Researchers have devised an attack that uses the wireless technology to hack a wide range of devices, including those running Android, Linux, and, until a patch became available in July, Windows.
BlueBorne, as the researchers have dubbed their attack, is notable for its unusual reach and effectiveness. Virtually any Android, Linux, or Windows device that hasn't been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet. It doesn't require device users to click on any links, connect to a rogue Bluetooth device, or take any other action, short of leaving Bluetooth on. The exploit process is generally very fast, requiring no more than 10 seconds to complete...
"Just by having Bluetooth on, we can get malicious code on your device," Nadir Izrael, CTO and cofounder of security firm Armis, told Ars. "BlueBorne abuses the fact that when Bluetooth is on, all of these devices are always listening for connections."
Patch now, if you haven't already. more
Tuesday, September 12, 2017
Friday, September 8, 2017
Cautionary Tale: Spycams in Schools
As the school season starts, unfortunately it's time to remind children to be alert for spycams. Unfortunately, this is a story which pops up at least once or twice per month. Different players, same teacher v. student scenario...
Canada - A gymnastics coach who secretly filmed his young athletes using the toilet has received a two-year sentence for making and possessing child pornography.
Angelo Despotas, 48, betrayed the trust of the students he was supposed to be teaching, guiding and inspiring, provincial court Judge Jim Threlfall told a sentencing hearing in Kelowna, B.C.
"The damage done to the victims is incalculable," Threlfall said. "Many of the victims had trained with him for years."
Despotas earlier pleaded guilty to the charges and received two consecutive sentences of 14 months for making child pornography and 10 months for possessing it. more
Canada - A gymnastics coach who secretly filmed his young athletes using the toilet has received a two-year sentence for making and possessing child pornography.
Just one of many disguises. |
"The damage done to the victims is incalculable," Threlfall said. "Many of the victims had trained with him for years."
Despotas earlier pleaded guilty to the charges and received two consecutive sentences of 14 months for making child pornography and 10 months for possessing it. more
Wednesday, September 6, 2017
The Good News, Bad News VPN Joke
In January this year, China announced a 14-month campaign to crack down on VPNs in a bid to tighten online surveillance
ahead of the 19th National Congress of the Communist Party of China which opens in October....
Unlike individual users, multinational firms operating in China are still permitted to use VPNs in what amounts to something of a legal grey area, but it is likely that this usage will be restricted to software approved by the government, which will presumably have backdoors installed to allow eavesdropping, raising fears of an increase in industrial espionage activities. more
ahead of the 19th National Congress of the Communist Party of China which opens in October....
Unlike individual users, multinational firms operating in China are still permitted to use VPNs in what amounts to something of a legal grey area, but it is likely that this usage will be restricted to software approved by the government, which will presumably have backdoors installed to allow eavesdropping, raising fears of an increase in industrial espionage activities. more
Apple Watch is Center of Sports Spying Scandal
For decades, spying on another team has been as much a part of baseball’s gamesmanship as brushback pitches and hard slides. The Boston Red Sox have apparently added a modern — and illicit — twist: They used an Apple Watch to gain an advantage against the Yankees and other teams.
Investigators for Major League Baseball have determined that the Red Sox, who are in first place in the American League East and very likely headed to the playoffs, executed a scheme to illicitly steal hand signals from opponents’ catchers in games against the second-place Yankees and other teams, according to several people briefed on the matter...
The
Yankees, who had long been suspicious of the Red Sox’ stealing
catchers’ signs in Fenway Park, contended the video showed a member of
the Red Sox training staff looking at his Apple Watch in the dugout. The
trainer then relayed a message to other players in the dugout, who, in
turn, would signal teammates on the field about the type of pitch that
was about to be thrown, according to the people familiar with the case.
What's with Boston anyway?!?! Spying football team. Spying baseball team. Ugh.
Extra Credit: Turn Your iPhone into a Spy Camera Using Your Apple Watch [How-To]
Put this in your pocket to be extra covert. ~Kevin
"So, we created a picture of our suspect from DNA sweat found on the bugging device."
Damn interesting...
