Tag: smartphones

CIA Targeting Smartphone App Data

Director of National Intelligence (DNI) Avril Haines, who oversees 18 separate agencies comprising the wider “intelligence community” – including the CIA, FBI, and NSA – has released a “policy framework for commercially available information.” It is not only the very first public confirmation by a US government official that Stateside spying entities acquire extensive data on private citizens from third party brokers, but admission this yield is deeply sensitive. While purportedly setting limits on the use of this information by spooks, the details are vague or non-existent.

“Commercially available information” (CAI) refers to data collected on individuals, typically by their smartphones, and the apps they use, sold by third parties. Via various sleights of hand and ruthless exploitation of regulatory loopholes, US intelligence obtained information not accessible by average citizens, which would typically require a court-approved search warrant to access. Yet, by purchasing this data from private brokers, spying agencies can still claim this snooping is “open source”, based on “publicly available” records.

A particularly rich source of CAI is data hoovered from digital advertising. In-app and website adspace is sold on real-time bidding (RTB) exchanges, and location and other user data is often included as a bonus, to ensure optimal ad targeting. Many data brokers pose as advertisers in order to “scrape” the listings for user information, before selling it on for profit. The value of this data, and the malign purposes to which it can be put, are vast.

Keep reading

Cellphone Radiation Research Was Halted After Worrisome Findings, Expert Questions Why

Decades of animal research point to serious health risks from cellphone radiation exposure, but examining a possible link stops now.

The National Toxicology Program (NTP), tasked with studying potential toxins, recently announced it would no longer investigate evidence that cellphone radiation can harm animals or people. The move stunned scientists like Devra Davis, a former senior adviser to the assistant secretary for Health in the Department of Health and Human Services, who called the abrupt reversal scientifically unjustified.

There’s “no scientific explanation or justification for this sudden reversal,” Ms. Davis told The Epoch Times.

Unpublished NTP Research Undermines Decision to Halt Cellphone Radiation Studies

The NTP recently claimed that additional radiofrequency radiation (RFR) studies are not planned, stating the research was “technically challenging and more resource-intensive than expected.”

Ms. Davis criticized this decision, noting that technical challenges are not a reason to avoid studying something that appears to cause cancer in animals. “Everything that we know for sure causes cancer in people will produce it in animals when adequately studied,” she added.

Despite admitting to developing a novel small-scale RFR exposure system in 2019 to clarify earlier findings, the NTP canceled further investigations. This system only studied older 2G and 3G devices, not newer 4G or 5G technologies.

Ms. Davis, a former NTP advisor, said she helped recommend smaller test chambers. The agency takes years to plan studies, so scrapping this project is “beyond my comprehension at this point,” given millions of children’s daily exposure, she noted.

In an emailed statement, the NTP confirmed that although work on the small-scale exposure system and accompanying research has been completed, the results will be publicly available and posted on the agency’s webpage only “when internal reviews are finished.” As of this writing, the 2019 research remains unpublished.

Court Finds FCC Illegally Ignored 5G Health Risks

The NTP published results in 2018 from two-year toxicology studies showing “clear evidence” of associations between 2G/3G cellphone radiation and tumors in male rats. Follow-up research in 2019 revealed DNA damage in the brains, livers, and blood cells of exposed rats and mice.

Despite originally requesting and overseeing these studies, the U.S. Food and Drug Administration (FDA) has since dismissed the NTP’s findings, Ms. Davis said.

Keep reading

Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks

An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.

Biometric fingerprint security is widespread and widely trusted. If things continue as they are, it is thought that the fingerprint authentication market will be worth nearly $100 billion by 2032. However, organizations and people have become increasingly aware that attackers might want to steal their fingerprints, so some have started to be careful about keeping their fingerprints out of sight, and become sensitive to photos showing their hand details.

Without contact prints or finger detail photos, how can an attacker hope to get any fingerprint data to enhance MasterPrint and DeepMasterPrint dictionary attack results on user fingerprints? One answer is as follows: the PrintListener paper says that “finger-swiping friction sounds can be captured by attackers online with a high possibility.” The source of the finger-swiping sounds can be popular apps like Discord, Skype, WeChat, FaceTime, etc. Any chatty app where users carelessly perform swiping actions on the screen while the device mic is live. Hence the side-channel attack name – PrintListener.

