Archive of ‘privacy’ category

Are your phone camera and microphone spying on you

Are your phone camera and microphone spying on you?

https://www.theguardian.com/commentisfree/2018/apr/06/phone-camera-microphone-spying

Apps like WhatsApp, Facebook, Snapchat, Instagram, Twitter, LinkedIn, Viber

Felix Krause described in 2017 that when a user grants an app access to their camera and microphone, the app could do the following:

  • Access both the front and the back camera.
  • Record you at any time the app is in the foreground.
  • Take pictures and videos without telling you.
  • Upload the pictures and videos without telling you.
  • Upload the pictures/videos it takes immediately.
  • Run real-time face recognition to detect facial features or expressions.
  • Livestream the camera on to the internet.
  • Detect if the user is on their phone alone, or watching together with a second person.
  • Upload random frames of the video stream to your web service and run a proper face recognition software which can find existing photos of you on the internet and create a 3D model based on your face.

For instance, here’s a Find my Phone application which a documentary maker installed on a phone, then let someone steal it. After the person stole it, the original owner spied on every moment of the thief’s life through the phone’s camera and microphone.

The government

  • Edward Snowden revealed an NSA program called Optic Nerves. The operation was a bulk surveillance program under which they captured webcam images every five minutes from Yahoo users’ video chats and then stored them for future use. It is estimated that between 3% and 11% of the images captured contained “undesirable nudity”.
  • Government security agencies like the NSA can also have access to your devices through in-built backdoors. This means that these security agencies can tune in to your phone calls, read your messages, capture pictures of you, stream videos of you, read your emails, steal your files … at any moment they please.

Hackers

Hackers can also gain access to your device with extraordinary ease via apps, PDF files, multimedia messages and even emojis.

An application called Metasploit on the ethical hacking platform Kali uses an Adobe Reader 9 (which over 60% of users still use) exploit to open a listener (rootkit) on the user’s computer. You alter the PDF with the program, send the user the malicious file, they open it, and hey presto – you have total control over their device remotely.

Once a user opens this PDF file, the hacker can then:

  • Install whatever software/app they like on the user’s device.
  • Use a keylogger to grab all of their passwords.
  • Steal all documents from the device.
  • Take pictures and stream videos from their camera.
  • Capture past or live audio from the microphone.
  • Upload incriminating images/documents to their PC, and notify the police.

And, if it’s not enough that your phone is tracking you – surveillance cameras in shops and streets are tracking you, too

  • You might even be on this website, InSeCam, which allows ordinary people online to watch surveillance cameras free of charge. It even allows you to search cameras by location, city, time zone, device manufacturer, and specify whether you want to see a kitchen, bar, restaurant or bedroom.

++++++++++++++++++
more on privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

more on surveillance in this IMS blog
http://blog.stcloudstate.edu/ims?s=surveillance

 

Putin’s game

What Putin Really Wants

Russia’s strongman president has many Americans convinced of his manipulative genius. He’s really just a gambler who won big.

JULIA IOFFE  JANUARY/FEBRUARY 2018 ISSUE

https://www.theatlantic.com/magazine/archive/2018/01/putins-game/546548/

(translated in Bulgarian http://librev.com/index.php/2013-03-30-08-56-39/prospects/europe/3371-igrata-na-putin-1

“They do plan,” said a senior Obama-administration official. “They’re not stupid at all. But the idea that they have this all perfectly planned and that Putin is an amazing chess player—that’s not quite it. He knows where he wants to end up, he plans the first few moves, and then he figures out the rest later. People ask if he plays chess or checkers. It’s neither: He plays blackjack. He has a higher acceptance of risk. Think about it. The election interference—that was pretty risky, what he did. If Hillary Clinton had won, there would’ve been hell to pay.”

