Category Archives: Privacy

Phone Tracking

Posted by on 20 February, 2012 No comments

Mobile phones (or cell phones or hand phones, depending where you are in the world) can be used to track the location of people. This has always been possible, because of how the cellular network works. But now it’s easier for hackers.

The GSM system (used by most phone companies) has a test mode built in. A recent demonstration by a university showed that anyone can access this test mode and request the location of any phone, if they have the right skills and equipment. The equipment doesn’t cost very much, and the skills can be shared on the internet.

Mobile phones use base towers to handle the communication. The phone network needs to keep track of which towers are closest to you. And by using triangulation, an approximate position can be calculated.

Here is the research paper by University of Minnesota explaining how they tracked phones: Location Leaks on the GSM Air Interface.

What can you do?

Nothing. Law enforcement organisations have always had access to your phone’s location. Hackers now have it as well. If you need to keep your location private then don’t carry a mobile phone. You could also keep it turned off until you need it, but as soon as you turn it on the cell network will know your location.

Android Phone Virus Listens In On Calls

Posted by on 25 February, 2011 No comments

This had to happen sooner or later. A virus has been discovered that can affect Android phones. It uses the conference call feature of the phone to send your conversations to a remote server (spying on your conversations).

The virus is reported to now be on over 150,000 phones. This is quite serious. There are also two strains of the virus now, indicating that people are working on making things worse for everyone.

This virus is called HongTouTou. It was discovered in an app called Dynamic Footprint Wallpaper, hosted on an app store in China. More information here.

How can a phone get a virus?

Android phones are smartphones, meaning the phone is actually a computer. And like any other computer you can download and install programs onto it, commonly called Apps.

Now the philosophy behind Android phones is that it’s less regulated than other phones, such as Apple’s iPhone, and you’re free to install any app you want. Even ones that contain viruses.

With Android phones you have a choice where to download your apps from. And unfortunately this included untrusted sources where people can add viruses to apps. It’s all very similar to Windows PCs and the popular viruses from a few years ago.

What about iPhones and other phones?

This particular virus only affects Android, not any other phones.

How to avoid HongTouTou?

For now the best thing to do is to only use app stores you trust. Don’t rush into downloading an app just because it’s popular or cool, read up on it first.

 

BlackBerry Hoax Message

Posted by on 15 January, 2010 No comments

fire The following message gets sent to BlackBerries. The idea is that people believe what’s written there and forward it to all their contacts. Then each one of those people repeats the same process.

It’s a hoax. No damage can be done by the message, whether you forward it or not. And of course it will annoy people if you do forward it. It’s also very unprofessional to forward things like this to work contacts.

The message reads:

Do not accept this contact : 21536 (mireya diaz) she’s a hacker!!!! She will format ur blackberry and all ur contacts also.

Att: if one of ur contacts accept her u will get hacked also!!! Send this to all ur contacts

And don’t take the mentality that you should forward it “just in case”, or that it’s “better to be safe than sorry”. This is the wrong attitude. