Ultrasonic spyware – what only your dog detects.How can this be used to spy on you??

Spyware, whether distributed by criminals, advertisers or even states, is a constant nuisance. Yet, some types have the technician in me marvel. Why? Because they’re innovative and intelligently designed. Recently, I came upon an approach that might interest web users, supermarket shoppers and whistleblowers alike. A single sound can betray them all (with a little bad luck).

If you regularly read the news from the world of technology, you’ll eventually develop a thicker skin. They found another security hole in Windows? That’s barely enough to elicit a shrug these days. Over 230 Android apps are listening for an inaudible sound to track me? Now that’s interesting. The principle behind this approach is easily explained yet hard to implement. A sound source (TV or PC speaker, speakers in a supermarket etc.) sends out a very high-frequency sound which gets picked up by the microphone in your cell phone (or laptop) and is then processed by an already installed spyware app. The app then phones home to report on your current activity, e.g. which website you’re viewing, and this data stream can include anything that might be of interest like your device ID, phone number, MAC address and more.

But why wait for a signal? Simple, it’s not about the listening device but the sender. These ultrasonic beacons help spyware authors link multiple devices together across physical boundaries, e.g. to find out what you’re viewing on your PC, not just your cell phone, and to aggregate this data to form a bigger picture. Different contents will simply trigger slightly different sounds. This may sound like science fiction but the concept has already been used by Asian fast food restaurants with apps that saw millions of downloads.

For all of this to work, a big infrastructure is required. First, the spyware has to be distributed either by bundling it with a big name app or by disguising it as a small useful tool. Next, the ultrasonic beacons have to be rolled out. This process is quite straightforward as sounds can easily be embedded into page ads. Once users visit the affected pages, the sounds get played and the aforementioned process triggered. It’s tracking heaven for advertisers eager to personalize their ads! There are also other use cases.

Fast food restaurants could play a sound at regular intervals through their store speakers to figure out who their regular customers are. Department stores could play different sounds for their various departments to determine how long customers are staying in each section. Once multiple businesses start to cooperate, it’ll be possible to reconstruct the path each customer took as they moved through the city. I know marketers who would pay a lot of money to get this data!

Is your cell phone listening to your TV?

It’s also feasible that this technology could be used to locate users who are using anonymization services on the web. Picture a guy that is being persecuted and heavily relies on Tor and VPN to stay hidden. The persecutors could simply create a website they know their target will be interested in and put it on the public Internet or the Darknet. Once their target visits the page, an ultrasonic sound gets played, is then picked up by the target’s cellphone (and the installed spyware app) – and the hunt has just become a lot easier.

Currently, this technology is still in its infancy it seems and there is an ongoing debate about whether this type of software is illegal and should be considered malware. If it were to be implemented as part of a shopping app, e.g. to enable discounts, it might be perfectly legal even if severe restrictions may apply. There have been no confirmed cases of it being used in television programs yet but it’s doable. Once again, legislators are venturing into unknown territory and will have to come up with an adequate response. Another good reason to only install apps from trusted sources and developers and to pay more attention to your pets as living spyware detectors. “Found another one, Fido?” “Woof!”

What I would like to know: do you play close attention to what apps you’re installing on your cellphone or do you blindly trust in Apple’s, Google’s and other distributors’ abilities to reliably detect and filter out spyware?

www.intelagencies.com

www.crimefiles.net

Henry Sapiecha

TOP HUNDRED DIRTIEST SCAMMING MALWARE FRAUD SITES EXPOSED

CHECK OUT THE DIRTIEST MULTI DOZEN WEBSITES TO AVOID

art-Hack-generic-45-620x349

The 100 websites most affected by viruses each have about 18,000 nasties to attack net users’ computers, an internet security company says.

Simply visiting one of the “Top 100 Dirtiest” websites – without downloading or even clicking anything – could expose your computer to infection and put your personal information into the hands of criminals, anti-virus software company Norton Symantec said.

AAA

Company spokeswoman Natalie Connor said the list was compiled using global data collected on Norton Safe Web, a site that analyses websites’ security risks and has 20 million users providing site reviews.

The top 100 infected sites had on average 18,000 threats and 40 per cent of the sites had more than 20,000 threats.

A staggering 75 per cent of websites on the list were found to be distributing “malware” for more than six months.

Malware is malicious software that can damage or compromise a computer system without the owner’s consent.

Ms Connor said half of the websites on the list had adult content. Many have unprintable names indicating they contain hard-core pornography.

Others, not so easy to spot as crinminals’ lures, include sites about ice-skating, deer-hunting, catering and legal services.

“What people don’t realise is when you type in a website, you’re bringing down information on a page and with it could be malware,” she said.

Hackers could then obtain personal information using keystroke logging software maliciously installed on your computer.

Ms Connor said hackers were targeting vulnerabilities in website browsers and this affected both PCs and Mac computers.

“It’s real,” she said. “The last thing we want to do is scare people. We want to educate them so they know how to protect themselves.”

AAA

Cyber criminals were becoming increasingly sophisticated and operating underground, Ms Connor said.

“It’s not about the fame any more of creating viruses and getting in the media,” she said. “They’re making money.”

Even if only 1 per cent of internet users fell for a scam and exposed their credit-card details, their losses could add up to millions of dollars, Ms Connor said.

AAA

Websites that made the list include:    * 17ebook.co
* aladel.net
* bpwhamburgorchardpark.org
* clicnews.com
* dfwdiesel.net
* divineenterprises.net
* fantasticfilms.ru
* gardensrestaurantandcatering.com
* ginedis.com
* gncr.org
* hdvideoforums.org
* hihanin.com
* kingfamilyphotoalbum.com
* likaraoke.com
* mactep.org
* magic4you.nu
* marbling.pe.kr
* nacjalneg.info
* pronline.ru
* purplehoodie.com
* qsng.cn
* seksburada.net
* sportsmansclub.net
* stock888.cn
* tathli.com
* teamclouds.com
* texaswhitetailfever.com
* wadefamilytree.org
* xnescat.info
* yt118.com

AAP

AAA

Henry Sapiecha

blue cam line

THIS ANDROID TROJAN ALMOST IMPOSSIBLE TO REMOVE

IT security firm Kaspersky claims it has discovered the “most sophisticated” Android trojan yet.

art-Android-620x349

Identified by Kaspersky as “Backdoor.AndroidOS.Obad.a”, the mobile menace can send SMS to premium-rate numbers, download other malware and install them on the infected device, as well as send malware to other devices via Bluetooth, and remotely perform commands in the console.

Obad is also extremely well concealed, by means of code obfuscation, and it uses several previously undocumented security holes in the Android operating system to make it very hard to analyse.

AAA

Once the trojan is executed on a device, it immediately tries to obtain Device Administrator privileges. Then, it becomes a real nightmare.

“One feature of this Trojan is that the malicious application cannot be deleted once it has gained administrator privileges: by exploiting a previously unknown Android vulnerability, the malicious application enjoys extended privileges, but is not listed as an application with Device Administrator privileges,” said Kaspersky Lab Expert Roman Unuchek.

Kaspersky representatives said they have already informed Google about the vulnerability in question.

The only good news about this trojan is that it’s not very widespread. According to Kaspersky, it amounts to no more than 0.15 per cent of all malware infection attempts on mobiles.

You can find more information about the Backdoor.AndroidOS.Obad.a trojan here.

AAA
Henry Sapiecha
blue cam line