Privacy

Sniffing and Tracking Wearable Tech and Smartphones 52

Posted by samzenpus
from the all-the-better-to-follow-you-with dept.
An anonymous reader writes: Senior researcher Scott Lester at Context Information Security has shown how someone can easily monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, fitness monitors, and iBeacons. The findings have raised concerns about the privacy and confidentiality wearable devices may provide. “Many people wearing fitness devices don’t realize that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott says. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 meters in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.” The researchers have even developed an Android app that scans, detects and logs wearable devices.
Privacy

Hackers Can Track Subway Riders' Movements By Smartphone Accelerometer 68

Posted by samzenpus
from the all-the-better-to-follow-you-with dept.
Patrick O'Neill writes: Tens of millions of daily subway riders around the world can be tracked through their smartphones by a new attack, according to research from China's Nanjing University. The new attack even works underground and doesn't utilize GPS or cell networks. Instead, the attacker steals data from a phone's accelerometer. Because each subway in the world has a unique movement fingerprint, the phone's motion sensor can give away a person's daily movements with up to 92% accuracy.
Privacy

Privacy Behaviors Changed Little After Snowden 111

Posted by Soulskill
from the just-another-speed-bump-in-the-new-cycle dept.
An anonymous reader writes: An article in Communications of the ACM takes a look at how Edward Snowden's revelations about government surveillance have changed privacy behaviors across the world. The results are fairly disappointing. While the news that intelligence agencies were trawling data from everyday citizens sparked an interest in privacy, it was small, and faded quickly. Even through media coverage has continued for a long time after the initial reports, public interest dropped back to earlier levels long ago. The initial interest spike was notably less than for other major news events. Privacy-enhancing behaviors experienced a small surge, but that too failed to impart any long-term momentum. The author notes that the spike in interest "following the removal of privacy-enhancing functions in Facebook, Android, and Gmail" was stronger than the reaction to the government's privacy-eroding actions.
Firefox

Firefox's Optional Tracking Protection Reduces Load Time For News Sites By 44% 203

Posted by Soulskill
from the definition-of-a-win-win dept.
An anonymous reader writes: Former Mozilla software engineer Monica Chew and Computer Science researcher Georgios Kontaxis recently released a paper (PDF) that examines Firefox's optional Tracking Protection feature. The duo found that with Tracking Protection enabled, the Alexa top 200 news sites saw a 67.5 percent reduction in the number of HTTP cookies set. Furthermore, performance benefits included a 44 percent median reduction in page load time and 39 percent reduction in data usage.
Google

Cute Or Creepy? Google's Plan For a Sci-Fi Teddy Bear 100

Posted by timothy
from the teddy-ruxpin-pinned-it-on-the-one-armed-man dept.
HughPickens.com writes: Time Magazine reports that Google has designed and patented an "anthropomorphic device" that could take the form of a "doll or toy" and interact both with people as well as tech gadgets echoing the "super toy" teddy bear featured in Stephen Spielberg's 2001 movie AI. This could be one of Google's creepiest patents yet — especially if movies like "Chuckie" still give you nightmares. The patent filing diagrams a stuffed teddy bear and a bunny rabbit outfitted with microphones, speakers, cameras and motors as well as a wireless connection to the internet. If it senses you're looking at it, the fuzzy toy will rotate its head and look back at you. Once it receives and recognizes a voice command prompt, you can then tell it to control media devices in your home (e.g. turn on your music or TV). According to the patent filing: "To express interest, an anthropomorphic device may open its eyes, lift its head, and/or focus its gaze on the user or object of its interest. To express curiosity, an anthropomorphic device may tilt its head, furrow its brow, and/or scratch its head with an arm. To express boredom, an anthropomorphic device may defocus its gaze, direct its gaze in a downward fashion, tap its foot, and/or close its eyes. To express surprise, an anthropomorphic device may make a sudden movement, sit or stand up straight, and/or dilate its pupils."

