A group of researchers has uncovered ten new attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals.
The attacks exploit design flaws in the communications protocol and unsafe practices employed by the stakeholders and can be used to achieve things like impersonating existing users, spoofing the location of the victim device, delivering fake emergency and warning messages, eavesdropping on SMS communications, and more.
Among the uncovered attacks they consider one particularly worrying: an authentication relay attack that allows an adversary to impersonate an existing user (mobile phone) without possessing any legitimate credentials.
“Through this attack the adversary can poison the location of the victim device in the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation,” they pointed out. more
Monday, March 5, 2018
Cuba's Sonic Attacks - Possibly a Side-Effect of Spying
Its surveillance tools may have transmitted ultrasonic sounds by mistake...
Remember those 'sonic attacks' against the American and Canadian embassies last summer, making staff queasy and raising all kinds of questions as to what happened? There might have an answer. University of Michigan researchers have theorized that the incidents were really the result of ultrasonic signals from poorly functioning surveillance equipment. While individual ultrasonic signals can't harm people outside of extreme circumstances, multiple signals can clash with each other and produce a sound that's just low enough to be audible.
The scientists tested their hypothesis by replicating the "chirping" from an AP video using two ultrasonic emitters that combined tones, one at 25kHz and another at 180Hz. That produced a similar-sounding 7kHz frequency with ripples of sound at an even 180Hz spacing. The team even built a device that would simulate eavesdropping by playing a song instead of the 180Hz tone. more
Security Scrapbook fans knew this might be a botched spying attempt, and how it worked, last August. ~Kevin
Remember those 'sonic attacks' against the American and Canadian embassies last summer, making staff queasy and raising all kinds of questions as to what happened? There might have an answer. University of Michigan researchers have theorized that the incidents were really the result of ultrasonic signals from poorly functioning surveillance equipment. While individual ultrasonic signals can't harm people outside of extreme circumstances, multiple signals can clash with each other and produce a sound that's just low enough to be audible.
The scientists tested their hypothesis by replicating the "chirping" from an AP video using two ultrasonic emitters that combined tones, one at 25kHz and another at 180Hz. That produced a similar-sounding 7kHz frequency with ripples of sound at an even 180Hz spacing. The team even built a device that would simulate eavesdropping by playing a song instead of the 180Hz tone. more
Security Scrapbook fans knew this might be a botched spying attempt, and how it worked, last August. ~Kevin
Wednesday, February 28, 2018
Invention: Simple Device Allows Fast Lockdowns in Schools
As school carpenter Cory Webster replaced dozens of deteriorating rubber door stoppers that were installed to help keep Palos Verdes Peninsula classrooms safe in the event of a lockdown, he thought there must be a better way...
The 123 Lock-down Latch works much like a hotel door bumper: a teacher simply slides the metal lever to prevent a locked door from closing. When a lockdown happens, anyone inside the classroom can slide the lever back and the door closes and locks...
Because most classroom doors can only be locked from the outside with a key, the teacher can leave the door locked but with the latch engaged during passing period to allow students in and out easily. In the event of an active shooter, it’s not always safe for a teacher to step outside to lock the door. With the latch, there’s no need to fumble for keys or leave the classroom to secure the door. more
The 123 Lock-down Latch works much like a hotel door bumper: a teacher simply slides the metal lever to prevent a locked door from closing. When a lockdown happens, anyone inside the classroom can slide the lever back and the door closes and locks...
Because most classroom doors can only be locked from the outside with a key, the teacher can leave the door locked but with the latch engaged during passing period to allow students in and out easily. In the event of an active shooter, it’s not always safe for a teacher to step outside to lock the door. With the latch, there’s no need to fumble for keys or leave the classroom to secure the door. more
Austria: Bugging Devices Found... and then, a break-in!
The office of Austrian far-right leader and vice chancellor Heinz-Christian Strache was broken into this week, shortly after bugging devices were discovered there, and a criminal inquiry has been launched, prosecutors said on Thursday.
The break-in occurred on Wednesday night while Strache, whose Freedom Party entered the governing coalition after elections in October, was out for dinner, his spokesman said, confirming an earlier report by broadcaster Oe24.
The spokesman said the electronic surveillance devices had been discovered last week behind a mirrored wall by intelligence service specialists. “This was a routine check after moving into a new office,” he said. more
TSCM 101 - When you find one bug, don't stop looking. A post-discovery break-in may indicate the removal of additional, and more sophisticated bugs. Later discovery of these devices might implicate who planted them in the first place. ~Kevin
The break-in occurred on Wednesday night while Strache, whose Freedom Party entered the governing coalition after elections in October, was out for dinner, his spokesman said, confirming an earlier report by broadcaster Oe24.
The spokesman said the electronic surveillance devices had been discovered last week behind a mirrored wall by intelligence service specialists. “This was a routine check after moving into a new office,” he said. more
TSCM 101 - When you find one bug, don't stop looking. A post-discovery break-in may indicate the removal of additional, and more sophisticated bugs. Later discovery of these devices might implicate who planted them in the first place. ~Kevin
Tuesday, February 27, 2018
Smartphone Goes Dark at the Flip of a Switch
Cybersecurity firm DarkMatter has launched its first smartphone, designed to stop spy agencies listening to you.
An Android device called Katim, it was made available commercially Monday at Mobile World Congress in Barcelona, Spain, and has a 5.2-inch display, as well as a high level of encryption...
One security feature built by the Middle East-based firm is called "shield mode," which disconnects power from the microphone and camera on the device so that nobody can spy on your conversations. more
An Android device called Katim, it was made available commercially Monday at Mobile World Congress in Barcelona, Spain, and has a 5.2-inch display, as well as a high level of encryption...
One security feature built by the Middle East-based firm is called "shield mode," which disconnects power from the microphone and camera on the device so that nobody can spy on your conversations. more
The Case of the License Plate ICE Pick
The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians...
ICE agents would be able to query that database in two ways. A historical search would turn up every place a given license plate has been spotted in the last five years, a detailed record of the target’s movements. That data could be used to find a given subject’s residence or even identify associates if a given car is regularly spotted in a specific parking lot. more
As foreshadowed...
ICE agents would be able to query that database in two ways. A historical search would turn up every place a given license plate has been spotted in the last five years, a detailed record of the target’s movements. That data could be used to find a given subject’s residence or even identify associates if a given car is regularly spotted in a specific parking lot. more
As foreshadowed...
Personal Phone Calls at Work Can Put Employers in Jeopardy
This from a California court: Employers unwise to permit use of company
telephones for personal calls—at least if the employer plans to record
those calls.
Note: Many other states follow the more restrictive version of Federal law–two party consent–as well. ~Kevin
- Two-party consent means two-party consent: All parties to a call must be told the call is going to be recorded and must consent.
- Employers with recording systems should consider barring use of company telephones for personal calls and making sure that people receiving calls on a recorded line automatically are informed, up front, that the call will be recorded.
- Barring all personal calls is not necessary, but it may offer some protection against the legal consequences of a breakdown in the employer’s system of ensuring notice to all parties before the recording begins.
Note: Many other states follow the more restrictive version of Federal law–two party consent–as well. ~Kevin
Saturday, February 24, 2018
Extortionography and the Missouri Gov. Eric Greitens Felony Indictment
Missouri Gov. Eric Greitens, who was once considered a rising star in the Republican Party, has been under siege since January, when accusations emerged that he threatened to use a nude photo to blackmail his former hairstylist, with whom he was having an extramarital affair.
Greitens had allegedly threatened the woman by saying he would distribute a nude photo he had secretly taken of her if she exposed their relationship.
The accusations stemmed from a covert recording by the woman’s ex-husband published by KMOV in St. Louis, in which the woman is heard describing how Greitens invited her to his home in 2015 and, with her consent, taped her hands to exercise rings and blindfolded her. He then allegedly took a photo of her naked. more
What is extortionography?
Greitens had allegedly threatened the woman by saying he would distribute a nude photo he had secretly taken of her if she exposed their relationship.