Keep reading

Apple Tells Support Staff To Remain Silent On iPhone Radiation Concern

Apple plans to issue an over-the-air update in the coming days for iPhone 12 users in France after regulators ordered a halt in sales over concerns the device emits too much radiation. 

“We will issue a software update for users in France to accommodate the protocol used by French regulators,” Apple told Reuters in a statement. 

The company continued, “We look forward to iPhone 12 continuing to be available in France.”

Earlier this week, French regulators ordered a ban on iPhone 12 sales after a Specific Absorption Rate (SAR) test – how much radio frequency is absorbed into a body from a device – exceeded European radiation exposure limits. 

Besides the iPhone 12’s radiation levels, another controversy is brewing as Bloomberg said Apple instructed employees to stay ‘mum’ when customers ask about the radiation issue: 

If customers inquire about the French government’s claim that the model exceeds standards for electromagnetic radiation, workers should say they don’t have anything to share, Apple employees have been told. Staff should also reject customers’ requests to return or exchange the phone unless it was purchased in the past two weeks — Apple’s normal return policy.

Customers asking if the phone is safe should be told that all Apple products go through rigorous testing to ensure that they’re safe, according to the guidance.

Apple dismissed the radiation claims, indicating “this is related to a specific testing protocol used by French regulators and not a safety concern” for customers. “The ANFR [French regulator] is preparing to quickly test this update,” Noel Barrot, France’s digital affairs minister, told Reuters. 

Keep reading

France Demands Apple Take iPhone 12 Off Market Immediately as it Emits Too Much Radiation

French regulators ordered Apple to stop selling the iPhone 12, saying it emits electromagnetic radiation levels that are above European Union standards for exposure. The company disputed the findings and said the device complies with regulations.

The French government agency that manages wireless communications frequencies issued the order after the iPhone 12 recently failed one of two types of tests for electromagnetic waves capable of being absorbed by the body.

It’s unclear why the phone, which was released in late 2020, didn’t pass the agency’s latest round of tests and why it was only that particular model.

France’s digital minister said the iPhone 12’s radiation levels are still much lower than levels that scientific studies consider could harm users, and the agency itself acknowledges that its tests don’t reflect typical phone use.

The National Frequency Agency on Tuesday called on Apple to “implement all available means to rapidly fix this malfunction” for phones already in use and said it would monitor device updates. If they don’t work, “Apple will have to recall” phones that have already been sold, it said.

The agency recently tested 141 cellphones and found that when the iPhone 12 is held in a hand or carried in a pocket, its level of electromagnetic energy absorption is 5.74 watts per kilogram, higher than the EU standard of 4 watts per kilogram.

The phone passed a separate test of radiation levels for devices kept in a jacket or in a bag, the agency said.

Radiation limits are set “well below the level at which harm will occur,” and therefore a small increase above the threshold “is unlikely to be of any health consequence,” said Malcolm Sperrin, director of medical physics at the U.K.’s Royal Berkshire hospital group.

Keep reading

Thousands of Russian officials to give up iPhones over US spying fears

Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.comT&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
https://www.ft.com/content/6567e7f2-c5fb-4da4-bd95-bf7ceef54038

Russian authorities have banned thousands of officials and state employees from using iPhones and other Apple products as a crackdown against the American tech company intensifies over espionage concerns.  The trade ministry said that from Monday it will ban all use of iPhones for “work purposes”. The digital development ministry as well as Rostec, the state-owned company that is under sanction by the west for supplying Russia’s war machine in Ukraine, have said they will follow suit or have already introduced bans. The ban on iPhones, iPad tablets and other Apple devices at leading ministries and institutions reflects growing concern in the Kremlin and the Federal Security Service spy agency over a surge in espionage activity by US intelligence agencies against Russian state institutions. “Security officials in ministries — these are FSB employees who hold civilian positions such as deputy ministers — announced that iPhones were no longer considered safe and that alternatives should be sought,” said a person close to a government agency that has banned Apple products. A month after President Vladimir Putin launched his full-scale invasion of Ukraine in February last year, he signed a decree demanding that organisations involved in “critical information infrastructure” — a broad term that includes healthcare, science and the financial sector — switch to domestically developed software by 2025. The move reflected Moscow’s longstanding desire to make state institutions switch away from foreign technology. Some Russian analysts suggested the current edict will do little to assuage suspicions that western intelligence agencies are able to access sensitive information on Russian government activity.

