eavesdropping
Latest
How home assistants ruined us, an explanation
Our situation became clear when my friend ran through Trader Joe's screaming "ALEXA WHAT TIME IS IT?" This wasn't a cringey mockumentary comedy segment. It's the way we live now. I'm certain San Francisco's sea of terrified Postmates and Prime delivery runners parted for her, trampling an Instacart personal shopper already wallowing in the misfortune of crawling along the baked goods aisle, feeling blindly under tortillas for lost earbuds. Everyone wondering if they should yell at Google or Siri to call 911. Several cameras are trained on everyone, of course, to memorialize and broadcast these special moments forever.
Huawei allegedly developed a spy-friendly phone network for North Korea
If Huawei was hoping to mend its reputation in the wake of the de facto US ban, it's about to be disappointed. The Washington Post and 38 North have published joint reports indicating that Huawei helped build Koryolink, North Korea's highly restrictive cellphone network that went live in 2008. According to documents, Huawei partnered with China's state-owned Panda International Information Technology on projects in North Korea for at least eight years, with cooperation starting when then-dictator Kim Jong Il visited Huawei's headquarters in 2006. Huawei provided elements like cellular infrastructure, network management and encryption, while Panda provided software and transported Huawei gear.
Apple disables its walkie-talkie Watch app due to vulnerability
Apple has disabled its Walkie Talkie Watch app due to a vulnerability that could've allowed someone to listen in on other iPhones, the company told Techcrunch. In a statement, Apple said that the vulnerability -- which requires specific conditions and actions to exploit -- hasn't been used against anyone as far as it knows. It apologized to users and said it would restore the app once a fix is found.
Apple says Group FaceTime bug will be fixed next week
Apple announced Friday that it has come up with a fix for a bug in the Group FaceTime feature that allows users to listen in on the activity of others before they pick up the call. The company said a software update will be released next week that will fix the issue, according to BuzzFeed News. Group FaceTime has been disabled since the bug was discovered earlier this week.
New York investigates Apple's Group FaceTime privacy bug
You knew it was just a matter of time before Apple's Group FaceTime 'eavesdropping' bug drew the attention of politicians. New York Attorney General Letitia James has launched an investigation into the FaceTime flaw in hopes of understanding both its "failure to warn consumers" and reports of a "slow response" to the problem. Stated residents "need to know that their phones are safe," Governor Cuomo added.
Apple's Group FaceTime is 'unavailable' after eavesdropping bug appears
Just in case you hadn't immediately disabled FaceTime after finding out about a bug that could allow callers to receive audio and even video before you picked up, it looks like Apple is trying to close the hole on its end. While the company already said a fix for the issue -- which affects iPhones, iPads and Macs -- is coming later this week, tonight its System Status page shows that Group FaceTime has been unavailable since 10:16 PM ET. When we tried to initiate a Group FaceTime call -- part of the issue behind the bug -- the calls just ended, although some have reported the bug is still active for them. Apple shut the service off for the time being, and based on our tests it should keep people from exploiting the issue Still, until everything has been addressed it's probably still a good idea to disable FaceTime so that people don't find out what you really say when their name pops up on Caller ID.
Cuba's 'sonic attacks' may have been a side-effect of spying
Remember those 'sonic attacks' against the American and Canadian embassies last summer, making staff queasy and raising all kinds of questions as to what happened? There might be an answer. University of Michigan researchers have theorized that the incidents were really the result of ultrasonic signals from poorly functioning surveillance equipment. While individual ultrasonic signals can't harm people outside of extreme circumstances, multiple signals can clash with each other and produce a sound that's just low enough to be audible.
Malware creator charged for 13-year spying spree
You don't need an elaborate crime ring (or a government agency) to write malware that spies on others -- sometimes, just one person can be responsible. The US Department of Justice has charged Ohio resident Philip Durachinsky with 16 crimes for allegedly writing malware, nicknamed "Fruitfly," that gave him unfettered access to the PCs of "thousands" of individuals and institutions between 2003 and January 2017. Reportedly, he not only stole sensitive data to use for fraud and blackmail (such as logins, embarrassing chats and medical records) but took screenshots, logged keystrokes and spied on people through their webcams.