The accusations stemmed from a covert recording by the woman’s ex-husband published by KMOV in St. Louis, in which the woman is heard describing how Greitens invited her to his home in 2015 and, with her consent, taped her hands to exercise rings and blindfolded her. He then allegedly took a photo of her naked. more
What is extortionography?
Mystery 911 Calls from Apple Repair Center
Apple is working with local police to remedy a surge in unintentional emergency calls to 911 that are originating from the company’s distribution and repair center in Elk Grove, California.
The influx of calls has been ongoing for months, averaging 20 accidental calls a day and totaling over 1,600 since October.
911 dispatchers hear silence and intermittent employee chatter when the calls come in. more
Thursday, February 22, 2018
FutureWatch: Tomorrow's Spys Today
"Help young people. Help small guys. Because small guys will be big. Young people will have the seeds you bury in their minds, and when they grow up, they will change the world."
~Jack Ma
Teens at the Library for grades 6-10: Spy Academy
Categories: Community
Date: Thursday, February 22, 2018
Start Time: 6:30 PM (GMT-05:00) Eastern Time (US & Canada)
End Time: 7:30 PM
Location Northeast Regional Library, 14401 Green Elm Ln, Raleigh, NC 27614
Google Calendar Yahoo! Calendar Windows Live Calendar iCal/Outlook
Put your sleuth skills to the test. Come for a night of code breaking, laser-beams, memory, and more!
For more information...
~Jack Ma
Teens at the Library for grades 6-10: Spy Academy
Categories: Community
Date: Thursday, February 22, 2018
Start Time: 6:30 PM (GMT-05:00) Eastern Time (US & Canada)
End Time: 7:30 PM
Location Northeast Regional Library, 14401 Green Elm Ln, Raleigh, NC 27614
Google Calendar Yahoo! Calendar Windows Live Calendar iCal/Outlook
Put your sleuth skills to the test. Come for a night of code breaking, laser-beams, memory, and more!
For more information...
Dronebusters
Two drones headed north above Capitol Boulevard toward the Idaho statehouse. Lt. Gov. Brad Little stood to Gov. Butch Otter’s right at the top of the Capitol steps and watched...
The demonstration by Black Sage Technologies showed off the Boise company’s system to immobilize drones that might be carry a bomb, drop contraband or weapons into prison recreation yards, or spy on sensitive operations.
Black Sage uses cameras, radar and other tools to detect drones. It can see them at least three and a half miles away. The company sometimes demonstrates its anti-drone system at military bases. Wednesday’s exhibition was one of the few times the public has gotten to see it. more
The demonstration by Black Sage Technologies showed off the Boise company’s system to immobilize drones that might be carry a bomb, drop contraband or weapons into prison recreation yards, or spy on sensitive operations.
Black Sage uses cameras, radar and other tools to detect drones. It can see them at least three and a half miles away. The company sometimes demonstrates its anti-drone system at military bases. Wednesday’s exhibition was one of the few times the public has gotten to see it. more
The Employee Competitor: Spy in the Yogurt
Click here. |
On Wednesday, Bloomberg reported that Dannon Co. sued its former senior vice president, Federico Muyshondt, alleging he divulged trade secrets to colleagues at his new job, which is with Chobani LLC. Both of these companies, obviously, are renowned for their yogurt.
According to the complaint—filed in a federal court in White Plains, New York—Muyshondt stands accused of pilfering details of Dannon’s business strategy, plans for forthcoming products, and lists of customers before he left the company in January to take a job with Chobani, which was not named as a defendant in the lawsuit. more
Report Reveals 50% of Organizations Don't Provide Employee Information Security Training
New cybersecurity reports just released by Cisco and Verizon Wireless
say that businesses are faced with more sophisticated security threats
from wireline and wireless devices running on their networks.
Perhaps the more disturbing revelation of Verizon’s study is that it’s not hacktivists, criminals or those engaging in corporate espionage that pose the greatest threat, but a company’s own employees. However, only 50% of all organizations provide IT training when a new employee joins a company. more
Observation: Interestingly, even fewer businesses proactively check for all the other methods of corporate espionage, e.g. regular information security surveys and technical surveillance countermeasures inspections.
