NSO Used Real People’s Location Data To Pitch Its Contact-Tracing Tech

NSO, a private intelligence company best known for developing and selling governments access to its Pegasus spyware, pitched its contact-tracing system earlier this year, dubbed Fleming, aimed at helping governments track the spread of COVID-19. Fleming is designed to allow governments to feed location data from cell phone companies to visualize and track the spread of the virus. NSO gave several news outlets each a demo of Fleming, which NSO says helps governments make public health decisions “without compromising individual privacy.” But in May, a security researcher told TechCrunch that he found an exposed database storing thousands of location data points used by NSO to demonstrate how Fleming works — the same demo seen by reporters weeks earlier. TechCrunch reported the apparent security lapse to NSO, which quickly secured the database, but said that the location data was “not based on real and genuine data.” NSO’s claim that the location data wasn’t real differed from reports in Israeli media, which said NSO had used phone location data obtained from advertising platforms, known as data brokers, to “train” the system. Academic and privacy expert Tehilla Shwartz Altshuler, who was also given a demo of Fleming, said NSO told her that the data was obtained from data brokers, which sell access to vast troves of aggregate location data collected from the apps installed on millions of phones.

NSO is currently embroiled in a lawsuit with Facebook-owned WhatsApp, which last year blamed NSO for exploiting an undisclosed vulnerability in WhatsApp to infect some 1,400 phones with Pegasus, including journalists and human rights defenders. NSO says it should be afforded legal immunity because it acts on behalf of governments.

587

Smart Dust Is Coming. Are You Ready?

“Imagine a world where wireless devices are as small as a grain of salt,” writes futurist Bernard Marr in Forbes, describing a technology being researched by companies like IBM, General Electric, and Cisco. “These miniaturized devices have sensors, cameras and communication mechanisms to transmit the data they collect back to a base in order to process.

“Today, you no longer have to imagine it: microelectromechanical systems (MEMS), often called motes, are real and they very well could be coming to a neighborhood near you. Whether this fact excites or strikes fear in you it’s good to know what it’s all about.”
Outfitted with miniature sensors, MEMS can detect everything from light to vibrations to temperature. With an incredible amount of power packed into its small size, MEMS combine sensing, an autonomous power supply, computing and wireless communication in a space that is typically only a few millimeters in volume. With such a small size, these devices can stay suspended in an environment just like a particle of dust. They can:

– Collect data including acceleration, stress, pressure, humidity, sound and more from sensors

– Process the data with what amounts to an onboard computer system

– Store the data in memory

– Wirelessly communicate the data to the cloud, a base or other MEMs

Since the components that make up these devices are 3D printed as one piece on a commercially available 3D printer, an incredible amount of complexity can be handled and some previous manufacturing barriers that restricted how small you can make things were overcome. The optical lenses that are created for these miniaturized sensors can achieve the finest quality images.

The potential of smart dust to collect information about any environment in incredible detail could impact plenty of things in a variety of industries from safety to compliance to productivity. It’s like multiplying the internet of things technology millions or billions of times over.

625

That Game on Your Phone May Be Tracking What You’re Watching on TV

At first glance, the gaming apps — with names like “Pool 3D,” “Beer Pong: Trickshot” and “Real Bowling Strike 10 Pin” — seem innocuous. One called “Honey Quest” features Jumbo, an animated bear.

Yet these apps, once downloaded onto a smartphone, have the ability to keep tabs on the viewing habits of their users — some of whom may be children — even when the games aren’t being played.

It is yet another example of how companies, using devices that many people feel they can’t do without, are documenting how audiences in a rapidly changing entertainment landscape are viewing television and commercials.

The apps use software from Alphonso, a start-up that collects TV-viewing data for advertisers. Using a smartphone’s microphone, Alphonso’s software can detail what people watch by identifying audio signals in TV ads and shows, sometimes even matching that information with the places people visit and the movies they see. The information can then be used to target ads more precisely and to try to analyze things like which ads prompted a person to go to a car dealership.

More than 250 games that use Alphonso software are available in the Google Play store; some are also available in Apple’s app store.

