Forwarded from BlackBox (EN)
Smart Phones for Privacy & Security
Smartphones are inherently bad for privacy. You've basically got a tracking device in your pocket, pinging off cell towers and locking onto GPS satellites. All the while, the handset's data connection ensures that tracking cookies, advertising IDs, and usage stats follow you around the internet.
So no, there's no such thing as a perfectly secure and truly private smartphone, let's get that out of the way now. But in the information age, you practically need a smartphone just to get by in society, so the question then becomes: Which phone manages to be the lesser of all the evils?
With critical vulnerabilities such as the KRACK exploit and Blueborne, not to mention the FBI attempting to find a backdoor into practically every phone, that's a hard question to answer. So to find the most security-hardened devices, we tested the top smartphones on the market, looking for key factors like encryption strength, biometrics, hardware-assisted security, VPN availability, and security patch timeframes. Our research narrowed the list down to five great phones, so let's discuss how well each of these devices protects your privacy.
Key Comparison Points
When it came to comparing our five finalist phones, these were the key differentiating factors for privacy and security:
✳️ Biometrics
✳️ Authentication Methods
✳️ Encryption
✳️ Hardware-Stored Keys
✳️ Hardware Security Modules
✳️ Sandboxed User Accounts
✳️ Restrict Ad Tracking
✳️ Always-On VPN
✳️ Block Internet Access for Apps
✳️ Data Wipe After Failed Login
✳️ DNS over TLS
✳️ Force Password to Unlock Phone
✳️ Restrict Usage of Data Port
✳️ Anti-Theft Protection
✳️ Built-in Password Manager
✳️ Password Generator
✳️ Autofill Passwords
✳️ Password Protected Apps
✳️ Password Protected Files
✳️ Stock Security Center App
✳️ Security Patch Timeframe
✳️ Bug Bounties
#tips #smartphones #security #privacy
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_ES
Smartphones are inherently bad for privacy. You've basically got a tracking device in your pocket, pinging off cell towers and locking onto GPS satellites. All the while, the handset's data connection ensures that tracking cookies, advertising IDs, and usage stats follow you around the internet.
So no, there's no such thing as a perfectly secure and truly private smartphone, let's get that out of the way now. But in the information age, you practically need a smartphone just to get by in society, so the question then becomes: Which phone manages to be the lesser of all the evils?
With critical vulnerabilities such as the KRACK exploit and Blueborne, not to mention the FBI attempting to find a backdoor into practically every phone, that's a hard question to answer. So to find the most security-hardened devices, we tested the top smartphones on the market, looking for key factors like encryption strength, biometrics, hardware-assisted security, VPN availability, and security patch timeframes. Our research narrowed the list down to five great phones, so let's discuss how well each of these devices protects your privacy.
Key Comparison Points
When it came to comparing our five finalist phones, these were the key differentiating factors for privacy and security:
✳️ Biometrics
✳️ Authentication Methods
✳️ Encryption
✳️ Hardware-Stored Keys
✳️ Hardware Security Modules
✳️ Sandboxed User Accounts
✳️ Restrict Ad Tracking
✳️ Always-On VPN
✳️ Block Internet Access for Apps
✳️ Data Wipe After Failed Login
✳️ DNS over TLS
✳️ Force Password to Unlock Phone
✳️ Restrict Usage of Data Port
✳️ Anti-Theft Protection
✳️ Built-in Password Manager
✳️ Password Generator
✳️ Autofill Passwords
✳️ Password Protected Apps
✳️ Password Protected Files
✳️ Stock Security Center App
✳️ Security Patch Timeframe
✳️ Bug Bounties
#tips #smartphones #security #privacy
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
lookout-uyghur-malware-tr-us.pdf
8.1 MB
Espionage software: China is said to have surveilled mobile phones of Uighurs for years
IT security researchers have found numerous apps that spy on China's Uighur Muslim minority - even abroad.
