The secret, unaccountable location-tracking tool favored by dirty cops has been hacked (and it wasn’t hard)

Securus is the widely abused location-tracking tool that exploits a loophole in privacy law to allow police to extract realtime and historical cellphone location data without a warrant or any accountability. Read the rest

Cops routinely unlock phones with corpses' fingers

Since 2016, when an FBI agent first used a dead suspect's finger to unlock his phone, police forces across the USA have made a routine practice of unlocking phones using suspects and victims' dead fingers, saving big on buying cyberwar tools like Cellebrite's $1500-$3000 unlocker, or Grayshift's $30k/year Graykey. Read the rest

Raleigh cops are investigating crime by getting Google to reveal the identity of every mobile user within acres of the scene

Public records requests have revealed that on at least four occasions, the Raleigh-Durham police obtained warrants forcing Google to reveal the identities of every mobile user within acres of a crime scene, sweeping up the personal information of thousands of people in a quest to locate a single perp. Read the rest

AMDFLAWS: a series of potentially devastating (but controversial) attacks on AMD processors

Israeli security research firm CTS-Labs has published a white paper detailing nine flaws in AMD processors that they claim leave users open to devastating attacks with no mitigation strategies; these attacks include a range of manufacturer-installed backdoors. Read the rest

A new government malware company, fronted by Hacking Team's old spokesjerk, says it can spy on Signal and Telegram

Grey Heron is a new cyber-arms dealer offering to sell hacking tools to governments; it is fronted by Eric Rabe, who previously represented the disgraced, hacked Italian malware company Hacking Team, notorious for selling spy tools to governments that used them to target dissidents who were tortured and murdered after they were outed. Read the rest

Epidemic of cryptojacking can be traced to escaped NSA superweapon

The epidemic of cryptojacking malware isn't merely an outgrowth of the incentive created by the cryptocurrency bubble -- that's just the motive, and the all-important the means and opportunity were provided by the same leaked NSA superweapon that powered last year's Wannacry ransomware epidemic. Read the rest

Dissidents are getting destroyed by information attacks and tech isn't doing enough to help

A pair of researchers have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable. Read the rest

Motherboard files legal complaint against London police to force it to explain why an officer bought creepy, potential illegal stalkerware

Flexispy is the creepy stalkerware advertised to abusive spouses and exes that Motherboard's Joseph Cox has been relentlessly tracking; when he acquired a leaked trove of the company's files, he started to mine it to see who was buying the potentially illegal app. Read the rest

Florida state cop says he can't remember why he bought mobile stalking app

Flexispy is a creepy, potentially illegal piece of stalkerware marketed to abusive men who want to spy on their partners; but Jim Born, an ex-DEA cop and retired Florida Department of Law Enforcement agent (now a crime novelist) says that he thinks he "used on a case or tried it to understand how it worked. Nothing nefarious." Read the rest

Only Chinese companies will be allowed to map Chinese roads

Self-driving cars require incredibly accurate, up-to-date maps; in China, only Chinese companies will be able to make these maps. Nominally, this is about preventing espionage, but it also has the non-coincedental effect of forcing foreign autonomous vehicle companies to partner with (much more easily controlled) Chinese firms, a policy already in place for traditional auto manufacturing. Read the rest

When Justin Trudeau was in opposition, he voted for Canada's PATRIOT Act but promised to fix it; instead he's making it much, much worse

Back in 2015, Canada's failing, doomed Conservative government introduced Bill C-51, a far-reaching mass surveillance bill that read like PATRIOT Act fanfic; Justin Trudeau, leader of what was then a minority opposition party, whipped his MPs to vote for it, allowing it to pass, and cynically admitting that he was only turning this into law because he didn't want to give the Conservatives a rhetorical stick to beat him with in the next election -- he promised that once he was Prime Minister, he'd fix it. Read the rest

Distinguished scientist on the mistakes pundits make when they predict the future of AI

Rodney Brooks -- eminent computer scientist and roboticist who has served as head of MIT's Computer Science and Artificial Intelligence Laboratory and CTO of Irobot -- has written a scorching, provocative list of the seven most common errors made (or cards palmed) by pundits and other fortune-tellers when they predict the future of AI. Read the rest

Cyber-arms dealer offers $1m for zero-day Tor hacks

Zerodium is a cyber-arms dealer that produces hacking tools for governments by buying up newly discovered defects in widely used systems, weaponizing them and then selling them to be used against criminals, activists, journalists and other targets of state surveillance. Read the rest

4-10% of encrypted web connections are man-in-the-middled and intercepted

Cloudflare's joint research with "a large e-commerce site" and Mozilla found that between 4-10% of secure, encrypted web connections are "intercepted," largely by corporate antivirus software that inserts its own certificates into users' browsers, allowing it to scan all traffic entering workers' computers. Read the rest

Ugandan ethics chief boasts of his new magic South Korean pornography filter and its efficacy against "homos"

It's been a year since the Ugandan government placed an order with a South Korean company for a "censor gadget or machine" that would "detect homos and porn actors, especially those misusing applications like Whatsapp with sex acts." Now, they've taken delivery of same. Read the rest

In an engineering paper, bunnie Huang and Ed Snowden describe a malware-resistant hardware Iphone privacy overlay

In July 2016, Andrew "bunnie" Huang and Edward Snowden presented their research on journalist-friendly mobile surveillance resistance at the first MIT Media Lab Forbidden Research conference; a little over a year later, they have published an extensive scholarly paper laying out the problems of detecting and interdicting malware in a mobile device, and presenting a gorgeously engineered hardware overlay that can be installed in an Iphone to physically monitor the networking components and report on their activity via a screen on a slim external case. Read the rest

Hiding malware in boobytrapped replacement screens would undetectably compromise your mobile device

On the one hand, if you let an untrusted stranger install hardware in your electronic device, you're opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go to your corner repair-shop. Read the rest

More posts