EFF publishes an indispensable, plain-language guide to "cell-site simulators": the surveillance devices that track you via your phone

In 2012, the Wall Street Journal first reported on a mysterious cellphone surveillance tool being used by law-enforcement; years later, we learned that the origin of this report was an obsessive jailhouse lawyer who didn't believe that the cops had caught him the way they said they had. Read the rest

Chinese authorities are secretly installing their anti-Uyghur surveillance app on the phones of tourists to Xinjiang province

Back in 2017, Chinese authorities in Xinjiang began stopping members of the Uyghur ethnic minority and forcing them to install spyware on their phones: it marked an intensification of the country's crackdown on Uyghur's and other ethnic/religious minorities, which acquired a new technological fervor: next came the nonconsensual collection of the DNA of every person in Xinjiang, then the creation of torture camps designed to brainwash Uyghurs out of their Islamic faith, and then a full blown surveillance smart-city rollout that turned the cities of the region into open-air prisons. Read the rest

Mary Meeker's 2019 Internet Trends: stalled growth, security dumpster-fires, more online education and fear of regulation

Every year, VC Mary Meeker (previously) publishes her must-read Internet Trends Report, which comes as a powerpoint deck with hundreds of slides (you can watch her power through them in 30 minutes flat at the Re-Code conference). Read the rest

In less than one second, a malicious web-page can uniquely fingerprint an Iphone, Pixel 2 or Pixel 3 without any explicit user interaction

In a new paper for IEEE Security, a trio of researchers (two from Cambridge, one from private industry) identify a de-anonymizing attack on Iphones that exploits minute differences in sensor calibration: an Iphone user who visits a webpage running the attack code can have their phone uniquely identified in less than a second, through queries to the sensors made through automated background processes running on the page. Read the rest

DOJ accuses Verizon and AT&T employees of participating in SIM-swap identity theft crimes

The DOJ has indicted three former Verizon and AT&T employees for alleged membership in a crime-ring known as the "The Community"; the indictment says the telco employees helped their confederates undertake "port-out" scams (AKA "SIM-swapping" AKA "SIM hijacking"), which allowed criminals to gain control over targets' phone numbers, thereby receiving SMS-based two-factor authentication codes. Read the rest

5G wireless may mess up weather forecasts

While 5G mobile networks promise to provide tremendous wireless speeds with low latency, they may also make it more difficult for meteorologists to provide weather forecasts. That's because 5G's neighboring frequencies are used by satellites that detect water vapor in the atmosphere, data that informs weather models used by meteorologists. From Nature:

Astronomers, meteorologists and other scientists have long worked to share the spectrum with other users, sometimes shifting to different frequencies to prevent conflicts. But “this is the first time we’ve seen a threat to what I’d call the crown jewels of our frequencies — the ones that we absolutely must defend come what may”, says Stephen English, a meteorologist at the European Centre for Medium-Range Weather Forecasts in Reading, UK.

They include the 23.8-gigahertz frequency, at which water vapour in the atmosphere emits a faint signal. Satellites, such as the European MetOp probes, monitor energy radiating from Earth at this frequency to assess humidity in the atmosphere below — measurements that can be taken during the day or at night, even if clouds are present. Forecasters feed these data into models to predict how storms and other weather systems will develop in the coming hours and days.

But a 5G station transmitting at nearly the same frequency will produce a signal that looks much like that of water vapour. “We wouldn’t know that that signal is not completely natural,” says Gerth.

Read the rest

Facebook forces you to expose your phone number to the whole world in order to turn on two-factor authentication

Last September, Facebook drew fire for abusing the phone numbers users provided for two-factor authentication messages, sending spam advertising messages over the same channel -- now, rather than reforming its ways, Facebook has doubled down on poisoning the security well, by adding a no-opt-out policy of allowing anyone in the world to search for you by phone number if you provide that number for two-factor auth. Read the rest

Google says it won't remove Saudi government app that lets men track and monitor their wives and domestic employees

Absher is a kind of Saudi equivalent to China's Weibo, an all-in-one service that manages payments, interaction with government services, and, key to the Saudi system of sadistic, totalitarian medieval patriarchy, it lets men track the whereabouts of their wives, daughters, and employees, sending alerts to "guardians" when women use their passports. Read the rest

FTC fines app TikTok/Musical.ly $5.7 million for child data privacy violations

Today's FTC ruling impacts how the TikTok app works for users under the age of 13.

Mobile apps built with Facebook's SDK secretly shovel mountains of personal information into the Zuckermouth

If you need to build an app quickly and easily, you might decide to use Facebook's SDK, which has lots of bells and whistles, including easy integration of Facebook ads in your app's UI. Read the rest

Bossfight: Allstate Insurance enters the Right to Repair fight, loans its lobbyists to fight Apple

The Right to Repair movement got state legislatures to consider more than a dozen Right to Repair bills last year, and have made great strides in the EU and elsewhere, but for every two steps forward they manage, they're forced a step or two back by giant corporate lobbyists, led by Apple, who want to ensure that third parties can't repair products, and that a manufacturer's decision it's time to retire a product from the market won't be challenged by independent repair depots. Read the rest

Ios and Android app stores both host Saudi government app that lets men track their spouses' movements

Senator Ron Wyden has publicly denounced both Apple and Google for hosting mobile apps that connect to Absher, a Saudi government service designed to allow Saudi men to track their spouses and employees' whereabouts at all times. Read the rest

Study shows that countries that permit Facebook's beloved "zero rating" programs end up with more expensive wireless data

Facebook loves "zero rating," when an internet provider takes bribes from online services to exempt them from data charges on their networks: Facebook says that having a roster of (Facebook-approved) services that are free-to-use benefits the poorest people in a country (and the fact that this also makes "Facebook" synonymous with "internet" for whole nations is merely incidental). Read the rest

Leak reveals that hundreds of bounty hunters have had access to super-fine-grained mobile location data for years

After a blockbuster report in Motherboard revealed that bounty hunters were able to buy realtime location data that originated with three of the four major cellular carriers (the exception is Verizon), the carriers scrambled to spin the news, insisting that the bounty hunter access represented a recent, small-scale aberration, but a new set of leaks reported on in Motherboard reveals that the practice has gone on for years, at industrial scale, and that the resellers who supplied bail bondsmen and other unsavory types in secret have changed names, but are still in business. Read the rest

Facebook cancels its all-spying, secret "research" program, Apple cancels Facebook's developer account

Yesterday, Techcruch published a deeply reported account of Facebook's "Project Atlas,", a "research" app whose users were paid up to $20/month (plus affiliate fees) to install on Ios devices, which exploited third parties with access to Apple's developer program to install a man-in-the-middle certificate that allowed Facebook to harvest every conceivable kind of data from its users' Iphones and other Ios devices. Read the rest

Project Atlas: Facebook has been secretly paying Iphone users to install an all-surveilling "VPN" app

The "Facebook Research" VPN is an app that circumvents Apple's ban on certain kinds of surveillance by cloaking itself as a beta app and distributing through the Applause, Betabound and Utest services, rather than Apple's App Store: users get up to $20/month, plus referral fees, to run the app, which comes with a man-in-the-middle certificate that lets Facebook intercept "private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed." Read the rest

Major vulnerability in 5G means that anyone with $500 worth of gear can spy on a wide area's mobile activity

Stingrays (AKA IMSI catchers) are a widespread class of surveillance devices that target cellular phones by impersonating cellular towers to them (they're also called "cell-site simulators"). Read the rest

More posts