Tuesday, January 29, 2019

FaceTime Bug Lets Callers Hear You Before You Answer

Users have discovered a bug in Apple's FaceTime video-calling application that allows you to hear audio from a person you're calling before they accept the call—a critical bug that could potentially be used as a tool by malicious users to invade the privacy of others.

Apple: "We're aware of this issue, and we have identified a fix that will be released in a software update later this week." An hour or two after this post went live, Apple disabled Group FaceTime to mitigate the bug.

The bug requires you to perform a few actions while the phone is ringing, so if the person on the other end picks up quickly, they might not be affected. Knowledge of how to use the bug is already widespread.

The steps include:
  • Tap on a contact on your iPhone to start a FaceTime call with them.
  • Swipe up and tap "Add Person."
  • Instead of adding a new person, enter your own number and add yourself as another participant in the Group FaceTime call. more

Updates: What we have also found is that if the person presses the Power button from the Lock screen, their video is also sent to the caller — unbeknownst to them. In this situation, the receiver can now hear your own audio, but they do not know they are transmitting their audio and video back to you. From their perspective, all they can see is accept and decline. (Another update: It seems there are other ways of triggering the video feed eavesdrop too.) more

Temporary fix. General smartphone security tips.

Friday, January 25, 2019

Hackers Access Family Security Cameras - Then Yell and Curse

WA - If you have security cameras connected to the internet inside your home, you’re going to want to play close attention to this story. A local family says someone hacked their account and watched them for weeks inside their home; even yelling and cursing at their children...

The couple says things got really creepy this week, while Abby and the children sat here in the living room. She says could hear multiple male voices. At first, she thought it was Conrado just checking in via the security cameras.

“And then they started cussing...

Abby wanted proof. “I grabbed a chair and I was doing this, but my face was back here and my hand was right here because I didn’t want to look at them. They were like stop recording us! What the ‘F’ are you doing?...
Abby and Conrado called Auburn Police, who confirm they are investigating. more

Eyeglasses and Earbuds for Real Spies

Misumi Electronics Corp. is a prestigious name in the fields of Spy applications, Surveillance system, Industrial inspection, and Medical application. They specialize in making modules and finished products, including camera modules, transmitters, UVC, USB capture cards and grabbers, and accept customized camera request as well.

The example below shows off the high-resolution of their cameras, including the ability to read computer screens and instantly transmit the video elsewhere. A spy wearing these eyeglasses and earbuds can see in three directions at once, in high-definition, without anyone knowing!

Their tiny, high-quality, HD video cameras have been mass produced for years. Should you come across one, keep searching. There is likely more to find. more
Click to enlarge.

Cybercriminals Home in on Ultra-High Net Worth Individuals

Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.

Threat intelligence experts and research groups have seen a shift of cybercriminals increasingly targeting ultra-high net worth (UHNW) individuals and their family businesses...

More than half the attacks were viewed as malicious. And, nearly one-third came from an inside threat, such as an employee intentionally leaking confidential information. more

Congratulations to the corporations who have instituted better information security practices. Their elevated security includes periodic checks for electronic surveillance, or Technical Surveillance Countermeasures (TSCM). 

These checks are absolutely necessary at family compounds and home offices. There, guests, staff, and tradespeople have great opportunities to plant audio, video and data electronic surveillance devices.

Wednesday, January 23, 2019

Apple AirPods Live Listen can Eavesdrop

A useful feature of Apple’s wireless AirPods, designed to help hearing impaired, can also be used to engage in eavesdropping...

The feature Live Listen was released with iOS 12, and according to Apple, can be used with AirPods to turn your iPhone iPad, or iPod touch into a microphone - which can then send sound to your AirPods.

“Live Listen can help you hear a conversation in a noisy area or even hear someone speaking across the room,” the website states.

However, as some users have pointed out... 
“If you have AirPods, you can press ‘Live Listen’ to ‘On’ and leave your phone in the room with someone and you can hear what they are saying, thank me later,” one person wrote on Twitter.

People are suggesting it will be a game-changer when it comes to eavesdropping...

Another said: “Literally just bought AirPods to spy on people.more

Australia's New Encryption Law May Rock the World - bad'day mate

A new law in Australia gives law enforcement authorities the power to compel tech-industry giants like Apple to create tools that would circumvent the encryption built into their products.

The law, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, applies only to tech products used or sold in Australia. But its impact could be global: If Apple were to build a so-called back door for iPhones sold in Australia, the authorities in other countries, including the United States, could force the company to use that same tool to assist their investigations. more

Pinkerton Detectives Still Exist

The security agents, who gained fame as Old West law enforcers, are still around—and they’re not happy about being antagonists in ‘Red Dead Redemption II’

Pinkerton’s National Detective Agency, formed in the 1800s to help law enforcement track down criminals, once sparred with the outlaw Jesse James. It later became entangled in the notorious labor disputes of industrial America.

In the hit videogame “Red Dead Redemption II,” players belong to a gang of bandits in the Old West in 1899 who spend a good deal of time offing Pinkerton agents, known simply as Pinkertons.

The plot twist comes in real life: Pinkerton still exists today as Pinkerton Consulting & Investigations Inc., a specialist in corporate security and risk management—and it’s tired of being the bad guy.

Pinkerton, now owned by the Swedish security firm Securitas AB, hoped a letter sent last month to Take-Two Interactive Software Inc. would persuade the game publisher to do right by the Pinkerton name. The letter included a demand for compensation in the form of a lump sum or “an appreciable percentage of each game sold.” more

To anyone who worked with me at Pinkertons, always feel free to say hello.

Tuesday, January 22, 2019

Tony Mendez - CIA Hero - Dead at 78

Mr. Mendez’s artistic skills, which included hand-eye coordination that enabled him to look at something and copy it precisely, suited the agency’s need for a counterfeiter and forger.

And so began a career that in time would lead Mr. Mendez, who died on Saturday at 78, to orchestrate one of the most audacious covert operations in C.I.A. history: the rescue of six American diplomats from a tumultuous Iran after Islamic militants had stormed the United States Embassy in Tehran on Nov. 4, 1979. The militants held 52 Americans hostage for 444 days, a humiliating foreign policy debacle that would severely undermine Jimmy Carter’s presidency.

The operation, which took place in January 1980, was kept secret until 1997. It was celebrated in a heart-pounding movie, “Argo,” released in 2012, with Ben Affleck (who also directed) portraying Mr. Mendez. The movie won three Oscars, including for best picture, though some critics took it to task for underplaying the vital role of the Canadians in the operation and for inventing certain scenes, such as a chase on an airport tarmac at the end. more

Monday, January 21, 2019

This Month in Video Voyeurism

The following are some of the cases reported by the news media during the last 30 days. Consider them to be the failures. The tip of the iceberg. The people who got caught. Most people don't get caught.

They are posted here periodically to raise awareness of the magnitude of the problem, and the variety of places where this occurs. Fortunately, anyone with a little awareness training can protect themselves.

NY - A former New York nanny is fighting back after she says she was surreptitiously recorded in a bathroom owned by a powerful and well-connected couple, the New York Post reports. Vanessa Rivas alleges she found a spycam inside the guest bathroom of the apartment where she used to work as a nanny, a place where she often showered.

UK - Airbnb guest finds surveillance camera inside his rented apartment but is told he ‘consented’ to it as it appeared in photos of the property...According to Airbnb's Terms and Conditions, a surveillance device must be disclosed. more

UK - A former footballer has been charged with five counts of voyeurism and arson...cameras were allegedly found in the female staff changing room at HMP YOI Portland where Browne worked as a guard and fitness instructor. Further voyeurism charges have since been brought against Browne relating to incidents in Weymouth, Dorchester and Poole. more

OR - An Oregon State University employee is facing criminal charges...after being accused of videotaping several unsuspecting men inside the stall in a Valley Library restroom. more

OH - A man secretly recorded a woman showering in a Norwood home, according to court records...He allegedly attempted to hide a cell phone that was recording in a wopse of towels in a bathroom. "The recording device captured the victim in a state of nudity as well as the identity of Anthony McDaniel placing the device and attempting to hide it," police records state. It is unclear how the phone was discovered. more

UK - Britain's Parliament has approved a law that will make it illegal to take so-called "upskirting" photos...Gina Martin, 26, campaigned to ban upskirting after she chased down a man who had placed a phone between her legs and taken a picture while she was at a crowded music festival in London's Hyde Park in 2017. more

AR - A man has been found guilty of video voyeurism in Washington County Circuit Court...found guilty on multiple counts of video voyeurism and was sentenced to four years in prison, and two years suspended...Godfirnon hid an iPhone with the "Pocket Spy" app enabled in a restroom where he was installing light fixtures. more

S. Korea - A four-year jail sentence given to the co-founder of a South Korean porn website that hosted thousands of videos of women filmed secretly was criticized by campaigners on Thursday for being too light to be a deterrent. more

AR - The Benton Police Department arrested 28-year-old Matthew McCoy, of Rison, without incident Monday, on 30 counts of video voyeurism and two counts of computer child pornography.
All charges stem from a camera discovered in a restroom at a Benton residence. more

WA - A former volunteer coach and athletic director at the Puget Sound Adventist Academy has been sentenced to 10 months in jail after he pleaded guilty to voyeurism...students who were using an athletic department tablet found a video of two female students changing into the basketball uniforms, police said...The volunteer coach was identified because he also recorded himself and could be seen adjusting the camera angle and turning the video on and off. more

UT - Foster parent charged with 100 counts...state police first became aware of the situation and ordered a search warrant after one of the foster children, a 15-year-old, called his sister and told her he found a digital camera device hidden inside a candle holder in the bathroom he showered in. more

Ireland - One of the first sex offenders to be detected in Northern Ireland by the National Crime Agency has appeared in court charged with breaching the terms of a Sexual Offenses Prevention Order...The voyeurism matters came to light when Dynes was caught on his own recording equipment while installing it in a bedroom, which then filmed a female carrying out private act. more

Canada - Former teacher and voyeuristic vice-principal Brent Hachborn’s teaching licence has been revoked by the Ontario College of Teachers. Hachborn, who was convicted of nine counts of voyeurism after it was learned he had been hiding cameras in the false ceiling of a school bathroom... more

KY - A man is accused of spying on a woman and recording her as she was getting out of the shower...According to his arrest citation, Sales-Molina hid a cell phone in a laundry basket. The phone recorded the woman in the nude after she had taken a shower. more

OH - Cleveland County man accused of filming girls on his boat is expected in court Friday...Detectives said Hillard chiseled a hole at the bottom of the door to sneak in a camera to watch... more

NM - Santos Leon-Pereira was sentenced 94 days in jail for placing recording devices in dressing rooms at stores at Coronado Center...According to court documents, two phones were found in a dressing room at Forever 21, both with the video cameras rolling. more

KY - An Owensboro electrician is accused of voyeurism. Officers were notified on Tuesday of a small camera and memory card installed inside a home where Ryan Lloyd had been working.
The victim told police that Lloyd was doing electrical work in their bathroom...The victim found the camera earlier this week...The memory card obtained nude images of the victim's daughter. more

IN - A Gary middle school employee was fired Monday after he was arrested and charged with child pornography and voyeurism...police said the suspect's statements led them to obtain a search warrant for Saldana's home where authorities found photographs, video files, a hidden pinhole camera and photo negatives they said Saldana appeared to be burning when they arrived Saturday. more 

 

Questions We Get - Cell Phone Location Data

"I want to know is whether your location can be tracked if your location based services are turned off?" - from an attorney who reported on the selling of cell phone location data to bounty hunters. more

Good question. The answer is yes.

The information the phone companies are selling is gathered from the phone's administration communications with the cell sites, "Hi. I'm here. I can accept a call." The signal is picked up from multiple cell sites and is evaluated to determine which site is receiving the strongest signal.

Location is determined by triangulation. While not precise, it can get you into the neighborhood.

If they were using the phone's GPS-based location services the location accuracy would be within a few yards. ~Kevin

Friday, January 18, 2019

Counterespionage Checklist: How to Be Safe on the Internet

An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go. more  Scott Adams

Thursday, January 17, 2019

CIA Spy Tool Kit (Preparation H suggested)

The CIA Rectal Tool Kit

The Weed of Crime Bears Bitter Fruits - The Worldwide Huawei Wows

Federal prosecutors are pursuing a criminal investigation of China’s Huawei Technologies Co. for allegedly stealing trade secrets from U.S. business partners, including technology used by T-Mobile US Inc. to test smartphones, according to people familiar with the matter.  

The investigation grew in part out of civil lawsuits against Huawei, including one in which a Seattle jury found Huawei liable for misappropriating robotic technology from T-Mobile’s Bellevue, Wash., lab...

On Wednesday, a bipartisan group of congressional lawmakers introduced legislation that would ban the export of U.S. components to Chinese telecommunications companies that are in violation of U.S. export-control or sanctions laws. Backers said the bill was aimed at Huawei and ZTE Corp...

Last month, Canadian authorities arrested Huawei Chief Financial Officer Meng Wanzhou at the request of U.S. authorities...

In another development, Polish authorities last week arrested Huawei executive Wang Weijing and charged him with conducting espionage on behalf of the Chinese government. more

Wednesday, January 16, 2019

Court: Authorities Can't Force Technology Unlocks with Biometric Features

A judge in California ruled Thursday that U.S. authorities cannot force people to unlock technology via fingerprint or facial recognition, even with a search warrant.

Magistrate Judge Kandis Westmore, of the U.S. District Court for the Northern District of California, made the ruling as investigators tried to access someone's property in Oakland.... (however)

The judge in her ruling stated the request was "overbroad" because it was "neither limited to a particular person nor a particular device." The request could be resubmitted if authorities specify particular people whose devices they'd like to unlock. more

Early Documented Case of Video Voyeurism

The first telescoped PoV close-up in film: As Seen Through a Telescope by George Albert Smith uses an iris'ed close-up to give the impression of filming through a telescope, thus giving the viewer the point of view of the main character. There is also a voyeuristic element as the lead (and each of us) witnesses a bit of naughty action...