Archives for posts with tag: Zack Whittaker

It used to be that it might only be dogs that could hear high-pitched frequencies that human beings couldn’t. Now it appears that our iPhones might be gaining that capacity.

Zack Whittaker for Zero Day has just written about emerging technology that allows applications to use ad-tracking audio signals that can be picked up by phones but not by their owners (“Hundreds of privacy-invading apps are using ultrasonic sounds to track you”;http://www.zdnet.com/article/hundreds-of-apps-are-using-ultrasonic-sounds-to-track-your-ad-habits/?loc=newsletter_large_thumb_featured&ftag=TRE17cfd61&bhid=24712762005371291890829436782174).

How is this possible? As Mr. Whittaker writes, the ultrasonic cross-device tracking can be done via high-frequency tones in ads, billboards, web pages and even from brick-and-mortar stores as well as sports arenas.

While this technology is still evolving, it’s gaining in popularity. What’s the potential danger? Again, Mr. Whittaker notes that using the phone’s microphone, information about where the owner’s been, what she’s seen and maybe even the websites she’s visited can be collected to create a profile.

What can  be done to prevent this? While the technology’s still new, Mr. Whittaker provides an important, very useful tip: if an application asks for the phone’s microphone, and if the microphone’s not needed to use the application then don’t permit this! Instead, just turn off the microphone.

His article contains more details about this latest privacy threat. I urge people to read it to gain more understanding about this latest privacy threat.

I want to share with you an informative and timely article a friend sent to me.  The article is by Zack Whittaker for Zero Day; Mr. Whittaker wrote recently about the vulnerability of Android devices due to a newly discovered security flaw found on Long Term Evolution (LTE) mobile networks.  LTE is also referred to as 4G.

In his article, Mr. Whittaker discussed a recent alert from researchers with Carnegie Mellon; that alert was based on the LTE vulnerabilities discovered by Korean researchers (‘All Android devices’ vulnerable to new LTE security flaw”; http://www.zdnet.com/article/at-t-mobile-verizon-vulnerable-to-several-lte-flaws/?tag=nl.e540&s_cid=540&ttag=e540&ftag=TRE5369823; October 16th). The flaws could permit hackers to eavesdrop on conversations, create false billings and generally invade users privacy.

The security issues are described in detail in Mr. Whittaker’s article as well as in the alert issued by the Carnegie Mellon lab (www.kb.cert.org). T-Mobile customers may have already been affected but a spokesperson for that company has said the issue has been resolved.

Apple products are not affected by the LTE flaw.

Mr. Whittaker’s article and the Carnegie Mellon alert provide a timely “heads up” to consumers using Android devices.  Hopefully there won’t be any adverse impact.  However, consumers should be aware of any issues with their bills and any alerts issued by AT&T and Verizon.

As 2014 comes to an end, it’s a good time for consumers to be thinking about how to be even safer online in 2015.  Zack Whittaker, for Zero Day, has published his list of the best privacy tools for trying to do so (www.zdnet.com; “10 best privacy tools for staying secure online”; December 29, 2014).

His list covers an array of services with one common characteristic — they’re all open-source software.  Some of the services are free while others charge fees.  His list includes services about which I’ve previously written, e.g., DuckDuckGo (search engine) and LastPass (password manager).  Others are for encrypted voice messages (Silent Circle which charges a fee).

It’s worth taking time to read his post and it’s easy to navigate.  Just click on each screen shot and then read the short, well written narrative description of each tool.

Best wishes for a happy, healthy and privacy-enhanced 2015!

 

The recent hacking of Twitter accounts has heightened the concern many people feel about the privacy and security of mobile applications. Those concerns might have been part of the motivation for the bill introduced May 9th by Representative Hank Johnson (D-GA).  The bill, H.R. 1913, is called the “Application Privacy, Protection and Security (APPS) Act 2013.” (see Zack Whittaker’s article, “New House privacy bill will require apps to gain consent before sharing personal data”; http://www.zdnet.com).

The Congressman’s bill, if enacted, would require that application developers comply with the following:

  1. Gain explicit consent from consumers before the application is used;
  2. Gain explicit consent from consumers before gathering personal from them;
  3. Maintain the personal data that is collected in accordance with mandatory privacy policies;
  4. Display their privacy policies; and
  5. Have privacy policies that explain the following:
  • how personal data would or could be shared with, for example, third parties for advertising or marketing purposes;
  • how long the personal data will be retained; and
  • how consumers can either opt out of data collection and/or ask that their data be deleted if they stop using the application.

H.R. 1913 embodies many core privacy principles.  It’s impossible to predict any bill’s chances on the very long road to being enacted into law.  Regardless of whether it gets enacted, H.R. 1913 is very helpful in focusing greater attention on privacy and security issues associated with mobile applications.

By now you probably have read about the latest hacks of corporate computer networks.  The latest being reported were the Facebook and Apple incidents.  News reports are now saying, with some level of assurance, that the companies know how this happened.  Their employees visited an iPhone developers’ website that was completely infected with malware.  The malware exploited a vulnerability in a Java plug-in for browsers.

You might be thinking that this kind of attack couldn’t affect individual computers.  That would be comforting but, unfortunately, it would be a wrong assumption.  Zack Whittaker, for Zero Day, has an excellent article about the recent hacks — how it happened and what steps individuals can, and should, take to make sure they don’t fall prey to the same malware.

His article, “Facebook, Apple Hacks could affect anyone: Here’s what you can do” (www.zdnet.com) has the key “what not to do”.  Do not visit the same website that the Facebook and Apple employees did!  That website is “iPhone DevSDK”.  If you want to see what that site looks like, Mr. Whittaker’s article has a screen shot — and that’s as close as you should get to that site.

Mr. Whittaker offers 4 other specific steps to take to make sure your computer isn’t infected already.  His recommendations include disabling or removing Java completely and running a full malware sweep.

On a related note, on February 19th, Oracle released a new Java security update.  It also announced plans to speed up the release of future Java patches following these, and other, breaches related to the Java vulnerability.

Take the time to read Mr. Whittaker’s article so you’ll know how to try and avoid this particular malware trap.