Identification of Individuals by Trait Prediction Using Whole-genome Sequencing Data
Researchers from Human Longevity, Inc. (HLI) have published a study in which individual faces and other physical traits were predicted using whole genome sequencing data and machine learning. This work, from lead author Christoph Lippert, Ph.D. and senior author J. Craig Venter, Ph.D., was published in the journal Proceedings of the National Academy of Sciences (PNAS).
The authors believe that, while the study offers novel approaches for forensics, the work has serious implications for data privacy, deidentification and adequately informed consent. The team concludes that much more public deliberation is needed as more and more genomes are generated and placed in public databases. more
Identification of Individuals by Trait Prediction Using Whole-genome Sequencing Data
Researchers from Human Longevity, Inc. (HLI) have published a study in which individual faces and other physical traits were predicted using whole genome sequencing data and machine learning. This work, from lead author Christoph Lippert, Ph.D. and senior author J. Craig Venter, Ph.D., was published in the journal Proceedings of the National Academy of Sciences (PNAS).
Click to enlarge. |
Wiretapping Gained Interest This Week... and why.
There was a big spike in wiretap searches this week...
Here's why...
Justice Department: No evidence Trump Tower was wiretapped
Here's why...
Justice Department: No evidence Trump Tower was wiretapped
Wednesday, August 30, 2017
Eavesdropping Boss Must Pay for Unjust Dismissal
A woman whose boss used to eavesdrop on her phone conversations with clients has won €10,000 in compensation after she was sacked illegally five years ago.
An industrial tribunal heard how the firm’s managing director also installed monitoring software to see if she accessed Gmail and Facebook.
He continually victimized her and expected her to obey his orders unquestioningly, because, as he said, “I’m the boss!”
The MD regularly changed the password of her work e-mail and often called clients behind her back. He would turn up at meetings with them after listening in on her conversations, the labour tribunal heard. more sing-a-long
An industrial tribunal heard how the firm’s managing director also installed monitoring software to see if she accessed Gmail and Facebook.
He continually victimized her and expected her to obey his orders unquestioningly, because, as he said, “I’m the boss!”
The MD regularly changed the password of her work e-mail and often called clients behind her back. He would turn up at meetings with them after listening in on her conversations, the labour tribunal heard. more sing-a-long
These Companies Can Track Any Phone Anywhere
Tracking or tapping phones across the planet used to be a niche capability. Now, a myriad of for-profit spy companies sell border-crossing surveillance of mobile phones.
As soon as the target switches the phone on, it’s already too late. Digital spies have pinpointed the phone’s location and, without hacking the device itself, are tracking it from tens of thousands of miles away. This is not a capability limited to superpowers—private firms now provide global phone tracking and interception. more
As soon as the target switches the phone on, it’s already too late. Digital spies have pinpointed the phone’s location and, without hacking the device itself, are tracking it from tens of thousands of miles away. This is not a capability limited to superpowers—private firms now provide global phone tracking and interception. more
Spy Tech Talk - A Method to Detect a Wiretap Attack
...encryption and other forms of protection are important for fiber optic/copper communications, but there is also the need to consider physical protection for the infrastructure where those cable are installed. Many communication wires could be at risk of being physically tapped...
RBtec has introduced a new system dedicated to protecting physical connections such as conduits, cable trays and any other means that hold communication cables. A new protective sensor has been introduced with a layout that links directly to a wire setup as a means of ensuring data is less likely to be tampered with. The design of the system is used to ensure that data is not going to be lost or harmed in any manner.
The sensor wire is a vibration sensor capable sensing the unique vibration associated with tampering. This is attached outside the pipe, sneaked inside the pipe or tray that a wire connection is linked up to. This connects right onto an alarm system through a series of relay outputs. It analyzes any vibrations on the conduit that cause mean someone is trying to accessing the data pipe and stops outside forces from getting in. more
Spy Tech Talk - How to Stop ISPs From Spying on Your IoTs
Botnets are not the only threat to your Internet of Things (IoT) devices: Your internet service provider (ISP) can also detect and track your in-home activities by analyzing internet traffic from smart devices, even when those devices use encryption, according to a paper from Princeton University researchers.
