SF city attorney demands shutdown of parking-space-auctioning app

Monkeyparking, the app that lets assholes auction off their parking spots, has been sent a cease-and-desist letter by San Francisco City Attorney Dennis Herrera, who says the practice of selling your public parking spot is illegal. Monkeyparking's competition are expected to receive the same treatment soon.

Read the rest

Researchers publish secret details of cops' phone-surveillance malware


Kaspersky Labs (Russia) and Citizen Lab (University of Toronto) have independently published details of phone-hacking tools sold to police departments worldwide by the Italian firm Hacking Team (here's Kaspersky's report and Citizen Lab's). The tools can be used to attack Android, Ios, Windows Mobile and Blackberry devices, with the most sophisticated attacks reserved for Android and Ios.

The spyware can covertly record sound, images and keystrokes, capture screenshots, and access the phones' storage and GPS. The tools are designed to detect attempts to search for them and to delete themselves without a trace if they sense that they are under attack.

Hacking Team insists that its tools are only sold to "democratic" police forces, but Citizen Lab's report suggests that the tool was used by the Saudi government to target dissidents.

The means of infection is device-specific. If police have physical access, it's simple. Android devices can be attacked by infecting a PC with a virus that installs the police malware when the device is connected to it. This attack also works on jailbroken Iphones.

Read the rest

California's cell-phone kill switch is a solution that's worse than the problem


As the California legislature moves to mandate "kill switches" that will allow owners of stolen phones to shut them down, the Electronic Frontier Foundation sounds an important alarm: if it's possible for someone to remotely switch off your phone such that you can't switch it back on again, even if you're physically in possession of it, that facility could be abused in lots of ways. This is a classic War on General Purpose Computation moment: the only way to make a kill-switch work is to design phones that treat their possessors as less trustworthy than a remote party sending instructions over the Internet, and as soon as the device that knows all your secrets and watches and listens to your most private moments is designed to do things that the person holding it can't override, the results won't be pretty.

There are other models for mitigating the harm from stolen phones. For example, the Cyanogen remote wipe asks the first user of the phone to initialize a password. When it is online, the device checks in with a service to see whether anyone using that password has signed a "erase yourself" command. When that happens, the phone deletes all the user-data. A thief can still wipe and sell the phone, but the user's data is safe.

Obviously, this isn't the same thing as stolen phones going dead and never working again, and won't have the same impact on theft. But the alternative is a system that allows any bad guy who can impersonate, bribe or order a cop to activate the kill-switch to do all kinds of terrible things to you, from deactivating the phones of people recording police misconduct to stalking or stealing the identities of mobile phone owners, with near-undetectable and unstoppable stealth.

Read the rest

FabLab: a free game that creates 3D printable toys

Makies, the 3D printed toy and game company, has launched FabLab, its inaugural game! FabLab is a free game for people eight and up, through which you create and customize a character and its accessories, which you can also get as real-world, one-off, custom-fabbed objects. MakieLab, the company that created FabLab, was founded by my wife Alice Taylor, and so I've had an inside view into the process by which the game and its back-end -- which includes a remarkable toolchain for turning 3D game-objects into printable items -- came into being. The Makies here in London are fantastic, and they've done brilliantly with the game, if I do say so myself. Please give the game a try -- and tell your friends!

Makies FabLab! Out Now! | Makie.me

After federal document-snatch, ACLU case over Florida cops' phone surveillance collapses

After US marshalls raided a Florida police department to seize documents about to be revealed in an ACLU case over "stingray" mobile phone surveillance, we knew that the case was endangered. Now the worst has happened: state circuit court judge Charles Williams has thrown out the case because he says his court has no jurisdiction over federal agents, so he can't order the critical documents to be returned, so there's no case.

The feds have offered a limited, sealed disclosure to the Florida court, and the ACLU has vowed to fight to unseal them and carry on with the case.

At issue is the widespread police use of "stingray" devices that spoof mobile phones, tricking them into revealing information about their owners' movements, communications, associations, and identity.

Read the rest

Anti-forensic mobile OS gets your phone to lie for you

In Android Anti-forensics: Modifying CyanogenMod Karl-Johan Karlsson and William Bradley Glisson present a version of the Cyanogenmod alternate operating system for Android devices, modified so that it generates plausible false data to foil forensic analysis by law enforcement. The idea is to create a mobile phone that "lies" for you so that adversaries who coerce you into letting them take a copy of its data can't find out where you've been, who you've been talking to, or what you've been talking about.

I'm interested in this project but wonder about how to make it practical for daily use. Presently, it maintains a hidden set of true data, and a trick set of false data intended to be fetched by forensic tools. Presumably, this only works until the forensic tools are modified to spot the real data. But you can conceptually imagine a phone that maintains a normal address book and SMS history, etc -- all the things that are useful to have in daily use -- but that, on a certain signal (say, when an alternate unlock code is entered, or after a certain number of failed unlock attempts) scrubs all that and replaces it with plausible deniability data.

