WebProNews

Tag: Spying

  • IRS Under Investigation For Illegally Tracking Americans via Their Phones

    IRS Under Investigation For Illegally Tracking Americans via Their Phones

    The IRS is under investigation by the US Treasury’s Inspector General for purchasing smartphone data to illegally track Americans.

    The issue began when Senators Ron Wyden and Elizabeth Warren sent a letter to the Inspector General demanding the IRS be investigated. According to the letter, the IRS had been purchasing bulk data from a company named Venntel. The information contained location data from Americans’ phones, based on the various apps they use.

    According to Motherboard, a Wyden aide has said “the IRS wanted to find phones, track where they were at night, use that as a proxy as to where the individual lived, and then use other data sources to try and identify the person. A person who used to work for Venntel previously told Motherboard that Venntel customers can use the tool to see which devices are in a particular house, for instance.”

    As Wyden and Warren’s letter points out, the Supreme Court ruled in 2018 that collecting significant quantities of historical data from phones was covered under the Fourth Amendment, and therefore requires a search warrant. The fact that the IRS obtained no such warrant puts it in legally dubious territory.

    Putting aside the legal ramifications, it’s a safe bet that few Americans would be OK with the IRS tracking where they sleep at night.

  • Instagram Accused of Spying on Users Via Phone Cameras

    Instagram Accused of Spying on Users Via Phone Cameras

    Facebook is being sued over allegations Instagram is spying on users via their phone cameras.

    The lawsuit was filed against Facebook on behalf of Brittany Conditi, a New Jersey Instagram users. The lawsuit alleges that Instagram is accessing the camera even when the app is not being used.

    According to the complaint, Facebook and Instagram are “obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes,” giving them “valuable insights and market research.”

    Facebook has, of course, denied the reports. According to Bloomberg, the company says the issue was caused by a bug that improperly triggered a false notification that the camera was in use.

    Unfortunately for the company, last November its Facebook app was caught opening the camera in the background without permission. Then, as now, Facebook claimed it was an innocent bug that was responsible.

    Facebook either has the worst fortune with bugs that just happen to open the camera without permission, or there may be something to long-standing rumors the company spies on users without permission.

  • Huawei Losing Ground as Deutsche Telekom and Bell Canada Choose Ericsson

    Huawei Losing Ground as Deutsche Telekom and Bell Canada Choose Ericsson

    Huawei has been shut out of some high-profile 5G contracts, as both Deutsche Telekom and Bell Canada have gone with Ericsson.

    Huawei has faced increasing pressure worldwide as the US has led a campaign to shut the Chinese firm out of the 5G market. Huawei is already banned in the US, and officials have been working to get their allies to follow suit.

    Australia and New Zealand have similarly banned Huawei from participation in their 5G networks. The UK initially decided to allow the company to participate in a limited role, although recent events are forcing the British government to reconsider. Canada, on the other hand, has remained largely undecided.

    Bell Canada, however, has decided to exclude Huawei, inking a deal with Ericsson instead.

    “Ericsson plays an important role in enabling Bell’s award-winning LTE network and we’re pleased to grow our partnership into 5G mobile and fixed wireless technology,” said Stephen Howe, Chief Technology Officer, Bell Canada. “5G’s high-capacity and near-instant connections will enable next-generation applications like mobile 4K video and immersive augmented reality, connected vehicles and industrial IoT automation on a massive scale, and our plan is to deliver the benefits of the 5G wireless revolution to cities and rural locations alike.”

    Similarly, Deutsche Telekom has also selected Ericsson for its network in Germany.

    “We listened to Deutsche Telekom and understood their urgency to have 5G-ready infrastructure in order to stay at the forefront of customer service in Germany,” said Arun Bansal, President and Head of Ericsson in Europe and Latin America. “We can run multiple standards on the same baseband hardware and a 5G upgrade will be able to be performed by a simple software download to the radio sites. And, during these deliveries, we will use the experience from our 5G activities around the world to be sure that Deutsche Telekom has the most advanced hardware and software in the industry.”

    These are undoubtedly big losses for Huawei and further isolates the company in its efforts to be a leader in the 5G market.

  • UK Will Reevaluate Huawei’s Role in Networks

    UK Will Reevaluate Huawei’s Role in Networks

    Following a decision to allow Huawei to participate in Britain’s next-gen networks, it seems as though the government is reevaluating its stance.

    Huawei has been accused of being a part of Beijing’s spying apparatus, essentially giving the Chinese government a backdoor into any entity using Huawei’s equipment. As a result, the US has engaged in an extensive campaign to limit Huawei’s growth, trying to convince its allies to ban the firm as the US has done. Most recently, the US has moved to cut off Huawei’s supply of semiconductors, using a rule that puts restrictions on who foreign companies that use US technology can sell to.

    In spite of its efforts, the US was dealt a setback when its closest ally opted to allow Huawei to participate in its 5G rollout. Bloomberg is reporting, however, that the UK may be reconsidering that decision.

    “The security and resilience of our networks is of paramount importance,” a British government spokesperson said in an email. “Following the U.S. announcement of additional sanctions against Huawei, the NCSC is looking carefully at any impact they could have to the U.K.’s networks.”

    It will be interesting to see what the NCSC (National Cyber Security Centre) finds, but it won’t be surprising if the UK reverses its decision, at least to some degree. The move to allow Huawei to participate in British networks was unpopular among a large portion of the government, and that will likely add even further impetus toward a potential mulligan.

  • TSMC Cuts Off Huawei Following Us Factory Announcement

    TSMC Cuts Off Huawei Following Us Factory Announcement

    TSMC has stopped taking chip orders from Huawei following its plans to open a US factory.

    TSMC made headlines last week when it announced it was building a factory in Arizona. The factory, slated to begin construction in 2021, will begin production in 2024. The move is aimed at helping increase US-based semiconductor manufacturing and minimizing dependance on overseas factories.

    Meanwhile, the US has ramped up its war against Huawei, a company it accuses of helping Beijing spy on governments around the world. The latest effort was an announcement by the Commerce Department on May 15 that it was modifying the Entity List and Foreign Direct Product Rule to ban Huawei from buying semiconductors that use US technology, even those made by foreign companies.

    In view of the announcement, a source told Nikkei Asian Review that ”TSMC has stopped taking new orders from Huawei after the new rule change was announced to fully comply with the latest export control regulation. But those already in production and those orders which TSMC took before the new ban are not impacted and could continue to proceed if those chips could be shipped before mid-September.”

    Huawei was already beginning to feel the pressure from the US bans before this development and had warned of fallout if this measure was taken. The next few months should be interesting.

  • US Assets Could Be Pulled From UK Over Huawei Deal

    US Assets Could Be Pulled From UK Over Huawei Deal

    The US is reviewing its military and intelligence assets in the UK and may pull them out following the UK’s decision to use Huawei.

    The US has banned Huawei and engaged in a campaign to pressure its allies to do the same, especially those allies that, along with the US, constitute the Five Eyes. Comprised of the UK, Australia, New Zealand, Canada and the US, the Five Eyes work closely on the international scene and share intelligence. The UK, in particular, shares a very close relationship with the US, a relationship that has been strained with the UK’s decision to include Huawei in its 5G network.

    According to The Telegraph, the UK’s decision may soon result in action on the part of the US. The Telegraph says that half a dozen sources have confirmed that a review is underway to determine what military and intelligence assets in the UK may need to be pulled out.

    “This was not a bluff. You cannot mitigate the danger Boris Johnson is exposing the UK to by letting Huawei into the network,” said one of the sources.

    “This review is not a punishment. This is the White House saying ‘okay, if they’re going to go down this path and put themselves at risk then how do we protect ourselves.’”

    The coming weeks and months will no doubt be pivotal, in terms of the US and UK’s relationship. It’s also possible that such a review could put more pressure on Johnson to reverse the decision, something many in the British government already want to do.

