Then, late on Monday, Facebook emitted a blog post in which it kindly offered to help users “understand updates” to their “device’s location settings.”. The blog post says: “On iOS devices, you currently have three options to share your precise location with an app: always, only when the app is in use or never. If you decide to update to iOS 13, you will see an additional option called ‘allow once,’ which lets an app access your device’s precise location information only once.
In experiments, researchers have their subjects blink and do small movements so they can teach the device not to count those signals as brain signals. Plus, while medical EEG uses “wet” sensors applied with a gel, a device like the Chinese hat is dry, and dry sensors are more likely to pick up noise.
The Light Phone, Inc. has announced pre-orders for the Light Phone II, a device with a monochrome e-ink display and no camera, designed to reduce phone distraction. That sounds great, but at $350 per device and $3.5 million in the bank, one might expect a more robust website to address issues of security, data privacy, and functionality. Last week, we emailed The Light Phone, Inc. to ask how they intend to protect device owners.
As many have pointed out, our mobile phones are the perfect surveillance device. Put this together with the fact that mobile phones have to connect to a nearby transmitter in order to work, and you end up with a pretty good idea of where the person using the device is throughout the day.
Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database. However, according to Ian Beer, a security researcher at Google: “Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.” Beer is a member of Project Zero, a team of white-hat hackers inside Google who work to find security vulnerabilities in popular tech, no matter who it is produced by.
“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user.
Adware is malware that hides on your device and serves you unwanted advertisements. Meanwhile, in order to display unwanted advertisements, the app registers a broadcast receiver to check if the user has unlocked the device. The researchers point out that the latest Samsung Android devices have a feature that restricts the creation of shortcuts on the home screen, which can help users uninstall it.
Cyber spies are breaking into large enterprises through IoT devices that IT departments may not know exist on the network. Keeping track of the deluge of IoT devices being connected to enterprise networks and making sure they are updated and protected is not the most exciting job in IT. But, it is fast becoming one of the most important because, as Microsoft notes, the number of deployed IoT devices already outnumbers the population of personal computers and mobile phones, combined, and is growing exponentially daily.
Many Android devices come with Google applications and services, even if the device is not a device created by Google itself but by another company. Google Assistant is available as a standalone application as well which Android users may install to integrate it on their device. Two of the features that you may find on your Android device are OK Google and Google Assistant. If OK Google or Google Assistant are active on your Android device but you are not using these tools, you may want to consider disabling those.
And the danger to unsuspecting users, trusting that new boxed devices are safe and clean, is that some of that preinstalled malware can download other malware in the background, commit ad fraud, or even take over its host device. Android is a thriving open-source community, which is great for innovation but not so great when threat actors seize the opportunity to hide malware in basic software loads that come on boxed devices.
But many of these apps, said Hastings, send user or device data to third-party data analytics companies — often to monetize your information — without your explicit consent, instead burying the details in their privacy policies. He also found Truecaller and Hiya uploaded device data — device type, model and software version, among other things — before a user could accept their privacy policies. Hiya conceded that it sends some device data to third-party services when opening the app but claims it doesn’t collect personal information.
It also has connectivity features like a locator to find your vape if you lose it and a device lock to prevent anyone other than you from using your device. The C1 app uses facial recognition and a two-step background check to verify a user's age, preventing teenagers from using the device.
As smart devices become an ever-larger part of our lives, we look at how Facebook and other companies gather information about their users and turn it into profits. Finally, Reveal’s Ike Sriskandarajah looks at the biggest smart device most of us own, the television, and how one TV maker was using it to secretly gather marketing data on its customers and sell it to advertisers.
At the Black Hat security conference in Las Vegas next week, a group of network communication security researchers will present findings on flaws in the 5G protections meant to thwart the surveillance devices known as stingrays. Once they trick a device into connecting to it, a stingray uses the IMSI or other identifiers to track the device, and even listen in on phone calls. "The idea is that in 5G, stealing IMSI and IMEI device identification numbers will not be possible anymore for identifying and tracking attacks.
Netflix paved the way for OTT in media when it moved from DVD to streaming (the “Net” part of their name) and offered television and movie-content to any internet connected device. Over-The-Top means you would have a fully-functioning phone–and a phone number–portable to whatever internet connection you desire; be that a cellular carrier, a prepaid SIM card, a coffee-shop WiFi, tethered to a friend’s device, USB hotspot or whatever other fun thing you’d like to try (BlueTooth mesh network, anyone?).
with 27 posters participating Apple makes it easy for people to locate lost iPhones , , and use AirDrop to send files to other nearby devices. Simply having Bluetooth turned on broadcasts a host of device details, including its name, whether it's in use, if Wi-Fi is turned on, the OS version it’s running, and information about the battery. The exposure may be creepier in public places, such as a subway, a bar, or a department store, where anyone with some low-cost hardware and a little know-how can collect the details of all Apple devices that have BLE turned on.
