Tag Archives: Covert Surveillance

Soldiers Get Lonely Too

If you can’t beat them on the battlefield, beat them in cyberspace.  Israel has accused Hamas of creating a fake dating app and targeting both male and female Israeli soldiers to download the app.

Once installed, the app has the ability to see the soldier’s location, contact list and to use the phone as a listening device and camera.

The app targeted Android phone users, likely because that was easier to do.  This is apparently the second generation of a surveillance app and is more sophisticated than the earlier app.  The user granted the app the permissions to do all of these things, which sort of makes sense for a dating app.

In an effort at spin control, the Israeli Defense Force said that the apps had failed to do any security damage at all, saying that some soldiers had refused to download the app and reported it to superiors.  They did admit that some soldiers had downloaded and installed the app.

In another situation, researchers at Northeastern University ran a small experiment to try and detect if their phones were eavesdropping on them.

They took what amounts to a tiny sample of apps – 17,000 out of millions – to see if the phone’s microphone was activated.  Out of this small sample, they didn’t find any.

What they did find, however, may be more disturbing.

They discovered that many of these apps were sending screenshots of the phone to third party domains and also video recordings of the user’s interaction with the apps.  There is only a very tiny step from there to listening to you in general.

The fact that these apps were doing this was not obvious to a normal user.

Given this, what do you do?

First, and you are not going to like this, read the user license agreement.  While only some of the apps that secretly recorded screenshots and video disclosed the fact in their license agreement, some of them did disclose it.

Second, if you are no longer using an app, uninstall it.  If the app is not there, it is hard to eavesdrop.

Finally, be cautious about installing apps.  Some people never met an app that they couldn’t use.  Being selective is probably just smart.

This, apparently, is both an Android and iPhone problem as some of the frameworks that mobile apps are built on top of intentionally offer this screen and video capture.  At least one vendor, Appsee, said they their developers are violating their license agreement by capturing user data without permission.  Once they were outed by the media, they disabled the video capture for a single app and feel a lot better about themselves.  Google also says this violates the Play store agreement.  Gee, I am sure that any hacker would be scared about that.

Other software platforms may not even care.

Until Google and Apple give you the ability to absolutely, positively know if your data is being captured, you have something else to be concerned about.

 

Information for this post came from The Guardian and Gizmodo.

Facebooktwitterredditlinkedinmailby feather

Germany Allows Police To Hack Phones, PCs To Get Around Encryption

Last week the German Parliament passed a law that allows hack your computer or phone when investigating anything from murder to betting fraud and many other crimes.

How would this work?  It would allow police to covertly install software on your computer or phone that allows police to siphon data off your phone.  Whether that breaks your phone or steals data that they are not supposed to have – well, that is up in the air.

This is a way to get around the encryption of data and it if done right, is very effective.  Instead of putting a back door in the encryption algorithms, which experts say will weaken protection for everyone, this solution targets on the suspects of crimes.  Of course, it means that the police have to figure out how to hack your phone.

When this law goes into effect, the protections for privacy that German citizens have will be much lower because the bar for allowing the police to hack your phone are relatively low.

Germany has had, until now, a pretty high standard for individual privacy after a 2008 decision by the German Federal Constitutional Court .  What is not clear is whether this law will be in conflict with that ruling and how the high court would rule if asked to.

Similar to the U.S. Congress, the German Parliament sneaked the rules into seemingly unrelated bills and amendments and fast tracked those bills through the legislature.

While we have not seen this technique in the U.S. Congress yet, don’t be surprised if that happens.  Look at the current attempt at a new health care bill.  Draft it in secret – even from your own party – and then try to shove it down the throats of the rank and file very quickly.  While that has not worked so far with the health care bill, that is because Senators have gotten more than an ear full from the constituents.  Absent public interest, these types of bills sail through Congress and then it is up to the courts to sort out the mess.

Information for this post came from the law firm of Morrison Foerster.

Facebooktwitterredditlinkedinmailby feather