The patent adds that making the device look "cute" should encourage even the youngest members of a family to interact with it. But Mikhail Avady, from SmartUp, said he thought it belonged in "a horror film", and the campaign group Big Brother Watch has also expressed dismay. "When those devices are aimed specifically at children, then for many this will step over the creepy line," says Avady. "Children should be able to play in private and shouldn't have to fear this sort of passive invasion of their privacy."
Communications

NSA-Reform Bill Fails In US Senate 135

Posted by timothy
from the couldn't-have-happened-to-a-nicer-bill dept.
New submitter Steven King writes with a link to The Daily Dot's report that the U.S. Senate has rejected the controversial USA Freedom Act, thus "all but guaranteeing that key provisions of the USA Patriot Act will expire"; had it passed, the bill would have allowed continued use of some mass data-collection practices, but with the addition of stronger oversight. From the article: The Senate failed to reach agreement on passage of the USA Freedom Act, a bill to reauthorize and reform Section 215 of the USA Patriot Act, which the government has used to conduct bulk surveillance of Americans' phone records. The House of Representatives passed the bill last week by an overwhelming bipartisan majority, but Senate Democrats, who unified behind the bill, did not get enough Republican votes to assure passage. The linked piece also mentions that the EFF shifted its position on this bill, after a panel of Federal judges ruled that the Feds at the NSA had overstepped their bounds in collecting a seemingly unlimited trove of metadata relating to American citizen's phone calls.
Government

The Body Cam Hacker Who Schooled the Police 157

Posted by Soulskill
from the watching-the-watchers dept.
New submitter Cuillere writes: In the fall of 2014, a hacker demanded the Seattle Police Department release all of their body and dash cam video footage, prompting chaos within the institution. Although it was a legal request per Washington state's disclosure laws, Seattle's PD wasn't prepared to handle the repercussions of divulging such sensitive material — and so much of it. The request involved 360 TB of data spread across 1.6 million recordings over 6 years. All recordings had to be manually reviewed and redacted to cut out "children, medical or mental health incidents, confidential informants, or victims or bystanders who did not want to be recorded," so fulfilling the request was simply not within the department's capabilities. Thus, they took a different strategy: they hired the hacker and put him to work on developing an automated redaction system. "Their vision is of an officer simply docking her body cam at the end of a shift. The footage would then be automatically uploaded to storage, either locally or in the cloud, over-redacted for privacy and posted online for everyone to see within a day."
Firefox

Ads Based On Browsing History Are Coming To All Firefox Users 529

Posted by Soulskill
from the just-what-you-wanted dept.
An anonymous reader writes: Mozilla has announced plans to launch a feature called "Suggested Tiles," which will provide sponsored recommendations to visit certain websites when other websites show up in the user's new tab page. The tiles will begin to show up for beta channel users next week, and the company is asking for feedback. For testing purposes, users will only see Suggested Tiles "promoting Firefox for Android, Firefox Marketplace, and other Mozilla causes." It's not yet known what websites will show up on the tiles when the feature launches later this summer. The company says, "With Suggested Tiles, we want to show the world that it is possible to do relevant advertising and content recommendations while still respecting users’ privacy and giving them control over their data."
Android

Factory Reset On Millions of Android Devices Doesn't Wipe Storage 92

Posted by samzenpus
from the stucking-around dept.
Bismillah writes: Ross Anderson and Laurent Simon of Cambridge University studied a range of Android devices and found that even though a "factory reset" is supposed to fully wipe storage, it often doesn't. Interestingly enough, full-device encryption could be compromised by the incomplete wiping too. ITnews reports: "The researchers estimated that 500 million Android devices may not fully wipe device disk partitions. As many as 630 million phones may not wipe internal SD cards. Five 'critical failures' were outlined in the researchers' Security Analysis of Android Factory Resets paper.
Google

