Surveillance News, Articles and Updates

Eavesdropper flaw leaks millions of private conversations

Developers leave API credentials in applications built on Twilio telephony platform allowing phone call eavesdropping.

Will IETF proposal be the end of enterprise middlebox traffic snooping?

Is the ability to effectively bypass monitoring middleboxes is a good thing, both for the enterprise and more broadly network security?

FBI hasn't cracked Texas shooter's mobile phone

The FBI hasn't yet broken the phone belonging to a gunman who went on a shooting rampage in a Texas church, killing 26 and wounding 24.

ONS watching thousands via their mobiles in 3 London boroughs for census

Statisticians at the Office for National Statistics (ONS) have been tracking the movements of thousands of people, albeit anonymised, in an experiment' with Vodaphone that could replace census questions in England and Wales.

Mozilla looses trust in Dutch Certs, raises wider concerns in industry

Dutch moves to strengthen the powers of its state authorities leads Mozilla to propose excluding Dutch CAs from its trust list - could form part of a wider undermining of trust in the Internet

Did Israel deliver spyware using Adobe Flash 0-day in Word document?

A new Adobe Flash zero day exploit has been identified, reportedly used in an attack on 10 October by a threat actor known as BlackOasis and delivered through a Microsoft Word document to deploy the FinSpy commercial spyware.

Avast narrows down probable location of CCleaner attacker

Avast continued to reveal further details surrounding the cyberattack that placed a backdoor in its free computer maintenance app, CCleaner. Attack believed originated from a country located in the UTC + 4 or UTC + 5 time zones.

Government acts to restrict anonymous communications - legally

Commercial multi-user gateways may only be licensed where the supplier can demonstrate that callers can be identified following Security Minister direction to Ofcom to ensure government access to information.

State surveillance tool uses ISP to deliver malware to privacy seekers

Unnamed major internet providers are reported to be the distribution route for the spread of a new variant of government spyware FinFisher (also known as FinSpy) in two countries, targeting people seeking privacy.

Attackers can pull data from air-gapped networks' surveillance cameras

Researchers have demonstrated a way for remote attackers to exfiltrate data from and send malicious commands to air-gapped networks, using infrared surveillance cameras.

WhatsApp rebuffs government request for backdoor

WhatsApp apparently refused the UK government's entreaties to build what would essentially be a backdoor into its app earlier this year.

Anti-virus collects data without user permissions & uses commercially

A free mobile anti-virus app developed by the DU group, a developer of Android apps, has been found to collect user data without the device owners' consent.

Report: Without safeguards, Internet & IoT may create surveillance states

A catastrophic worldwide cyber-attack, the emergence of an IoT-enabled surveillance state, and the weakening of encryption were among the chief security and privacy fears expressed by experts.

EU says prior permission required to monitor staff electronic communications

Organisations will have to ask permission first before being allowed to conduct electronic monitoring of staff.

FBI malware compared to tracking device in interstate child porn case

A Texas federal judge last week ruled in favour of the US Department of Justice, rejecting a motion to suppress evidence obtained in the course of the investigation using FBI malware.

Baseball team used Apple watches to steal, transmit pitching signals

Major League Baseball investigators in the US have found that the Boston Red Sox used Apple watches to steal hand signals from competitors' catchers and pass them on to their own players.

The metropolis and security: Should the UK look to Israel's experience?

In addition to intrusion detection and surveillance hardware, technology decision-makers within major cities must consider additional technologies to ensure the hardware and tools themselves are protected says Maya Canetti.

Turla APT group linked to Gazer backdoor that spies on embassies

A previously undocumented backdoor program used to spy on foreign embassies and consulates appears to be the work of suspected Russian APT group Turla.

Malicious replacement touchscreens could completely compromise phones

Mobile users who substitute their damaged phone touchscreens or other hardware components with third-party replacements could be infecting their phones with malicious components.

Sound used to track movement via smartphone and laptops speakers

CovertBand uses high-frequency audio to place people in a room and track a person's movements using the speakers and microphones that are found in many smartphones, laptops and other devices.

If you visited anti-Trump site, the US Justice wants your details

The US Justice Department has pressed DreamHost to hand over what amounts to more than 1.3 million IP addresses associated with visitors to disruptj20.org, the group that organised protests against Donald Trump on Inauguration Day 2017.

Spyware found in more than 1,000 apps in Google Play store

Android Apps on the Google Play Store have been discovered to harbour spyware originally created by an Iraqi developer. Surveillance malware records audio and steals data from users.

NSA tools used to hack hotels; WikiLeaks in CIA Couch Potato dump

Travellers to Europe and the Middle East need to be aware of an on-going malware campaign that is targeting hotel and hospitality Wi-Fi networks and being used to glean guest and corporate information.

UK also wants to be forgotten: new data protection regulation proposed

UK proposes new data protection regulation in line with GDPR for a post-Brexit world, including right-to-be-forgotten, heavy fines, and new rules on data gathering - expected in Autumn.

ICYMI: Crypto-crash; privacy shield; AI-weapons; Alexa, Swedish breach

In Case You Missed It: Rudd crypto-crash; privacy shield invalid; AI weaponised?; Alexa pwned; Swedish breach fallout

Amazon suspends sales of Blu Android phones amid spyware allegations

Kryptowire researchers reasserted their claims that certain Android phones manufactured by Blu sent sensitive information to third parties in China, claims which Blu denies.

Researchers pwn Alexa, turning Amazon Echo into covert snooping device

Older versions of Amazon Echo are vulnerable, and though physical access to the device is needed, this is more achievable with second hand devices.

Government again takes aim at encryption after terrorists shake London

UK Prime Minister Theresa May says that technology companies are providing a "safe space" for terrorists.

IPCC investigates police for alleged hacking of political campaigners

According to a report in The Guardian, London police are being investigated over anonymous claims they hacked emails of environmental activists.