A woman named Brittany Nunn decided to skip a court date rather than risk losing custody of her daughter. She fled to Mexico with her husband, Peter Barr. Someone who was watching Nunn noticed when she was using Spotify, and told the authorities. Authorities were then able to eventually get an IP address, later enabling them to get the couple deported back to the United States.
Many wonder about the legality of Spotify helping the authorities by giving them customer information willingly. Whether or not this is strictly required by law is a better question, and it would seem that it is not. It would seem rather that a company, just as a person, would have the right to tell the government to go back and get a warrant.
After getting back to US custody, the pair was charged with felony custody violations as well as unlawful flight from law enforcement. The girls went back to their fathers in Colorado.
Spotify is one of many online services that law enforcement have and will continue to utilize when looking for fugitives and evidence. A simple warrant or asking politely will normally get them all they need to know from most services.
Image from endermasali / Shutterstock.
Israeli Researchers Turn Speakers/Headphones Into Eavesdropping Microphones
In the current age, even the most secure software and the best security practices might not be enough to prevent someone from being spied upon. Researchers continue to find novel and inventive ways to gather more data on everyday computer users, and the latest research from Israel’s Ben Gurion University is exceptional in this regard.
Using software alone, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici were able to convert a given pair of headphones or speakers into Orwellian microphones beyond the user’s control or ability to patch. Their method [PDF] exploits a flaw in RealTek hardware chips, which are one of the most widely used chips in motherboards around the world. Companies like Dell, HP, and Compaq regularly utilize RealTek’s industry standard audio chips in their products. Beyond that, motherboards sold to consumers wishing to build their own systems often also include the hardware.
A simple patch or firmware upgrade will not fix this flaw, making the exploit particularly delightful to intelligence agencies, profit-motivated hackers (think boardroom conference calls), and others. Basically, anywhere a computer has an audio output, which in the case of laptops is everywhere, audio can now be intercepted and then relayed with roughly the same quality as if a microphone itself had been compromised. The images of people like Mark Zuckerberg covering up their webcam and microphone with electrical tape now seem trivial.
Jack re-tasking – the process of converting an output jack to either an input or a two-way port – has long been a possibility, but few developers make use of it. Most laptops and desktops will have separate ports for each, while smartphones and the like often require hardware that can do both. But the innovation on the part of Ben Gurion’s researchers involves making any regular output hardware capable of doing as much with only software. They write:
The fact that headphones and earphones are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically from output to input, creates a vulnerability which can be abused by hackers.
The researchers noticed that the design of most audio input and output hardware was basically identical at the metal, drawing the following illustration for clarification:
One saving grace is that the audio output device must be “passive,” or unpowered. This means that if your speakers require power to work, they are not currently able to use these to listen to you. However, the vast majority of laptop speakers and earbuds are, by nature and necessity, passive. The researchers note that while they focused on RealTek codec hardware because of their popularity, other manufacturers also have the ability to retask jacks, which is the heart of the exploit.
While this may seem scary at first, it should be noted that, like anything else on your computer, audio input and output are data. They can therefore be encrypted with keys that are local to the machine, and it would seem that this new exploit opens up a new avenue of research for cryptographic researchers to institute audio encryption in the same way that full-disk encryption has become normalized.
Here is a demonstration of the method in action:
Apple Watches Banned from UK Cabinet Meetings for Hacking Fears
Cabinet ministers have voiced concerns that Apple Watches could be hacked by Russian spies, prompting the devices to be barred from meetings, according to a report from The Telegraph.
Under the new leadership of Theresa May, U.K cabinet ministers have been barred from wearing the watch during meetings after concerns were raised that the gadgets could be employed as listening devices.
The Apple Watches join the list of banned items alongside mobile phones after these were barred for similar reasons.
According to a survey conducted by research firm IDC, Apple Watches account for seven percent of the market compared to FitBit, which is reported to account for 25.4 percent.
A Threat from Russian Hackers
This latest news comes amid concerns of a possible threat from Russian hackers who have recently been in the news.
Russian hackers are alleged to have been able to obtain confidential emails from the Democratic National Congress during the U.S. elections despite Russian president, Vladimir Putin, denying this was the case. Surprisingly, congressional leaders are reported to have known about the hacking a year before it was officially announced.
Not only that, but at the recent Rio Olympics, which saw many Russian athletes banned from competing after it was revealed that there was a state-run doping program in the country, Russian hackers have retaliated.
A Russian cyberespionage group known as Fancy Bear recently accessed and leaked data from several high-profile Olympic athletes, by targeting a World Anti-Doping Agency (WADA) database. This is the same agency that placed a recommendation to ban all Russian athletes from the 2016 Rio Olympics.