  • Huawei Focusing on China As Worldwide Growth Slows

    Huawei Focusing on China As Worldwide Growth Slows

    Huawei is focusing on its home turf in the race to rollout 5G, while its worldwide growth slows as a result of U.S. pressure.

    The U.S. and Huawei have been at war for months, with the former accusing the latter of being a conduit for Beijing to spy on governments and companies around the globe. Huawei has vehemently denied the allegations, but that has not stopped the U.S. from banning the company from participating in its 5G network and putting pressure on allies to do the same. U.S. officials have also considered measures to cut off the company from its supply of chips, by altering the Foreign Direct Product Rule, which gives the government the ability to restrict foreign goods based on U.S. tech.

    According to Bloomberg, Huawei is focusing its efforts on building out China’s 5G network. With global growth slowing, the domestic contracts are helping the company, which is seen as the clear leader in China’s 5G efforts. With $170 billion on the line, China’s rollout should be sufficient to keep the company’s coffers well-supplied and help it remain competitive.

    It remains to be seen how the conflict between the U.S. and Huawei will play out, as many countries are undecided on whether to use the company and, if so, to what extent.

  • U.S. Taking Measures to Limit Huawei’s Chip Supplies

    U.S. Taking Measures to Limit Huawei’s Chip Supplies

    U.S. officials are moving forward with plans to cut off Huawei’s chip supplies in an effort to blunt the company’s 5G dominance.

    The U.S. has banned Huawei and is pressuring allies to do the same. Officials claim the company serves as an arm of the Chinese government’s spying operations and opens countries that use the company’s equipment to spying by Beijing. Huawei has vehemently denied the claims, but that hasn’t stopped U.S. officials from taking almost every opportunity to target the company.

    Several weeks ago, officials began considering altering the Foreign Direct Product Rule to make it difficult for the Chinese firm to access the chips it needs. Now, according to Reuters, the U.S. is moving forward with those plans.

    “The decision came when U.S. officials from various agencies met and agreed on Wednesday to alter the Foreign Direct Product Rule, which subjects some foreign-made goods based on U.S. technology or software to U.S. regulations,” Reuters’ sources said.

    Only time will tell how much of an impact the change will have, but U.S. officials will likely consider any impact a win.

  • France Will Not Ban Huawei From Networks

    France Will Not Ban Huawei From Networks

    Despite U.S. pressure, France has decided to allow Huawei equipment in its 5G networks.

    According to sources who spoke exclusively to Reuters, French cybersecurity agency ANSSI will tell wireless providers to what degree they can use Huawei’s equipment.

    “They don’t want to ban Huawei, but the principle is: ‘Get them out of the core mobile network’,” one of Reuters’ sources said.

    Although not yet official, France’s decision would mirror that made by the UK, where Huawei was permitted in a limited role. The British government decided to allow Huawei equipment to comprise up to 35% of networks, while excluding it from the core network and anywhere near military bases or nuclear sites. The hope is that by keeping the company out of the core network, any security risks can be mitigated.

    The decision is another loss in the U.S. campaign to isolate the Chinese firm amid claims it serves as a spying arm for the Chinese government.

  • Huawei Takes the Gloves Off, Highlights US History of Spying

    Huawei Takes the Gloves Off, Highlights US History of Spying

    Following the U.S. disclosure of evidence supporting its claims that Huawei represents a security risk, the Chinese firm is hitting back by highlighting the United States’ own history of spying.

    All telecom manufactures are required to create interception backdoors that network operations can use to grant law enforcement access when needed. According to the U.S., however, Huawei covertly maintains access to those backdoors, giving it the ability to spy on networks using its equipment.

    In a statement to the media, the company refutes the claim, saying “Huawei has never and will never covertly access telecom networks, nor do we have the capability to do so.” The company touts the fact that it adheres to all industry standards regarding its network equipment, including how intercept interfaces are installed. The company insists it has no involvement with intercept backdoors beyond this.