The Uyghur Muslim minority in China lives in a surveillance state: As reported by the SZ, among others, Beijing has installed thousands of surveillance cameras in the cities of the Xinjiang region, and Uyghurs are sent to re-education camps. Only a few days ago the news agency AP reported that China is also trying to keep the Muslim population under control with drastic birth control.
👉🏼 PDF:
https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf
#china #Xinjiang #uyghurs #surveillance #smartphones #apps #malware #pdf #study #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox
IT security researchers have found numerous apps that spy on China's Uighur Muslim minority - even abroad.
The Uyghur Muslim minority in China lives in a surveillance state: As reported by the SZ, among others, Beijing has installed thousands of surveillance cameras in the cities of the Xinjiang region, and Uyghurs are sent to re-education camps. Only a few days ago the news agency AP reported that China is also trying to keep the Muslim population under control with drastic birth control.
👉🏼 PDF:
https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf
#china #Xinjiang #uyghurs #surveillance #smartphones #apps #malware #pdf #study #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox
Forwarded from BlackBox (Security) Archiv
Report: Hundreds of apps have hidden tracking software used by the government
A new report exposes how a federal contractor secretly puts government tracking software into hundreds of mobile apps.
The data gleaned from this tracking is then sold back to the US government for undisclosed purposes.
This tactic is deceptive because the tracking isn’t disclosed. However, it appears to be totally legal.
A new report today from The Wall Street Journal exposes yet another concerning development when it comes to mobile phone tracking. According to the report, at least one federal contractor puts government tracking software in over 500 mobile applications.
The contractor — a Virginia-based company called Anomaly Six LLC — pays mobile developers to include its in-house tracking code within their apps. The trackers then collect anonymized data from our phones and Anomaly Six aggregates that data and sells it to the US government.
It sounds crazy, but it’s happening. What’s more, it appears it’s totally legal.
👀 👉🏼 https://www.androidauthority.com/government-tracking-apps-1145989/
👀 👉🏼 https://www.wsj.com/articles/u-s-government-contractor-embedded-software-in-apps-to-track-phones-11596808801
#usa #government #tracking #software #apps #smartphones #data #surveillance #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
A new report exposes how a federal contractor secretly puts government tracking software into hundreds of mobile apps.
The data gleaned from this tracking is then sold back to the US government for undisclosed purposes.
This tactic is deceptive because the tracking isn’t disclosed. However, it appears to be totally legal.
A new report today from The Wall Street Journal exposes yet another concerning development when it comes to mobile phone tracking. According to the report, at least one federal contractor puts government tracking software in over 500 mobile applications.
The contractor — a Virginia-based company called Anomaly Six LLC — pays mobile developers to include its in-house tracking code within their apps. The trackers then collect anonymized data from our phones and Anomaly Six aggregates that data and sells it to the US government.
It sounds crazy, but it’s happening. What’s more, it appears it’s totally legal.
👀 👉🏼 https://www.androidauthority.com/government-tracking-apps-1145989/
👀 👉🏼 https://www.wsj.com/articles/u-s-government-contractor-embedded-software-in-apps-to-track-phones-11596808801
#usa #government #tracking #software #apps #smartphones #data #surveillance #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Android Authority
Report: Hundreds of apps have hidden tracking software used by the government
According to a new report, there is government tracking software hidden in hundreds of apps. The software is undisclosed, put there by federal contractors.
Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
The Spy in Your Phone
In mid-2020, a mobile phone belonging to an Al Jazeera Arabic investigative team was hacked. Over the next few months, reporter Tamer Almisshal and the Canadian research group Citizen Lab investigated Pegasus, the sophisticated spyware used.
Pegasus is manufactured by an Israeli technology company called the NSO Group and is among the most advanced spyware in the world. It can access and infiltrate a smartphone without the owner clicking a link, opening an email or even answering their phone - meaning it can go undetected.
https://vid.lelux.fi/videos/watch/70ef9c04-071b-47c2-8cb1-3d5defa5c58e
#smartphones #pegasus #surveillance #spyware #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
In mid-2020, a mobile phone belonging to an Al Jazeera Arabic investigative team was hacked. Over the next few months, reporter Tamer Almisshal and the Canadian research group Citizen Lab investigated Pegasus, the sophisticated spyware used.
