Could Your Smartphone Battery Spy on You? (unlikely, but...)

Most batteries in today’s smartphone are intelligent enough to detect how people use their phones and employ power-saving technologies that result in longer battery life. That advantage sounds excellent all around, but...

The researchers who authored a paper [PDF] on the subject of smartphone batteries capable of spying on people pointed out that this hack would be quick to implement and difficult to detect. They say smartphone owners may even participate in helping the hacks happen by installing malicious batteries themselves.

It could happen in a scenario where a hacker sets up an online store and entices users with promises of extra-long battery life and low prices, sends a purchaser the battery and waits for it to become installed in the phone to begin the tracking segment of the hack.

Plus, the battery could be capable of continuous monitoring, giving hackers the opportunity to see almost all the things the targets do with their phones, whether that’s browsing the internet, typing on the phone’s keyboard or receiving calls. more

A bug made to look like a cell phone battery...

The Search Engine That Didn't Snitch... and other disasters

Hey gang, it's almost Independence Day here in America. Yup, July 4th is just around the corner.

Fireworks are in America's bloodstream... but, did you know your on-line curiosity could get you in trouble with the terrorist chasers? Your fireworks search engine inquires might start popping red flags...

"Ludlow Kissel and the Dago Bomb That Struck Back"
"What is a Dago Bomb?"
"How can I build a Dago Bomb?"
"Dago Bomb ingredients"
"What was blown up by the Dago Bomb?"

(Knock, Knock)
"We're from Homeland Security..."

"Excelsior, you fathead!" Next time, don't use a search engine that captures your IP address. Search privately. Go to https://www.ixquick.com
ixquick is the only search engine which gives you anonymity.

Oh, and Ludlow... he had his 15 minutes of fame... about 2:17 into this Great American Fourth of July video. ~Kevin

UPDATE - NEW URL. Startpage.com in

Corporate Espionage Heats Up as “Made in China 2025” Nears

Corporate espionage is an extremely serious charge in the American technology market. There have been several prominent occasions in which AMD and Intel or AMD and Nvidia have cooperated when an employee was suspected to have engaged in IP theft, precisely because the consequences of bringing a product to market that’s tainted by another company’s IP rights could be so catastrophic.

But in China, there’s a very different system in place — and the way this has played out could be driving China’s investigation of Micron and Samsung’s DRAM pricing.

Here’s what we know. Micron alleges that the United Microelectronics Corporation (UMC), a Taiwanese foundry, cooperated with Fujian Jinhua Integrated Circuit Company to steal Micron secrets.

Jinhua may have been attempting to steal secrets from Micron in a manner similar to that used by the Yangtze Memory Technology Company, or YMTC, which is now building chips that the New York Times reports look suspiciously like Samsung devices.

The Chinese companies are collectively under tremendous pressure to deliver on an initiative China calls “Made in China 2025.”

Made in China 2025 is a comprehensive Chinese effort to increase domestic production of core materials by up to 40 percent by 2020 and 70 percent in 2025.

The impact this would have on existing semiconductor manufacturing can only be described as seismic. more

Important... Made in China 2025 should be a red flag to ALL businesses in the U.S. 
Make sure you understand the impact of this initiative. Make sure you get a competent Technical Information Security Consultant on your team, soon. There won't be enough to go around once the penny drops.

Yet Another Reason for SpyCamDetection.Training

FL - A Keys man was arrested Wednesday after police said he was spying on people using the bathroom at his job.

Ray Gallegos, 32, of Big Pine Key, admitted to having planted a camera in the men's bathroom at the Walgreens, 30351 Overseas Hwy., sometime in August 2017 so he could watch men, according to the Monroe County Sheriff's Office.

Deputies and agents from Homeland Security on Wednesday searched Gallegos' home, where they said they found pictures and video depicting a bathroom stall later identified as the one located in the pharmacy at the Big Pine Walgreens. more

Facebook's Patent Called Creepy

If you’re a Facebook user, you’ve likely heard stories of people becoming convinced that the company uses the microphones that are everywhere these days (such as ones on a smartphone or laptop) to spy on its users. While those fears might just be the result of an overactive imagination, a new patent filing is fueling concerns that Facebook might actually be equipped to do just that someday soon...

The patent filing itself is densely packed with information, but the technology at the center of it would use high-pitched audio signals that are inaudible to humans and hidden within advertisements or other “broadcast content.” That audio signal could be used to activate a “client device” to record the ambient audio in the room and log an impression – which makes this sound like a system for tracking how many individual impressions an advertising campaign receives.