    “Huawei is only an equipment supplier. In this role, accessing customer networks without their authorization and visibility would be impossible. We do not have the ability to bypass carriers, access control, and take data from their networks without being detected by all normal firewalls or security systems.”

    Not content to merely defend itself, Huawei takes a shot at the U.S., pointing out its own history of spying on telecom networks both domestically and internationally.

    “As evidenced by the Snowden leaks, the United States has been covertly accessing telecom networks worldwide, spying on other countries for quite some time.”

    This is merely the latest chapter in the ongoing saga between the U.S. and Huawei, as both battle for the support of governments and network operators around the world.

  • U.S. Reveals Evidence on Huawei’s Spying Risk

    U.S. Reveals Evidence on Huawei’s Spying Risk

    According to The Wall Street Journal (WSJ), U.S. officials are finally disclosing the basis of their claims that Huawei poses a significant security risk.

    U.S. officials have been claiming for some time that Huawei represent a fundamental security risk for network operators and their countries, opening them up to spying by Beijing. The U.S. has engaged in an aggressive campaign to pressure its allies to ban Huawei from their networks. In spite of this, the U.S. has never officially said what it based the accusations on—until now.

    According to the report, U.S. officials say that Huawei is exploiting a legitimate backdoor that is reserved for law enforcement. Network equipment manufacturers are supposed to build backdoors in their equipment that carriers can use to grant access to law enforcement when required. Manufacturers, however, are supposed to build the backdoors in such a way that they are not able to access them, leaving only the carrier and law enforcement with access.

    In Huawei’s case, however, U.S. officials claim the company has built the backdoors in its equipment in such a way that it maintains access, without the carriers being able to detect it.

    “We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” said Robert O’Brien, national security adviser.

    The U.S. has known of this capability for at least a decade, but has kept the information strictly classified until late last year, when the information was shared with Germany and the U.K. With these new revelations, it remains to be seen if countries will start taking a stronger stance against the Chinese firm, as the U.S. has been campaigning for.

  • UK Will Include Huawei in a Limited 5G Role

    UK Will Include Huawei in a Limited 5G Role

    Defying pressure from the U.S. and Conservative MPs, the UK has refused to ban Huawei, opting to include it in a limited role, according to BBC News.

    Amidst ongoing allegations that Huawei exposes governments and corporations to spying by the Chinese government, the U.S. has banned Huawei and engaged in a campaign to pressure its allies to do the same. That campaign has stepped up in recent weeks as the UK has weighed what role Huawei would play moving forward. The U.S. has even considered limiting intel sharing with countries that use Huawei for their 5G network, a move that would certainly strain the U.S. and UK’s “special relationship.”

    Instead of banning Huawei, the UK has opted for allowing the company a limited role in the country’s 5G networks. As part of decision, Huawei will only be allowed to account for 35% of 5G telecommunications equipment. What’s more, the company will not be allowed to contribute to the sensitive parts of the core network. It will also be restricted from being used near military bases or nuclear sites.

    In spite of the UK’s decision, Foreign Secretary Dominic Raab believes it will have no impact on intel sharing with the U.S., or the coalition of countries known as the Five Eyes—the U.S., Canada, New Zealand and Australia, along with the UK.

    “Nothing in this review affects this country’s ability to share highly-sensitive intelligence data over highly-secure networks both within the UK and our partners, including the Five Eyes,” the minister told the House of Commons, according to the BBC.

    It remains to be seen, however, what long-term impact this agreement will have on UK/U.S. relations.

  • Britain On the Verge Of Including Huawei

    Britain On the Verge Of Including Huawei

    Despite U.S. pressure to ban Huawei, the British government is preparing to include the company in its 5G plans, according to Reuters.

    The U.S. has already banned Huawei and has engaged in a campaign for its allies to do the same, citing allegations the telecommunications giant serves as a way for Beijing to spy on governments and companies around the world. There have even been threats of limiting intel sharing with countries that use Huawei, something that would have profound impacts on the U.S. and UK’s “special relationship.”

