Category Archives: electronics
Meet the groundbreaking new encryption app set to revolutionize privacy and freak out the feds.
Updated Monday, Feb. 4, 2013, at 12:21 PM ET
For the past few months, some of the world’s leading cryptographers have been keeping a closely guarded secret about a pioneering new invention. Today, they’ve decided it’s time to tell all.
Back in October, the startup tech firm Silent Circle ruffled governments’ feathers with a “surveillance-proof” smartphone app to allow people to make secure phone calls and send texts easily. Now, the company is pushing things even further—with a groundbreaking encrypted data transfer app that will enable people to send files securely from a smartphone or tablet at the touch of a button. (For now, it’s just being released for iPhones and iPads, though Android versions should come soon.) That means photographs, videos, spreadsheets, you name it—sent scrambled from one person to another in a matter of seconds.
“This has never been done before,” boasts Mike Janke, Silent Circle’s CEO. “It’s going to revolutionize the ease of privacy and security.”
True, he’s a businessman with a product to sell—but I think he is right.
The technology uses a sophisticated peer-to-peer encryption technique that allows users to send encrypted files of up to 60 megabytes through a “Silent Text” app. The sender of the file can set it on a timer so that it will automatically “burn”—deleting it from both devices after a set period of, say, seven minutes. Until now, sending encrypted documents has been frustratingly difficult for anyone who isn’t a sophisticated technology user, requiring knowledge of how to use and install various kinds of specialist software. What Silent Circle has done is to remove these hurdles, essentially democratizing encryption. It’s a game-changer that will almost certainly make life easier and safer for journalists, dissidents, diplomats, and companies trying to evade state surveillance or corporate espionage. Governmentspushing for more snooping powers, however, will not be pleased.
By design, Silent Circle’s server infrastructure stores minimal information about its users. The company, which is headquartered in Washington, D.C., doesn’t retain metadata (such as times and dates calls are made using Silent Circle), and IP server logs showing who is visiting the Silent Circle website are currently held for only seven days. The same privacy-by-design approach will be adopted to protect the security of users’ encrypted files. When a user sends a picture or document, it will be encrypted, digitally “shredded” into thousands of pieces, and temporarily stored in a “Secure Cloud Broker” until it is transmitted to the recipient. Silent Circle, which charges $20 a month for its service, has no way of accessing the encrypted files because the “key” to open them is held on the users’ devices and then deleted after it has been used to open the files. Janke has also committed to making the source code of the new technology available publicly “as fast as we can,” which means its security can be independently audited by researchers.
The cryptographers behind this innovation may be the only ones who could have pulled it off. The team includes Phil Zimmermann, the creator of PGP encryption, which is still considered the standard for email security; Jon Callas, the man behind Apple’s whole-disk encryption, which is used to secure hard drives in Macs across the world; and Vincent Moscaritolo, a top cryptographic engineer who previously worked on PGP and for Apple. Together, their combined skills and expertise are setting new standards—with the results already being put to good use.
According to Janke, a handful of human rights reporters in Afghanistan, Jordan, and South Sudan have tried Silent Text’s data transfer capability out, using it to send photos, voice recordings, videos, and PDFs securely. It’s come in handy, he claims: A few weeks ago, it was used in South Sudan to transmit a video of brutality that took place at a vehicle checkpoint. Once the recording was made, it was sent encrypted to Europe using Silent Text, and within a few minutes, it was burned off of the sender’s device. Even if authorities had arrested and searched the person who transmitted it, they would never have found the footage on the phone. Meanwhile, the film, which included location data showing exactly where it was taken, was already in safe hands thousands of miles away—without having been intercepted along the way—where it can eventually be used to build a case documenting human rights abuses.
One of the few people to have tested the new Silent Circle invention is Adrian Hong, the managing director of Pegasus Strategies, a New York-based consulting firm that advises governments, corporations, and NGOs. Hong was himself ensnared by state surveillance in 2006 and thrown into a Chinese jail after getting caught helping North Korean refugees escape from the regime of the late Kim Jong Il. He believes that Silent Circle’s new product is “a huge technical advance.” In fact, he says he might not have been arrested back in 2006 “if the parties I was speaking with then had this [Silent Circle] platform when we were communicating.”
