May 27, 2010

Will Your Smart Phone Rat You Out? (Updated 7/18/2011)

GPS Location Tracking: Track and Spy Any Cell Phone
September 17, 2010

This is the ultimate in covert surveillance, the best spy bug in the world. Simply insert the software as you would in an ordinary mobile phone and then the Mobile Phone is converted into an ultimate spy tool. You can now call the device using a telephone from anywhere you like and the device will automatically activate, allowing you to hear all conversations from the device with crystal clarity.

Government Can Eavesdrop on You Even When Your Cell Phone Is Turned Off

Fox News
June 17, 2009

Using your cell phone's tracking device and microphone, the government can eavesdrop on your conversations even if your cell phone is turned off. The only way around it is to remove your phone's battery.

From CNet, December 1, 2006:

The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.

The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.

Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.

Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.

The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call" ...

The Pocket Spy: Will Your Smartphone Rat You Out?

By Linda Geddes, NewScientist
October 14, 2009

... A decade ago, our phones' memories could just about handle text messages and a contacts book. These days, the latest smartphones incorporate GPS, Wi-Fi connectivity and motion sensors. They automatically download your emails and appointments from your office computer, and come with the ability to track other individuals in your immediate vicinity. And there's a lot more to come. Among other things, you could be using the next generation of phones to keep tabs on your health, store cash and make small transactions -- something that's already happening in east Asia (see "Future Phones" below).

These changes could well be exploited in much the same way that email and the internet can be used to "phish" for personal information such as bank details. Indeed, some phone-related scams are already emerging, including one that uses reprogrammed cellphones to intercept passwords for other people's online bank accounts.
"Mobile phones are becoming a bigger part of our lives," says Andy Jones, head of information security research at British Telecommunications. "We trust and rely on them more. And as we rely on them more, the potential for fraud has got to increase."
So just how secure is the data we store on our phones? If we are starting to use them as combined diaries and wallets, what happens if we lose them or they are stolen? And what if we simply trade in our phones for recycling?

According to the UK government's Design and Technology Alliance Against Crime (DTAAC), 80 per cent of us carry information on our handsets that could be used to commit fraud -- and about 16 per cent of us keep our bank details on our phones. I thought my Nokia N96 would hold few surprises, though, since I had only been using it for a few weeks when I submitted it to DiskLabs. Yet their analysts proved me wrong ...

In February, Google launched Latitude, networking software for smartphones that shares your location with friends. It can be turned off, but campaign group Privacy International is concerned by Latitude's complex settings and says it is possible the program could broadcast your location to others without your knowledge.
"Latitude could be a gift to stalkers, prying employers, jealous partners and obsessive friends," the organisation warns.
A phone-based calendar could also leave you vulnerable. Police in the UK have already identified burglaries that were committed after the thief stole a phone and then targeted the individual's home because their calendar said they were away on holiday, says Joe McGeehan, head of Toshiba's research lab in Europe and leader of DTAAC's Design Out Crime project, which recently set UK designers the challenge of trying to make cellphones less attractive to people like hackers and identity thieves.
"It's largely opportunistic, but if you've got all your personal information on there, like bank details, social security details and credit card information, then you're really asking for someone to 'become' you, or rob you, or invade your corporate life," McGeehan says ...
Future Phones

By next year about 1 in 3 new smartphones will have accelerometers. Pressure sensors and gyroscopes will follow, and soon your handset may keep tabs on your health and pay your bills too.

For example, Nokia is experimenting with adding biosensors capable of monitoring heart and breathing rates, as well as glucose and oxygen levels in the blood.
"Your phone could act as a wellness diary, and start to integrate data with the primary health records kept by your doctor," says Marc Bailey, a researcher at the Nokia Research Centre in Cambridge, UK.
Meanwhile mobile commerce, or M-commerce, in which phones are used to transfer money or pay for shopping, is already expanding rapidly. Cellphone users in Japan can buy train or airline tickets with their handset, while people in Afghanistan, the Philippines and east Africa can use their handsets to transfer money to each other.
"M-commerce is coming, and the expectation is that it will become prevalent in the UK and other European countries within four years," says Joe McGeehan, head of Toshiba's research lab in Europe.

Though these developments should bring many benefits, security is expected to become a problem. "As soon as you put money on anything, criminals become more interested in it," says McGeehan.

To counter this, manufacturers are developing more secure ways of encrypting data on handsets. According to Nokia, users will be able to alter security settings depending on how much data they want available at any one time. Phones with built-in fingerprint scanners are already on the market, and Sharp has experimented with face recognition on handsets, though hackers have recently shown that face recognition is easily defeated with just a photograph.

Meanwhile, Apple is thought to be considering adding biometric security measures, such as a fingerprint scanner, to future iPhones. However effective these security features are, though, they will only work when turned on.

Phone Security Q & A

If I delete a message or photo on my phone will it disappear completely?

