Apple patent envisions tracking people in real time

Apple’s current Find My Friends feature could one day expand into more of a Track My Friends feature.

Granted to Apple on Tuesday by the US Patent and Trademark Office, a patent called “Sharing location information among devices” describes a procss that would let you view a visual representation of the path taken by another person using a mobile device as a way of following that person’s entire journey.

For example, someone is going for a hike or a trip and wants you to stay informed of his or her whereabouts. That person would enable a feature on a mobile device to allow you to see and track in real time the path being taken on your own mobile device or computer. On the flip side, you could also share your route so the two of you can stay abreast of each other’s ongoing location.

Apple already offers a feature called Find My Friends, which lets you find the specific location of another person via his or her iPhone or iPad. But Find My Friends is geared more toward pointing you to a specific spot, whereas Apple’s patented invention allows for path tracking, or following several points along a specific route.

As described in the patent, your respective devices could also share mapping directions so that you and your friend would be able to easily find each other via your mobile devices. Even further, your devices could tap into a “mirroring” mode that would replicate the view seen on each other’s respective devices.

The system would rely on GPS for navigation purposes but could enable communication between the devices via a cellular network, Wi-Fi or Bluetooth. Assuming both you and your friend had a sufficient signal, cellular would obviously be the most efficient technology as it would allow for the greatest distance between the two of you.

Read More

The Pentagon is looking to hire 3,000 infosec pros

The US Department of Defense has gotten permission and is aiming to hire 3,000 infosec professionals to work at the US Cyber Command by the end of this year, and is set to make the majority of the members of its Cyber Mission Force (CMF) achieve at least initial operational capability by the end of the 2016 Fiscal Year.

According to Aliya Sternstein, salaries start at $42,399 and can eventually rise to over triple that amount ($132,122).

The good news for potential employees is that the DoD doesn’t have to evaluate the applicants by traditional competitive criteria – to gain employment with the CMF, the applicants will have to demonstrate unique cybersecurity skills and knowledge.

The US Cyber Command was instituted in 2010, and was tasked with protecting the Department of Defense’s information networks and critical infrastructure, as well as to carry out cyber attacks against adversaries.

“USCYBERCOM confronted serious challenges from the outset. DoD networks had been planned and initially constructed decades earlier in an environment in which redundancy, resiliency, and defensibility were not always primary design characteristics,” Admiral Mike Rogers, the Head of the Cyber Command, shared with the members of the US House committee on Armed Service’s Subcommittee on Emerging Threats and Capabilities.

“Operators in USCYBERCOM, not surprisingly, could not even see all of our networks, let alone monitor all the traffic coming into and out of them from the Internet. Our people were and are professionals, so that issue was rapidly engaged, but nonetheless the sheer volume of work involved in starting a new, subunified command was substantial.”

“The bad news was that USCYBERCOM was built from the ground up by cutting manning to the bone, initially sacrificing vital support functions and institutional infrastructure to build mission capabilities as fast as possible,” he noted, and announced that things are slowly changing.

Read More

Protecting your privacy on the phone

Tapping phone lines and recording conversations is a classic spy technique, but it can be easy to protect yourself from these actions with a few simple gadgets and security practices. Make sure you are being proactive about your privacy and protecting your phone calls from unwarranted or illegal recording.

There are a few ways to protect your privacy on the phone. Whether the person on the other end is recording the call or you think your own line has been tampered with, make sure you’re taking the right steps toward eliminating these threats and having private conversations in peace.

Bug sweep – Bugging a room or phone is a key way to record or spy on conversations. Getting a Multi-Functional All Purpose All-in-One Sweep Unit can help you find and disable audio recording devices in your phone, as well as hidden cameras and other spying devices.

Tap detection – For increased protection from phone tapping, you can install a Super Tap Buster on your phone line. This tool will constantly monitor line voltage and detect changes that indicate a phone tap. This will further protect you from taps installed outside your home, and can remotely disable bugs, while alerting you to secondary listening devices on a line – such as when a second line is picked up and muted during a call to listen in.

Voice changer – If you’re trying to keep your identify a secret during a phone call, a Telephone Voice Transformer is the best way to go. This device will alter the pitch and tone of your voice to mask it and keep your identify a secret – an excellent way to prevent a phone tap from gathering too much information.