    According to Reuters, Britain is trying to thread the needle by considering an option that would include Huawei, but limit it “from the sensitive, data-heavy ‘core’ part of the network and restricted government systems, closely mirroring a provisional decision made last year under former Prime Minister Theresa May.”

    Any concession toward Huawei is likely to strain relations with the U.S. but, as Reuters points out, Britain is also trying to balance its trade with China and the warnings of telecom operators that banning Huawei would significantly raise the cost of 5G deployment.

    A final decision is expected next week.

  • Austria Will Work With EU Partners On Huawei Decision

    Austria Will Work With EU Partners On Huawei Decision

    As Britain and Germany consider whether to ban Huawei, Austria has said it will collaborate with EU partners on a decision, according to Reuters.

    The U.S. and Huawei have been engaged in a war over the company’s role in helping build out 5G networks around the world. The U.S. has already banned the Chinese telecommunications company as a result of allegations it provides a way for Beijing to spy on governments and corporations.

    The U.S. has also engaged in a campaign to convince its allies of the danger of relying on Huawei, even threatening to ban intel sharing with countries that use the company. For its part, Huawei has denied the allegations, while network operators have lamented that any attempt to avoid Huawei equipment will add time and expense to 5G deployments.

    Austrian Chancellor Sebastian Kurz would not rule out using Huawei, but said the country would work with EU partners on a decision.

    “We want to be technology-neutral and at the same time guarantee maximum safety,” Kurz said at a news conference in Vienna. “We are in close coordination with our European partners and also with the European Commission.”

  • Huawei Leaning Heavily Into Cloud And AI

    Huawei Leaning Heavily Into Cloud And AI

    Light Reading is reporting that Huawei is renewing its focus on the cloud and artificial intelligence, establishing it as a fourth business group, alongside the consumer, enterprise and operator business groups.

    According to Light Reading’s Robert Clark, details are sparse but “it seems the new unit will be primarily a product and technology division, developing the underlying public and private cloud platforms, big data, smart computing and other solutions for the customer-facing units.

    “The focus on these key emerging technologies of cloud and AI is another sign of Huawei diversifying away from its core telecom equipment business. Last year the handset business eclipsed the carrier business to become the biggest source of revenue.”

    Reporting on the same story, Business Insider compares Huawei’s latest ambitions with Google and says the Chinese company may be trying to duplicate Google’s success.

    According to BI, “by focusing its cloud ambitions on the general cloud market as well as in support of its growing smartphone OS, Huawei can follow a strategy similar to Google. Google Cloud has become a major player in the large US cloud market, on course to generate $8 billion in revenue per year as the US’s third-largest cloud purveyor.”

    What BI fails to take into account, however, is the ongoing allegations of Huawei being a conduit for spying by the Chinese government. The U.S. has already banned the company and pressured its allies to do the same. Given the sensitive data businesses store in the cloud, it’s likely Huawei will face an uphill battle convincing companies to trust it as a cloud provider. With a mere 8% of the Chinese cloud market, according to Light Reading, its efforts on the home front may be similarly stymied.

  • U.S. Senator Wants Ban On Intel Sharing With Countries Using Huawei

    U.S. Senator Wants Ban On Intel Sharing With Countries Using Huawei

    In an escalation of the U.S. campaign to convince allies not to use Huawei, U.S. Senator Tom Cotton is calling for a ban on intelligence sharing with countries that use the company’s 5G equipment, according to Reuters.

    Huawei has been accused of being a conduit for Chinese spying on foreign countries. While all Chinese corporations are required to cooperate with the Chinese government and intelligence, Huawei is seen as having closer ties to Beijing than most. Huawei has denied the claims, but it has not stopped many carriers from looking elsewhere as they roll out their 5G networks.

    Cotton introduced a provision in the 2020 defense spending bill, which was signed into law by President Trump in December, that “directs intelligence agencies to consider the use of telecoms and cybersecurity infrastructure ‘provided by adversaries of the United States, particularly China and Russia,’ when entering intelligence-sharing agreements with foreign countries.”

