Tuesday, May 25, 2021

The Biggest Spies are Now Hiding in Your Car

Cars have undergone a major transformation in recent years.

Traditional models are slowly being replaced by new-age, technology-packed vehicles. Telematics and infotainment that provide convenience, entertainment and security are a driving force behind this revolution.

But they are also turning modern vehicles into one of the biggest threats to personal privacy...

An infotainment system is a collection of hardware and software in automobiles that provides vehicle status information, as well as audio or video entertainment...

In doing so, day after day, these systems generate torrents of data (around 25 gigabytes per hour), a portion of which is transmitted to the manufacturer as well as stored on your car’s storage device. The amount of data recorded is truly impressive and disconcerting, and includes various technical vehicle parameters, GPS location, favorite destinations, speed and so on. 

Once a user connects their smartphone to the console via USB (or wirelessly), the amount of data shared with the car increases even further. By pairing up with the device, the infotainment system downloads (and saves) even more data, adding to its database information that previously existed only on your smartphone. This includes your favorite music, apps, social media, emails, SMS history, voice data and more.

Used cars are even worse. Their data logs contain records of every phone ever connected to them, making them a veritable treasure trove for savvy hackers and government agencies alike. more

Study: Are Smartphones Really Eavesdropping on our Conversations?

It’s a common fear- are smartphones listening and using our private conversations to sell advertising? New research shows many believe this is true.

The study, from Tidio, asked over 1000 people (48.6% males, 49.8% females, and 1.6% declaring as non-binary) about their opinions and experiences, and the results are surprising. more

Tuesday, May 18, 2021

Seminar in Information Security & Cryptography

Zurich Switzerland, June 14−16, 2021
Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich

We are very pleased to announce that the seminar in Information Security and Cryptography on June 14-16 in Zurich Switzerland will take place and we still have a few places free.

We are fortunate that the situation with COVID-19 has improved to the point where we may hold the seminar, under the provisions of the Swiss Federal Office of Public Health (BAG) and their regulations for hotels and restaurants. 

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects. The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography including blockchains and crypto currencies.

The lectures and all course material are in English. A full description of the seminar, including all topics covered, is available at https://www.infsec.ch/seminar2021.html. There are hotel rooms at a special group rate (deadline 24th of May) Please ensure you are allowed to enter Switzerland as every country has different regulations.

FutureWatch: A New TSCM Detection Tool is in Development...

The developers just don't know it yet.
It's an Electronic Dog Nose (EDN).

New sensors developed by Otto Gregory at the University of Rhode Island, and chemical engineering doctoral student Peter Ricci, are so powerful that they can detect threats at the molecular level, whether it's explosive materials, particles from a potentially deadly virus or illegal drugs entering the country.

"This is potentially life-saving technology," said Gregory. "We have detected things at the part-per-quadrillion level. That's really single molecule detection."

Because Gregory's sensors are so small and so powerful, there is a wide range of applications. more

Kevin's analysis...
Specially trained dogs have been used to sniff out covert electronic items, like cell phones in prisons, for quite a while now. The secret to detection is the device's electronic circuit boards. They contain these compounds: triphenylphosphine oxide (TPPO) and hydroxycyclohexyl phenyl ketone (HPK). This second compound is also found on CDs, DVDs, Blu-Rays, the old tech floppy disks.

FutureWatch: Technical Surveillance Countermeasures (TSCM) professionals have many types of technologies at their disposal for detecting illegal electronic surveillance devices. To name a few... Non-Linear Junction Detection, Infrared Thermography, and Radio-frequency Spectrum Analysis. We are now well on our way to adding EDN to our kit.

Italy Appoints First Female Spy Chief

Prime Minister Mario Draghi announced his choice of Elisabetta Belloni as head of the Department of Information Security (DIS) on Wednesday.

The department oversees the country's foreign and domestic intelligence services and reports directly to the Italian government.

Ms Belloni, 63, has a long career of firsts. more

Tin Foil Hat Alert: Tiny, Wireless, Injectable Chips Use Ultrasound to Monitor

Columbia Engineers develop the smallest single-chip system that is a complete functioning electronic circuit; implantable chips... that can be injected into the body with a hypodermic needle to monitor medical conditions.

Researchers at Columbia Engineering report that they have built what they say is the world's smallest single-chip system, consuming a total volume of less than 0.1 mm3. The system is as small as a dust mite and visible only under a microscope. In order to achieve this, the team used ultrasound to both power and communicate with the device wirelessly. The study was published online May 7 in Science Advances.

“We wanted to see how far we could push the limits on how small a functioning chip we could make,” said the study’s leader Ken Shepard, Lau Family professor of electrical engineering and professor of biomedical engineering. “This is a new idea of ‘chip as system’—this is a chip that alone, with nothing else, is a complete functioning electronic system. This should be revolutionary for developing wireless, miniaturized implantable medical devices that can sense different things, be used in clinical applications, and eventually approved for human use.more

Monday, May 10, 2021

Hvaldimir: Seeking Sanctuary for Whale Dubbed a Russian Spy

A mysterious beluga whale was dubbed a spy when he appeared off Norway's coast wearing a Russian harness... The whale seemed to be seeking help... The fisherman put on a survival suit and jumped into the icy water, freed the whale and retrieved the harness. To his surprise it had a camera mount and clips bearing the inscription "Equipment St. Petersburg"... 

Norwegians were captivated by the whale's dramatic rescue. Because of the whale's apparent spy status, he was given a tongue-in-cheek name. In a nod to hval, Norwegian for whale, and Russian President Vladimir Putin, the beluga was christened Hvaldimir. more

Sunday, May 9, 2021

The Very Long Arm of the Law

UK - A Royal Navy submarine and a bugged Scottish farmhouse were used to try to catch the killers of Stephen Lawrence, it has emerged.

The elaborate surveillance operation was set up in 1999 in an attempt to gather evidence from five men accused of the teenager’s murder, as they enjoyed a two-week break after giving a high-profile TV interview...

But the Daily Mail yesterday revealed how, before they arrived, police had planted hidden microphones in the house, in the Perthshire village of Forteviot. The submarine, which took up position off Dundee, sent the signal back to London...

The Met rigged up the whole venue with hidden listening devices even placing them in golf buggies the suspects rode on in the quaint village of Forteviot.

They relayed their signal to a helicopter circling nearby which passed it onto the sub which in turn fired it down to detectives in Scotland Yard.

Even the friendly minibus driver who showed them the sights during their 15-day Highlands stay was an undercover police officer, reports the Mail.

One source said: “It was pure James Bond. It was run like a big anti-terror operation. The team had every piece of kit you had ever heard of.” more  more

PimEyes: Cool New PI Tool or Privacy Alert - You Decide

You probably haven't seen PimEyes, a mysterious facial-recognition search engine, but it may have spotted you... Anyone can use this powerful facial-recognition tool — and that's a problem.

If you upload a picture of your face to PimEyes' website, it will immediately show you any pictures of yourself that the company has found around the internet. You might recognize all of them, or be surprised (or, perhaps, even horrified) by some; these images may include anything from wedding or vacation snapshots to pornographic images.

PimEyes is open to anyone with internet access. more

Saturday, May 8, 2021

Weird GPS Tracking Story: Shark Seems to Leave Sea for a Road Trip

Australia - A bull shark under surveillance left scientists scratching their heads after it seemed to begin traveling down a major roadway in New South Wales.

Marine biologists noticed the predator – or at least its tag – was moving along the Princes Highway between Shellharbour and Wollongong, having apparently quit the sea at Shell Cove on Wednesday morning. more 

I recall a somewhat similar incident involving a bear here in New Jersey... sing-a-long Enjoy the weekend!

Thursday, May 6, 2021

Industrial Espionage: A New Disclaimer Seen in Corporate Report's Fine Print

/PRNewswire/ Corteva, Inc. (NYSE: CTVA) today reported financial results for the three months ended March 31, 2021...

Cautionary Statement About Forward-Looking Statements
This communication contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934...Forward-looking statements are based on certain assumptions and expectations of future events which may not be accurate or realized. Forward- looking statements also involve risks and uncertainties, many of which are beyond Corteva's control...

...(xii) effect of industrial espionage and other disruptions to Corteva's supply chain, information technology or network systems;  more

If your company thinks industrial espionage is beyond their control, call us.

Vishing — Phone Call Attacks and Scams

via Jen Fox, SANS OUCH Newsletter...
While some of today’s cyber criminals do use advanced technologies, many simply use the phone to trick their victims...

The greatest defense you have against a phone call attack is yourself. Keep these things in mind:

  • Anytime anyone calls you and creates a tremendous sense of urgency or pressure, be extremely suspicious. They are attempting to rush you into making a mistake. Even if the phone call seems OK at first, if it starts to feel strange, you can stop and say “no” at any time.

  • Be especially wary of callers who insist that you purchase gift cards or prepaid debit cards.

  • Never trust Caller ID. Bad guys will often spoof the number, so it looks like it is coming from a legitimate organization or has the same area code as your phone number.

  • Never allow a caller to take temporary control of your computer or trick you into downloading software. This is how they can infect your computer.

  • Unless you placed the call, never give the other party information that they should already have. For example, if the bank called you, they shouldn’t be asking for your account number.

  • If you believe a phone call is an attack, simply hang up. If you want to confirm that the phone call was legitimate, go to the organization’s website (such as your bank) and call the customer support phone number directly yourself. That way, you really know you are talking to the real organization.

  • If a phone call is coming from someone you do not personally know, let the call go directly to voicemail. This way you can review unknown calls on your own time. Even better, on many phones you can enable this by default with the “Do Not Disturb” feature. more

Apple Airtags - You're It

A new report today says that AirTag stalking is “frighteningly easy” thanks to a number of weaknesses in Apple’s privacy protections...


...three days is a very long time to be tracked without your knowledge if you are an Android user. Additionally, for a stranger stalker, they would be able to track you to your home address or another location you frequently visit, before you are alerted – in other words, after the damage is done...

...An AirTag starts a three-day countdown clock on its alarm as soon as it’s out of the range of the iPhone it’s paired with. Since many victims live with their abusers, the alert countdown could be reset each night when the owner of the AirTag comes back into its range...

...There’s an option in the Find My app to turn off all of these “item safety alerts” — and adjusting it doesn’t require entering your PIN or password. People in abusive situations don’t always have total control over their phones...

...The only protection for Android users is the audible alert after three days, and it’s already been shown that the speaker can be disabled... more

Monday, May 3, 2021

Some Eavesdropping Okay in All Party Consent State (PA)

Recently, in Commonwealth v. Mason, J-44-2020 No. 69 MAP 2019 (March 25, 2021), the Pennsylvania Supreme Court held that audio interceptions, made in the bedroom of toddler-aged victims of a nanny’s physical and verbal abuse, when such interceptions were captured by a camera hidden in a bedroom of the house by the father (and house owner) of the toddler-aged victims, did not violate the rights of the defendant (the nanny) under the Wiretapping and Electronic Surveillance Act (Wiretap Act), 18 Pa.C.S. Sections 5701-5782, and so were admissible. The Supreme Court drew a proper and logical conclusion from the facts and the law and, hopefully, brought us closer to a reasonable look at the issue... more

Coca-Cola Chemist Guilty of Stealing Trade Secrets, Espionage

While Coca-Cola’s namesake syrup for its flagship soft drink is one of the most well-known trade secrets in food manufacturing, the beverage giant’s other secrets apparently are a little more vulnerable.

On April 22, the U.S. Department of Justice said that a federal jury in Tennessee convicted a Michigan woman of conspiracy to steal trade secrets, economic espionage and wire fraud regarding Coke’s formulas for its BPA-free coatings inside its beverage cans. She was originally indicted in February 2019, with a superseding indictment charged in August of last year.

According to court documents and evidence presented during her 12-day trial, 59-year-old Dr. Xiaorong You, who goes by Shannon You, stole the valuable formulation material while working for the company in Atlanta and at Eastman Chemical Company in Kingsport, Tennessee. The stolen BPA trade secrets belonged to major chemical and coating makers that include Akzo-Nobel, BASF, Dow Chemical, PPG and others, and cost nearly 120 million dollars to develop. more