Even the manner of the Russian attack was risky. The fact that the Russians didn’t really bother hiding their fingerprints is a testament to the change in Russia’s intent toward the U.S., Robert Hannigan, a former head of the Government Communications Headquarters, the British analogue to the National Security Agency, said at the Aspen Forum. “The brazen recklessness of it … the fact that they don’t seem to care that it’s attributed to them very publicly, is the biggest change.”

also: http://blog.stcloudstate.edu/ims/2016/11/13/hacking-voting/

in German: http://www.sueddeutsche.de/medien/phishing-attacken-der-feind-liest-mit-1.3378411

+++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

WhatsApp privacy France

French privacy watchdog raps WhatsApp over Facebook data sharing

 France’s data privacy watchdog may fine messaging app WhatsApp if it does not comply with an order to bring its sharing of user data with parent company Facebook into line with French privacy law.
Separately, Germany’s cartel office said on Tuesday it had found Facebook had abused its dominant market position, in a ruling that questioned the company’s model of monetizing the personal data of its users through targeted advertising.
My note: it seems the EU is gearing toward in increase scrutiny of social media giants regarding users’ privacy:
http://blog.stcloudstate.edu/ims/2018/01/05/tinder-dating-privacy/ 

++++++++++++
more on privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

 

fake emails

Why everyone still falls for fake emails

By Richard Matthews  Jul 31, 2017

https://gcn.com/articles/2017/07/31/why-fake-emails-still-work.aspx

Phishing is likely to get only more sophisticated.

Based on my experience in Tallinn, we will see companies become more transparent in how they deal with cyber attacks. After a massive cyber attack in 2007, for example, the Estonian government reacted in the right way.

free anti-phishing software

+++++++++++++++++++++
more on phishing in this IMS blog
http://blog.stcloudstate.edu/ims?s=phishing+

RFID blocking

There Are Plenty Of RFID-Blocking Products, But Do You Need Them?

hackers can access your credit card data wirelessly, through something called radio frequency identification, or RFID

card has a tiny RFID sensor chip. These chips are supposed to make life easier by emitting radio signals for fast identification. The technology helps keep track of livestock and inventory. It makes automatic payment on toll roads and faster scanning of passports possible, and, starting around 2004, brought us contactless payment with certain credit cards.

REI and other companies sell a range of RFID-blocking products and say the number of customers looking for travel bags and credit card sleeves has been growing. That’s despite the fact that the percentage of credit cards with RFID chips in the U.S. is extremely small.

Still, people are worried about electronic pickpocketing — worried enough to strap on RFID-blocking fanny packs, even skinny jeans. In 2014, the San Francisco-based clothing company Betabrand partnered with Norton Security to create the first pair of denim with RFID protected pockets.

Eva Velasquez, president of the Identity Theft Resource Center, says from a consumer perspective, deciding whether to invest in RFID-blocking technology is all about evaluating risk. In the next few years, there will undoubtedly be millions more of these cards on the market.

if you’re worried about e-pickpocketing but don’t want to spend much money, you can make your own blocking wallet or wrap your cards or passport in a thick piece of aluminum foil. According to Consumer Reports, that works as well as most RFID protectors on the market.
+++++++++++++++
more on cybersecurity in this IMS blog

not on your work computer

6 things you should never do on your work computer

Amy Elisa Jackson, Glassdoor Mar. 15, 2017, 10:45 AM

http://www.businessinsider.com/things-you-should-never-do-on-your-work-computer-2017-3

cyber security experts say that weaving your personal and professional lives together via a work laptop is risky business — for you and the company. Software technology company Check Point conducted a survey of over 700 IT professionals which revealed that nearly two-thirds of IT pros believed that recent high-profile breaches were caused by employee carelessness.

  1. DON’T: Save personal passwords in your work device keychain.
  2. DON’T: Make off-color jokes on messaging software.
  3. DON’T: Access free public wi-fi while working on sensitive material.
  4. DON’T: Allow friends or non-IT department colleagues to remotely access your work computer.
  5. DON’T: Store personal data.
  6. DON’T: Work on your side hustle while at the office.

++++++++++++++
more on privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

more on surveillance in this IMS blog:
http://blog.stcloudstate.edu/ims?s=surveillance

section 702

4 Big Intelligence Stories You Missed Amid The Comey Headlines This Week

++++++++++++++++++
more on surveillance and privacy in this IMS blog
http://blog.stcloudstate.edu/ims?s=surveillance

1 2 3