But while Silent Circle’s revolutionary technology will assist many people in difficult environments, maybe even saving lives, there’s also a dark side. Law enforcement agencies will almost certainly be seriously concerned about how it could be used to aid criminals. The FBI, for instance, wants all communications providers to build in backdoors so it can secretly spy on suspects. Silent Circle is pushing hard in the exact opposite direction—it has an explicit policy that it cannot and will not comply with law enforcement eavesdropping requests. Now, having come up with a way not only to easily communicate encrypted but to send files encrypted and without a trace, the company might be setting itself up for a serious confrontation with the feds. Some governments could even try to ban the technology.
Janke is bracing himself for some “heat” from the authorities, but he’s hopeful that they’ll eventually come round. The 45-year-old former Navy SEAL commando tells me he believes governments will eventually realize that “the advantages are far outweighing the small ‘one percent’ bad-intent user cases.” One of those advantages, he says, is that “when you try to introduce a backdoor into technology, you create a major weakness that can be exploited by foreign governments, hackers, and criminal elements.”
If governments don’t come round, though, Silent Circle’s solution is simple: The team will close up shop and move to a jurisdiction that won’t try to force them to comply with surveillance.
“We feel that every citizen has a right to communicate,” Janke says, “the right to send data without the fear of it being grabbed out of the air and used by criminals, stored by governments, and aggregated by companies that sell it.”
The new Silent Circle encrypted data transfer capability is due to launch later this week, hitting Apple’s App Store by Feb. 8. Expect controversy to follow.
This article arises from Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.
Publicly available code allows hackers to disable Wi-Fi in a range of products.
by Dan Goodin – Oct 26 2012, 1:50pm EDT
The iPhone 4 and a slew of older devices from Apple, Samsung, HTC, and other manufacturers are vulnerable to attacks that can make it impossible to send or receive data over Wi-Fi networks, a security researcher said.
Proof-of-concept code published online makes it trivial for a moderately skilled hacker to disable older iPhones, HTC Droid Incredible 2s, Motorola Droid X2s, and at least two-dozen other devices, including Edge model cars manufactured by Ford. The Denial-of-Service vulnerability stems from an input-validation error in the firmware of two wireless chips sold by Broadcom: the BCM4325 and theBCM4329. The US Computer Emergency Readiness Team has also issued an advisory warning of the vulnerability.
“The only requirement to exploit the vulnerability is to have a wireless card that supports [the] raw inject of 802.11 frames,” Andrés Blanco one of the researchers from Core Security who discovered the vulnerability, told Ars. “The Backtrack Linux distribution has almost everything you need to execute the POC provided in the advisory.”
The Core Security advisory said that Broadcom has released a firmware update that patches the “out-of-bounds read error condition” in the chips’ firmware. Device manufacturers are making it available to end users on a case-by-case basis since many of the affected products are older and already out of service.
Blanco said the exploit makes it impossible for an affected device to send or receive data over Wi-Fi for as long as the DoS attack lasts. Once the malicious packets subside, the device will work normally. Other device functions are unaffected by the Wi-Fi service interruption. He said it’s possible the bug could be exploited to do more serious things.
“We are not sure that we could retrieve private user data but we are going to look into this,” he said.
This afternoon the NYPD debuted their “all-seeing” Domain Awareness System, which syncs the city’s 3,000 closed circuit camera feeds in Lower Manhattan, Midtown, and near bridges and tunnels with arrest records, 911 calls, license plate recognition technology, and even radiation detectors. Mayor Bloomberg dismissed concerns that this represented the most glaring example of Big Brother-style policing. “What you’re seeing is what the private sector has used for a long time,” Bloomberg said. “If you walk around with a cell phone, the cell phone company knows where you are…We’re not your mom and pop’s police department anymore.”
The system was developed with Microsoft and paid for by the city for $30 to $40 million, and has already been in use for six months. The feeds compiled by the system are kept for thirty days, then erased.
In a live demonstration of DAS, the NYPD’s director of policy and planning for counterterrorism, Jennifer Tisch, showed reporters how the system responded to a recent report of a suspicious package. A description of the package (a closed “Jack Daniels” box) was shown next to its location. Video feeds within 500 feet of the package’s location that showed the location several minutes before the package was reported to police, so that the system’s operator could determine who or what placed the package there.