View Source

FBI boss ‘concerned’ by smartphone encryption plans

Plans by Apple and Google to do more to protect customers’ privacy have made the FBI “very concerned”.

Speaking to reporters, FBI boss James Comey said the plans to enable encryption by default could thwart law enforcement investigations.

Lives could depend on police forces continuing to get access to the data on devices used by criminals and terrorists, he said.

The FBI was talking to both Apple and Google about its fears, said Mr Comey.

Protect privacy
The conversations with tech firms needed to be had before the day when police forces lost access to those devices, he said.

“I’d hate to have people look at me and say, ‘Well how come you can’t save this kid?’ ‘How come you can’t do this thing?’” said Mr Comey in a briefing.

His comments came in reaction to a decision by Apple to enable a file encryption system on its iOS 8 software for which it has no keys. This means it would not be able to comply with any official request to help police get at the data on those devices.

Google has said it too is planning to enable a similar encryption system by default on the next version of Android.

Mr Comey said he was “very concerned” about these plans because of what they would allow people to do.

“What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law,” he said.

“I am a huge believer in the rule of law, but I am also a believer that no-one in this country is beyond the law,” he added.

Apple and Google have yet to respond to Mr Comey’s comments.

Ten days prior to Mr Comey’s press statement, iOS data forensics expert Jonathan Zdziarski pointed out that Apple’s encryption system would not stop police getting at data on portable devices.

Specifically weakening security systems just to aid the police was a bad decision, he said.

“For the sake of privacy and overall security, the only logical solution is to make products as secure as possible, and let good detective work do the crime solving, rather than an easy button,” he wrote in a blogpost.

View Source

Google Just Bought a Company That Snoops on Your Chats

Google just bought another online communications channel it can fill with ads.

The tech giant confirms it has acquired Emu, a startup that offers a kind of instant messaging tool. The price was not disclosed, but Google’s interest in the company isn’t hard to divine: Emu has built a system that can monitor chats, infer what people are talking about, and insert relevant links—including ads.

Emu, which has been subsisting for two-and-a-half years on venture funding, doesn’t insert such ads today. Instead, it uses its monitoring tools to identify certain other information that might be helpful to you. For example, if you’re chatting on the Emu service and the other person types something about getting lunch, Emu might suggest nearby restaurants or show the mid-day schedule from your calendar. But it’s a very short leap from such information to commercial promotion. A nearby cafe might pay for ad to appear every time the word “coffee” comes up in your chat.

The Emu buy is part of a much larger trend to monitor and thus profit from new chunks of people’s lives. Foursquare just rolled out a new version that, by default, tracks your movements continuously, negating the need for a “check in” button. Google, meanwhile, isn’t just interested in chats; the company has said that it may eventually show ads on internet-connected home devices, such as thermostats.


Emu fills a growing hole in Google’s ad offerings. Google mines search terms and emails for advertising purposes, but not yet chats. As people shift their computing to smartphones and other mobile devices, chatting—short, immediate, and part of phone culture for decades—has become more popular.

Read More

Phone texts don’t die: they hide

The computer forensics expert who recovered the text messages that brought down parliamentary Speaker Peter Slipper has warned that any messages or files you think you have deleted from your smartphone are still there if someone really wants to find them.

The national head of the IT forensics practice at corporate advisory firm PPB Advisory, Rod McKemmish, was brought in by the legal team of Mr Slipper’s former staffer James Ashby, as some of the messages he had received from the former speaker had been deleted.

He was able to use an automated forensic process to bring the messages back from the dead.

“The delete button on the phone should really be called the ‘hide’ button, because the data is still there, you just can’t see it,” Mr McKemmish said. “In the forensic process we can bring it all back.”

While most politicians and business people are unlikely to be communicating about the sort of topics that brought down Mr Slipper, many might rethink the privacy of their communications.

With soaring levels of smartphone penetration in Australia, it is fair to assume that a significant amount of sensitive discussions take place via SMS.

Mr McKemmish said his skills were increasingly being called upon to investigate corporate cases, where firms were concerned about confidential information residing on the phones of staff leaving. Most phones have a “factory reset feature”, which is supposed to revert the phone to the state when it was first used, but it’s insufficient.