Image copyright UCSF Image caption Eddie Chang (right) and David Moses hope the work will help those with speech loss Facebook has announced a breakthrough in its plan to create a device that allows people to type just by thinking. Facebook hopes it will pave the way for a "fully non-invasive, wearable device" that can process 100 words per minute. "And by demonstrating a proof-of-concept using implanted electrodes as part of their effort to help patients with speech loss, we hope UCSF's work will inform our development of the decoding algorithms and technical specifications needed for a fully non-invasive, wearable device.
However, the footage can only be obtained with the permission of the device’s owner, who must also be a user of the company’s “neighborhood watch app,” called Neighbors. Emails show that Ring was interested in keeping the public’s attention focused on a separate subsidy deal it struck with the city designed, according to the city’s press release, to “incentivize the purchase of Ring Video Doorbells and Ring security devices.” (Two hundred residents were slated to receive $100 discounts on Ring doorbell cameras.)
I recently learned about a new voice assistant device that is worth exploring here, but first a short overview on the latest Amazon Echo and Alexa news. Various, perhaps I should say numerous, privacy groups have argued that stronger laws are needed to protect people from these always-on devices. A United Kingdom-based report this week stated that some, ahem, intimate sounds in the bedroom, would trigger the device to start listening.
In an epidsode of the dystopian near-future series, Black Mirror, a small, implantable device behind the ear grants the ability to remember, access, and replay every moment of your life in perfect detail, like a movie right before your eyes. The device, surgically implanted directly into the brain, mimics the function of a structure called the hippocampus by electrically stimulating the brain in a particular way to form memories—at least in rats and monkeys.
Since then, I’ve been keeping an eye out for patent filings from Google that used a smartphone camera to look at the expression of a user of that device in order to try to understand the emotions of that person better. The summary background for this new patented approach is one of the shortest I have seen, telling us: “Some computing devices (e.g., mobile phones, tablet computers, etc.) A computing device is described that includes a camera configured to capture an image of a user of the computing device, a memory configured to store the image of the user, at least one processor, and at least one module.
The reality, of course, is that the security of that encryption link is entirely separate from the security of the devices it connects. The ability of encryption to shield a user’s communications rests upon the assumption that the sender and recipient’s devices are themselves secure, with the encrypted channel the only weak point. After all, if either user’s device is compromised, unbreakable encryption is of little relevance.
Mobile Device Management potentially gives your company the ability to spy on your location, your web browsing, and more. When you add a work email address to your phone, you’ll likely be asked to install something called a Mobile Device Management (MDM) profile. MDM is set up by your company’s IT department to reach inside your phone in the background, allowing them to ensure your device is secure, know where it is, and remotely erase your data if the phone is stolen.
If Bluetooth is ON on your Apple device everyone nearby can understand current status of your device, get info about battery, device name, Wi-Fi status, buffer availability, OS version and even get your mobile phone number. Apple devices are appreciated for the ecosystem that connects them all. It really is very convenient to start using an app on one device and continue on another. If you want to share a photo with a friend of yours, how does your iPhone know that it’s actually their device nearby?
Legacy Bluetooth devices and devices that don’t implement privacy-protections broadcast a persistent identifier that is unique to the device, usually several times per minute. Bluetooth devices, like Wi-Fi devices, support a privacy-enhancing technique that periodically randomizes the broadcasted address, which makes it harder to track them as their owners move about in the world. Paired devices, like your phone or laptop, can still resolve the device’s real address, enabling them to communicate properly.
Smartphones are a goldmine of sensitive data, and modern apps work as diggers that continuously collect every possible information from your devices. The security model of modern mobile operating systems, like Android and iOS, is primarily based on permissions that explicitly define which sensitive services, device capabilities, or user information an app can access, allowing users decide what apps can access.
The Google Assistant only sends audio to Google after your device detects that you’re interacting with the Assistant—for example, by saying “Hey Google” or by physically triggering the Google Assistant. A clear indicator (such as the flashing dots on top of a Google Home or an on-screen indicator on your Android device) will activate any time the device is communicating with Google in order to fulfill your request.
Now, a separate team of cybersecurity researchers has successfully demonstrated a new side-channel attack that could allow malicious apps to eavesdrop on the voice coming out of your smartphone's loudspeakers without requiring any device permission. Dubbed Spearphone, the newly demonstrated attack takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built into most Android devices and can be unrestrictedly accessed by any app installed on a device even with zero permissions.