In another example, a radioactive isotope—Technetium-99—was detected and the officer at the helm is shown a description of the isotope. “I want to stress that this isotope has both medical and industrial uses,” Tisch said, before adding that it would be the officer’s judgement call as to whether the isotope meant that it was a terrorist threat or someone who had recently undergone “some sort of medical procedure,” as the mayor put it. “It takes some judgement to use technology,” Bloomberg added, presumably including on-the-spot radiography in his assertion.
Reports of suspicious cars can be followed up with license-plate scanners, which will track and beam back the location of the vehicle to the system so that the police can follow it in real-time—video feeds will also show delayed images to help the officers determine if the car is in a caravan. Arrest and driving records are shown alongside the camera image. “This system is the ultimate in domain awareness,” Tisch said.
Regarding the department’s recent request for information from Twitter for a threat made by one of its users, Kelly said that social media monitoring “is not done at this location,” and that “[The NYPD] only monitors social media for specific investigations. That’s the world we live in.”
The City will receive 30% on the profits Microsoft will make selling it to other cities, although Mayor Bloomberg declined to say if that money would go back into the NYPD. “Maybe we’ll even make a few bucks.”
By Michael W. Kahn | ECT Staff WriterPublished: March 27th, 2012
A new insurance industry report confirms what electric cooperatives, phone companies, breweries and many individuals have been all too aware of: Metal theft is on the rise.
The National Insurance Crime Bureau tallied figures for 2009 through 2011. During those three years, 25,083 insurance claims were filed for stolen aluminum, brass, bronze or copper. A whopping 96 percent were for copper theft.
The number of claims jumped 81 percent from an earlier NICB report covering 2006 through 2008. NICB is a not-for-profit organization that works to detect and prevent insurance fraud.
“The thieves can endanger the safety of themselves and those in the surrounding community, and weaken the infrastructure vital to our everyday lives,” NICB wrote in its report.
“Unoccupied buildings have exploded due to gas lines being stolen, stretches of highway have been left dark after thieves stole wiring from utility poles, and tornado warning sirens have been rendered inoperable due to wiring being stolen.”
Ohio leads the nation with 2,398 metal theft claims. Texas is hot on its heels with 2,023. The top five is rounded out by Georgia (1,481), California (1,348) and Illinois (1,284).
On the other end of the spectrum, Alaska saw just three claims in three years, while Wyoming had four, and North Dakota and South Dakota had five each.
Among major metropolitan areas, Chicago had 963 metal theft claims to lead the nation, followed by New York (921), Atlanta (823), Dallas-Fort Worth (674) and Detroit (587).
NICB validated what electric co-ops and other utilities have long been saying: that the value of the stolen copper is often dwarfed by the damage tally.
“Frequently the damage caused by such thefts is several times the value of the metal stolen,” the report said, “leaving the victims with hefty repair costs which are often passed on to insurance companies.”
By Michael Gregg
Celebrities are a perfect target for hackers — they’re highly visible, spend lots of time on their smartphones and they know next to nothing about security. It’s no wonder they’re often victimized by hackers — from lone hackerazzis like the alleged Christopher Chaney to hacker groups like the Anonymous offshoot ‘Hollywood Leaks.’
But how do these hackers actually hack a cell phone?
Many people seem to think it requires a great deal of computer skill to hack a phone; that you have to be some type of hacker mastermind. But the reality is, it’s not that hard.
Here are a few ways:
# 1 — Physical Access to the Phone — Obviously, if a person can get physical access to a cell phone, even for a few seconds, it’s game over. The person can clone it, place a remote spying tool on the phone or download the pictures and information directly to their own account.
TIPS — Make sure your phone has a strong password lock to prevent unauthorized access. Sign up for a mobile phone recovery service — like Where’s My Droid, Find My iPhone, McAfee’s WaveSecure, etc. — that offers GPS tracking, remote freeze and remote wiping in case the phone is ever lost or stolen.
#2 — Hacking Email, Twitter and Apps — Most celebrities are hacked through email, Twitter and other accounts that they use on their phones. This is what happened to Scarlett Johanson, Kreayshawn, Mila Kunis and Christina Aguillera, among others — and it may also be the reason for the more recent hacks on Heather Morris and Christina Hendricks.
