How law enforcement gets around your smartphone’s encryption

How law enforcement gets around your smartphone’s encryption

At this point an attacker could find and exploit certain types of security vulnerabilities in iOS to grab encryption keys that are accessible in memory and decrypt big chunks of data from the phone.

A preliminary look at privacy labels in iOS VPN apps

A preliminary look at privacy labels in iOS VPN apps

Apple has split the privacy labels into two types depending on whether the information collected is used to track you, or is not linked to you and used for things like app functionality.VPN Apps Privacy Labels: Data used to track you and Data linked to you.

What You Should Know Before Leaking a Zoom Meeting

What You Should Know Before Leaking a Zoom Meeting

Zoom meetings present a unique set of challenges for source protection, but these challenges can be minimized by following best practices and taking care not to publish raw meeting materials unless there is high confidence that the recordings were not watermarked and have been thoroughly reviewed to make sure no other potentially identifying features are present in the audio or video.

How Law Enforcement Gets Around Your Smartphone's Encryption

How Law Enforcement Gets Around Your Smartphone's Encryption

“It just really shocked me, because I came into this project thinking that these phones are really protecting user data well,” says Johns Hopkins cryptographer Matthew Green, who oversaw the research.

Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole

Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole

According to a Wall Street Journal report, TikTok used a banned tactic to bypass the privacy safeguard in Android to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out.

Police Robots Are Not a Selfie Opportunity, They’re a Privacy Disaster Waiting to Happen

Police Robots Are Not a Selfie Opportunity, They’re a Privacy Disaster Waiting to Happen

Instead, a robot snitch that looks like a rolling trash can is programmed to decide whether a person looks suspicious—and then call the human police on them.This begs the question: Who gets reprimanded if a robot improperly harrasses an innocent person, or calls the police on them?

Privacy, schmivacy: 2 in 3 Americans don’t care if their smart devices are recording them

Privacy, schmivacy: 2 in 3 Americans don’t care if their smart devices are recording them

Privacy issues are a constant concern when it comes to digital technology, but a new survey finds many Americans are simply accepting they may not be alone in their own home.

Exfiltrating Remaining Private Information from Donated Devices

Exfiltrating Remaining Private Information from Donated Devices

Here is a breakdown of all the devices I purchased: Device Type Number of Devices Bought Desktop or laptop computer 41 Removable media (such as flash drives and memory cards) 27 Hard disk 11 Cell phone 6 After buying the devices, I took them to my command center (a cool name for my basement) and began the data extraction process.

No, Cellebrite cannot 'break Signal encryption.'

No, Cellebrite cannot 'break Signal encryption.'

Last week, Cellebrite posted a pretty embarrassing (for them) technical article to their blog documenting the “advanced techniques” they use to parse Signal on an Android device they physically have with the screen unlocked.

Iranian RANA Android Malware Also Spies On Instant Messengers

Iranian RANA Android Malware Also Spies On Instant Messengers

Formally linking the operations of APT39 to Rana, the FBI detailed eight separate and distinct sets of previously undisclosed malware used by the group to conduct their computer intrusion and reconnaissance activities, including an Android spyware app called "" with information-stealing and remote access capabilities.

IPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever

IPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all.

Twitter now supports hardware security keys for iPhones and Android

Twitter now supports hardware security keys for iPhones and Android

Now anyone with a security key set up on their Twitter account can use that same key to log in from their mobile device, so long as the key is supported.

Amazon Sidewalk shares your home WiFi network with other Amazon devices unless you opt out

Amazon Sidewalk shares your home WiFi network with other Amazon devices unless you opt out

Amazon Sidewalk turns your home’s Amazon Alexa device into a bridge device – a router that takes a chunk of your home’s WiFi bandwidth and gives it to neighboring “Sidewalk-enabled” devices such as the Amazon Echo and Amazon Ring devices.

Amazon faces a privacy backlash for its Sidewalk feature, which turns Alexa devices into neighborhood WiFi networks that owners have to opt out of

Amazon faces a privacy backlash for its Sidewalk feature, which turns Alexa devices into neighborhood WiFi networks that owners have to opt out of

Amazon customers are being automatically opted in to Sidewalk, a feature set to launch later this year that the company says will connect Alexa devices to nearby WiFi networks, even those owned by someone else.

'Smart' doorbells for sale on Amazon, eBay came stocked with security vulnerabilities

'Smart' doorbells for sale on Amazon, eBay came stocked with security vulnerabilities

In this case, researchers bought another device from Amazon and eBay that was vulnerable to KRACK, a three-year-old bug that attackers could use to eavesdrop on wireless networks.

No Safety without (Cyber-)Security!

No Safety without (Cyber-)Security!

It’s a common experience: I talk to people developing safety-critical embedded systems, be it cars or medical devices, and, while clearly serious about product safety, they show little interest in security.