Data often remains on a phone's memory chip until it is overwritten. Phones also create extra copies that are spread around its memory. It is possible to overwrite files by copying new data onto the phone. Commercial software will "zero fill" a memory or SIM card to overwrite it.

Where do recycled handsets end up?

According to Andy Jones, a security specialist at British Telecommunications, the main markets for recycled phones are Nigeria and China, "both of which are regarded as areas posing a high threat to the security of information."

What if I smash up my SIM card?

Forensic analysts can often recreate SIM cards using the data that's stored on the handset. How much information they can retrieve depends on the phone model. It is also possible to stick a damaged SIM card back together and then extract its data.

Can my movements be tracked, even if I don't have GPS on my phone?

A technique called cell site analysis can be used to track someone to within 10 to 15 metres, using cellphone masts to triangulate their position. GPS can give more detailed information, such as your altitude or the speed you are travelling at.

Can my handset be used to spy on me?

If someone can get direct access to your handset, they can install software that lets them listen to conversations and monitor text messages without your knowledge. Without direct access, they can still monitor your phone usage remotely, but not eavesdrop on your conversations. It is also possible to send text messages that look like they come from someone else -- a technique called SMS spoofing. This makes it possible to upload messages to someone else's Twitter account, or send your boss rude messages using a colleague's number.

How do I improve my phone's security?

Switch on all security options such as handset PIN codes. Download software to wipe your phone before you throw it away or send it for recycling. Consider buying a handset with fingerprint recognition security. Alternatively, add software that can find your phone or even take control of it remotely should it be stolen, allowing you to encrypt all data stored on it, disable it entirely or even make it emit a loud alarm.

Is it legal for my employer or partner to send my cellphone for analysis?

If it is a company phone, or was a present from your partner, beware. Chances are that they can claim legal ownership and so can do what they want with it.

Smartphone Tracks User Interests, Habits, Finances, Location

The International Herald Tribune
March 11, 2009

The millions of people who use their cellphones daily to play games, download applications and browse the Web may not realize that they have an unseen companion: advertisers that can track their interests, their habits and even their location.

Smartphones, like the iPhone and BlackBerry Curve, are the latest and potentially most extensive way for advertisers to aim ads at certain consumers... Advertisers will pay high rates for the ability to show, for example, ads for a nearby restaurant to someone leaving a Broadway show, especially when coupled with information about the gender, age, finances, and interests of the consumer.

Eswar Priyadarshan, the chief technology officer of Quattro Wireless, which places advertising for clients like Sony on mobile sites, says he typically has 20 pieces of information about a customer who has visited a site or played with an application in his network.
“The basic idea is, you go through all these channels, and you get as much data as possible,” he said.
The capability for collecting information has alarmed privacy advocates.
It's potentially a portable, personal spy," said Jeff Chester, the executive director of the Center for Digital Democracy, who will appear before Federal Trade Commission staff members this month to brief them on privacy and mobile marketing.
He is particularly concerned about data breaches, advertisers' access to sensitive health or financial information, and a lack of transparency about how advertisers are collecting data.
"Users are going to be inclined to say, sure, what's harmful about a click, not realizing that they've consented to give up their information" ...

Banks Spying on Your Bills, Rent Payments, Paychecks

November 6, 2010

Raw Story - The age of the plain old credit score is gone, says a report at the Wall Street Journal, and it's been replaced by ever more intrusive efforts by banks and credit agencies to gauge exactly what you're worth, and what you can pay.

To that end, financial firms are now tracking their customers' bank deposits, rent payments or home values, and even utility bills to figure out who may soon become a financial risk, reports WSJ's Karen Blumenthal.

So, for example, if your employer pays you through direct deposits and those deposits stop, financial institutions can now have warning that your money situation is likely to tighten, and may deny you credit on that basis.

But the efforts don't end there. A new area of research, income estimation, "took off earlier this year," WSJ reports, and involves financial firms collecting information about mortgages, personal loans and credit history to determine how much an individual makes and how much credit they should be given.

In this new era of deep data-mining, even your utility bills and rent check aren't out of bounds.

An estimated 40 million consumers, including young people and people who prefer to pay in cash, have too little credit experience to generate a useful credit score. But they are likely to pay rent or utility bills, which could help credit bureaus better assess their credit-worthiness.

Experian, one of the three major credit bureaus, bought RentBureau—which collects rental-payment data from large property managers—and expects to integrate that information into credit records before the end of the year.

Credit bureaus say they also would like to offer data on cellphone payments, but have run into concerns over privacy issues, which may require legislation to untangle.


The WSJ report comes as new concerns emerge over the extent to which businesses are digging into the lives of their customers in order to assess risk or market products.