Obviously, this kind of thing doesn't work against state-level actors who can subpoena (or coerce) your location data and call history from your carrier, but those people don't need to seize your phone in the first place.

Read the rest

Apple adds privacy-protecting MAC spoofing (when Aaron Swartz did it, it was evidence of criminality)

Apple has announced that it will spoof the MAC addresses emitted by its wireless devices as an anti-tracking measure, a change that, while welcome, is "an umbrella in a hurricane" according to a good technical explainer by the Electronic Frontier Foundation's Jeremy Gillula and Seth Schoen.

Read the rest

Crowdfunding mass FOIA requests on police use of "Stingray" warrantless spying devices

Michael from Muckrock sez, "After scouring American police departments (via public records requests) for drone usage, MuckRock is setting its sights a little lower with a crowdfunding campaign hoping to fund thousands of public records request on how local agencies are using fake cell phone towers, warrantless wiretaps, and other techniques to get your cell phone to phone home."

Read the rest

Turn on your data for one minute, AT&T sticks you with a $750 international roaming charge


Jeff writes, "I learned this week that it's possible to run up a $750 international data roaming bill in one minute on AT&T. I managed to convince AT&T to forgive the charges after two days and 40 minutes of phone calls but the best guess at how this happened is kind of alarming. It seems that AT&T's billing system sometimes bundles US traffic with international traffic." Jeff was driving in the Pacific northwest, near the Canadian border.

Read the rest

US Marshals raid Florida cops to prevent release of records of "stingray" surveillance


US Marshals swept into the offices of police in Sarasota, Florida to whisk away records related to operation of "stingray" surveillance tools that the ACLU had requested. The records detailed the farcically low standard for judicial permission to use a stingray (which captures information about the movements, communications and identities of all the people using mobile phones in range of them), and is part of a wider inquiry to their use without a warrant at all -- at least 200 Florida stingray deployments were undertaken without judicial oversight because the police had signed a nondisclosure agreement with the device's manufacturer and they decided that this meant they didn't have to get warrants anymore.

The ACLU has seen a lot of shenanigans in respect of its campaign to document the use and abuse of stingrays, but this is a cake-taker: "We’ve seen our fair share of federal government attempts to keep records about stingrays secret, but we’ve never seen an actual physical raid on state records in order to conceal them from public view."

Read the rest

Nokia 100 phones: £5

The workhorse Nokia 100 phone is now a mere £5 without contract from Carphone Warehouse. Now, that's a cheap burner -- either manufacturing robots have come way down in price or there's some very unhappy people chained to machines in a factory somewhere. Either way, it's a pretty sad end for a giant whack of conflict minerals like coltan mud. (via Red Ferret)

App lets you auction your San Francisco parking spot

A new mobile app called Monkeyparking allows people in San Francisco with good parking spots to auction them off when they're ready to leave, permitting circling rich people to engage in excitingly dangerous class warfare by bidding on spaces with their phones while they drive. The app's creators defend it as providing an "incentive" to leave your space for others to use.

Read the rest

NYT to SCOTUS: Cops should get warrant before searching your cellphone after arrest

From an editorial by the New York Times editorial board:

On Tuesday, the Supreme Court will consider whether law enforcement officers during an arrest may search the contents of a person’s mobile phone without a warrant. The court should recognize that new technologies do not alter basic Fourth Amendment principles, and should require a judicial warrant in such circumstances.

Read: "Smartphones and the 4th Amendment." NYTimes.com

USB recharger battery that can also jumpstart your car

Junopower is advertising presales of a portable device-charging USB battery called the "Jumpr" that can discharge its stored power at 300 amps, which is sufficient to jumpstart many automobile engines. They're billing it as a pocket-sized, 7 oz alternative to the trunk-sized emergency jumpstart kits that also recharges your phones and tablets. Pre-orders are $70 and they're promising shipments some time in May.

JUMPR - Car's best Friend (Presale) (via Red Ferret)

Google's Project Ara: a click-in/click-out modular concept phone


Modular mobile phone design feels important; I've been excited about the idea since Xeni posted about Phonebloks last September. Now, Google and New Deal Design have floated a concept for a modular Android phone ecosystem called Project Ara that's got me even more worked up. Project Ara lets you swap modules (batteries, radios, cameras, screens, etc) around between "exoskeletons." They call it an "ecosystem" because third parties are meant to be able to supply their own modules for an open spec.

A good overview in Wired discusses the possibilities this opens up (night vision, 3D imaging, biometrics) but I'm more interested in the possibilities for surveillance-resistant open source hardware, and hot-swapping modules that lock phones into carriers. Plus, as a serial phone-shatterer, I love the idea of being able to click out a busted screen and click in a fresh one.

Read the rest