IBRS technology analyst James Turner said businesses needed to be more alert to the permanent nature of digital communication, as more important conversations were handled by SMS and email.

“This can be share price-impacting information, because deals can be made via an SMS that are worth a lot of money,” he said. “The audit trail is all important when it comes to being able to report that due process has been followed, so i f people are using electronic communications, then they must expect that there is a record.”

Not all communication via SMS or email is related to big deals of course. Much could be slotted into the files marked “harmless banter” or “office gossiping”. Common stuff, but not necessarily words that people want to be accessible once the messages have been deleted.

Unfortunately for regular texters,cA computer forensics expert and adjunct professor at Queensland University of Technology, Bradley Schatz, says smartphones were designed to hold on to data as a guard against accidental loss.

He says there are a number of factors that will govern how long a message exists on a phone after it has supposedly been deleted, but a basic guide is that it will remain somewhere on the phone until all available space for new data has been exhausted.

“The memory inside many of these small-scale digital devices is called flash memory, which is the same kind of memory that you would find in a USB key,” Schatz said.

Read More

Comcast is turning your home router into a public Wi-Fi hotspot

If you’re a Comcast cable customer, your home’s private Wi-Fi router is being turned into a public hotspot.

It’s been one year since Comcast (CMCSA) started its monster project to blanket residential and commercial areas with continuous Wi-Fi coverage. Imagine waves of wireless Internet emitting from every home, business and public waiting area.

Comcast has been swapping out customers’ old routers with new ones capable of doubling as public hotspots. So far, the company has turned 3 million home devices into public ones. By year’s end it plans to activate that feature on the other 5 million already installed.

Anyone with an Xfinity account can register their devices (laptop, tablet, phone) and the public network will always keep them registered — at a friend’s home, coffee shop or bus stop. No more asking for your cousin’s Wi-Fi network password.

But what about privacy? It seems like Comcast did this the right way.t’s potentially creepy and annoying. But the upside is Internet everywhere.

Outsiders never get access to your private, password-protected home network. Each box has two separate antennae, Comcast explained. That means criminals can’t jump from the public channel into your network and spy on you.

And don’t expect every passing stranger to get access. The Wi-Fi signal is no stronger than it is now, so anyone camped in your front yard will have a difficult time tapping into the public network. This system was meant for guests at home, not on the street.

As for strangers tapping your router for illegal activity: Comcast said you’ll be guilt-free if the FBI comes knocking. Anyone hooking up to the “Xfinity Wi-Fi” public network must sign in with their own traceable, Comcast customer credentials.

Still, no system is foolproof, and this could be unnecessary exposure to potential harm. Craig Young, a computer security researcher at Tripwire, has tested the top 50 routers on the market right now. He found that two-thirds of them have serious weaknesses. If a hacker finds one in this Comcast box, all bets are off.

“If you’re opening up another access point, it increases the likelihood that someone can tamper with your router,” he said.

Read More

Google Glass wearers can steal your password

But this time he’s wearing Google Glass — and he’s after your iPad PIN.

Cyber forensics experts at the University of Massachusetts in Lowell have developed a way to steal passwords entered on a smartphone or tablet using video from Google’s face-mounted gadget and other video-capturing devices. The thief can be nearly ten feet away and doesn’t even need to be able to read the screen — meaning glare is not an antidote.

The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode.

They tested the algorithm on passwords entered on an Apple (AAPL, Tech30) iPad, Google’s (GOOGL, Tech30) Nexus 7 tablet, and an iPhone 5.

Why should you be worried?

“We could get your bank account password,” researcher Xinwen Fu said.

The software can be applied to video taken on a variety of devices: Fu and his team experimented with Google Glass, cell phone video, a webcam and a camcorder. The software worked on camcorder video taken at a distance of over 140 feet.

Of course, pointing a camcorder in a stranger’s face might yield some suspicion. The rise of wearable technology is what makes this approach actually viable. For example, a smartwatch could stealthily record a target typing on his phone at a coffee shop without drawing much attention.

Fu says Google Glass is a game-changer for this kind of vulnerability.