However, the researchers found a simple way to block ISPs from spying on your smart devices: Traffic shaping. more
However, the researchers found a simple way to block ISPs from spying on your smart devices: Traffic shaping. more
Saturday, August 26, 2017
When Spies Screw Up
Botched surveillance job may have led to strange injuries at US embassy in Cuba.
At first thought to be a deliberate attack, the outbreak of mysterious symptoms may be the result of shoddy espionage equipment, experts say...
The state department said it was investigating the outbreak, and that some of the worst affected diplomats had been evacuated to Miami for examination and treatment. more
But you already knew this, remember.
At first thought to be a deliberate attack, the outbreak of mysterious symptoms may be the result of shoddy espionage equipment, experts say...
The state department said it was investigating the outbreak, and that some of the worst affected diplomats had been evacuated to Miami for examination and treatment. more
But you already knew this, remember.
Thursday, August 24, 2017
When Mars Attacks, We May Already be Dead
Some of the most popular industrial and consumer robots are dangerously easy to hack and could be turned into bugging devices or weapons, IOActive Inc. said...
These vulnerabilities could allow the robots to be turned into surveillance devices, surreptitiously spying on their owners, or let them to be hijacked and used to physically harm people or damage property...
...or, do the Dobi Boogie!
more
These vulnerabilities could allow the robots to be turned into surveillance devices, surreptitiously spying on their owners, or let them to be hijacked and used to physically harm people or damage property...
...or, do the Dobi Boogie!
more
Google 500+ Spy Apps - Update
Google has removed over 500 apps that included mobile games for teenagers from its Play Store on account of a spyware threat.
The decision came after US-based cyber-security firm Lookout discovered more than 500 apps that could spread spyware on mobile phones, Fortune reported late on Wednesday.
According to Lookout, the apps used certain software that had the ability to covertly siphon people's personal data on their devices without alerting the app makers. more
The decision came after US-based cyber-security firm Lookout discovered more than 500 apps that could spread spyware on mobile phones, Fortune reported late on Wednesday.
According to Lookout, the apps used certain software that had the ability to covertly siphon people's personal data on their devices without alerting the app makers. more
Shoulder Surfers Get Faked Out with IllusionPIN App
Researchers have created a smartphone application to combat “shoulder-surfing”—when someone else looks over your shoulder as you enter your phone’s password or other private digits, potentially even gleaning vital financial or personal information...
Nasir Memon, a professor of computer science and engineering at New York University’s Tandon School of Engineering, explains that the technology, called “IllusionPIN,” deploys a hybrid-image keyboard that appears one way to the close-up user and differently to an observer at a distance of three feet or greater.
The research team simulated a series of shoulder-surfing attacks on smartphone devices to test the effectiveness of IllusionPIN at various distances.
In total, they performed 84 attempted shoulder-surfing attacks on 21 participants, none of which was successful. For contrast, they also mounted 21 shoulder-surfing attacks on unprotected phones using the same distance parameters; all 21 attacks were successful. more much more
Nasir Memon, a professor of computer science and engineering at New York University’s Tandon School of Engineering, explains that the technology, called “IllusionPIN,” deploys a hybrid-image keyboard that appears one way to the close-up user and differently to an observer at a distance of three feet or greater.
The research team simulated a series of shoulder-surfing attacks on smartphone devices to test the effectiveness of IllusionPIN at various distances.
In total, they performed 84 attempted shoulder-surfing attacks on 21 participants, none of which was successful. For contrast, they also mounted 21 shoulder-surfing attacks on unprotected phones using the same distance parameters; all 21 attacks were successful. more much more
Eavesdropping Device Found in State Gaming Office
NY - The Erie County District Attorney’s Office confirmed Monday afternoon it is investigating allegations made by the New York State Gaming Commission that its employees were eavesdropped on by the Seneca Gaming Authority. A source close to the investigation said gaming officials found a listening device last year in a casino space that was leased to state officials. more
Subscribe to:
Posts (Atom)