Tag Archives: privacy

Research shows how MacBook Webcams can spy on their users without warning

The woman was shocked when she received two nude photos of herself by e-mail. The photos had been taken over a period of several months — without her knowledge — by the built-in camera on her laptop.

Fortunately, the FBI was able to identify a suspect: her high school classmate, a man named Jared Abrahams. The FBI says it found software on Abrahams’s computer that allowed him to spy remotely on her and numerous other women.

Abrahams pleaded guilty to extortion in October. The woman, identified in court papers only as C.W., later identified herself on Twitter as Miss Teen USA Cassidy Wolf. While her case was instant fodder for celebrity gossip sites, it left a serious issue unresolved.

Most laptops with built-in cameras have an important privacy feature — a light that is supposed to turn on any time the camera is in use. But Wolf says she never saw the light on her laptop go on. As a result, she had no idea she was under surveillance.

via Research shows how MacBook Webcams can spy on their users without warning.

Indiana State Police Acknowledge Use Of Cell Phone Tracking Device

A USA Today and IndyStar investigation found the Indiana State Police purchased a device called a Stringray that captures nearby cell phone data.

State Police Captain Dave Bursten responded to the report Wednesday, saying the agency is operating within the bounds of the law.

The Indiana State Police are responding to lawmakers’ and civil rights organizations’ concerns that it is overstepping its boundaries by using a device that can track cell phone calls, text messages and movements within a set radius.

Indiana State Police Captain Dave Bursten said in a statement the department is working well within the bounds of the law.  He says protection of investigation methods is key to the success of building a case.

Bursten won’t say exactly how the technology is used, because he says it would be “like a football team giving up their playbook.”

A joint USA Today and IndyStar investigation found earlier this month that the state police spent $373,995 on a device called a Stingray.

Often installed in a surveillance vehicle, the suitcase-size Stingrays trick all cellphones in a set distance — sometimes exceeding a mile, depending on the terrain and antennas — into connecting to it as if it were a real cellphone tower. That allows police agencies to capture location data and numbers dialed for calls and text messages from thousands of people at a time.

State police officials initially refused to provide any records related to the purchase of the Stingray.

After the IndyStar appealed the denial to the Indiana Public Access Counselor, the Indiana State Police provided a one-page document confirming the purchase of the device but no information about how it is used.

via State Police Acknowledge Use Of Cell Phone Tracking Device | News – Indiana Public Media.

This Popular Flashlight App Has Been Secretly Sharing Your Location And Device ID

The Android app Brightest Flashlight has been installed between 50 million and 100 million times, averaging a 4.8 rating from more than 1 million reviews. Yet its customers might not be so happy to learn the app has been secretly recording and sharing their location and device ID information.

On Thursday, the app maker GoldenShores Technologies settled Federal Trade Commission charges that it deceived users and is thus prohibited from further \”misrepresenting how consumers’ information is collected and shared and how much control consumers have over the way their information is used.\”

GoldenShore\’s privacy policy had mentioned that information collected would be used by the company, but the FTC said location and device information was shared automatically with advertisers and other third parties–even when users opted out. In fact, before they could accept or refuse the app\’s terms of agreement, the FTC said Brightest Flashlight was already collecting and sending information.

via This Popular Flashlight App Has Been Secretly Sharing Your Location And Device ID | Fast Company | Business + Innovation.

QuizUp accused of lax security that lets other players see your private data | iMore

Popular trivia game QuizUp reportedly has numerous security and privacy issues. The app seems to be sending your information to the devices of other users, including your name, email address, and Facebook ID. This information come to us from a blog post by developer Kyle Richter:

In most circumstances, in a breach of privacy situation a company stores sensitive information in plain text on a server somewhere, someone comes along and figures out how to access that data. However in the case of QuizUp they actually send you other users’ personal information via plain-text(un-hashed); right to your iPhone or iPod touch. This information includes but isn’t limited to: full names, Facebook IDs, email addresses, pictures, genders, birthdays, and even location data for where the user currently is. I have been able to access the personal information of hundreds of people who I have never met, and had no interaction with other than we both used QuizUp. These people likewise had access to my personal information. It is important to keep in mind these were not people who added me as friends inside of the app, these were complete strangers in every sense.

Also of note is how QuizUp handles access to your contacts. The game allows you to invite your friends to the game via text message, which you need to grant QuizUp access to your contacts to allow. Once this is done, QuizUp sends your contact\’s emails, in plain text, to their servers, in violation of federal privacy laws. This is the same thing that got social network Path in trouble last year.

via QuizUp accused of lax security that lets other players see your private data | iMore.

They Loved Your G.P.A. Then They Saw Your Tweets.

At Bowdoin College in Brunswick, Me., admissions officers are still talking about the high school senior who attended a campus information session last year for prospective students. Throughout the presentation, she apparently posted disparaging comments on Twitter about her fellow attendees, repeatedly using a common expletive.

Perhaps she hadn’t realized that colleges keep track of their social media mentions.

via They Loved Your G.P.A. Then They Saw Your Tweets. – NYTimes.com.

Government claims Snowden leaks could paedophiles escape police, says government

We talked in class about child pornography being the H-bomb of all discussions about Internet regulation.  Well, the UK government just dropped it…

Paedophiles may escape detection because highly-classified material about Britain’s surveillance capabilities have been published by the Guardian newspaper, the government has claimed.

A senior Whitehall official said data stolen by Edward Snowden, a former contractor to the US National Security Agency, could be exploited by child abusers and other cyber criminals.

It could also put lives at risk by disclosing secrets to terrorists, insurgents and hostile foreign governments, he said.

The claims emerged as lawyers for the Home Office launched a hard-hitting defence against a legal challenge which is seeking to establish the partner of a Guardian journalist was wrongly detained at Heathrow airport in August.

via Edward Snowden leaks could help paedophiles escape police, says government – Telegraph.

Experian Sold Consumer Data to ID Theft Service — Krebs on Security

An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.superget.info home page

via Experian Sold Consumer Data to ID Theft Service — Krebs on Security.