The abstract of the patent explains the system relies on client devices that are associated with each individual in a household, which has led many to believe that the patent is talking about activating the mic on your smartphone. The patent filing also features a number of images that depict the “client devices” as smartphones, which leaves little to the imagination. All of that, as you can imagine, has resulted in quite a few negative headlines accusing Facebook of once again overreaching when it comes to user privacy. more

California Passes Sweeping Data-Privacy Bill

California lawmakers gave consumers unprecedented protections for their data and imposed tough restrictions on the tech industry, potentially establishing a privacy template for the rest of the nation.

The law, which was rushed through the legislature this week and signed by Gov. Jerry Brown on Thursday, broadens the definition of what constitutes personal information and gives California consumers the right to prohibit the sale of personal data to third parties and opt out of sharing it altogether. The bill applies to internet giants such as Facebook Inc. and Alphabet Inc.’s Google but also will affect businesses of any size that collect data on their customers.

Ashkan Soltani, a digital researcher and former chief technologist for the Federal Trade Commission, said the regulations are the first of their kind in the U.S. more sing-a-long

The Kid is Recording with His Cell Phone - Quick, Call the Cops!

A sad Middle School Civics Lesson...

One of Illinois' most-abused laws continues to be abused. For years, cops used the state's eavesdropping laws to arrest citizens who attempted to record them. This practice finally stopped when three consecutive courts -- including a federal appeals court -- ruled the law was unconstitutional when applied to target citizens recording public servants.

This may have led to the end of bullshit arrests from cops who didn't like being observed while they worked, but it's still being used by government officials to punish people they don't like. Illinois Policy reports a 13-year-old student is facing felony charges for recording a meeting between him and two school administrators.

On Feb. 16, 2018, [Paul] Boron was called to the principal’s office at Manteno Middle School after failing to attend a number of detentions. Before meeting Principal David Conrad and Assistant Principal Nathan Short, he began recording audio on his cellphone.

Boron said he argued with Conrad and Short for approximately 10 minutes in the reception area of the school secretary’s office, with the door open to the hallway. When Boron told Conrad and Short he was recording, Conrad allegedly told Boron he was committing a felony and promptly ended the conversation.

Principal Conrad sure knows his local statutes. He turned Boron in to law enforcement, which apparently decided to go ahead and process the paperwork, rather than tell Conrad to stop acting like a child. This led to prosecutors being just as unwilling to be the adults in the room.

For a 13-year-old, this is a huge problem. This places his recording of his conversation with school officials on the same level as aggravated assault and stalking. It comes with a minimum prison sentence of one year. more 

Murray's Surreptitious Workplace Recording — and what to do about it

Air-Gapped Computers to be Ticked-off via USB Tick-Sticks

A cyber-espionage group is targeting a specific type of secure USB drive created by a South Korean defence company in a bid to gain access to its air-gapped networks. 

According to a blog post by researchers at Palo Alto Networks, this attack was carried out by a group called Tick which carries out cyber-espionage activities targeting organisations in Japan and Korea.

Researchers said that weaponisation of a secure USB drive is an uncommon attack technique and likely done in an effort to spread to air-gapped systems, these networks are normally not connected to the internet. more

Murray's USB Stick Warnings
 

A $5 Million Surveillance Car

A Cyprus-based surveillance company claims to have built a car full of next-generation snooping kit that can infect Apple and Google phones from as far away as 500 metres. WiSpear, founded by one of Israel’s longtime surveillance market players Tal Dilian, is selling the car for between $3.5 million and $5 million and claims it has plenty of interest already. It’s also inspired concern from the privacy community.

The SpearHead 360 vehicle uses 24 antennas to reach out to target devices. Once a phone has been chosen, the WiSpear automobile has four different ways to force a phone to connect to its Wi-Fi-based interceptors from where it can start snooping on devices (using what are known as man-in-the-middle attacks). Then there are four different kinds of malware for various operating systems, including Apple’s iOS or Google’s Android devices, according to Dilian.


WiSpear showed off the van at the ISS World and Eurosatory conferences this month. As seen in the video, police can splurge on a drone and a backpack to go inside the car for even more mobile surveillance. Both can be used to carry out the same attacks, according to Dilian, who noted a single backpack can cost as much as $1.2 million. “This takes customers from detection all the way to full interception,” he told Forbes. “I think it’s a game changer.” more

Darwin Award: Man Spycams Wife for 3 Years to Bug Her - Shoots Himself

Paul Lewis, 46, rigged up the secret video camera because he feared his wife Ann, 45, was having a secret affair.

His video revealed she wasn’t having sex romps while he was at work – but he carried of covertly filming her for the next three years anyway.

He said continued because he knew it would annoy her.

A court heard the marriage had been ‘effectively over’ for some time when Ann, a teacher, found the digital camera after it was moved to the kitchen of their three-bedroom village home.

She found 29 videos of herself that had been shot in the bedroom lasting between a few seconds and up to 40 minutes.

Lewis, an engineer, blundered because some of the clips showed him accidentally filming himself installing the spy camera in a bedside cabinet. more

Spy Collector Alert: Soviet Spy-Camera Auction

On July 12, Aston’s Auctioneers of Dudley, England (about halfway between Liverpool and London), will feature the Russian Collection auction, 25 lots of rare and unusual cameras collected from the Cold War days, when Russia merely constituted much of the U.S.S.R. and Germany was still separated into two states.

“To find as many [cameras] in one place is pretty unusual,” says Tim Goldsmith, photographic consultant to Aston’s. The unnamed source for the auction had been collecting Soviet spy cameras for 30 to 40 years, as far back as when smuggling anything of this sort in or out of the Soviet Bloc would have needed spycraft itself. “Obviously, that’s when East Germany was still completely surrounded,” says Goldsmith. Until recently, finding such a trove in the West was nearly miraculous. “And it’s unheard of in the U.K., though it’s dribbling out since the whole universe discovered these things on the internet."

Aston’s hosts three camera auctions a year, yet this one, as Goldsmith put it, “has fired everyone’s imagination.” more

Wi-Fi to Get More Security Muscle

The Wi-Fi Alliance has officially unveiled WPA3, its next-generation security standard to keep wireless networks better protected, alongside a move to streamline the setup of the likes of smart home gadgets.

As you may be aware, WPA3 follows on from the currently employed WPA2 standard, which has been hit by security vulnerabilities that have led folks to question its overall strength in recent times.

So, the arrival of WPA3 is clearly important, and the Wi-Fi Alliance is delivering the fresh standard in two forms, one aimed at the home user, and one for businesses: WPA3-Personal and WPA3-Enterprise.

Both flavors are designed to provide far more robust security, with users benefiting from Protected Management Frames (PMF) to defend against malicious parties eavesdropping on their data transmissions. more

Dan Ingram - RIP

Dan Ingram.
Super nice guy.
Unbelievably funny, even during the songs when nobody but the engineer could hear him.
more 7/4/68 Air Check

Android Alert: Surveillance Malware Infects Telegram App

A new family of malware capable of comprehensive surveillance is targeting Android devices through the encrypted messaging app Telegram, according to research from antivirus vendor ESET.

The malware – which has mostly been distributed in Iran – ensnares its victims by posing as an application pledging more social media followers, bitcoin, or free Internet connections, according to ESET. Once downloaded, the malware can carry out surveillance tasks ranging from intercepting text messages to recording audio and screen images from devices, ESET researcher Lukas Stefanko explained in a blog post.

Each compromised device is controlled via a bot that the attacker commandeers via Telegram, which recently boasted 200 million monthly users.

“Attackers can control victimized devices by simply tapping the buttons available in the version of the malware they are operating,” Stefanko wrote.

Such nefarious programs have been knocking on Google Play’s door in droves: With the help of machine learning, security specialists removed 700,000 malicious apps from the store last year. more

For Sale: Your Whereabouts

Verizon and AT&T have promised to stop selling their mobile customers' location information to third-party data brokers following a security problem that leaked the real-time location of US cell phone users.

Sen. Ron Wyden (D-Ore.) recently urged all four major carriers to stop the practice, and today he published responses he received from Verizon, AT&T, T-Mobile USA, and Sprint.

Wyden's statement praised Verizon for "taking quick action to protect its customers' privacy and security," but he criticized the other carriers for not making the same promise.

"After my investigation and follow-up reports revealed that middlemen are selling Americans' location to the highest bidder without their consent or making it available on insecure Web portals, Verizon did the responsible thing and promptly announced it was cutting these companies off," Wyden said. "In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to sell their customers' private information to these shady middle men, Americans' privacy be damned." more