NSA Planned To Hijack Google App Store To Hack Smartphones 94

Posted by samzenpus
from the all-the-better-to-see-you-with dept.
Advocatus Diaboli writes: A newly released top secret document reveals that the NSA planned to hijack Google and Samsung app stores to plant spying software on smartphones. The report on the surveillance project, dubbed "IRRITANT HORN," shows the U.S. and its "Five Eyes" alliance: Canada, the United Kingdom, New Zealand and Australia, were looking at ways to hack smartphones and spy on users. According to The Intercept: "The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012."
United States

What Was the Effect of Rand Paul's 10-Hour "Filibuster"? 372

Posted by samzenpus
from the lets-keep-talking dept.
An anonymous reader writes: Sen. Rand Paul held up a vote on the Fast Track Authority for an eleven hour dissertation on the flaws of: the Patriot Act, the replacement the USA Freedom Act, bulk data collection including credit card purchases, the DEA and IRS's use of NSA intel. for "parallel construction", warrant-less GPS bugs on vehicles, as well as the important distinction of a general warrant versus a specific one. "There is a general veil of suspicion that is placed on every American now. Every American is somehow said to be under suspicion because we are collecting the records of every American," Paul said. The questions is what did the "filibuster" really accomplish? The speeches caused a delay in Senate business but it's unclear what larger effect, if any, that will have.
Communications

Academics Build a New Tor Client Designed To Beat the NSA 62

Posted by timothy
from the non-spy-vs-spy dept.
An anonymous reader writes: In response to a slew of new research about network-level attacks against Tor, academics from the U.S. and Israel built a new Tor client called Astoria designed to beat adversaries like the NSA, GCHQ, or Chinese intelligence who can monitor a user's Tor traffic from entry to exit. Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.
Privacy

CareFirst Admits More Than a Million Customer Accounts Were Exposed In Security Breach 82

Posted by timothy
from the camel-cased-in-triplicate dept.
An anonymous reader writes with news, as reported by The Stack, that regional health insurer CareFirst BlueCross BlueShield, has confirmed a breach which took place last summer, and may have leaked personal details of as many as 1.1 million of the company's customers: "The Washington D.C.-based firm announced yesterday that the hack had taken place in June last year. CareFirst said that the breach had been a 'sophisticated cyberattack' and that those behind the crime had accessed and potentially stolen sensitive customer data including names, dates of birth, email addresses and ID numbers. All affected members will receive letters of apology, offering two years of free credit monitoring and identity threat protection as compensation, CareFirst said in a statement posted on its website." Free credit monitoring is pretty weak sauce for anyone who actually ends up faced with identity fraud.
Privacy

Simple Flaw Exposed Data On Millions of Charter Internet Customers 29

Posted by samzenpus
from the protect-ya-neck dept.
Daniel_Stuckey writes: A security flaw discovered in the website of Charter Communications, a cable and Internet provider active in 28 states, may have exposed the personal account details of millions of its customers. Security researcher Eric Taylor discovered the internet service provider's vulnerability as part of his research, and demonstrated how a simple header modification performed with a browser plug-in could reveal details of Charter subscriber accounts. After Fast Company notified Charter of the issue, the company said it had installed a fix within hours.
Encryption

Australian Law Could Criminalize the Teaching of Encryption 205

Posted by Soulskill
from the technophobes-writing-laws dept.
New submitter petherfile writes: According to Daniel Mathews, new laws passed in Australia (but not yet in effect) could criminalize the teaching of encryption. He explains how a ridiculously broad law could effectively make any encryption stronger than 512 bits criminal if your client is not Australian. He says, "In short, the DSGL casts an extremely wide net, potentially catching open source privacy software, information security research and education, and the entire computer security industry in its snare. Most ridiculous, though, are some badly flawed technicalities. As I have argued before, the specifications are so imprecise that they potentially include a little algorithm you learned at primary school called division. If so, then division has become a potential weapon, and your calculator (or smartphone, computer, or any electronic device) is a potential delivery system for it."