Apps like WhatsApp, Facebook, Snapchat, Instagram, Twitter, LinkedIn, Viber
Felix Krause described in 2017 that when a user grants an app access to their camera and microphone, the app could do the following:
Access both the front and the back camera.
Record you at any time the app is in the foreground.
Take pictures and videos without telling you.
Upload the pictures and videos without telling you.
Upload the pictures/videos it takes immediately.
Run real-time face recognition to detect facial features or expressions.
Livestream the camera on to the internet.
Detect if the user is on their phone alone, or watching together with a second person.
Upload random frames of the video stream to your web service and run a proper face recognition software which can find existing photos of you on the internet and create a 3D model based on your face.
For instance, here’s a Find my Phone application which a documentary maker installed on a phone, then let someone steal it. After the person stole it, the original owner spied on every moment of the thief’s life through the phone’s camera and microphone.
Edward Snowden revealed an NSA program called Optic Nerves. The operation was a bulk surveillance program under which they captured webcam images every five minutes from Yahoo users’ video chats and then stored them for future use. It is estimated that between 3% and 11% of the images captured contained “undesirable nudity”.
Hackers can also gain access to your device with extraordinary ease via apps, PDF files, multimedia messages and even emojis.
An application called Metasploit on the ethical hacking platform Kali uses an Adobe Reader 9 (which over 60% of users still use) exploit to open a listener (rootkit) on the user’s computer. You alter the PDF with the program, send the user the malicious file, they open it, and hey presto – you have total control over their device remotely.
Once a user opens this PDF file, the hacker can then:
Install whatever software/app they like on the user’s device.
Use a keylogger to grab all of their passwords.
Steal all documents from the device.
Take pictures and stream videos from their camera.
Capture past or live audio from the microphone.
Upload incriminating images/documents to their PC, and notify the police.
And, if it’s not enough that your phone is tracking you – surveillance cameras in shops and streets are tracking you, too
You might even be on this website, InSeCam, which allows ordinary people online to watch surveillance cameras free of charge. It even allows you to search cameras by location, city, time zone, device manufacturer, and specify whether you want to see a kitchen, bar, restaurant or bedroom.
cyber security experts say that weaving your personal and professional lives together via a work laptop is risky business — for you and the company. Software technology company Check Point conducted a survey of over 700 IT professionals which revealed that nearly two-thirds of IT pros believed that recent high-profile breaches were caused by employee carelessness.
DON’T: Save personal passwords in your work device keychain.
DON’T: Make off-color jokes on messaging software.
DON’T: Access free public wi-fi while working on sensitive material.
DON’T: Allow friends or non-IT department colleagues to remotely access your work computer.
DON’T: Store personal data.
DON’T: Work on your side hustle while at the office.
Section 702 — that authorizes them to monitor some Americans’ communications without a warrant.
The spy agencies are supposed to “minimize” details about people swept up in what they call such “incidental collection,” and they say their practices are regularly vetted by Congress and the Foreign Intelligence Surveillance Court.
shows that state and federal laws, as well as industry self-regulation, have failed to keep up with a growing education technology industry.
One-third of all K–12 students in the United States use school-issued devices running software and apps that collect far more information on kids than is necessary.
Resource-poor school districts can receive these tools at deeply discounted prices or for free, as tech companies seek a slice of the $8 billion ed tech industry. But there’s a real, devastating cost — the tracking, cataloging and exploitation of data about children as young as 5 years old.
Our report shows that the surveillance culture begins in grade school, which threatens to normalize the next generation to a digital world in which users hand over data without question in return for free services
EFF surveyed more than 1,000 stakeholders across the country, including students, parents, teachers and school administrators, and reviewed 152 ed tech privacy policies.
“Spying on Students” provides comprehensive recommendations for parents, teachers, school administrators and tech companies to improve the protection of student privacy. Asking the right questions, negotiating for contracts that limit or ban data collection, offering families the right to opt out, and making digital literacy and privacy part of the school curriculum are just a few of the 70-plus recommendations for protecting student privacy contained in the report.
The 188-page “Challenging Government Hacking In Criminal Cases” report, released by the American Civil Liberties Union on March 30, addresses new amendments to Rule 41 of the Federal Rules of Criminal Procedure, which took effect last December.
Under the changes to criminal procedure rules, feds can remotely search computers in multiple jurisdictions with a single warrant. The rules are touted by law enforcement agencies as a way to streamline 100-year-old rules of criminal procedure
Apple, Google and Motorola declined to comment on WikiLeaks’ claims. Samsung didn’t respond to a request for comment.
“The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption,” said Moxie Marlinspike, the founder of Signal. “This story isn’t about Signal or WhatsApp, but to the extent that it is, we see it as confirmation that what we’re doing is working.”
Telegram said on its website that the problem lies with operating systems and not encrypted messaging apps and that naming specific encrypted services is “misleading.” WhatsApp declined to comment.
The proposed legislation, said the lawmakers, would set up a cybersecurity grant program that would provide resources for states to develop and implement effective cyber resiliency plans, including efforts to identify, detect, protect, respond, and recover from cyber threats. It also would encourage development of a stronger cybersecurity workforce.
“Framework and Terminology for Understanding Cyber-Enabled Economic Warfare,” a new report by Samantha F. Ravich and Annie Fixler for the Foundation for Defense of Democracies.
Cyber-enabled economic warfare is a “hostile strategy involving attack(s) against a nation using cyber technology with the intent to weaken its economy and thereby reduce its political and military power.”
For example, China’s economic theft of intellectual property from the U.S. is considered CEEW, along with Russia’s cyberattack on Estonia and Iran’s Saudi Aramco attack. The authors also contend that the U.S. sanctions on Iran using cyber means to cut off Society for Worldwide Interbank Financial Telecommunication access also falls under CEEW.