Hackers get in by guessing a weak password or bypassing the password altogether by answering a series of cognitive security questions such as mother’s maiden name or what high school they attended. This technique is what is alleged to have been used by Chris Chaney and Hollywood Leaks.
To beat a password, hackers can use special password cracking programs that attempt to “dictionary attack” or “brute force” the account, or they can simply do their homework on the celebrity and use that to guess the passphrase or security questions. Once the hacker gets in to one account, especially email, he can use it to get into other accounts (for example, request the Twitter password reminder be sent to Gmail or other web-based email account).
TIPS — Use a unique password for each online account. Make sure it’s at least 10 characters long and doesn’t make up a real word — use letters, numbers and symbols. Give fake answers to the security questions to make it hard for others to guess. To be extra safe, consider using “two-factor authentication” and PGP encryption with the email account as well.
#3 — Social Engineer the Phone Company — In 2005, hackers stole nude pictures of Paris Hilton by getting access to her T-Mobile Sidekick II, a precursor to today’s smartphones. How did they do it? Theyimpersonated a T-Mobile support tech over the phone and tricked T-Mobile employees into giving them access to the carrier’s intranet site that contained a list of user accounts, which allowed them to reset the password to her account and steal photos and contacts. Today, there’s still a risk hackers could reset accounts or permissions by conning the phone company, but it’s more likely they’ll simply target a person’s accounts directly online.
TIPS — Check your online phone accounts periodically to make sure there haven’t been any unauthorized changes.
#4 — Wi-Fi Spies — Movie stars do a lot of traveling, and while they’re roaming about they’re often connecting their phones to open Wi-Fi networks — whether it’s at the airport, hotel or Starbucks. This puts them at greater risk of being hacked. Using public Wi-Fi puts all of your online accounts, Internet searches, emails and usernames/passwords out in the open where they can be read, copied and hacked by any person with moderate computer skills. In fact, there are special tools available online that do this.
TIPS — Don’t use public Wi-Fi. Stick with 3G or 4G service, as it’s harder to hack. If you must use a public wireless network, only use websites or apps from your phone that offer encryption (‘https’ in the address bar) and don’t save your passwords in a cache. Even better, setup a virtual private network (VPN) that will encrypt your online activity no matter where you are.
#5 — Spyware — Stars who spend a lot of time using open Wi-Fi and chatting with friends or followers on social networks and clicking on shared links are also at risk of spyware. Spyware is malicious software that can infect your phone in order to record the things you type — like usernames and passwords — and it can also be used to steal items from your phone, like photos, contacts and banking data. “FakeToken” is one example of spyware that is currently being found on some Android phones. There’s a good chance some celebrity phones have been infected by spyware.
TIPS — Don’t use public Wi-Fi. Don’t click on suspicious links, whether they’re in email, text messages or tweets.
The bottom line is that most celebrities fall victim to hacks because they use weak passwords and share too much information — and images — through easily hacked accounts. A few basic precautions would fix the problem for many of them; hopefully they’ll learn their lesson.
Claims investigators have a new tool when working out in the field. Voxer is a Walkie Talkie application for smartphones. It lets you send instant audio, text, photo and location messages to one or a group of friends/investigators. This is an application that all private investigators should have on their smartphones. Speaking from personal experience, the micro talk walkie talkie radio’s out there on the market (Midland, Cobra in particular) were ok at best. The 5-10 mile radius that they claimed to cover was more like three city blocks. Also, investigators would often speak over each other on the radio often causing confusion during an investigation. No longer will I have to hear, “Do you have extra batteries? Mine are dead.” I think Voxer has some promise and is already better than any micro talk walkie talkie i’ve ever used for surveillance. There is a short lag time which should improve with time. The message contains location data from the sender which will help when no street signs or markers are near. The application has not drained my Iphone battery and is incredibly easy to use. Now if only there was an application to magically write professional reports.
By NICK WINGFIELD and SOMINI SENGUPTA
Published: February 17, 2012
WOODLAND HILLS, Calif. — Daniel Gárate’s career came crashing to earth a few weeks ago. That’s when the Los Angeles Police Department warned local real estate agents not to hire photographers like Mr. Gárate, who was helping sell luxury property by using adrone to shoot sumptuous aerial movies. Flying drones for commercial purposes, the police said, violated federal aviation rules.