Facebook: No, we're not using your phone's mic to eavesdrop
In a story that mostly proves Facebook really doesn't manipulate what stories are popular on its service, today the company responded to a rumor that its app is listening in on users. This time around, the rumor started in an article from The Independent reporting that a communications professor from USF noticed Facebook serving ads with topics similar to stuff she'd discussed near her phone. Not surprisingly, the story spread rapidly on Facebook, and today the company responded with a statement trying to clear up the situation. As it said to Gizmodo: "Facebook does not use microphone audio to inform advertising or News Feed stories in any way. Businesses are able to serve relevant ads based on people's interests and other demographic information, but not through audio collection." Clear enough?
US surveillance court didn't reject a single spy order last year
For years, critics have claimed that the US' Foreign Intelligence Surveillance Court is a pushover: it's allegedly so reluctant to reject spying orders that it's little more than a speed bump for the FBI and NSA. True or not, that reputation isn't about to change any time soon. Reuters has obtained a Justice Department memo showing that FISC didn't reject any of the 1,457 surveillance order requests it received in 2015, even in part. That's no different than in 2014, but it suggests that the court isn't any less forgiving in an era of tighter government controls.
FTC issues warning to apps covertly monitoring TV broadcasts
It's like the those skeevy flashlight apps all over again. The Federal Trade Commission has sent out a warning to mobile software developers using the Silverpush framework that their applications could be invading the privacy of unknowing consumers. As Fortune notes, Silverfish and others of its ilk are why some apps that don't do anything in terms of voice transmission ask for permission to access your microphone. This alone sounds a bit creepy, but trust me, it gets even more gross.
US prisons allegedly record more inmate calls than they should (update: response)
It might not just be everyday people who've been subject to illegal surveillance -- prisoners may be victims, too. An anonymous hacker has given The Intercept phone records showing that prisons have recorded "at least" 14,000 calls between inmates and lawyers through software from Securus. As you might imagine, that potentially represents huge violations of both the attorney-client privilege and Sixth Amendment protections against interference with your right to counsel. Prosecutors could use these recordings to cheat at trial by getting case details that they're not supposed to know. In fact, a recent Austin lawsuit accuses Securus of contributing to just that kind of trickery.
The DEA's eavesdropping has tripled over the past decade
A federal agency eavesdropping is nothing new -- even if sometimes they do it with controversy. But, aside from the NSA, there's one in particular that has been quite active in the past few years: the Drug Enforcement Administration. According to records obtained by USA Today, thanks to the Freedom of Information Act, the DEA more than tripled its use of wiretaps (and other electronic tools used for snooping) over the last decade. As of last September, it had recorded 11,681 intercepts, compared to 3,394 made 10 years earlier. That's not the most interesting part about the report, however.
NSA wants to make a quantum computer that cracks tough encryption
While the NSA can inflitrate many secure systems without breaking a sweat, there are still some encryption methods that it just can't crack. That may not be a problem in the long term, however. The Washington Post has published documents from Edward Snowden which reveal that the agency is researching a "cryptologically useful" quantum computer. The dramatically more powerful hardware could theoretically decode public encryption quickly enough to be useful for national defense; conventional PCs can take years, even when clustered together. That kind of decrypting power is potentially scary, but you won't need to worry about the privacy of your secure content just yet. It's not clear that the NSA is anywhere close to reaching its goal, and any success could eventually be thwarted by quantum-based encryption that's impossible to break by its very nature. Still, the leak is a friendly reminder that we shouldn't take existing security methods for granted.
NSA can decode many GSM cellphone calls
The NSA may say that its phone surveillance efforts focus on metadata rather than the associated calls, but we now know that the agency can listen to many of those conversations whenever it wants. Documents leaked to the Washington Post by Edward Snowden confirm that the NSA can decode GSM-based cellphone calls without obtaining the encryption keys. The ability isn't surprising when GSM has known weaknesses, but the document suggests that the NSA (and potentially other US agencies) can easily process cellphone calls worldwide. Not surprisingly, the intelligence branch argues that such cracking is necessary -- folks on both sides of the law use encryption to hide information, after all. The NSA may not have such an easy time in the future, however. AT&T, T-Mobile Germany and other carriers worldwide are moving to tougher encryption methods for their GSM service, and 3G calls are typically more secure as a matter of course. These measures don't prevent eavesdropping, but they do complicate any attempts to snoop on cellular chats.