Pegasus is manufactured by an Israeli technology company called the NSO Group and is among the most advanced spyware in the world. It can access and infiltrate a smartphone without the owner clicking a link, opening an email or even answering their phone - meaning it can go undetected.
https://vid.lelux.fi/videos/watch/70ef9c04-071b-47c2-8cb1-3d5defa5c58e
#smartphones #pegasus #surveillance #spyware #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
DNS over TLS Lets Google Serve You More Ads
Like a lot of people, I hate advertisements. In my quest to remove ads as much as possible, I've installed an ad blocker in my browser. To go further, I've installed Pi-Hole to block ads for all devices on my home network. I've even setup firewall rules to re-route all DNS traffic through Pi-Hole. This setup seemed to work pretty well until I noticed I was still seeing ads in an app on my Android phone.
Sometime in the last couple of years Google added a Private DNS feature to Android and enabled it by default. Private DNS is really DNS over TLS (DoT), which is supposed to be a privacy feature that encrypts your DNS so your network operators can't snoop on what sites you're browsing. It sounds nice in theory, but when I'm at home, I am the network operator, and DoT has a side-effect of making my apps and devices ignore my carefully planned DNS settings, and bypass my (actually privacy enhancing) Pi-Hole ad blocker. The (surely coincidental) outcome is that Google can freely serve ads to my Android device.
You can disable the Private DNS feature in Android (for now). The bad news is that Firefox is enabling DNS over HTTPS (DoH), which is a similar system, with similar drawbacks. Now, you have to change settings not only on each device's operating system, but you might have to individually configure every app to disable DoT/DoH. The next thing I'm going to try is blocking all traffic to public DoT/DoH servers at my firewall.
💡 Update 2021-03-22:
I learned that Firefox supports a temporary workaround for disabling DoH. You can setup Pi-Hole to point the "canary domain" use-application-dns.net to any IP address to cause Firefox to use normal DNS.
https://ericlathrop.com/2021/03/dns-over-tls-lets-google-serve-you-more-ads/
#private #dns #tls #google #DeleteGoogle #advertising #smartphones #workaround
📡 @nogoolag @blackbox_archiv
Like a lot of people, I hate advertisements. In my quest to remove ads as much as possible, I've installed an ad blocker in my browser. To go further, I've installed Pi-Hole to block ads for all devices on my home network. I've even setup firewall rules to re-route all DNS traffic through Pi-Hole. This setup seemed to work pretty well until I noticed I was still seeing ads in an app on my Android phone.
Sometime in the last couple of years Google added a Private DNS feature to Android and enabled it by default. Private DNS is really DNS over TLS (DoT), which is supposed to be a privacy feature that encrypts your DNS so your network operators can't snoop on what sites you're browsing. It sounds nice in theory, but when I'm at home, I am the network operator, and DoT has a side-effect of making my apps and devices ignore my carefully planned DNS settings, and bypass my (actually privacy enhancing) Pi-Hole ad blocker. The (surely coincidental) outcome is that Google can freely serve ads to my Android device.
You can disable the Private DNS feature in Android (for now). The bad news is that Firefox is enabling DNS over HTTPS (DoH), which is a similar system, with similar drawbacks. Now, you have to change settings not only on each device's operating system, but you might have to individually configure every app to disable DoT/DoH. The next thing I'm going to try is blocking all traffic to public DoT/DoH servers at my firewall.