Some of the tracking is taking place through gaming apps that do not otherwise involve a smartphone’s microphone, including some apps that are geared toward children. The software can also detect sounds even when a phone is in a pocket if the apps are running in the background.

914

Google forming ‘smart cities’

“An ambitious project to blanket New York and London with ultrafast Wi-Fi via so-called “smart kiosks,” which will replace obsolete public telephones, are the work of a Google-backed startup.

Each kiosk is around nine feet high and relatively flat. Each flat side houses a big-screen display that pays for the whole operation with advertising.

Each kiosk provides free, high-speed Wi-Fi for anyone in range. By selecting the Wi-Fi network at one kiosk, and authenticating with an email address, each user will be automatically connected to every other LinkNYC kiosk they get within range of. Eventually, anyone will be able to walk around most of the city without losing the connection to these hotspots.

Wide-angle cameras on each side of the kiosks point up and down the street and sidewalk, approximating a 360-degree view. If a city wants to use those cameras and sensors for surveillance, it can.

Over the next 15 years, the city will go through the other two phases, where sensor data will be processed by artificial intelligence to gain unprecedented insights about traffic, environment and human behavior and eventually use it to intelligently re-direct traffic and shape other city functions.”

918

“Smart” toys are spying on kids

Emphasis added:

“Some people consider dolls creepy enough, but what if that deceptively cute toy was listening to everything you said and, worse yet, letting creeps speak through it?

According to The Center for Digital Democracy, a pair of smart toys designed to engage with children in new and entertaining ways are rife with security and privacy holes. The watchdog group was so concerned, they filed a complaint with the Federal Trade Commission on Dec. 6 (you can read the full complaint here). A similar one was also filed in Europe by the Norwegian Consumer Council.

“This complaint concerns toys that spy,” reads the complaint, which claims the Genesis Toys’ My Friend Cayla and i-QUE Intelligent Robot can record and collect private conversations and offer no limitations on the collection and use of personal information.

Both toys use voice recognition, internet connectivity and Bluetooth to engage with children in conversational manner and answer questions. The CDD claims they do all of this in wildly insecure and invasive ways.

Both My Friend Cayla and i-QUE use Nuance Communications’ voice-recognition platform to listen and respond to queries. On the Genesis Toy site, the manufacturer notes that while “most of Cayla’s conversational features can be accessed offline,” searching for information may require an internet connection.

The promotional video for Cayla encourages children to “ask Cayla almost anything.”

The dolls work in concert with mobile apps. Some questions can be asked directly, but the toys maintain a constant Bluetooth connection to the dolls so they can also react to actions in the app and even appear to identify objects the child taps on on screen.

The CDD takes particular issue with that app and lists all the questions it asks children (or their parents) up front during registration: everything from the child and her parent’s names to their school, and where they live.

824

MIT scientists use radio waves to sense human emotions

Emphasis added:

“Researchers at the MIT Computer Science and Artificial Intelligence Laboratory have developed a device that uses radio waves to detect whether someone is happy, sad, angry or excited.

The breakthrough makes it easier to accomplish what scientists have tried to do for years with machines: sense human emotions. The researchers believe tracking a person’s feelings is a step toward improving their overall emotional well-being.

The technology isn’t invasive [?]; it works in the background without a person having to do anything, like wearing a device. The device called EQ-Radio, which was detailed in a paper published online Tuesday, resembles a shoebox, as of now. In the future, it may shrink down and integrate with an existing computing gadget in your home.

It works by bouncing wireless signals off a person. These signals are impacted by motion, such as breathing and heartbeats. When the heart pumps blood, a force is exerted onto our bodies, and the skin vibrates ever so slightly.

After the radio waves are impacted by these vibrations, they return to the device. A computer then analyzes the signals to identify changes in heartbeat and breathing.

The researchers demonstrated their system detects emotions on par with an electrocardiogram (EKG), a common wearable device medical professionals use to monitor the human heart.

758

British companies selling surveillance technologies to authoritarian regimes

Just like how the United States and Britain arms the rest of the world, so too is it the same with advanced surveillance technologies:

“Since early 2015, over a dozen UK companies have been granted licenses to export powerful telecommunications interception technology to countries around the world, Motherboard has learned. Many of these exports include IMSI-catchers, devices which can monitor large numbers of mobile phones over broad areas.

Some of the UK companies were given permission to export their products to authoritarian states such as Saudi Arabia, the United Arab Emirates, Turkey, and Egypt; countries with poor human rights records that have been well-documented to abuse surveillance technology.”

“As we learn time and time again, countries with bad human rights records often keep utilizing interception technology to perpetrate even more abuses and suppress dissent.”

828
Stare Into The Lights My Pretties

The Internet of Things will be the world’s biggest robot

Computer security expert and privacy specialist Bruce Schneier writes:

“The Internet of Things is the name given to the computerization of everything in our lives. Already you can buy Internet-enabled thermostats, light bulbs, refrigerators, and cars. Soon everything will be on the Internet: the things we own, the things we interact with in public, autonomous things that interact with each other.

These “things” will have two separate parts. One part will be sensors that collect data about us and our environment. Already our smartphones know our location and, with their onboard accelerometers, track our movements. Things like our thermostats and light bulbs will know who is in the room. Internet-enabled street and highway sensors will know how many people are out and about­ — and eventually who they are. Sensors will collect environmental data from all over the world.

The other part will be actuators. They’ll affect our environment. Our smart thermostats aren’t collecting information about ambient temperature and who’s in the room for nothing; they set the temperature accordingly. Phones already know our location, and send that information back to Google Maps and Waze to determine where traffic congestion is; when they’re linked to driverless cars, they’ll automatically route us around that congestion. Amazon already wants autonomous drones to deliver packages. The Internet of Things will increasingly perform actions for us and in our name.

Increasingly, human intervention will be unnecessary. The sensors will collect data. The system’s smarts will interpret the data and figure out what to do. And the actuators will do things in our world. You can think of the sensors as the eyes and ears of the Internet, the actuators as the hands and feet of the Internet, and the stuff in the middle as the brain. This makes the future clearer. The Internet now senses, thinks, and acts.

We’re building a world-sized robot, and we don’t even realize it.”

941
Stare Into The Lights My Pretties

Bird-like drone could symbolise new forms of covert surveillance to come

“A crashed metal drone disguised as a bird has been discovered in Mogadishu, the troubled capital of Somalia.

Both governments [Somalia and the United States] and drone companies are experimenting with different types of aircraft, including nanobots and swarm-style technology.”

840

Microcamera small enough to be injected also poses surveillance concerns

“German engineers have created a camera no bigger than a grain of salt that could change the future of health imaging — and clandestine surveillance.

Using 3D printing, researchers from the University of Stuttgart built a three-lens camera, and fit it onto the end of an optical fibre the width of two hairs. Such technology could be used as minimally-intrusive endoscopes for exploring inside the human body, the engineers reported in the journal Nature Photonics.

It could also be deployed in virtually invisible security monitors, or mini-robots with “autonomous vision”.

The “imaging system” fits comfortably inside a standard syringe needle, said the team, allowing for delivery into a human organ, or even the brain.

“Endoscopic applications will allow for non-invasive and non-destructive examination of small objects in the medical, as well as the industrial, sector,” they wrote.

The compound lens can also be printed onto image sensor other than optical fibres, such as those used in digital cameras.”

861
Stare Into The Lights My Pretties

FBI says utility-pole surveillance camera locations must be kept secret

“The US Federal Bureau of Investigation has successfully convinced a federal judge to block the disclosure of where the bureau has attached surveillance cams on Seattle utility poles.

However, this privacy dispute highlights a powerful and clandestine tool the authorities are employing across the country to snoop on the public—sometimes with warrants, sometimes without.

The deployment of such video cameras appears to be widespread. What’s more, the Seattle authorities aren’t saying whether they have obtained court warrants to install the surveillance cams.”

“Peter Winn [assistant U.S. attorney in Seattle] wrote to Judge Jones that the location information about the disguised surveillance cams should be withheld because the public might think they are an ‘invasion of privacy.’ Winn also said that revealing the cameras’ locations could threaten the safety of FBI agents. And if the cameras become ‘publicly identifiable,’ Winn said, ‘subjects of the criminal investigation and national security adversaries of the United States will know what to look for to discern whether the FBI is conducting surveillance in a particular location.’