Coincidentally, the few that are pro-active seem to be among the most successful and profitable companies in America. Just coincidence?
Perhaps the more disturbing revelation of Verizon’s study is that it’s not hacktivists, criminals or those engaging in corporate espionage that pose the greatest threat, but a company’s own employees. However, only 50% of all organizations provide IT training when a new employee joins a company. more
Observation: Interestingly, even fewer businesses proactively check for all the other methods of corporate espionage, e.g. regular information security surveys and technical surveillance countermeasures inspections.
Coincidentally, the few that are pro-active seem to be among the most successful and profitable companies in America. Just coincidence?
Wednesday, February 21, 2018
You Are Never a Stranger in Our City - Facial Recognition Street Cams
Nvidia has partnered with AI developer AnyVision to create facial recognition technology for "smart cities" around the world. The two companies will work to install automatic facial recognition into CCTV (closed-circuit television) surveillance cameras.
AnyVision claims the technology enables cameras that can continuously scan for faces 24/7, automatically identifying and tracking individuals within a large crowd with 99% accuracy.
Algorithms working with human monitors can then compare the faces identified against a database of known terrorists or criminals.
The company also says it's committed to protecting the personal data that CCTV cameras collect.
So... is this technology terrifying, and possibly everything Orwell warned us about? Absolutely.
But it could also save thousands of lives. The technology could be useful not only for catching at-large criminals, but also for quickly identifying suspects, and tracking down individuals who have gone missing. more
You may recall, this has been tried before and its comeback was predicted here in 2008.
AnyVision claims the technology enables cameras that can continuously scan for faces 24/7, automatically identifying and tracking individuals within a large crowd with 99% accuracy.
Algorithms working with human monitors can then compare the faces identified against a database of known terrorists or criminals.
The company also says it's committed to protecting the personal data that CCTV cameras collect.
So... is this technology terrifying, and possibly everything Orwell warned us about? Absolutely.
But it could also save thousands of lives. The technology could be useful not only for catching at-large criminals, but also for quickly identifying suspects, and tracking down individuals who have gone missing. more
You may recall, this has been tried before and its comeback was predicted here in 2008.
Monday, February 19, 2018
Slick and Wise Espionage Ethics Discussion
NM - Two former U.S. intelligence officials will discuss the cloak-and-dagger world of espionage and the difficult ethical dilemmas it poses for U.S. spies at a lecture in Albuquerque on Feb. 25.
Stephen Slick, director of the University of Texas at Austin’s Intelligence Studies Project, and Douglas Wise, retired senior CIA operations officer, will wrestle with the question of whether a profession that requires lying, cheating, stealing, manipulating, exploiting and deceiving should have ethical boundaries. In a Journal interview, Slick said every potential intelligence officer must answer that question for themselves, and that their ultimate responsibility is adhering to U.S. and international law.
The panel discussion – part of the Albuquerque International Association’s ongoing lecture series – is Sunday, Feb. 25, from 3 p.m. to 5 p.m. at the UNM Continuing Education Auditorium.
Slick said the subject of espionage and ethics is popular among his students, who are often contemplating careers in intelligence. more
Stephen Slick, director of the University of Texas at Austin’s Intelligence Studies Project, and Douglas Wise, retired senior CIA operations officer, will wrestle with the question of whether a profession that requires lying, cheating, stealing, manipulating, exploiting and deceiving should have ethical boundaries. In a Journal interview, Slick said every potential intelligence officer must answer that question for themselves, and that their ultimate responsibility is adhering to U.S. and international law.
The panel discussion – part of the Albuquerque International Association’s ongoing lecture series – is Sunday, Feb. 25, from 3 p.m. to 5 p.m. at the UNM Continuing Education Auditorium.
Slick said the subject of espionage and ethics is popular among his students, who are often contemplating careers in intelligence. more
Subscribe to:
Posts (Atom)