Unsurprisingly, with the threat of Russian hackers high, and with devices such as mobile phones and watches now being considered as vulnerable gadgets that can be hacked into, it seems as though banning them from important meetings is the only way that will remove any possible threat to state security.
Featured image from Shutterstock.
In Child Porn Bust, FBI May Have Used Malware on Innocent Users
In 2013, the FBI confiscated Freedom Hosting, a service that hosted websites on the dark web, including several child pornography websites and private email service TorMail. When it happened, it was seen as a massive victory, but recently unsealed documents show the FBI may have used malware on innocent users.
Three years ago, the FBI was given a warrant that allowed them to hack 300 TorMail users who were allegedly linked to child pornography. They went with a piece of malware known as a Network Investigative Technique (NIT), with the goal of acquiring users’ real IP addresses.
The agency did manage to arrest a lot of people for child pornography, but documents unsealed by the American Civil Liberties Union (ACLU) show the NIT was actually used on innocent users.
According to the documents, the FBI was allowed to “investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password”. Yet, the NIT was used on users even before the TorMail login page appeared. WIRED’s coverage at the time claims users were given a “Down for Maintenance” page that carried the malware, on al websites hosted by Freedom Hosting.
Christopher Soghoian, principal technologist at the ACLU told told Motherboard:
While the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade
The malware was quickly discovered by the community, and that forced the Feds to end their operation sooner than expected. Be that as it may, the FBI still arrested a large number of child pornographers.
Christopher Soghoian also noted that it remains unclear whether the court knew the FBI hacked innocent users it shouldn’t have, and whether the agents who did it were punished.
How the Feds Caught the Pedophiles
Although the Feds allegedly hacked innocent users, they still got the job done, as their malware exploited a critical memory management vulnerability in Firefox, which later fixed the problem.
The NIT specifically targeted Tor’s Firefox version, through a hidden Windows executable named “Magneto”. All it did was look up the infected user’s MAC address – a unique hardware identifier – and the Windows hostname. Then it was all sent to a server in Virginia outside of Tor, exposing the user’s real IP address.
Still, after identifying users’ real IP addresses, their anonymity was broken. Thus, child pornographers were taken down.
Image from Shutterstock.
- Trade Recommendation: Buy EVHC and EQT on Selling Exhaustion on
- Trade Recommendation: Bitcoin Cash on
- Asian Market Update – Tuesday: Litecoin price skyrockets despite creator’s warning; Asian stocks down on
- Trade Recommendation: Bitcoin Cash on
- Technical Analysis: Litecoin Continues Surge as Bitcoin Tests Highs on
- Asian Market Update – Tuesday: Litecoin price skyr...
- Technical Analysis: Litecoin Continues Surge as Bi...
- Trade Recommendation: Bitcoin Cash
- Ethereum Flirts With Record Highs as Buterin Compa...
- Monero Forges Ahead as Prices Cross $290
- Is Bitcoin Driving Gold Prices Lower?
- Trade Recommendation: Stellar
- Trade Recommendation: Siacoin December 12, 2017
- Trade Recommendation: Buy EVHC and EQT on Selling Exhaustion December 12, 2017
- Will CME and CBOE Change the Course of Bitcoin Trading? December 12, 2017
- Trade Recommendation: Bitcoin Cash December 12, 2017
- Is Bitcoin Stealing Gold’s Luster? December 12, 2017
- Asian Market Update – Tuesday: Litecoin price skyrockets despite creator’s warning; Asian stocks down December 12, 2017
- Is Bitcoin Driving Gold Prices Lower? December 12, 2017
- Monero Forges Ahead as Prices Cross $290 December 12, 2017
- Ethereum Flirts With Record Highs as Buterin Compares Crypto Surge to Salvator Mundi Auction December 12, 2017
- Altcoin Investing Strategy as Futures Hit the Market December 12, 2017
A part of CCN
Altcoins1 week ago
IOTA Doing Big Things as Microsoft Partnership Announced
Analysis3 days ago
Long-Term Cryptocurrency Analysis: Look Out Below?
Recommendations4 days ago
Trade Recommendation: Litecoin
Analysis1 week ago
$100 Litecoin Looks Poised for Greater Upside
Cryptocurrencies1 week ago
Trade Recommendation: Neo
Cryptocurrencies1 week ago
Trade Recommendation: Zcash
Cryptocurrencies4 days ago
Trade Recommendation: Stellar
Cryptocurrencies2 days ago
Trade Recommendation: Zcash