Iran sucks at censoring apps, so the Persian diaspora is using them for unfiltered political discussion

With a (symbolic) (but it's a potent symbol) election looming in Iran, the global Persian diaspora is not lacking for news organs that are producing the kind of unfiltered political news that would get you jailed or killed in Iran. Read the rest

A look inside the shady world of Flexispy, makers of "stalkerware" for jealous spouses

Motherboard's Joseph Cox continues his excellent reporting on Flexispy, a company that make "stalkerware" marketed to jealous spouses through a network of shady affiliates who feature dudes beating up their "cheating girlfriends" after catching them by sneaking spyware onto their devices. Read the rest

Lawsuit alleges Bose's headphone app exfiltrates your listening habits to creepy data-miners

Bose's $350 wireless headphones need an app to "get the most" out of them, and this app monitors everything you listen to -- the names of the podcasts, the music, videos, etc -- and sends them to Bose without your permission, according to a lawsuit filed this week in Chicago by Kyle Zak. Read the rest

Masterprints: synthetic fingerprints that unlock up to 65% of phones (in theory)

When the touch-sensors on phones capture your fingerprint, they're really only taking a low-resolution, partial snapshot and loosely matching it to a stored image -- which is how a research team from MSU and NYU were able to synthesize their Masterprints ("a fingerprint that serendipitously matches a certain proportion of the fingerprint population"), which drastically reduce the space of possible "guesses" that an attacker has to make to unlock a phone or other device. Read the rest

Poisoned wifi signals can take over all Android devices in range, no user intervention required

Vulnerabilities in the Broadcom system-on-a-chip that provides wifi for many Android devices mean that simply lighting up a malicious wifi access point can allow an attacker to compromise every vulnerable device in range, without the users having to take any action -- they don't have to try to connect to the malicious network. Read the rest

Samsung's created a new IoT OS, and it's a dumpster fire

Tizen is Samsung's long-touted OS to replace Android and Israeli security researcher Amihai Neiderman just delivered a talk on it at Kapersky Lab's Security Analyst Summit where he revealed 40 new 0-day flaws in the OS, and showed that he could trivially send malicious code updates to any Tizen device, from TVs to phones, thanks to amateurish mistakes of the sort not seen in real production environments for decades. Read the rest

Verizon mandates pre-installed spyware for all its Android customers

"Appflash" will come pre-installed on all Verizon Android handsets; it's a Google search-bar replacement, but instead of feeding telemetry about your searches, handset, apps and activities to Google, it will send them to Verizon. Read the rest

Stingray for criminals: spreading mobile malware with fake cellphone towers

Police who rely on vulnerabilities in crooks' devices are terminally compromised; the best way to protect crime-victims is to publicize and repair defects in systems, but every time a hole is patched, the cops lose a tool they rely on the attack their own adversaries. Read the rest

An anti-eavesdropping hands-free headset/muzzle that looks like Bane's mask and changes your voice to Vader's

Hushme is an electronic muzzle that you strap around your face, talking into its built-in mic in order to prevent people from eavesdropping on your calls; you can also use it to change your voice so you sound like a howler monkey or Darth Vader. If this isn't a hoax, its so deep into Poe's Law territory that it might as well be one. Read the rest

Donald Trump, Jr is a patent-troll and his biggest client now does business with the US government

Oklahoma's Anyware Mobile Solutions was founded in 1997 to make PDA software, but after its sales collapsed, it changed its name to Macrosolve and devoted itself to suing people for violating a farcical patent that they said covered filling in questionnaires using an app. Read the rest

The internet promised open markets, delivered rigged ones, then fake ones, then outright monopolies

Markets don't solve all our problems, but they sometimes produce remarkably efficient systems for producing and distributing goods, and the internet traded on that promise with marketplaces like Ebay (anyone can sell, anyone can buy); Google (anyone can publish, anyone can read), and Amazon (one marketplace where all goods are transparently priced and ranked). Read the rest

The Body Orifice Security Scanner is why the rectally smuggled phone is called "Beat the BOSS"

When I saw that the cell phone designed for rectal smuggling was called "Beat the Boss," I assumed "The Boss" was a synonym for "The Man," but it turns out it's a reference to a specific product: Xeku's Body Orifice Security Scanner (BOSS), a "hygienic cavity search" chair that scans prisoners for rectal contraband. Read the rest

The Amazon reviews for a phone designed for rectal smuggling are pretty interesting reading

The "Beat the Boss phone" is an £27 micro-telephone built into a Bluetooth headset with only trace amounts of metal in its construction; it is lozenge-shaped and is designed to be rectally smuggled into prisons, jails and courtrooms. Read the rest

Google's aborted Ara phone was supposed to launch with an aquarium module full of wriggling tardigrades

Back in 2014, Google announced Project Ara, a click-in/click-out modular concept-phone that you could customize by adding or removing modules as you saw fit. Read the rest

What it's like to be spied on by Android stalkerware marketed to suspicious spouses

For $170, Motherboard's Joseph Cox bought SpyPhone Android Rec Pro, an Android app that you have to sideload on your target's phone (the software's manufacturer sells passcode-defeating apps that help you do this); once it's loaded, you activate it with an SMS and then you can covertly operate the phone's mic, steal its photos, and track its location. Read the rest

It's very hard to maintain an anonymous Twitter account that can withstand government-level attempts to de-anonymize it

It's one thing to set up an "anonymous" Twitter Hulk account whose anonymity your friends and colleagues can't pierce, because the combination of your care not to tweet identifying details, the stilted Hulk syntax, and your friends' inability to surveil the global internet and compel phone companies to give up their caller records suffice for that purpose. Read the rest

Russia's slot-machine bans let criminals buy machines on the cheap and reverse-engineer them

In 2009, then-PM Vladimir Putin engineered a Russian ban on slot machines in a bid to starve Georgian mafiyeh of funds, the resulting glut of used slots gave Russia's own criminal gangs cheap testbeds to use in a project to reverse-engineer the machines and discover their weaknesses -- now, Russian gangs roam the world's casinos, racking up careful, enormous scores. Read the rest

More posts