    According to Reuters, Cotton is taking it a step further, drafting a new bill that would place much tighter restrictions on intelligence sharing agreements with countries that use Huawei for their 5G networks. The bill could be introduced as early as this month.

    This news comes as the UK debates what role Huawei will have in its own 5G rollout.

    “I’m profoundly concerned about the possibility that close allies, including the UK, might permit the Chinese Communist Party effectively to build their highly sensitive 5G infrastructure,” Cotton told Reuters.

  • ToTok Removed From Apple and Google Stores Amid Claims It’s a Government Spying App

    ToTok Removed From Apple and Google Stores Amid Claims It’s a Government Spying App

    ToTok was released only months ago and has climbed the charts to become one of the most popular messaging apps in Britain, India, Saudi Arabia and Sweden, as well as becoming one of the most downloaded social media apps in the U.S. last week.

    According to a report by the New York Times, however, the app is actually a spying tool for the United Arab Emirates government, giving it the ability to “track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.” The allegation is based on American officials who were aware of classified intelligence, as well as the NYT’s own investigation.

    The app is distributed by a company called Breej Holding. However, investigation indicates the firm is likely a front company associated with DarkMatter, a cyberintelligence and hacking firm located in Abu Dhabi. DarkMatter is staffed with individuals who previously worked for the NSA, Israeli intelligence and Emirate intelligence, and is under FBI investigation for possible cyber crimes.

    In the wake of these revelations, both Apple and Google have removed the app from their respective stores. ToTok released a post to their user community to address the allegations, but stopped short of denying them outright. In fact, their privacy policy expressly says they may share data with “group companies,” as well as “to comply with a legal obligation to which we are subject.” Either of those clauses come into play if the allegations are correct and the app is actually backed by the government.

    As the NYT comments, this is a significant “escalation in a digital arms race among wealthy authoritarian governments.” Whereas many governments have banned apps like WhatsApp and Signal, since they employ end-to-end encryption, the UAE took it a step further by lulling their citizens into a false sense of security with an app deliberately designed to spy on them and anyone else using it.

  • Greenland Choosing Ericsson Over Huawei For 5G Network

    Greenland Choosing Ericsson Over Huawei For 5G Network

    According to Reuters, Greenland’s state telecoms operator Tele Greenland has said it will use Ericsson equipment for its 5G rollout instead of Huawei.

    “5G is coming to Greenland, but no date has been set for this yet. We do not see Huawei as a possible supplier of (Tele Greenland’s) 5G network,” CEO Kristian Reinert Davidsen told broadcaster KNR.

    Ericsson also provided the 4G equipment Tele Greenland currently uses. The news comes on the heels of Norwegian wireless carrier Telenor announcing it would phase out Huawei’s equipment in favor of Ericsson, as well as reports earlier this year that Danish carrier TDC would go with the Swedish company over Huawei.

    Huawei is facing continued scrutiny over allegations its equipment provides a way for Beijing to spy on other countries. Despite some high-profile gains, the company has struggled to shake the perception that it poses an ongoing security risk.

  • TikTok Accused of Illegally Collecting Data and Uploading It to China

    TikTok Accused of Illegally Collecting Data and Uploading It to China

    A California student has filed a class-action lawsuit against TikTock, the wildly popular social media app from China. According to a report in the Daily Beast, the suit alleges that TikTok uploads data without user consent—in some cases without a user even creating an account.

    Misty Hong, a student at Palo Alto, claims she downloaded the app but never got around to setting up an account. According to the suit, TikTok created an account using her phone number, and began analyzing videos she took but never uploaded. These videos included a facial scan.

    “The app, she alleges, transferred all of her information to servers owned and operated by companies that cooperate with the Chinese government. She’s filed the lawsuit on behalf of all U.S. residents who have downloaded TikTok, roughly 110 million people.”

    The suit also alleges the app secretly gathers “users’ locations, ages, private messages, phone numbers, contacts, genders, browsing histories, cell-phone serial numbers, and IP addresses. That data was allegedly then sent to Chinese servers.”