Official Trump 2020 App collected phone numbers from contact lists without consent and could sell that data

Official Trump 2020 App collected phone numbers from contact lists without consent and could sell that data

It’s worth noting that the official campaign app from President elect Joe Biden – Team Joe and later Vote Joe – also collected IP addresses, location information, and even contact lists; however if the user declined to consent to sharing this information, the app would respect that request as opposed to siphoning the information anyways with invisible code.

European privacy activists file complaint over iPhone tracking software

European privacy activists file complaint over iPhone tracking software

But the non-profit group says that Apple's iOS operating system creates unique codes for each iPhone that allow the company and other third parties to "identify users across applications and even connect online and mobile behaviour.".

Privacy Group Files Legal Complaints in Europe Targeting Apple's Device Identifier Service for Advertisers

Privacy Group Files Legal Complaints in Europe Targeting Apple's Device Identifier Service for Advertisers

Next year, however, Apple will require apps to seek customer consent before the IDFA can be used in iOS 14 to track user behavior and preference across apps and websites for ad targeting purposes.

Microsoft Warns: A Strong Password Doesn’t Work, Neither Does Typical Multi-Factor Authentication

Microsoft Warns: A Strong Password Doesn’t Work, Neither Does Typical Multi-Factor Authentication

picture alliance via Getty Images The Director of Identity Security at Microsoft has been warning about the inefficacy of passwords and more recently about standard Multi-Factor Authentication or MFA.He should know: the team he works with at Microsoft defends against hundreds of millions of password-based attacks every day.

New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?

New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?

"Google designed and implemented its Android operating system and apps to extract and transmit large volumes of information between Plaintiffs’ cellular devices and Google using Plaintiffs’ cellular data allowances," the complaint claims.

Privacy News Online | Weekly Review: November 6, 2020

Privacy News Online | Weekly Review: November 6, 2020

The social networking app left a server exposed on the internet that exposed private user data for the entire world to see.Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.

New Google app could help providers block phone functions if you miss installment payments

New Google app could help providers block phone functions if you miss installment payments

The app’s function is described on the Play Store as follows: Device Lock Controller enables device management for credit providers.Sometimes devices from carriers with outstanding balances could be blacklisted from working on the network until the balance of the phone is paid off – the same thing can happen when a customer decides to leave the carrier.

Introducing WhatsApp Disappearing Messages

Introducing WhatsApp Disappearing Messages

Media sent in a disappearing message will also be deleted after seven days, but this feature isn’t applied to previously sent or received messages.However, the message will still disappear even if a user doesn’t open the app for seven days.

Should You Use Biometric Locks on Your Devices?

Should You Use Biometric Locks on Your Devices?

As such, many cybersecurity experts actually recommend biometric locks like fingerprint, face scan, or retina scan instead.No matter what protection you go with for your devices – be it password, PIN, or biometric lock – make sure that you’ve done your research.

DHS Authorities Are Buying Moment-By-Moment Geolocation Cellphone Data To Track People

DHS Authorities Are Buying Moment-By-Moment Geolocation Cellphone Data To Track People

Mizelle states in his memo that there are ways for CBP and ICE to “minimize the risk” of possible constitutional violations, pointing out that they could limit their searches to defined periods, require supervisors to sign off on lengthy searches, only use the data when more “traditional” techniques fail, and limit the tracking of one device to when there is “individualized suspicion” or relevance to a “law enforcement investigation.”.

Quest 2 has allegedly been jailbroken, bypassing Facebook login requirement

Quest 2 has allegedly been jailbroken, bypassing Facebook login requirement

While root access is generally thought of as a way to flash ROMs or modify the operating system in the Android smartphone world, root access on a Quest 2 means folks would be able to bypass the requirement to log into a Facebook account before being able to use their Oculus Quest 2.

Police across America can break into locked phones, and often do so without a warrant

Police across America can break into locked phones, and often do so without a warrant

The report is called “Mass Extraction: The Widespread Power of U.S. Law Enforcement to Search Mobile Phones.” Over 2,000 FOIA requests, Upturn discovered that police departments in all 50 states and also Washington D.C. have purchased mobile device forensic tools (MDFTs).

Police in all 50 states are using secret tools to break into locked phones — and they're using them for cases as low-level as shoplifting, records show

Police in all 50 states are using secret tools to break into locked phones — and they're using them for cases as low-level as shoplifting, records show

Law enforcement agencies are able to crack into locked, encrypted smartphones far more frequently than was previously known, according to new documents surfaced by through over 100 public records requests by the digital liberties nonprofit Upturn.

Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch

Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch

Harrison Sand, a researcher at Norwegian security company Mnemonic, said that commands exist for surreptitiously reporting the watch’s real-time location, taking a snapshot and sending it to an Xplora server, and making a phone call that transmits all sounds within earshot.