Monday, January 5, 2015

SnoopSnitch App Detects IMSI Catchers ...on some Android phones

SnoopSnitch is a brand new app for Android users developed by the folks over at Security Research Labs. Its purpose is to bring more control in the hands of consumers by collecting and analyzing mobile radio data. The new app warns about Android users about such threats like fake base stations (IMSI catchers), user tracking, and SS7 attacks, but at the moment it will work only on rooted devices with a Qualcomm chip inside.

International Mobile Subscriber Identity (IMSI) catchers are eavesdropping devices that are being used for intercepting mobile phone traffic and tracking the movement of smartphone users. The guys over at Techopedia have a slightly more detailed explanation:

To prevent the subscriber from being identified and tracked by eavesdroppers on a radio interface, the IMSI is rarely transmitted. A randomly generated temporary mobile subscriber identity (TMSI) is sent instead of the IMSI, to ensure that the identity of the mobile subscriber remains confidential and eliminate the need to transfer it in an undeciphered fashion over radio links.

Security experts have discovered security flaws that could allow hackers to listen to private calls and read text messages by using IMSI catchers or ‘stingrays’. So if you are concerned about these things, the new SnoopSnitch can detect IMSI catchers and warn smartphone users if their devices are giving up their personal information. Besides intercepting traffic and tracking the movement, hackers can use this loophole to even manipulate the device remotely.
(more)

...thus upstaging Santa's naughty and nice list...

The US National Security Agency (NSA) published transparency reports on its web page at 1:30 pm on Christmas Eve.

Time span of the reports is from the fourth quarter of 2001 to the second quarter of 2013. The reports were released after the American Civil Liberties Union (ACLU) issued a Freedom of Information Act request for the information.
(more)

Lizard Patrol May Soon Be Able to Eavesdrop On Tor Users

Uh oh. Lizard Patrol, the hacking group claiming responsibility for the Christmas attacks on PlayStation and Xbox Live, has announced a new target: Tor, the anonymous internet service.

The hacker group appears to be attempting to dominate Tor's relays to the point where it can comprise anonymity. Tor keeps you anonymous by bouncing your communications around a network of volunteer nodes. But if one group is controlling the majority of the nodes, it could be able to eavesdrop on a substantial number of vulnerable users. Which means Lizard Squad could gain the power to track Tor users if it infiltrates enough of the network.

So far, they have already established over 3000 relays, nearly half of the total number. That's very not good.
(more)

Tuesday, December 23, 2014

Companies May Get a New Weapon in the Fight Against Economic Espionage

Currently, intellectual property owners that want to file suit for trade secret theft can only do so in state court. Under the Senate’s Defend Trade Secrets Act and the House’s Trade Secrets Protection Act, plaintiffs could sue in federal court, where it can be easier to reach defendants that have fled to another state or country.

Both bills, which are similar in scope, have Democratic and Republican sponsors, who cited federal estimates that U.S. businesses lose $300 billion a year as a result of trade secret theft. (more)

Kangaroo Knocks Out Drone

The kids are scared. What's a mother to do?

Army Needs Super Fly Robot Spy (wannahelp?)

Army invites investors, engineers to help develop technology like fingernail-sized fly bot whose wings flap without motors.

Click to enlarge.
Researchers at the U.S. Army are taking advantage of an unusually unclassified approach to military systems development to ask for help turning a clever robotic fly into an almost undetectable spy.

The robotic flies are – or will be – semi-autonomous robots that look like real bugs and fly using wings that flap without being controlled by a motor. (more)

Skype for Android App - Eavesdropping - Feature or Flaw

The Skype for Android app reportedly features a flaw that allows other users to eavesdrop without any real effort.

As discovered by a Reddit user Ponkers (via Android Police), the security bug in Android app can "can force the Android version of Skype to answer, allowing you to eavesdrop."

The old fashioned way.
As Ponkers explains, first it requires two devices signed into Skype account Android phone (device 1) and desktop (device 2). Now, if the user calls the target Android device (device 3) with the Android phone (device 1) and then disconnects from Internet while the target Android phone (device 3) has answered, it results in a call back from the target Android phone (device 3) to the user on desktop (device 2), and an automatic connection without the owner of the device necessarily knowing. (more)

Monday, December 22, 2014

SpyCams in the Pathology Department - Staffers Bugged

Australia - SA Health has admitted using cameras hidden in smoke detectors to monitor its staff at SA Pathology premises in Adelaide.

