All posts by Vincent

iPhone Thefts Decrease Due to Kill Feature, But Don’t Get Too Excited

According to Reuters, thefts involving smartphones have declined in three major cities (San Francisco, New York, and London) after manufacturers implemented software-based kill switches into the devices. Smartphone theft is a serious problem. The article notes that in certain cities in California, smartphone thefts account for more than half of all crimes. Last year, California passed a law that requires all phones sold after July 1, 2015 to contain a kill switch. The full text of the bill is here if you’re interested in the details.

Before we all jump up and down and rejoice at the decrease in violent crime resulting from smartphones, however, consider these two arguments against kill switches in a Wired article: Continue reading iPhone Thefts Decrease Due to Kill Feature, But Don’t Get Too Excited

Privacy Concerns With Samsung’s SmartTV

Recently, media outlets have been reporting on privacy concerns with Samsung’s SmartTV. Much of the concern appears to be focused on the “Voice Recognition” section of their SmartTV privacy statement:

“If you enable Voice Recognition, you can interact with your Smart TV using your voice. To provide you the Voice Recognition feature, some voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service that converts speech to text or to the extent necessary to provide the Voice Recognition features to you. In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.Continue reading Privacy Concerns With Samsung’s SmartTV

Modern Cars With Wireless Systems Are A Threat to Privacy And Security

Yesterday, the New York Times reported on flaws in the security and privacy of cars with wireless systems. The article was based on a report released today by the office of Ed Markey, a United States Senator for Massachusetts. The report is titled “Tracking & Hacking: Security & Privacy Gaps Put American Drivers At Risk” and, as the title implies, focuses on the following two problems:

1. Wireless technologies allow hackers to “gain access and control to the essential functions and features of those cars.”

2. Other parties can “utilize information on drivers’ habits for commercial purposes without the drivers’ knowledge or consent.” Continue reading Modern Cars With Wireless Systems Are A Threat to Privacy And Security

Hacker’s List: Personalizing the Enterprise of Hacking

In a recent article, the New York Times has cast a spotlight on a new website called Hacker’s List; possibly a reference to the popular classified advertising site Craigslist. The website allows its clients to “Find professional hackers for hire.” Despite the use of the word “professional,” the types of jobs clients desire seem to be limited to relatively mundane, if illegal activities. ZDNet gives several examples of job offers that were posted on the site, including the following:

$10-$350: Need some info and messages from a Facebook account. Other jobs to come if successfull

$300-$600: I need a hacker to change my final grade, it should be done in a week.

$200-$300: Hack into a company email account. Copy all emails in that account. Give copies of the emails employer. Send spam emails confessing to lying and defamation of character to everyone in the email list.

Continue reading Hacker’s List: Personalizing the Enterprise of Hacking

An Update on Verizon’s UIDH Injection

In October last year, I posted a summary of phone carriers injecting unique identifiers into outgoing http requests made by customers. From the perspective of privacy, the main problem with this scheme is that it provides a way for third parties such as advertising networks to uniquely identify their users without using cookies.

Recent developments show that this threat is not merely theoretical. John Mayer recently discovered Continue reading An Update on Verizon’s UIDH Injection

KeySweeper Claims the Ability to Eavesdrop on Microsoft Wireless Keyboards

Have you ever wondered whether you can trust the security of wireless keyboards? Samy Kamkar has released the schematic and source code for a device called KeySweeper, a device that looks like a USB wall charger, but claims the ability to intercept and decrypt all keystrokes from any Microsoft wireless keyboard in the area. If true, it would mean no Microsoft wireless keyboard is safe at the moment. The code is posted on GitHub, and according to Samy, a basic version of the device could be built for as little as $10. The device even features an internal battery, which means it could sniff keystrokes without even being plugged in.

French Law Enforcement Officers Told to “Erase Social Media Presence”

In the aftermath of the terrorist attacks in France, CNN is reporting that French law enforcement officers have been told to erase their social media presence and to carry weapons at all times. The article says that these instructions were given because “terror sleeper cells” have been activated, thus implying that the suggested actions are related to a threat to law enforcement. Continue reading French Law Enforcement Officers Told to “Erase Social Media Presence”

Gogo Issues Fake HTTPS Certificates

A number of publications, including Ars Technica, have reported that Gogo is issuing fake HTTPS certificates to users visiting YouTube. HTTPS, when properly used, assures users that:

1. They are actually visiting the real site; Youtube in this case.

2. The communications between the visitor and the site, including passwords and cookies, are encrypted.

Ars Technica shows a screenshot of the fake certificate. It clearly shows that the issuer is Gogo rather than a Certificate Authority (CA) that the browser trusts; hence, the pop-up warning. Unfortunately, Continue reading Gogo Issues Fake HTTPS Certificates