Saturday, December 16, 2017

Are Google and Amazon Patently Eavesdropping?

Patent applications from Amazon and Google revealed how their Alexa and Voice Assistant powered smart speakers are 'spying' on you.
The findings were published in a report created by Santa Monica, California based advocacy group Consumer Watchdog.

The study warns of an Orwellian future in which the gadgets eavesdrop on everything from confidential conversations to your toilet flushing habits...

The study found that digital assistants can be 'awake' even when users think they aren't listening...

In fact, the devices listen all the time they are turned on – and Amazon has envisioned Alexa using that information to build profiles on anyone in the room to sell them goods. more

Letter Accuses Uber of Corporate Espionage and Wiretapping

The legal battle between Uber the ride-hailing behemoth and Waymo the self-driving unit of Alphabet reached a pivotal point this week as the Judge presiding over the case released a letter based on the account of a former employee at Uber.

The letter alleged that a division with Uber has been responsible for carrying out acts such as theft of trade secrets, corporate espionage, bribery of officials in foreign countries, and different types of unlawful surveillance.

The letter, given the name “Jacobs Letter,” was authored by an attorney who represents Richard Jacobs, a former employee at Uber who held the position of global intelligence manager prior to his firing last April.

In the highly detailed account accusations are leveled of systematic illegal activities inside the Strategic Services Group (SSG) of Uber, which allegedly sought out the trade secrets of other companies through data collection and eavesdropping. more

Quote from the letter...
Uber’s Marketplace Analytics team…fraudulently impersonates riders and drivers on competitor platforms, hacks into competitor networks, and conducts unlawful wiretapping. more 

Another version of the story...
Uber illegally recorded phone calls and wiretapped the phones of executives at rival companies in a global “intelligence gathering” operation that went on for years, a former employee has alleged.

In a 37-page letter made public in federal court on Friday, Richard Jacobs, a former security employee with the ride-hailing service, alleges Uber set up internal teams whose sole purpose was to spy on competitors. “Uber has engaged, and continues to engage, in illegal intelligence gathering on a global scale,” Jacobs wrote, according to The New York Times.

The teams allegedly infiltrated chat rooms, impersonated drivers of rival companies, and placed surveillance on executives of those companies, including by illegally recording phone calls, the letter claims.

Jacobs’ allegations stem from a trade secrets case against Uber filed by Waymo, Alphabet’s self-driving unit, which says Uber stole information about autonomous driving technology. more

Wednesday, December 13, 2017

For One Family - A New Christmas Gift Rule

Op-ed, NYT opinion
Click to enlarge.

During the holiday season, my husband and I tend to offer suggestions to those who are generous enough to insist on buying presents for our kids.

Things like “Don’t spend more than $50” and “No guns.” Or, for those with whom we can be comfortably blunt, “Just cash, please....

This year we’re adding a new rule to our list: No toys that can spy. The idea: to keep seemingly innocuous internet-connected devices that may compromise our privacy and security out of our home and especially out of our children’s hands. more

• CBS video report on holiday toys that can spy.

• All the cool gifts are made for spying on you.

FutureWatch: That Photo Can Now Be Traced to Your Phone

A University at Buffalo-led team of researchers has discovered how to identify smartphones by examining just one photo taken by the device.

The advancement opens the possibility of using smartphones—instead of body parts—as a form of identification to deter cybercrime.

"Like snowflakes, no two smartphones are the same. Each device, regardless of the manufacturer or make, can be identified through a pattern of microscopic imaging flaws that are present in every picture they take," says Kui Ren, the study's lead author. "It's kind of like matching bullets to a gun, only we're matching photos to a smartphone camera." 

The new technology, to be presented in February at the 2018 Network and Distributed Systems Security Conference in California, is not yet available to the public. However, it could become part of the authentication process—like PIN numbers and passwords—that customers complete at cash registers, ATMs and during online transactions. more

Security Director Alert: HP Laptops with Hidden Keyloggers

Researcher Michael Myng found a deactivated keylogger in a piece of software found on over 460 HP laptop models. A full list of affected laptops is here. The keylogger is deactivated by default but could represent a privacy concern if an attacker has physical access to the computer...

The bottom line? Update your HP laptop as soon as possible. If you are on HP’s list of affected laptops you can download the fix heremore

Tuesday, December 12, 2017

33 Years Late, or You'll Never be a Stranger Here

China has been building what it calls "the world's biggest camera surveillance network".

Across the country, 170 million CCTV cameras are already in place and an estimated 400 million new ones will be installed in the next three years.

Many of the cameras are fitted with artificial intelligence, including facial recognition technology. The BBC's John Sudworth has been given rare access to one of the new hi-tech police control rooms. excellent video demo

Monday, December 11, 2017

Mickey With the Big Ears - RIP

Mickey Gurdus was always a good listener.

Click to enlarge
For decades he commanded a battery of shortwave and FM radios, UHF and VHF receivers, tape recorders and other devices from a swivel chair in his Tel Aviv apartment, all to intercept and record foreign news broadcasts, secret satellite transmissions, confidential military messages and diplomatic conversations.

He was no vicarious eavesdropper, however. Mr. Gurdus listened for a living.

He monitored the airwaves for the state-run Israel Radio and tipped his editors — and, sometimes, intelligence agents — to hijackings, invasions and revolutions. In one instance he intercepted a telephone call between the White House and Air Force One. more

Amazingly, there was a time when anyone could eavesdrop on the radio-telephone calls from Air Force One. All one needed was a radio which could receive shortwave and/or frequencies around 409 MHz. More detailed instructions are still floating around the net. These days, communications are encrypted, and are mostly routed via satellite. ~Kevin

Saturday, December 9, 2017

Seminar in Information Security and Cryptography

Seminar in Information Security and Cryptography
Zurich Switzerland, June 11-13, 2018

Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich

Information Security and Cryptography. A full description of the seminar, including all topics covered, is available at infsec.ch/seminar2018.

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects. The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography.

The seminar takes place in Zurich, Switzerland. The lectures and all course material are in English.

Friday, December 8, 2017

Hedy Lamarr - The Spread Spectrum Lady


“Bombshell” (Alexandra Dean’s timely documentary) explores, Lamarr, in collaboration with avant-garde composer George Antheil, of all people, came up with a way to ensure secure radio signals, a frequency-hopping technology that has been called the basis for such up-to-date innovations as Wi-Fi, Bluetooth and GPS.
Though one of the most recognized faces in the world, Lamarr, executive producer Susan Sarandon has said, “was never seen for who she was.”
Yet what makes “Bombshell” intriguing is not just Lamarr’s gift for invention, it’s also what a fiery individualist she was, someone who had no regrets about her eventful life (”You learn from everything”), not even its racy, tabloid elements. more

Wednesday, December 6, 2017

Russia Accuses Pepsi of Espionage - “Gotta Have It” / ”Chill Out”

A Russian state watchdog is accusing U.S. soda giant Pepsi of espionage, after receiving word that the soft drinks company had a copy of an internal agency document that was apparently never sent out.

Russia’s Rosselkhoznadzor, the Kremlin’s watchog specializing in agricultural products, released a statement alleging that Pepsi Co. orchestrated a cyber attack on its database to obtain a copy of an industry document, intended only for the watchdog's consumption. The statement, released on Monday, reveals nothing about the document’s contents.

The watchdog claims that the company cited the document during a union meeting with Rosselkhoznadzor. more

PepsiCo denied the accusations

Guests Keep Finding Spycams in their Airbnb Bedrooms

An Airbnb guest discovered a hidden camera inside his rental property in another disturbing example of the service's users being spied upon.

Jason Scott, an internet activist from the US, tweeted pictures of what he claims was a spy camera hidden in a burglar alarm motion sensor. Scott says he was sent the images by a concerned friend who found the item during a recent stay in an Airbnb property.

According to Scott, the device was an IP camera that was likely connected to the internet and used for surveillance

He wrote: "In "oh, that's a thing now" news, a colleague of mine thought it odd that there was a single "motion detector" in his AirBNB in the bedroom and voila, it's an IP camera connected to the web. (He left at 3am, reported, host is suspended, colleague got refund.)" more

Extra Credit Reading:
 Education is the best prevention against becoming a victim of spy cameras.

Eavesdropping App Lawsuit Allowed to Proceed

A federal judge denied the Golden State Warriors’ motion to dismiss an amended lawsuit 
alleging that the NBA champions recorded private conversations through their mobile app.

Jeffrey White, a judge for the Northern District of California, originally dismissed the class action complaint, which was filed by New York resident LaTisha Satchell last year, but ruled recently that the revised suit can proceed against the Warriors and beacon-technology company Signal360 for a possible violation of the Wiretap Act. more

DIY PI - What could possibly go wrong?

PI - Two school employees in Monroe County could face wiretapping charges.

A grand jury is recommending charges against Joshua Krebs and Alex Sterenchok.

Krebs is the supervisor of support staff and Sterenchok is the technology supervisor for the Pleasant Valley School District.

Both are accused of setting up a camera in April of 2016 in a break room at Pleasant Valley Elementary School to see if they could catch a janitor not doing his job.
Teachers and other staff members argue their privacy was being violated. more

Monday, December 4, 2017

After Seven Years of Hacking an Indictment - Will it Make a Difference?

Federal prosecutors indicted three Chinese nationals last week. It accusing them of hacking over the past seven years into at least three multinational corporations.

reported this is for nakedsecurity.sophos.com last week and was kind enough to ask my opinion for background.

---

China warned it would retaliate if the US pressed the issue. And that was pretty much that.

Which is the way Kevin Murray, director at Murray Associates, a counter espionage consultancy, sees this case playing out. Does the indictment mean anything significant will happen? “No,” he said, offering a brief history lesson.
Go back 1,000 years, remembering that the Chinese invented things like silk, gunpowder, paper. All this intellectual property was stolen from them. At that time, the law in China was that if you engaged in it, that was your life. But it still got stolen. So now they’re getting back at us. And we’re trying to replicate what they did by punishing the criminal. Is it going to help? No.
Murray said if those responsible for protecting IP faced charges, “then you’d see some changes.” more

Wednesday, November 29, 2017

When Do People Use Keystroke Loggers Legally

According to PInow.com...
  • Employers monitoring of company computers used by employees to ensure they are working as required and to prevent fraud and other criminal activities.
  • Parents monitoring the use of computers for children below 18 years.
  • Companies monitoring use of company resources like internet.
  • Collection of forensic evidence from the computers being monitored for security reasons with a legitimate investigation cause. more