Tuesday, December 23, 2014

Skype for Android App - Eavesdropping - Feature or Flaw

The Skype for Android app reportedly features a flaw that allows other users to eavesdrop without any real effort.

As discovered by a Reddit user Ponkers (via Android Police), the security bug in Android app can "can force the Android version of Skype to answer, allowing you to eavesdrop."

The old fashioned way.
As Ponkers explains, first it requires two devices signed into Skype account Android phone (device 1) and desktop (device 2). Now, if the user calls the target Android device (device 3) with the Android phone (device 1) and then disconnects from Internet while the target Android phone (device 3) has answered, it results in a call back from the target Android phone (device 3) to the user on desktop (device 2), and an automatic connection without the owner of the device necessarily knowing. (more)

Monday, December 22, 2014

SpyCams in the Pathology Department - Staffers Bugged

Australia - SA Health has admitted using cameras hidden in smoke detectors to monitor its staff at SA Pathology premises in Adelaide.

Two cameras were installed in October in offices... as part of an investigation into processing delays for pathology reports...

A staff member, who did not want to be identified, said it did not take staff long to notice something suspicious. "The staff felt violated, there's also a microphone attachment to it so [we do not know] whether they were listening in or conversations were being recorded," they said.

However, a spokesperson for SA Health said the cameras were not used to record audio. (more)

Security Flaws Let Hackers Listen in on Cell Phone Calls

German researchers say the network that allows cellphone carriers to direct calls to one another is full of security holes. (more)

Man Bots Ex-Girlfriend's Computer... for several years

PA - A former Pennsbury School District computer technician from Doylestown Township was placed on probation for three years for remotely spying on his ex-girlfriend and their child.

Joseph Tarr, 31, admitted to controlling the Middletown woman’s home computer and its webcam for several years. By the time he was arrested, Tarr had numerous audio and video recordings of the activities in the woman’s home — all captured without her knowledge, authorities said. (more)

PI Tip # 512 - Make: Coffee Cup SpyCam

Take your cup of Joe from classic to classified with a tilt-triggered spy camera.

The trick is to modify two paper coffee cups — install the device in one, slide it into the second, and align holes cut in the bottoms of each. Two LEDs can be seen through the standard plastic lid — one illuminates when the tilt switch is activated, the other flashes twice after a picture has been taken.


Think your cover has been blown? Simply rotate the cups to hide the camera... (more)

Self-Destructing Spy Phone (Can't tell you any more right now.)

Chalk this up as one of the stranger corporate announcements this week, delivered by BlackBerry CEO John Chen...
Click to enlarge.

“We are pleased to announce that Boeing is collaborating with BlackBerry to provide secure mobile solution for Android devices utilizing our BES 12 platform. That, by the way, is all they allow me to say. So sorry (if) it seems like I am reading it word for word. .. I’m true to my commitment here.”...

It’s a sealed device, with epoxy around the casing and tamper-proof screws to prevent it from being opened... 

Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,” a lawyer for Boeing wrote in a letter to the FCC... (more)

Thursday, December 18, 2014

How to Spy on Your Competition...

...by keeping tabs on their Internet presence. (And, how they may be spying on you!)

Connecticut's Quirky Recording Laws - Check Your State Laws Too

Daniel Schwartz, partner at Shipman & Goodwin LLP, recently pointed out some interesting facts about Connecticut's recording laws...

If you do a search on the Internet, you’re likely to discover that Connecticut is a “two-party” state when it comes to recording telephone conversations. What does that mean? In plain English, it means that both parties to a phone conversation must consent to the recording for it to be legal. You can read the law (Conn. Gen. Stat. Sec. 52-570d) for yourself here...

For ordinary, in-person communications, Connecticut is a one-party state — meaning that only one party’s consent is needed to record a conversation. (You can find the law regarding eavesdropping at Conn. Gen. Stat. Sec. 53a-189.)

What does this mean in the workplace? It means that your employees can legally record conversations with their bosses and then try to use those communications as evidence to prove a discrimination claim or another employment-related claim.

Employers can set up reasonable rules in the workplace prohibiting the taping of conversations and tell employees that they cannot record it, but that only means that the records violate the employer’s rules, not Connecticut law.

And what this also means is that the employee cannot record a conversation between two other people; one party must always consent to the conversation. (more) 

P.S. A FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it," is available to Murray Associates clients. Contact me for your copy.

Steal from Apple - Patent - Then Sue Apple (Industrial Espionage?)

You decide...

Chinese phone vendor claims Apple's iPhone 6 looks too similar.

Few have probably heard about Digione, but one of the Chinese company’s latest products looks quite similar to the iPhone 6, and could potentially spark a patent dispute with Apple.

The little-known Chinese smartphone maker revealed Monday it sent a letter to Apple in September, claiming that the iPhone 6 may infringe on a company-registered patent.

The patent in question covers a mobile phone design that features an exterior look very similar to the iPhone 6’s. Digione’s subsidiary applied for the patent in January and the company was granted the patent in July, according to China’s State Intellectual Property Office.

To publicize the issue, Digione’s smartphone brand 100+ took to a social networking site Monday and posted the letter it had sent to Apple. (more)

So, what's the penality for wiretapping in Turkey? (hit the Zildjian)

Turkey - An Ankara prosecutor submitted an indictment to court on Friday regarding the illegal wiretapping activities by members of the Gülen Movement who infiltrated key government bodies in an attempt to topple the government... Prosecutor Tekin Küçük accused the former chief of the intelligence unit of the National Police Department, Ömer Altınparmak, of spying and is seeking up to 290 years in jail for the suspect. (more) (rimshot)

What is the Largest Spy Network in the Planet?