💡 Update 2021-03-22:
I learned that Firefox supports a temporary workaround for disabling DoH. You can setup Pi-Hole to point the "canary domain" use-application-dns.net to any IP address to cause Firefox to use normal DNS.
https://ericlathrop.com/2021/03/dns-over-tls-lets-google-serve-you-more-ads/
#private #dns #tls #google #DeleteGoogle #advertising #smartphones #workaround
📡 @nogoolag @blackbox_archiv
Ericlathrop
DNS over TLS Lets Google Serve You More Ads
Like a lot of
people,
I hate advertisements. In my quest to remove ads as much as possible, I've
installed an ad blocker in my browser. To go
further, I've installed Pi-Hole to block ads for all
devices on my home network. I've even setup…
people,
I hate advertisements. In my quest to remove ads as much as possible, I've
installed an ad blocker in my browser. To go
further, I've installed Pi-Hole to block ads for all
devices on my home network. I've even setup…
Forwarded from BlackBox (Security) Archiv
UK.gov wants mobile makers to declare death dates for their new devices from launch
IoT security plan suddenly thrusts into the mainstream
Phone, tablet, and IoT gadget makers will have to state when they'll stop providing security updates for new devices entering the market, the UK's Department for Culture, Media and Sport (DCMS) vowed this morning.
Today's pledge would see existing plans for internet-connected tat extended to smartphones and tablets, which is a large step for a scheme originally put together for landfill Internet-of-Things devices such as webcams.
Digital Infrastructure Minister Matt Warman said in a canned statement: "Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems."
The £70m Secure by Design plan has been telegraphed by the DCMS for years, though today's extension to everyday smartphones is notable.
On top of this, smart device makers will also be banned from publishing default admin passwords for their wares. Such admin passwords are a standard method for digital crims to break into a device or the network to which it is connected.
A government-sponsored study from University College London two years ago, highlighted today by DCMS, said typical IoT devices come with no crime prevention advice, which is presumably the sort of finding that UK.gov enjoys seeing public money poured into.
https://www.theregister.com/2021/04/21/ukgov_death_dates_smartphones_iot_security/
#smartphones #iot #security #updates
📡 @nogoolag 📡 @blackbox_archiv
IoT security plan suddenly thrusts into the mainstream
Phone, tablet, and IoT gadget makers will have to state when they'll stop providing security updates for new devices entering the market, the UK's Department for Culture, Media and Sport (DCMS) vowed this morning.
Today's pledge would see existing plans for internet-connected tat extended to smartphones and tablets, which is a large step for a scheme originally put together for landfill Internet-of-Things devices such as webcams.
Digital Infrastructure Minister Matt Warman said in a canned statement: "Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems."
The £70m Secure by Design plan has been telegraphed by the DCMS for years, though today's extension to everyday smartphones is notable.
On top of this, smart device makers will also be banned from publishing default admin passwords for their wares. Such admin passwords are a standard method for digital crims to break into a device or the network to which it is connected.
A government-sponsored study from University College London two years ago, highlighted today by DCMS, said typical IoT devices come with no crime prevention advice, which is presumably the sort of finding that UK.gov enjoys seeing public money poured into.
https://www.theregister.com/2021/04/21/ukgov_death_dates_smartphones_iot_security/
#smartphones #iot #security #updates
📡 @nogoolag 📡 @blackbox_archiv
The Register
UK.gov wants mobile makers to declare death dates for their new devices from launch
IoT security plan suddenly thrusts into the mainstream
Forwarded from BlackBox (Security) Archiv
The Rise of Big Data Psychiatry
The information captured by our smartphones, as well as new speech- and facial-recognition technologies, can yield invaluable insights for mental health professionals.
As a physician, I need to figure out three things when a new patient walks into my office: what their life is typically like, what has changed that made them seek treatment and what I can do to help them. It’s a complex problem, and most fields of medicine approach it by taking measurements. If I were a cardiologist evaluating a patient’s chest pain, for instance, I would speak with the patient, but then I would listen to their heart and measure their pulse and blood pressure. I might order an electrocardiogram or a cardiac stress test, tools that weren’t available a century ago.
Because I’m a psychiatrist, however, I evaluate patients in precisely the same way that my predecessors did in 1920: I ask them to tell me what’s wrong, and while they’re talking I carefully observe their speech and behavior. But psychiatry has remained largely immune to measurement. At no point in the examination do I gather numerical data about the patient’s life or behavior, even though tools for taking such measurements already exist. In fact, you likely are carrying one around in your pocket right now.