“The major thing here is the angle. To make this attack successful the attacker must be able to adjust the angle to take a better video … they see your finger, the password is stolen,” Fu said.

Google says that it designed Glass with privacy in mind, and it gives clear signals when it is being used to capture video.

“Unfortunately, stealing passwords by watching people as they type them into ATMs and laptops is nothing new,” said Google spokesman Chris Dale. “The fact that Glass is worn above the eyes and the screen lights up whenever it’s activated clearly signals it’s in use and makes it a fairly lousy surveillance device.”

Read More

New Technology Could Let Thieves Copy Keys

Using a simple camera or camera phone, it is now possible to snap a photo of almost any key ring and use the image to make a physical copy of a key.

The I-Team did just that, using a web site called

With a smartphone camera, the I-Team took a photo of a key ring lying unarranged on a desk. After the image was run though photo-editing software, and one house key was isolated, the image was uploaded to the web site. Within a week, the company sent the I-Team a copy of the key,which opened the front door of a home.

In crowded Bryant Park one recent day, Devon White’s key ring was one of several the I-Team found sitting in plain sight, vulnerable to a camera phone snapshot.

“It’s always cool when new technology moves in a new direction, but it is a bit worrying,” said White, of Queens, after learning about this new vulnerability. “You wonder … anybody could just take a picture of anybody else’s key.”

Police in Nassau County said they first became aware of the new key-cutting technology in recent months. They said they have not linked any crimes to it yet, but they are urging people to use caution in how they handle their keys.

“All it takes to cut a key is you just have to have the outline of the key,” said Detective Sgt. Richard Harasym, who heads Nassau’s Crimes Against Property Unit. “It’s unlocking the keys to your castle, so to speak, and if you leave them out there, then you run the risk that something bad could happen.”

The I-Team contacted Ali Rahimi, the founder of the web site. Rahimi admitted News 4′s demonstration reveals a security risk, and said he will look for ways to close it. Still, but he said he’s unaware of any customer who’s ever used one of his keys illegally.

“It’s worth incorporating the lessons we’ve learned from your experiment. It’ll take some thought,” said Rahimi.

Rahimi said one possibility might be to use software that detects when photos have been doctored. The web site does require a credit card for payment. Until better security checks can be implemented, he said his employees will screen for any suspicious-looking pictures, and ask for additional photos of the key in the customer’s hands.

“That’ll ensure they have physical access to the key,” he said.

View Source

Google fielding ‘take-down requests’ after privacy ruling

Google is already receiving demands from people to remove links from its search results just days after Europe’s highest court said people worried about their privacy have the “right to be forgotten” on the Internet.

The European Court of Justice on Tuesday found Google and other search engines control information and are responsible for removing unwanted links if requested. In the ruling, the court decided that Google results linking to a newspaper’s notice about a Spanish man’s social security debts in 1998 were no longer relevant and must be deleted.

Google can, however, decline requests the company believes are in the public interest to remain in its search results.

Google declined to say how many people have requested information to be taken down as a result of the ruling. But some of the people who have requested that Google remove unsavory Web pages about them demonstrate the murky situation Google finds itself in: A politician, a poorly reviewed doctor and a pedophile are among the first to have issued take-down requests.

A person with knowledge of the requests said a man convicted of possession of child pornography has requested that Google (GOOG, Fortune 500) remove links to Web pages about his conviction. A former politician has also requested that the search engine remove links to a news article about his behavior while he was holding office. And a physician has requested that links to a review site be removed.

Google has not yet taken the links down. The company said it first needs to develop a procedure to handle a potential flood of requests for removal.

“The ruling has significant implications for how we handle take-down requests,” a Google spokesman said. “This is logistically complicated — not least because of the many languages involved and the need for careful review. As soon as we have thought through exactly how this will work, which may take several weeks, we will let our users know.”

Google is used to handling take-down requests. The search engine said it received more than 25 million requests from companies claiming Google results linked to material that infringes on copyrights. Google also receives thousands of requests from governments to take down links to websites that violate laws. Google complies with fewer than half of the government take-down requests but does not specify its compliance rate for copyright-related requests.

But copyright and many other laws are considerably clearer-cut that the test of “relevance to public interest,” which Google will now need to abide by in the European Union.

Read More