Two cameras were installed in October in offices... as part of an investigation into processing delays for pathology reports...

A staff member, who did not want to be identified, said it did not take staff long to notice something suspicious. "The staff felt violated, there's also a microphone attachment to it so [we do not know] whether they were listening in or conversations were being recorded," they said.

However, a spokesperson for SA Health said the cameras were not used to record audio. (more)

Security Flaws Let Hackers Listen in on Cell Phone Calls

German researchers say the network that allows cellphone carriers to direct calls to one another is full of security holes. (more)

Man Bots Ex-Girlfriend's Computer... for several years

PA - A former Pennsbury School District computer technician from Doylestown Township was placed on probation for three years for remotely spying on his ex-girlfriend and their child.

Joseph Tarr, 31, admitted to controlling the Middletown woman’s home computer and its webcam for several years. By the time he was arrested, Tarr had numerous audio and video recordings of the activities in the woman’s home — all captured without her knowledge, authorities said. (more)

PI Tip # 512 - Make: Coffee Cup SpyCam

Take your cup of Joe from classic to classified with a tilt-triggered spy camera.

The trick is to modify two paper coffee cups — install the device in one, slide it into the second, and align holes cut in the bottoms of each. Two LEDs can be seen through the standard plastic lid — one illuminates when the tilt switch is activated, the other flashes twice after a picture has been taken.


Think your cover has been blown? Simply rotate the cups to hide the camera... (more)

Self-Destructing Spy Phone (Can't tell you any more right now.)

Chalk this up as one of the stranger corporate announcements this week, delivered by BlackBerry CEO John Chen...
Click to enlarge.

“We are pleased to announce that Boeing is collaborating with BlackBerry to provide secure mobile solution for Android devices utilizing our BES 12 platform. That, by the way, is all they allow me to say. So sorry (if) it seems like I am reading it word for word. .. I’m true to my commitment here.”...

It’s a sealed device, with epoxy around the casing and tamper-proof screws to prevent it from being opened... 

Any attempt to break open the casing of the device would trigger functions that would delete the data and software contained within the device and make the device inoperable,” a lawyer for Boeing wrote in a letter to the FCC... (more)

Thursday, December 18, 2014

How to Spy on Your Competition...

...by keeping tabs on their Internet presence. (And, how they may be spying on you!)

Connecticut's Quirky Recording Laws - Check Your State Laws Too

Daniel Schwartz, partner at Shipman & Goodwin LLP, recently pointed out some interesting facts about Connecticut's recording laws...

If you do a search on the Internet, you’re likely to discover that Connecticut is a “two-party” state when it comes to recording telephone conversations. What does that mean? In plain English, it means that both parties to a phone conversation must consent to the recording for it to be legal. You can read the law (Conn. Gen. Stat. Sec. 52-570d) for yourself here...

For ordinary, in-person communications, Connecticut is a one-party state — meaning that only one party’s consent is needed to record a conversation. (You can find the law regarding eavesdropping at Conn. Gen. Stat. Sec. 53a-189.)

What does this mean in the workplace? It means that your employees can legally record conversations with their bosses and then try to use those communications as evidence to prove a discrimination claim or another employment-related claim.

Employers can set up reasonable rules in the workplace prohibiting the taping of conversations and tell employees that they cannot record it, but that only means that the records violate the employer’s rules, not Connecticut law.

And what this also means is that the employee cannot record a conversation between two other people; one party must always consent to the conversation. (more) 

P.S. A FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it," is available to Murray Associates clients. Contact me for your copy.

Steal from Apple - Patent - Then Sue Apple (Industrial Espionage?)

You decide...

Chinese phone vendor claims Apple's iPhone 6 looks too similar.

Few have probably heard about Digione, but one of the Chinese company’s latest products looks quite similar to the iPhone 6, and could potentially spark a patent dispute with Apple.

The little-known Chinese smartphone maker revealed Monday it sent a letter to Apple in September, claiming that the iPhone 6 may infringe on a company-registered patent.

The patent in question covers a mobile phone design that features an exterior look very similar to the iPhone 6’s. Digione’s subsidiary applied for the patent in January and the company was granted the patent in July, according to China’s State Intellectual Property Office.

To publicize the issue, Digione’s smartphone brand 100+ took to a social networking site Monday and posted the letter it had sent to Apple. (more)