U.S. Attorney Antonia Apps told U.S. District Judge Laura Taylor Swain yesterday about the pretrial evidence-gathering process. “In short, a tremendous volume.” (more)
Subscribe to:
Posts (Atom)