1140

Intel’s secret control mechanism on x86 CPUs

“Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they’ll expose all affected systems to nearly unkillable, undetectable rootkit attacks. I’ve made it my mission to open up this system and make free, open replacements, before it’s too late.”

The Intel Management Engine (ME) is a subsystem composed of a special 32-bit ARC microprocessor that’s physically located inside the chipset. It is an extra general purpose computer running a firmware blob that is sold as a management system for big enterprise deployments.

When you purchase your system with a mainboard and Intel x86 CPU, you are also buying this hardware add-on: an extra computer that controls the main CPU. This extra computer runs completely out-of-band with the main x86 CPU meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend).

On some chipsets, the firmware running on the ME implements a system called Intel’s Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU.

The purpose of AMT is to provide a way to manage computers remotely (this is similar to an older system called “Intelligent Platform Management Interface” or IPMI, but more powerful). To achieve this task, the ME is capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system.”

813

Catalogue of US Government Surveillance Devices

The Intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States.

The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.

Slides of the catalogue available here, while a stylised version is available here.

848

Surveillance drones routinely circle over most major cities in United States

795

Surveillance cameras sold on Amazon infected with malware

“Security researcher Mike Olsen has warned that some products sold through the Amazon marketplace are habouring a dark secret — malware.

Olsen said in a blog post that while scouring Amazon for a decent set of outdoor surveillance cameras for a friend, he came across a deal for 6 PoE cameras and recording equipment.

The seller, Urban Security Group, had generally good reviews and was offering a particular Sony setup on sale.

After purchasing the kit, Olsen started setting up the surveillance system, logging into the administrator panel to configure it.

While the page hosted the camera feed, no “normal controls or settings were available,” according to the researcher.

”Being one of those guys who assumes bad CSS, I went ahead and opened up developer tools,” Olsen said.

”Maybe a bad style was hiding the options I needed. Instead what I found tucked at the bottom of the body tag was an iframe linking to a very strange looking host name.”

Further investigation revealed the host name, Brenz.pl, is linked to malware distribution.

According to cybersecurity firm Securi, Brenz was first spotted distributing malware back in 2009 before being shut down, but reemerged in 2011. Compromised domains link to the address through malicious iFrames for the purpose of distributing malware hosted on the website.

VirusTotal recognizes the web domain as a malicious source and scans reveal that Trojans and viruses may be hosted by Brenz.pl.

If the device’s firmware links to this domain, malware can be downloaded and installed, potentially leading to unlawful surveillance and data theft.

The problem was also recently brought up in a forum post on the SC10IP firmware, which is used in commercial products and also links to Brenz.pl.

Threats do not just come from dodgy social media links, phishing campaigns or social engineering — firmware can host malware, too.

The take-home from this is that any device, especially when it contains networking or Internet capabilities, can harbour threats to personal safety and data security, and while the average person is unlikely to do a full-scale code search, checking reviews and alerts for such products online is worthwhile — even if the platform is trusted.

”Amazon stuff can contain malware,” Olsen said.”

824

Mass Surveillance of mobile phones for the masses

“German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.

“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers.

Engel, founder of Sternraute, and Karsten Nohl, chief scientist for Security Research Labs, separately discovered these security weaknesses as they studied SS7 networks in recent months, after The Washington Post reported the widespread marketing of surveillance systems that use SS7 networks to locate callers anywhere in the world. The Post reported that dozens of nations had bought such systems to track surveillance targets and that skilled hackers or criminals could do the same using functions built into SS7. (The term is short for Signaling System 7 and replaced previous networks called SS6, SS5, etc.)

The researchers did not find evidence that their latest discoveries, which allow for the interception of calls and texts, have been marketed to governments on a widespread basis. But vulnerabilities publicly reported by security researchers often turn out to be tools long used by secretive intelligence services, such as the National Security Agency or Britain’s GCHQ, but not revealed to the public.

“Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” said Christopher Soghoian, principal technologist for the ACLU and an expert on surveillance technology. “They’ve likely sat on these things and quietly exploited them.”