In the last decade, an entire industry has been built to predict a person’s behavior based on their smartphone use and online activity. Because our search and social media history is digitized and time stamped, it represents a permanent breadcrumb trail of our thoughts and emotions. Tech companies and governments already use these data to monitor and commodify our likes and dislikes; soon psychiatrists might be able to use them to measure and evaluate our mental state.
Our smartphones measure our movements with accelerometers, our location with GPS and our social engagement with the number of calls and texts we send. These data have extraordinary potential for psychiatric diagnosis and treatment. Studies have shown that the words we use to express ourselves on Facebook and Twitter can predict the emergence of conditions like postpartum depression and psychosis. A person’s recent Google search history, it turns out, is a better predictor of suicide than their clinician’s most recent notes.
https://telegra.ph/The-Rise-of-Big-Data-Psychiatry-04-29
via www.wsj.com
#smartphones #BigData #psychiatry #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
The information captured by our smartphones, as well as new speech- and facial-recognition technologies, can yield invaluable insights for mental health professionals.
As a physician, I need to figure out three things when a new patient walks into my office: what their life is typically like, what has changed that made them seek treatment and what I can do to help them. It’s a complex problem, and most fields of medicine approach it by taking measurements. If I were a cardiologist evaluating a patient’s chest pain, for instance, I would speak with the patient, but then I would listen to their heart and measure their pulse and blood pressure. I might order an electrocardiogram or a cardiac stress test, tools that weren’t available a century ago.
Because I’m a psychiatrist, however, I evaluate patients in precisely the same way that my predecessors did in 1920: I ask them to tell me what’s wrong, and while they’re talking I carefully observe their speech and behavior. But psychiatry has remained largely immune to measurement. At no point in the examination do I gather numerical data about the patient’s life or behavior, even though tools for taking such measurements already exist. In fact, you likely are carrying one around in your pocket right now.
In the last decade, an entire industry has been built to predict a person’s behavior based on their smartphone use and online activity. Because our search and social media history is digitized and time stamped, it represents a permanent breadcrumb trail of our thoughts and emotions. Tech companies and governments already use these data to monitor and commodify our likes and dislikes; soon psychiatrists might be able to use them to measure and evaluate our mental state.
Our smartphones measure our movements with accelerometers, our location with GPS and our social engagement with the number of calls and texts we send. These data have extraordinary potential for psychiatric diagnosis and treatment. Studies have shown that the words we use to express ourselves on Facebook and Twitter can predict the emergence of conditions like postpartum depression and psychosis. A person’s recent Google search history, it turns out, is a better predictor of suicide than their clinician’s most recent notes.
https://telegra.ph/The-Rise-of-Big-Data-Psychiatry-04-29
via www.wsj.com
#smartphones #BigData #psychiatry #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Telegraph
The Rise of Big Data Psychiatry
As a physician, I need to figure out three things when a new patient walks into my office: what their life is typically like, what has changed that made them seek treatment and what I can do to help them. It’s a complex problem, and most fields of medicine…
Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
Hacking the Samsung Galaxy S8 Irisscanner
Mobile vendors have established fingerprints as a biometric feature to unlock smartphones. Now they turn to iris recognition, as do hackers. This video demonstrates how to circumvent the iris recognition of the Samsung Galaxy S8 flagship phone only using basic tools.
https://media.ccc.de/v/biometrie-s8-iris-en
#ccc #biometric #unlock #smartphones #irisrecognition #irisscanner #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Mobile vendors have established fingerprints as a biometric feature to unlock smartphones. Now they turn to iris recognition, as do hackers. This video demonstrates how to circumvent the iris recognition of the Samsung Galaxy S8 flagship phone only using basic tools.
https://media.ccc.de/v/biometrie-s8-iris-en
#ccc #biometric #unlock #smartphones #irisrecognition #irisscanner #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag