Google has removed over 500 apps that included mobile games for teenagers from its Play Store on account of a spyware threat.
The decision came after US-based cyber-security firm Lookout discovered more than 500 apps that could spread spyware on mobile phones, Fortune reported late on Wednesday.
According to Lookout, the apps used certain software that had the ability to covertly siphon people's personal data on their devices without alerting the app makers. more
Thursday, August 24, 2017
Shoulder Surfers Get Faked Out with IllusionPIN App
Researchers have created a smartphone application to combat “shoulder-surfing”—when someone else looks over your shoulder as you enter your phone’s password or other private digits, potentially even gleaning vital financial or personal information...
Nasir Memon, a professor of computer science and engineering at New York University’s Tandon School of Engineering, explains that the technology, called “IllusionPIN,” deploys a hybrid-image keyboard that appears one way to the close-up user and differently to an observer at a distance of three feet or greater.
The research team simulated a series of shoulder-surfing attacks on smartphone devices to test the effectiveness of IllusionPIN at various distances.
In total, they performed 84 attempted shoulder-surfing attacks on 21 participants, none of which was successful. For contrast, they also mounted 21 shoulder-surfing attacks on unprotected phones using the same distance parameters; all 21 attacks were successful. more much more
Nasir Memon, a professor of computer science and engineering at New York University’s Tandon School of Engineering, explains that the technology, called “IllusionPIN,” deploys a hybrid-image keyboard that appears one way to the close-up user and differently to an observer at a distance of three feet or greater.The research team simulated a series of shoulder-surfing attacks on smartphone devices to test the effectiveness of IllusionPIN at various distances.
In total, they performed 84 attempted shoulder-surfing attacks on 21 participants, none of which was successful. For contrast, they also mounted 21 shoulder-surfing attacks on unprotected phones using the same distance parameters; all 21 attacks were successful. more much more
Eavesdropping Device Found in State Gaming Office
NY - The Erie County District Attorney’s Office confirmed Monday afternoon it is investigating allegations made by the New York State Gaming Commission that its employees were eavesdropped on by the Seneca Gaming Authority. A source close to the investigation said gaming officials found a listening device last year in a casino space that was leased to state officials. more
Tuesday, August 22, 2017
Spying Using Acoustic Imaging Via Smart Devices
A team of student hackers have demonstrated a method for using music to turn smart devices into tools for spying. The system is based on sonar, and embeds an inaudible signal into songs played on a smartphone or TV. The system can then use the device’s microphone to listen to how the signal bounces, and track the movements of anyone near the audio source.
The University of Washington research team behind the technology, known as CovertBand, tested it using a 42-inch Sharp TV in five different Seattle homes.
They found that the method is able to track the physical movements of multiple people to within 18 centimeters of accuracy, and even differentiate between particular gestures and motions. The tech can also track people, though less accurately, through walls.
They also demonstrated that listeners couldn’t distinguish between songs containing the hidden sonar signals, and those without it. ...and all CovertBand needs to work is a speaker and a microphone. more
The University of Washington research team behind the technology, known as CovertBand, tested it using a 42-inch Sharp TV in five different Seattle homes.They found that the method is able to track the physical movements of multiple people to within 18 centimeters of accuracy, and even differentiate between particular gestures and motions. The tech can also track people, though less accurately, through walls.
They also demonstrated that listeners couldn’t distinguish between songs containing the hidden sonar signals, and those without it. ...and all CovertBand needs to work is a speaker and a microphone. more
Smartphone Replacement Parts as Spies
If cracking your smartphone’s touchscreen wasn’t bad enough, researchers have found out a new security threat that might emerge out following the replacement of your touch screen as it has been found out that the replaced units might contain hardware that could hijack a device.
A paper presented by researchers at Ben-Gurion University of Negev, Israel, at the 2017 Usenix Workshop on Offensive Technologies, shows how smartphone replacement units can be a security risk for the user.
According to the researchers, devices with cracked touchscreens or even other damaged components are prone to security risks as the replaced parts installed by a repair shop might contain additional hardware that can hijack the device and track usage, log keystrokes, install other malicious apps, access files and more. more
A paper presented by researchers at Ben-Gurion University of Negev, Israel, at the 2017 Usenix Workshop on Offensive Technologies, shows how smartphone replacement units can be a security risk for the user.
 |
| Click to enlarge. |
Dude, No Kid Uses a Landline Phone Anymore
MI - A heads up for parents!
You might not know it, but you could end up in jail for eavesdropping on your child's conversations from a landline phone.
So many parents might pick up another line in the house to see who their child is talking to, but listening in on a call is a felony punishable by up to two years behind bars and a $2,000 fine.
However, a Republican lawmaker wants to change that. State Representative Peter Lucido (R-Shelby Township), introduced a bill last week that would give parents exemption from the eavesdropping law. more
Idea! How about a law against loitering in phone booths.
 |
| Cue theme music. |
So many parents might pick up another line in the house to see who their child is talking to, but listening in on a call is a felony punishable by up to two years behind bars and a $2,000 fine.
However, a Republican lawmaker wants to change that. State Representative Peter Lucido (R-Shelby Township), introduced a bill last week that would give parents exemption from the eavesdropping law. more
Idea! How about a law against loitering in phone booths.
So You Named Your Robot Bedmate, Mata Hari. Cute.
At the Hack in the Box security conference later this week in Singapore,
Argentinian security researchers Lucas Apa and Cesar Cerrudo plan to demonstrate hacker attacks they developed against three popular robots: the humanoid domestic robots known as the Alpha2 and NAO, as well as a larger, industrial-focused robotic arm sold by Universal Robots.
The duo plan to show that they can hack those machines to either change critical safety settings or, in the case of the two smaller bots, send them whatever commands they choose, turning them into surveillance devices that silently transmit audio and video to a remote spy.
"They can move, they can hear, they can see," says Cesar Cerrudo, the chief technology officer of IOActive, where both of the researchers work. Those features could soon make robots at least as tempting a target for spies and saboteurs as traditional computers or smartphones, he argues. "If you hack one of these things, the threat is bigger."...
Privacy invasion presents a more realistic worry... domestic robots contain mobile cameras and microphones whose data a spy could not only intercept, but manipulate and move at will around a target's house. more
Argentinian security researchers Lucas Apa and Cesar Cerrudo plan to demonstrate hacker attacks they developed against three popular robots: the humanoid domestic robots known as the Alpha2 and NAO, as well as a larger, industrial-focused robotic arm sold by Universal Robots.The duo plan to show that they can hack those machines to either change critical safety settings or, in the case of the two smaller bots, send them whatever commands they choose, turning them into surveillance devices that silently transmit audio and video to a remote spy.
"They can move, they can hear, they can see," says Cesar Cerrudo, the chief technology officer of IOActive, where both of the researchers work. Those features could soon make robots at least as tempting a target for spies and saboteurs as traditional computers or smartphones, he argues. "If you hack one of these things, the threat is bigger."...
Privacy invasion presents a more realistic worry... domestic robots contain mobile cameras and microphones whose data a spy could not only intercept, but manipulate and move at will around a target's house. more
Friday, August 18, 2017
Do Bug Detecting Gadgets Work? Let's Ask an Ex-Police Chief
CA - A judge set bond at $100,000 on Friday for former La Joya police Chief Geovani Hernandez, who’s accused of accepting cash to provide security for drug shipments... When agents arrested Hernandez, they found a “bug detector” designed to reveal hidden recording devices and prevent electronic surveillance. more
TSCM News: All Blacks Bugging Case Settled
Australia - Adrian Gard, the security consultant at the centre of the All Blacks bugging case, had his public mischief charge dismissed by a Sydney court on Friday.
Gard was accused of making a false statement to police about a listening device found in the All Blacks’ hotel meeting room before the August 2016 match against Australia in Sydney.
The magistrate was unable to rule out that someone else could have planted the bug.
Gard was found guilty of a second charge relating to carrying out a security operation without a license.
The matter, dubbed “bug-gate”, caused much friction between the Australian and New Zealand Rugby unions when it was revealed last year. more
Moral of the story... This all could have been avoided if the All Blacks spent the money to hire a real, reputable (and licensed) technical security consultant. ~Kevin
Gard was accused of making a false statement to police about a listening device found in the All Blacks’ hotel meeting room before the August 2016 match against Australia in Sydney.
The magistrate was unable to rule out that someone else could have planted the bug.
Gard was found guilty of a second charge relating to carrying out a security operation without a license.
The matter, dubbed “bug-gate”, caused much friction between the Australian and New Zealand Rugby unions when it was revealed last year. more
Moral of the story... This all could have been avoided if the All Blacks spent the money to hire a real, reputable (and licensed) technical security consultant. ~Kevin
PI Alert: New NY Law Reduces Surveillance Opportunities
Spying on your neighbor's backyard barbecue with video surveillance is now illegal in New York.
Gov. Andrew Cuomo has signed a bill cracking down on the unauthorized invasion of privacy by video surveillance in the backyard... Unlawful surveillance was made a crime in 2003, but it only applied to places where there's an expectation of privacy like bathrooms and dressing rooms. more
PS - Law enforcement surveillance is exempted under the new law.
Gov. Andrew Cuomo has signed a bill cracking down on the unauthorized invasion of privacy by video surveillance in the backyard... Unlawful surveillance was made a crime in 2003, but it only applied to places where there's an expectation of privacy like bathrooms and dressing rooms. morePS - Law enforcement surveillance is exempted under the new law.
Thursday, August 17, 2017
Spycam Darwin Award of the Week - The Creepy Kid
Jeremy Gabrysch put up a camera in their living room because his kid kept getting up in the middle of the night to watch TV.
The kid was not to be deterred, even if he didn't quite understand how a wide-angle lens works. more
The kid was not to be deterred, even if he didn't quite understand how a wide-angle lens works. more
Wednesday, August 16, 2017
Good Spy News - Mom Bugs Kids... but not the way our moms did it.
California law makes it a crime to record someone’s conversation secretly, with a few exceptions — and one of them, a state appeals court says, allows a parent to use a hidden cell phone to record her child’s talks with a babysitter suspected of abuse.
A mother’s recording led to the conviction of a 12-year-old babysitter for molesting his 4-year-old cousin. The defense lawyer argued that the recording was illegal because neither of the speakers had consented.
But the Fifth District Court of Appeal in Fresno said Monday that a parent who reasonably fears harm to her child, particularly a young child, can consent to a secret recording on the child’s behalf. State law normally requires the consent of both parties to a conversation, but allows consent by one person who reasonably suspects the other of a serious crime. more
A mother’s recording led to the conviction of a 12-year-old babysitter for molesting his 4-year-old cousin. The defense lawyer argued that the recording was illegal because neither of the speakers had consented.
But the Fifth District Court of Appeal in Fresno said Monday that a parent who reasonably fears harm to her child, particularly a young child, can consent to a secret recording on the child’s behalf. State law normally requires the consent of both parties to a conversation, but allows consent by one person who reasonably suspects the other of a serious crime. more
SCIFs Go Corporate
With cybersecurity threats on the rise, the private sector is taking a cue from national security protocol to protect corporate secrets, investing in highly protected SCIFs, or Sensitive Compartmented Information Facilities.
What happens in a SCIF stays in a SCIF—and has ever since the concept of the “war room” originated during World War II. ...
Private companies are increasingly seeing the benefits too—especially those working in fields whose success is dependent on continually out-innovating their competitors. “The rooms can be used in many ways once built, from proposal writing and strategy sessions, to hands-on R&D and product testing,” says Gordon. “They can even be portable. But they all give companies piece of mind that work and discussions taking place inside the room are completely confidential.” more
Can't afford a SCIF (they're expensive), use a TSCM team to conduct pre-meeting inspections. If you can afford a SCIF (sweet), use a TSCM team to re-certify it's integrity against eavesdropping. SCIF effectiveness tends to decay with age and use. ~Kevin
What happens in a SCIF stays in a SCIF—and has ever since the concept of the “war room” originated during World War II. ...Private companies are increasingly seeing the benefits too—especially those working in fields whose success is dependent on continually out-innovating their competitors. “The rooms can be used in many ways once built, from proposal writing and strategy sessions, to hands-on R&D and product testing,” says Gordon. “They can even be portable. But they all give companies piece of mind that work and discussions taking place inside the room are completely confidential.” more
Can't afford a SCIF (they're expensive), use a TSCM team to conduct pre-meeting inspections. If you can afford a SCIF (sweet), use a TSCM team to re-certify it's integrity against eavesdropping. SCIF effectiveness tends to decay with age and use. ~Kevin
Security Director Alert #857 - Coordinated Hotel Wi-Fi Spying
Mention this to your traveling executives. Reinforce VPN usage.
Russian hackers who infiltrated the computer systems of the Democratic National Committee in the US are now focusing on the wifi networks of European hotels to spy on guests in a “chilling” cyberoperation.
The state-sponsored Fancy Bear group infected the networks of luxury hotels in at least seven European countries and one Middle Eastern country last month, researchers say. FireEye, the US cybersecurity company that discovered the attacks, said the hotels were in capital cities and belonged to international chains that diplomats, business leaders and wealthy travelers would use. more
Russian hackers who infiltrated the computer systems of the Democratic National Committee in the US are now focusing on the wifi networks of European hotels to spy on guests in a “chilling” cyberoperation.
The state-sponsored Fancy Bear group infected the networks of luxury hotels in at least seven European countries and one Middle Eastern country last month, researchers say. FireEye, the US cybersecurity company that discovered the attacks, said the hotels were in capital cities and belonged to international chains that diplomats, business leaders and wealthy travelers would use. more
A TSCM Cautionary Tale - The All Blacks Affair
Background... A security consultant for the All Blacks rugby team announces he found a bug in a meeting room chair seat cushion. The arrest. And now, the trial...
An upholsterer called as a witness in the All Blacks bugging trial told a Sydney court he didn’t find any evidence of “tampering” or “reupholstering” when he inspected a chair allegedly used to conceal a listening device in the lead up to the Bledisloe Cup.
All Blacks security consultant Adrian Gard has denied making up claims he found the bug concealed in a chair in the All Blacks’ meeting room at the InterContinental Hotel in Double Bay in August 2016.
Mr Gard has pleaded not guilty to making a false representation resulting in a police investigation into the bug...
All Blacks team manager Darren Shand told the court last week Mr Gard on August 15, 2016, showed him two chairs which he claimed had given off abnormal readings during a bug sweep in the meeting room. Mr Shand said he could see what looked like a listening device. more
Why should you care?
• Not all TSCM "experts" are honest. (I'm shocked!)
• Reputation and experience matters.
• Ignore the smooth talk. Check references thoroughly, before letting them in.
~Kevin
This just in... The bugging device found in a chair in the All Blacks' Sydney hotel is sold at a chain of spy stores, a court has heard. Technician Mark Muratore told Downing Centre Local Court on Wednesday the FM transmitter powered by a nine-volt battery was sold at the Oz Spy chain of stores and on eBay. Mr Muratore told the court about 80 of the FM transmitter devices, known as the RBFM600, were sold each year on eBay and at Oz Spy for $120 (≈$95 usd) each.
An upholsterer called as a witness in the All Blacks bugging trial told a Sydney court he didn’t find any evidence of “tampering” or “reupholstering” when he inspected a chair allegedly used to conceal a listening device in the lead up to the Bledisloe Cup.
All Blacks security consultant Adrian Gard has denied making up claims he found the bug concealed in a chair in the All Blacks’ meeting room at the InterContinental Hotel in Double Bay in August 2016.
Mr Gard has pleaded not guilty to making a false representation resulting in a police investigation into the bug...
All Blacks team manager Darren Shand told the court last week Mr Gard on August 15, 2016, showed him two chairs which he claimed had given off abnormal readings during a bug sweep in the meeting room. Mr Shand said he could see what looked like a listening device. more
Why should you care?• Not all TSCM "experts" are honest. (I'm shocked!)
• Reputation and experience matters.
• Ignore the smooth talk. Check references thoroughly, before letting them in.
~Kevin
This just in... The bugging device found in a chair in the All Blacks' Sydney hotel is sold at a chain of spy stores, a court has heard. Technician Mark Muratore told Downing Centre Local Court on Wednesday the FM transmitter powered by a nine-volt battery was sold at the Oz Spy chain of stores and on eBay. Mr Muratore told the court about 80 of the FM transmitter devices, known as the RBFM600, were sold each year on eBay and at Oz Spy for $120 (≈$95 usd) each.
Subscribe to:
Posts (Atom)