“I was paying the bills with this,” said Mr. Gárate, who recently gave an unpaid demonstration of his drone in this Southern California suburb.
His career will soon get back on track. A new federal law, signed by the president on Tuesday, compels theFederal Aviation Administration to allow drones to be used for all sorts of commercial endeavors — from selling real estate and dusting crops, to monitoring oil spills and wildlife, even shooting Hollywood films. Local police and emergency services will also be freer to send up their own drones.
But while businesses, and drone manufacturers especially, are celebrating the opening of the skies to these unmanned aerial vehicles, the law raises new worries about how much detail the drones will capture about lives down below — and what will be done with that information. Safety concerns like midair collisions and property damage on the ground are also an issue.
American courts have generally permitted surveillance of private property from public airspace. But scholars of privacy law expect that the likely proliferation of drones will force Americans to re-examine how much surveillance they are comfortable with.
“As privacy law stands today, you don’t have a reasonable expectation of privacy while out in public, nor almost anywhere visible from a public vantage,” said Ryan Calo, director of privacy and robotics at the Center for Internet and Society at Stanford University. “I don’t think this doctrine makes sense, and I think the widespread availability of drones will drive home why to lawmakers, courts and the public.”
Some questions likely to come up: Can a drone flying over a house pick up heat from a lamp used to grow marijuana inside, or take pictures from outside someone’s third-floor fire escape? Can images taken from a drone be sold to a third party, and how long can they be kept?
Drone proponents say the privacy concerns are overblown. Randy McDaniel, chief deputy of the Montgomery County Sheriff’s Department in Conroe, Tex., near Houston, whose agency bought a drone to use for various law enforcement operations, dismissed worries about surveillance, saying everyone everywhere can be photographed with cellphone cameras anyway. “We don’t spy on people,” he said. “We worry about criminal elements.”
Still, the American Civil Liberties Union and other advocacy groups are calling for new protections against what the A.C.L.U. has said could be “routine aerial surveillance of American life.”
Under the new law, within 90 days, the F.A.A. must allow police and first responders to fly drones under 4.4 pounds, as long as they keep them under an altitude of 400 feet and meet other requirements. The agency must also allow for “the safe integration” of all kinds of drones into American airspace, including those for commercial uses, by Sept. 30, 2015. And it must come up with a plan for certifying operators and handling airspace safety issues, among other rules.
The new law, part of a broader financing bill for the F.A.A., came after intense lobbying by drone makers and potential customers.
The agency probably will not be making privacy rules for drones. Although federal law until now had prohibited drones except for recreational use or for some waiver-specific law enforcement purposes, the agency has issued only warnings, never penalties, for unauthorized uses, a spokeswoman said. The agency was reviewing the law’s language, the spokeswoman said.
For drone makers, the change in the law comes at a particularly good time. With the winding-down of the war in Afghanistan, where drones have been used to gather intelligence and fire missiles, these manufacturers have been awaiting lucrative new opportunities at home. The market for drones is valued at $5.9 billion and is expected to double in the next decade, according to industry figures. Drones can cost millions of dollars for the most sophisticated varieties to as little as $300 for one that can be piloted from an iPhone.
“We see a huge potential market,” said Ben Gielow of the Association for Unmanned Vehicle Systems International, a drone maker trade group.
For Patrick Egan, who represents small businesses and others in his work for the Remote Control Aerial Photography Association in Sacramento, the new law also can’t come fast enough. Until 2007, when the federal agency began warning against nonrecreational use of drones, he made up to $2,000 an hour using a drone to photograph crops for farmers, helping them spot irrigation leaks. “I’ve got organic farmers screaming for me to come out,” he said.
The Montgomery County Sheriff’s Department in Texas bought its 50-pound drone in October from Vanguard Defense Industries, a company founded by Michael Buscher, who built drones for the army, and then sold them to an oil company whose ships were threatened by pirates in the Gulf of Aden. The company custom-built the drone, which takes pictures by day and senses heat sources at night. It cost $300,000, a fraction of the cost of a helicopter.