The GSMA, a global cellular industry group based in London, did not respond to queries seeking comment about the vulnerabilities that Nohl and Engel have found. For the Post’s article in August on location tracking systems that use SS7, GSMA officials acknowledged problems with the network and said it was due to be replaced over the next decade because of a growing list of security and technical issues.

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function — a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

Nohl on Wednesday demonstrated the ability to collect and decrypt a text message using the phone of a German senator, who cooperated in the experiment. But Nohl said the process could be automated to allow massive decryption of calls and texts collected across an entire city or a large section of a country, using multiple antennas.

“It’s all automated, at the push of a button,” Nohl said. “It would strike me as a perfect spying capability, to record and decrypt pretty much any network… Any network we have tested, it works.”

Those tests have included more than 20 networks worldwide, including T-Mobile in the United States. The other major U.S. carriers have not been tested, though Nohl and Engel said it’s likely at least some of them have similar vulnerabilities. (Several smartphone-based text messaging systems, such as Apple’s iMessage and Whatsapp, use end-to-end encryption methods that sidestep traditional cellular text systems and likely would defeat the technique described by Nohl and Engel.)”

 
“In a statement, T-Mobile said: “T-Mobile remains vigilant in our work with other mobile operators, vendors and standards bodies to promote measures that can detect and prevent these attacks.”

The issue of cell phone interception is particularly sensitive in Germany because of news reports last year, based on documents provided by former NSA contractor Edward Snowden, that a phone belonging to Chancellor Angela Merkel was the subject of NSA surveillance. The techniques of that surveillance have not become public, though Nohl said that the SS7 hacking method that he and Engel discovered is one of several possibilities.

U.S. embassies and consulates in dozens of foreign cities, including Berlin, are outfitted with antennas for collecting cellular signals, according to reports by German magazine Der Spiegel, based on documents released by Snowden. Many cell phone conversations worldwide happen with either no encryption or weak encryption.

The move to 3G networks offers far better encryption and the prospect of private communications, but the hacking techniques revealed by Nohl and Engel undermine that possibility. Carriers can potentially guard their networks against efforts by hackers to collect encryption keys, but it’s unclear how many have done so. One network that operates in Germany, Vodafone, recently began blocking such requests after Nohl reported the problem to the company two weeks ago.

Nohl and Engel also have discovered new ways to track the locations of cell phone users through SS7. The Post story, in August, reported that several companies were offering governments worldwide the ability to find virtually any cell phone user, virtually anywhere in the world, by learning the location of their cell phones through an SS7 function called an “Any Time Interrogation” query.

Some carriers block such requests, and several began doing so after the Post’s report. But the researchers in recent months have found several other techniques that hackers could use to find the locations of callers by using different SS7 queries. All networks must track their customers in order to route calls to the nearest cellular towers, but they are not required to share that information with other networks or foreign governments.

Carriers everywhere must turn over location information and allow eavesdropping of calls when ordered to by government officials in whatever country they are operating in. But the techniques discovered by Nohl and Engel offer the possibility of much broader collection of caller locations and conversations, by anyone with access to SS7 and the required technical skills to send the appropriate queries.

“I doubt we are the first ones in the world who realize how open the SS7 network is,” Engel said.

Secretly eavesdropping on calls and texts would violate laws in many countries, including the United States, except when done with explicit court or other government authorization. Such restrictions likely do little to deter criminals or foreign spies, say surveillance experts, who say that embassies based in Washington likely collect cellular signals.

The researchers also found that it was possible to use SS7 to learn the phone numbers of people whose cellular signals are collected using surveillance devices. The calls transmit a temporary identification number which, by sending SS7 queries, can lead to the discovery of the phone number. That allows location tracking within a certain area, such as near government buildings.

The German senator who cooperated in Nohl’s demonstration of the technology, Thomas Jarzombek of Merkel’s Christian Democratic Union party, said that while many in that nation have been deeply angered by revelations about NSA spying, few are surprised that such intrusions are possible.

“After all the NSA and Snowden things we’ve heard, I guess nobody believes it’s possible to have a truly private conversation on a mobile phone,” he said. “When I really need a confidential conversation, I use a fixed-line” phone.”

855