Tag Archives: Stingrays

Security News Bites for the Week Ending August 31, 2018

Spyware Company Leaves Terabytes of Data Unprotected

Spyfone, a software company that allows parents to spy on their kids, spouses to spy on each other and employers to spy on employees allowed the world to spy on everyone.

The data left exposed on Amazon included photos, text messages, contacts, location information, Facebook messages and other information.

In addition to leaving all of their customer’s data exposed, their own backend servers were also left unprotected.

I guess you might call it Karma for spying on people.  Source: Motherboard.

California Tech Execs Pushing Feds to Reverse Cali Privacy Law

Between GDPR, CCPA and other new privacy laws, the tech industry is concerned that their business model is at risk.

As a result Google, Microsoft, IBM, Facebook and others are lobbying aggressively to the Trump administration and Congress to pass a weak federal privacy law that would usurp California’s law and make it easier for those companies to continue their business model as is.

Whatever happens in DC (don’t count on anything happening, but you never know), that won’t affect the changes in Europe and many other countries that are passing similar laws to the EU to allow those countries to do business with the EU.  Those laws will impact US businesses if they have customers in those countries.  While they could create one policy for the US and another for the rest of the world, that would be complicated.

Historically DC has tried to pass a national privacy law, but those past attempts have been much weaker than existing state laws, which has made it difficult to get enough votes to pass it.  A tough law will be heavily lobbied against.  This is why, unlike most other countries in the world, we have no national privacy law.  Source: NY Times .

Senator Wyden Confirms Stingrays Interfere with 911 Calls

Harris Communications, maker of the Stingray has confirmed that the feature which is designed to stop the Stingray from interfering with 911 calls was never tested and never confirmed to work.

Comforting.

As if that wasn’t a big enough problem, hobbyists can build a DIY Stingray for less than $1,000 in parts.

And, foreign spies are already using them in Washington, DC.

WHAT.  COULD,  GO,  WRONG??   Source: Tech Crunch

Apple Forces Facebook VPN App Out of App Store

Facebook recently bought a company named Onavo that makes a VPN app.  The claim is that it makes your browsing experience a more secure browsing experience.

Only problem is that they had an ulterior motive.  They – Facebook – was collecting data on every web page the user visited, every app that you used, every bit of data that you transferred.  While the bad guys couldn’t eavesdrop, Facebook could.  And did.

Well apparently Apple had enough of the duplicity and told Facebook to either voluntarily withdraw the app or they would do it for Facebook.  The app is now gone for iPhone users.  It is still available to Android users.  Source: The Hacker News.

House Committee Recommends New Rules on Stingray Usage

The cell site simulator device known as a Stingray was originally designed for use by the military in order to create a small, local cell site bubble around our troops, but has been modified by its creator to be able to intercept cell communications in the United States.

While law enforcement – and Harris Corporation who manufactures them – have attempted to keep the usage of Stingrays under the radar, that attempt seems to have failed.

Both Harris and the Department of Justice required local police departments to drop charges in any case where the police might be required to explain their use of Stingrays.

Some people have claimed that law enforcement agencies have bent the truth in their request for warrants to use Stingrays.

Until recently, federal agencies said that they did not need a warrant to use Stingrays, but the DoJ, DHS and IRS recently created rules that say that a warrant is required – at the “suggestion” of the House Oversight Committee.

Now the House Oversight and Government Reform Committee has spent a year looking at the issue and has released a report that says that the government needs to establish a clear nationwide framework to ensure that Americans are adequately protected.

The report says that many times state law enforcement agencies don’t even need probable cause to justify the use of a Stingray.

Since many local law enforcement agencies use federal government funds to buy Stingrays, the feds can make rules for their use and, of course, Congress can pass whatever laws it wants to.

The House Committee is also recommending that the non disclosure agreements in place that have, at least in some cases, obscured the truth to courts and judges be replaced by agreements that require clarity and candor to the court.

Of course, no matter what laws Congress passes, there is nothing to stop a renegade person from using Stingray-like devices in an inappropriate manner, but that seems like a less likely situation.

The issue with Stingrays is that they indiscriminately vacuum up all cell calls in the range of the Stingray.  The interception and possible blocking of cell calls for everyone in the vicinity of a Stingray is the issue here.  That vicinity could be a mile or two radius and represent hundreds of calls at once.  In theory, a Stingray will drop the call quickly if it doesn’t meet the appropriate warrant parameters, but it doesn’t always do that.

Stay tuned for what Congress decides to do next year, if anything.

Information for this post came from MSN.com .