    TikTok’s executives have tried to reassure the American public that their data is stored in Virginia, with a backup in Singapore. In a recent New York Times profile, they tried to reassure American users that their data cannot be accessed by Chinese officials. Nonetheless, previous user agreements did stipulate that data could be sent to China. The suit is alleging that practice has continued despite changes to the agreement saying it won’t.

    Convincing users of its independence is a tall order, given that Chinese corporations are required to cooperate with Chinese intelligence when requested. This is partly what has led to Huawei being blacklisted in the U.S. and under scrutiny in many countries around the world.

    U.S. senators have already warned of the threat to national security TikTok may pose, should it be sending data back to China. This lawsuit will only add to those concerns and could result in punitive measures taken against ByteDance, the company that owns TikTok.

    In the meantime, given China’s poor history of respecting individual privacy—including, but not limited to China now requiring facial recognition scans to open a wireless account—this news should come as a surprise to exactly no one.

  • Android Flaw Lets Rogue Apps Spy On You, Accessing Camera and Mic

    Android Flaw Lets Rogue Apps Spy On You, Accessing Camera and Mic

    Security firm Checkmarx has announced a serious flaw in Android that allows rogue apps to access the camera, as well as the microphone.

    Director of Security Research Erez Yalon and Senior Security Researcher Pedro Umbelino authored the post detailing their findings. In short, rogue apps on Google and Samsung phones, and in the Android ecosystem in general, could access the camera, take photos, record videos, access stored photos and videos, as well as use the GPS metadata in photos to locate a user.

    “After a detailed analysis of the Google Camera app, our team found that by manipulating specific actions and intents, an attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so. Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data. This same technique also applied to Samsung’s Camera app.

    In doing so, our researchers determined a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off. Our researchers could do the same even when a user was is in the middle of a voice call.”

    That last part is especially concerning, as it means rogue apps can access the camera without the user realizing it. This opens up a world of possibilities for surveillance, both visual and audio, comprising a person’s privacy at best and corporate or government security at worst.

    The researchers were quick to praise both Google and Samsung for their quick and professional response, and both companies have fixed the issue with their devices. Unfortunately, other vendors are also affected and it is unknown to what extent they have addressed the vulnerability.

  • Skynet Is Real, and the NSA Uses It To Track Locations with Phone Metadata

    When a spy agency decides to call one of its various tracking programs Skynet, it’s just screwing with us, right?

    A troubling report about a journalist misidentified as a terrorist from The Intercept has revealed that the National Security Agency actually has a program called Skynet.

    If you’ve never seen the Terminator movies, here’s a crash course. If you have, you understand why this is so morbidly hilarious.

    The NSA’s Skynet is unlikely to become self-aware and wipe out humanity, but it is tracking people’s whereabouts using phone metadata. The reveal was provided by documents from none other than Edward Snowden.

    The Intercept calls Skynet “a program that analyzes location and communication data (or “metadata”) from bulk call records in order to detect suspicious patterns … the NSA uses its version of SKYNET to identify people that it believes move like couriers used by Al Qaeda’s senior leadership.”

    But Skynet doesn’t always get it right, as would be expected. You know who also “moves like couriers”? Journalists reporting on said activity.

    From The Intercept:

    The briefing singles out Ahmad Muaffaq Zaidan, Al Jazeera’s longtime Islamabad bureau chief, as a member of the terrorist group. A Syrian national, Zaidan has focused his reporting throughout his career on the Taliban and Al Qaeda, and has conducted several high-profile interviews with senior Al Qaeda leaders, including Osama bin Laden.

    A slide dated June 2012 from a National Security Agency PowerPoint presentation bears his photo, name, and a terror watch list identification number, and labels him a “member of Al-Qa’ida” as well as the Muslim Brotherhood. It also notes that he “works for Al Jazeera.”

    Zaidan has denied being part of Al-Qaeda. He has, however, spent a lot of time in Pakistan and Afghanistan – conducting interviews and such.

    Earlier this week, a federal appeals court ruled that the NSA’s bulk metadata collection is illegal.