Raw Story reported this week on SocialMiner, a new software application from Cisco Systems that allows businesses to monitor social networking sites such as Facebook and Twitter. The software has raised concerns over the prospect of employers spying on the personal lives of their employees.
"With more and more Web-based conversations taking place over these social platforms, it's now more critical than ever that businesses are aware of what their customers are saying about them and are able to respond to general inquiries or rectify customer service issues so as to enhance and protect brand reputation," Cisco stated in a press release.
Meanwhile, a federal class action lawsuit alleges that numerous media companies, including Fox News and CNN, received detailed personal information on millions of cellphone users from an advertising company that circumvented security measures on their phones. Courthouse News reports:
Delaware-based Ringleader "stamped" a "Unique Device Identifier" into customers' cell phones, compatible with iPhone, iPad, iTouch and PDAs and other devices, the complaint states.

Once entered into their phones, the class claims, say the code sent their private information to a database that Ringleader shared with AccuWeather, CNN, ESPN, FOX News, Go2 Media, Merriam-Webster, Travel Channel, and WhitePages, all of them named as defendants.
"Essentially, defendants hacked the mobile phones of millions of consumers ... by embedding a tracking code in each user's mobile device database to circumvent users' browser controls for managing web privacy and security," the complaint states.
The class claims the database collected information about "gender, age, race, number of children, education level, geographic location, and household income."

When they learned about the invasion of their privacy, some customers tried to delete the code, but it was programmed for "perpetual re-spawning, creating in effect: 'Zombie Databases,'" the complaint states.

Security Holes Discovered in iPhones, iPads

The Associated Press
July 7, 2011

A new security hole has opened up in Apple Inc.'s iPhone, iPad and iPod Touch devices, raising alarms about the susceptibility of some of the world's hottest tech gadgets to hacker attacks.

Flaws in the software running those devices came to light after a German security agency warned that criminals could use them to steal confidential data off the devices. Apple, the world's largest technology company by market value, said Thursday that it is working on a fix that will be distributed in an upcoming software upgrade.

With the security hole, an attacker can get malicious software onto a device by tricking its owner into clicking an infected PDF file. Germany's Federal Office for Information Security called the flaws "critical weaknesses" in Apple's iOS operating system.

Internet-connected mobile devices are still subject to fewer attacks than personal computer, but they could eventually prove a juicy target for hackers because they are warehouses of confidential banking, e-mail, calendar, contact and other data.

Software vulnerabilities are discovered all the time. What makes the latest discovery alarming is that the weaknesses are already being actively exploited — albeit in a consensual way.

The latest concerns were prompted by the emergence of a new version of a program to allow Apple devices to run any software and circumvent the restrictions that Apple notoriously retains over software distributed through its online store. There are security risks of doing so, but many people find it liberating to install their own software.

Although this program is something people would seek out, the weaknesses that its authors discovered could easily be used for malice, security experts say.

There is an irony in the controversy: The site distributing the program offers a fix for the problem, but to get the fix, a user has to first install the program in question. So a user must defy Apple's restrictions to get the protection until Apple comes up with a fix of its own.

Charlie Miller, a prominent hacker of Apple products, said it likely took months to develop the program to break Apple's restrictions, but a criminal might need only a day or two to modify it for nefarious purposes.

Apple Inc. spokeswoman Bethan Lloyd said Thursday the company is "aware of this reported issue and developing a fix." She would not say when the update will be available.

One reason for gadget owners to take heart: Attacks on smartphones and other Internet gadgets are still relatively rare. One reason is PC-based attacks are still highly lucrative. Still, vulnerabilities such as the ones Apple is confronting show that consumers should take care of securing their mobile devices as they would their home computer.

"These things are computers — they're just small, portable computers that happen to have a phone tacked onto them," said Marc Fossi, manager of research and development for Symantec Security Response. "You've got to treat them more like a computer than a phone. You have to be aware of what's going on with these devices."
Out of Financial Chaos, Futurist Predicts Cashless Society and Robocops
New Monopoly Game is Cashless
Using RFID-enabled Cell Phones, Customers Scan Products and Pay for Purchases
Road warriors: Smartphones with built-in GPS
GPS on smartphones is no longer an emerging trend. It's almost a must-have feature nowadays, and more and more handsets are offering it. With the embedded GPS receiver and a mapping service, you can get real-time position tracking, text- and voice-guided directions, and points of interest. However, taking advantage of GPS, and the navigation powers that come with it, sometimes come at a price. If you want features, such as voice-guided directions, you often have to subscribe to a location-based service (LBS), such as TeleNav or VZ Navigator, which require a subscription fee. However, Google and Nokia are shaking things up by offering the premium features for free on such devices as the Motorola Droid, Nexus One, and Nokia 5800 Navigation Edition. How this will affect the LBS business remains to be seen, but one thing's for sure: if you're forever getting lost or are constantly traveling, there's help out there for you.

No comments:

Post a Comment

Go to The Lamb Slain Home Page