Tag Archives: Beacons

Could You Detect This?

Military prosecutors who are prosecuting a Navy SEAL for killing an Islamic State prisoner are now charged with bugging emails and documents that they sent to defense lawyers.

The bugs, known in the trade as beacons, tell the person who installed it who has opened the document based on their IP address and also provides other information that is returned by the beacon.

In the case of attorney-client communications, these beacons could represent prosecutorial misconduct when installed by the government and may also violate attorney-client protections.

The government claims that they bugged the documents because they are investigating leaks, but the defense says that it must be the government doing the leaking because the media is reporting on the documents before the defense even receives them.

Without regard to this particular case, bugging documents is relatively normal in business – to see if documents shared in confidence are being distributed further than the creator intended.  There are even commercial products that facilitate doing this.  One such product is Thinkst Canary.

Would you be able to detect this kind of surveillance if someone were to bug documents sent to you?  Do you think that if someone were to bug documents sent to you, that would be a violation of trust or privacy?

One simple way to temporarily defeat this kind of beaconing is to disconnect the system that the document is on from any network connection of any kind  before opening the document and leave it disconnected while the document is open.  While not impossible, normal commercial beacons do not persist once the document is closed or deleted.

It is likely that installing this sort of beacon may violate state privacy laws due to the data the comes back to the company who installed it.

While there is zero case law on the subject that I am aware of, as the use of beacons becomes more common – both legally and illegally – that will likely end.   This particular case is going on behind closed doors – for now, but that doesn’t mean that the next case will do the same.

Right now, the question is, would you even detect such a beacon if someone sent you an infected (I use that word intentionally because if they can send a beacon, they can send malware) document?

Source: Navy Times.



That App You Just Installed – It Might Be Listening To You

If you were not paranoid before, you may be now.  According to a lawsuit filed last month, the Golden State Warrior’s app turns on your phone’s microphone in order to figure out where the owner is, in order to serve ads to the user.

The suit names the NBA team, Yinzcam, Inc., which developed the app and Signal 360, which licenses the technology that makes it all work.

The law firm who filed the suit, Edelson, PC and attorney Christopher Dore said that they plan to bring lawsuits against almost a dozen pro sports teams for violating people’s privacy.

While the purpose of the technology is to use the mic to listen to beacons in and around the arena to serve ads, the microphone has to listen to your conversations as well in order to do that.

In theory they might be able to throw out your conversations, but then again, maybe not.

The app does this whether it is in the foreground or in the background.

While the app does request permission to access your phone’s microphone, it doesn’t clearly explain why or what they are collecting.

While this suit only addresses Android users, there is an iPhone app as well.  Apparently, the way that the app requests permission on an iPhone is different, so the suit doesn’t cover Apple users.  That doesn’t mean that the Apple app is not doing the same thing, however.

The suit is asking for damages for each of the 100,000 users who downloaded the Android app.

The team did not respond to requests for comment.

Most people do not bother to even look at the permissions that apps ask for.  Most users would not even consider not installing an app that asks for too many permissions.

This is an example of what happens when you don’t do that.

This is far from the only app that uses the Signal 360 technology and the firm is attempting to file other lawsuits on behalf of users of other apps that do the same thing.

One other thing to consider.

Not only would the app record your voice, but it would record the voice of anyone nearby, so even if you haven’t installed the Warrior app, it doesn’t mean that you are not being recorded.

THIS is why Snowden made people take the batteries out of their phone or put their phone in the freezer (the metal box does a good job of shielding the phone from communicating).

So next time you install an app or even say something private, consider that a nearby phone may be recording the conversation.

Maybe the FBI should use this technology?

MAYBE they already are!