Microsoft asks US Attorney General to intervene on security disclosures, denies assisting with NSA interceptions
Microsoft sits between a rock and a hard place when it comes to privacy -- it can't reveal more about FISA requests, but it's also accused of assisting with NSA eavesdropping. The company is trying to settle both matters today, starting with a call on the US Attorney General for help. Microsoft hasn't had a response to its June 19th request to publish aggregate security request data, and it wants the Attorney General to directly intervene by legalizing these disclosures. The government official hasn't publicly acknowledged the request so far, although we weren't expecting an immediate answer. At the same time, Microsoft is expanding its denials of The Guardian's recent reporting that it facilitates large-scale NSA snooping. Along with insisting once more that it only offers specific information in response to legal requests, the firm claims that its supposedly eavesdrop-friendly actions were innocuous. Microsoft was only moving Skype nodes in-house rather than simplifying the NSA's access to audio and video chats, for example. It's doubtful that the public position will completely reassure doubters given the veils of secrecy surrounding the NSA and its collaborators, but the crew in Redmond at least has a full statement on record.
Microsoft reportedly eased NSA access to Outlook.com, SkyDrive and Skype
Tech firms say they aren't giving the NSA direct access to their servers, but that might not even be necessary. The Guardian reports that Microsoft, at least, is making it easy to snoop on services from the outside. Documents provided by Edward Snowden claim that Microsoft helped the NSA bypass Outlook.com chat encryption, even before the product launched; reportedly, it also simplified PRISM access to both SkyDrive and Skype conversations. The company denies offering any kind of carte blanche access, however, and insists that it only complies with specific, legal requests. Whether or not that's true, we can only know so much when Microsoft is limited in what it can say on the subject.
France reportedly has its own PRISM-like data surveillance system
The US isn't the only western country with an all-seeing digital eye... at least, according to Le Monde. The news outlet claims that France's General Directorate for External Security has a PRISM-like system that captures and processes the metadata for "billions and billions" of communications, including internet messaging, phone calls, SMS and even faxes. The goal is ostensibly to track the behavior of terrorist cells, but the Directorate allegedly shares the anonymized information with other intelligence services, including the police. Whether or not residents can do much about the snooping, if real, is another matter. One source believes that it exists in a gray area, as French law reportedly doesn't account for the possibility of storing personal data this way. We're skeptical of claims that the Directorate can spy on "anyone, anytime," especially without official commentary, but we'd suggest that locals be careful with their secrets all the same. Dan Cooper contributed to this report.
Researchers use children's toy to exploit security hole in feds' radios, eavesdrop on conversations
Researchers from the University of Pennsylvania have discovered a potentially major security flaw in the radios used by federal agents, as part of a new study that's sure to raise some eyebrows within the intelligence community. Computer science professor Matt Blaze and his team uncovered the vulnerability after examining a set of handheld and in-car radios used by law enforcement officials in two, undisclosed metropolitan areas. The devices, which operate on a wireless standard known as Project 25 (P25), suffer from a relatively simple design flaw, with indicators and switches that don't always make it clear whether transmissions are encrypted. And, because these missives are sent in segments, a hacker could jam an entire message by blocking just one of its pieces, without expending too much power. What's really shocking, however, is that the researchers were able to jam messages and track the location of agents using only a $30 IM Me texting device, designed for kids (pictured above). After listening in on sensitive conversations from officials at the Department of Justice and the Department of Homeland Security, Barnes and his team have called for a "substantial top-to-bottom redesign" of the P25 system and have notified the agencies in question. The FBI has yet to comment on the study, but you can read the whole thing for yourself, at the link below.
New Android trojan can record phone calls, expose your embarrassing fantasy baseball talk
Mobile malware is nothing new, especially for Android users who have trained themselves to navigate the sometimes shady back alleys of the Market. The fine folks at CA Technologies came across an interesting new trojan though, that does something slightly more unnerving than max out your credit cards -- it records your conversations. There's no evidence that this has actually found its way into the wild yet, but it's entirely possible that some nefarious developer could capture your calls and upload them to a remote server. Obviously, this wouldn't hold much interest for your traditional cyber crook, but suspicious significant others and corporate spies could have a field day with such capabilities. All we can do is suggest you remain vigilant and maintain a healthy dose of paranoia about any apps on your phone.