The non-state actor behind the most pervasive surveillance network in human history has managed to avoid scrutiny. Until now. Revealed: Santa the spymaster.

Here is what we know about the man identified as Santa Claus. He operates under several aliases, to include Father Christmas, St. Nicholas, and Kris Kringle. His outfit is reportedly based out of the North Pole, though reconnaissance platforms have yet to capture his base of operations. His surveillance network is peerless, invasive, and worldwide. He spearheads a single annual clandestine mission. We know he’s coming to town, and we know when, and yet he has eluded capture for two centuries. (He is also, apparently, immortal.)

Santa Claus is, in short, the single most successful spymaster in human history. And while total global surveillance by a non-state actor isn’t necessarily to be applauded, he has earned the world’s begrudging respect for his organization’s sheer competence. Despite his old and sprawling operation, Claus has thus far managed to avoid the sort of intelligence leaks that have proved catastrophic in recent years to the National Security Agency and U.S. Department of State. Indeed, his secrets are kept not only by members of his inner circle, but also a vast swath of the adult world. Accordingly, young people generally under the age of 12 are left entirely in the dark as to Claus’s intentions and temperament. (more)

Scoop - Corporate Espionage Show

FutureWatch - Showtime is developing a half-hour comedy... Titled “Professionals,” the laffer centers on two partially broken mid-level employees who become ensnared in a dangerous game of corporate espionage. The project commitment is for three scripts, written by David J. Rosen, with Marc Webb attached to direct. (more)

Wednesday, December 17, 2014

Cops Can't Spy on Your Yard and Home Without Warrant... sometimes


WA - A federal judge on Monday tossed evidence that was gathered by a webcam turned on for six weeks—that the authorities nailed to a utility pole 100 yards from a suspected drug dealer's rural Washington state house.

The Justice Department contended that the webcam, with pan-and-zoom capabilities that were operated from afar, was no different from a police officer's observation from the public right-of-way.

"After reviewing relevant Fourth Amendment jurisprudence and applying such to the facts here, the Court rules that the Constitution permits law enforcement officers to remotely and continuously view and record an individual’s front yard (and the activities and people thereon) through the use of a hidden video camera concealed off of the individual’s property but only upon obtaining a search warrant from a judge based on a showing of probable cause to believe criminal activity was occurring. The American people have a reasonable expectation of privacy in the activities occurring in and around the front yard of their homes particularly where the home is located in a very rural, isolated setting. This reasonable expectation of privacy prohibits the warrantless, continuous, and covert recording of Mr. Vargas’ front yard for six weeks. Mr. Vargas’ motion to suppress the evidence obtained as a result of the video feed is granted." (more)

Norway - Eavesdropping Devices Found - UPDATE

Stingray mobile phone surveillance equipment estimated to cost up to £200,000 has been found hidden near the Norwegian parliament, believed to be snooping on legislators.

Following a two week investigation, Norway's Aftenposten newspaper reported to the Norwegian National Security Authority (NSM) that it had discovered IMSI-catchers (International Mobile Subscriber Identity) of a type believed sold by Harris Corporation, located inside fake mobile phone stations near government and parliamentary buildings in Oslo. At least six devices were found, each about the size of a suitcase. Potential targets within a radius of one kilometre of the equipment include the prime minister's office, the ministry of defence, Stortinget (parliament) and the central bank, Norges Bank, ministers, state secretaries, members of parliament, state officials, the American and Israeli embassies as well as many private businesses...

Initially IMSI-catchers only collect data from the sim-card but the intrusion can escalate, as the Aftenposten report explains: The most advanced versions can register several hundred numbers in just a few minutes. Once a mobile phone has been detected by a fake base station, the IMSI-catcher can enter an active mode to eavesdrop on certain conversations. Then it will transmit the conversation to the real GSM-system acting as a ‘man-in-the-middle.

The fake base station can even register SMS-messages and install spyware enabling its operator to switch on the microphone so that the mobile phone can be used to bug rooms and meetings. (more)

Tuesday, December 16, 2014

Constables Gone Wild

UK - A detective constable accused of spying on unsuspecting hotel guests during a 10-month voyeurism spree appeared in court.

DC Daniel Williams, 36, is said to have watched the victims at the Jurys Inn in Milton Keynes and the The Mandolay Hotel, Guildford, Surrey between January and October this year... Williams, who has been suspended from duty, also faces separate allegations of involvement in the sex trade.

He allegedly incited girls work as prostitutes and hid the profits in socks stuffed into his chimney... Williams, who was working at Tooting police station at the time of the alleged offenses, is further charged with using the police computer to run checks on his clients. (more)

USA - A Kingston constable is facing charges of spying on two teenage girls known to him through a two-way mirror while they were camping in a recreational vehicle in Northumberland County.

Point Township (PA) police charged John C. Gould, 54, of Market Street, with six counts of invasion of privacy... Two girls ages 15 and 17 told Kingston police in early July they suspected Gould spied on them while they showered inside the RV while camping... A two-way mirror was attached to the bathroom wall permitting a one-way view of the bathroom from a bedroom, according to the complaint. A lamp without a shade was placed near the mirror to diminish visibility of the mirror, according to the complaint. (more)