Keep reading

Feds May Need Warrants To Search Cell Phones at the Border After All

The role of smart phones as snitches is well-established, with people paying for their handy communications capabilities while the treacherous devices track us and reveal details of our lives. Even as the government spoofs cellphone towers to locate phone users, or purchases commercial data about our movements, border agents also insist they can, at will, search the phones of Americans returning home. But last month a federal judge ruled that a free pass to probe electronic devices is too broad, and that Americans enjoy some protections at the border of the sort they have elsewhere.

In this latest case, United States v. Smith, Jatiek Smith, the subject of a federal investigation, was stopped at the airport in Newark on his return from Jamaica. As detailed by U.S. District Judge Jed S. Rakoff, federal agents “forced him to turn over his cellphone and its password. They reviewed the phone manually and created and saved an electronic copy of it as it existed as of that date and time – all without a search warrant.”

Wait. No warrant? Unfortunately, yes.

Keep reading

Consumer Group Warns Smartphone Facial Recognition Apps Are Vulnerable to Spoofing

Smartphone face biometrics from many leading brands are vulnerable to spoof attacks with 2D photographs, according to a new report from UK-based consumer testing and review group Which?, according to Yahoo Finance UK.

The group says the vulnerability is “unacceptable,” and has “worrying implications” for user’s security.

On-device biometrics are used for device unlocking and local authentication, while KYC processes for customer onboarding and strong remote identity verification is typically carried out with server-side biometrics and other signals, with a layer of liveness or presentation attack detection.

The phones tested include Honor, Motorola, Nokia, Oppo, Samsung, Vivo and Xiaomi handsets. Apple’s 3D FaceID biometrics were not fooled by the photos. The devices tested range in price from £89.99 to nearly £1,000 (approximately US$112 to $1,244), but the majority of phones that failed the test are lower-cost or mid-range models.

Out of 48 new smartphone models tested, 60 percent were not vulnerable to spoofing with a photograph.

Keep reading

8 ways your phone is tracking you that you can stop now

You understand that your phone knows where you’re located.

This is how GPS works, how Find My Friends sees your location, and why you get local ads on Facebook and Google.

Like other data on your phone, that location data is a hot commodity for internet marketers in today’s digital economy.

Targeted advertising is one of the biggest enterprises on the web.

Companies are eager to serve you ads for products you’re likely to buy, and that data helps them hit their mark.

Some companies have even made this their primary business model. Tap or click here to see one shocking way Facebook tracks your data.

Thankfully, you don’t have to stand for this kind of data collection if you’re uncomfortable with it.

These tactics are legal because the companies behind them give you a choice to opt in or out, but not everyone knows how to change the settings.

We’ll show you how to stop your phone from tracking you.

Keep reading

Massachusetts Department of Public Health SECRETELY Colluded With Google To Auto-Install Contact-Tracing SPYWARE On Your Phone

The Massachusetts Department of Public Health is facing a class action lawsuit after colluding with Google to repeatedly auto-install contact-tracing spyware on the smartphones of over a million Massachusetts residents without their permission or consent.

According to a class action lawsuit filed by the New Civil Liberties Alliance, a nonpartisan nonprofit civil rights organization, the Department of Public Health rolled out the contact tracing app it worked with Google to create in April 2021.

“The App causes an Android mobile device to constantly connect and exchange information with other nearby devices via Bluetooth and creates a record of such other connections. If a user opts in and reports being infected with COVID-19, an exposure notification is sent to other individuals on the infected user’s connection record,” the NCLA explains in the complaint, Wright v. Massachusetts Department of Public Health.

Initially, the app which obtains users private locations and health information was voluntarily installed.

Keep reading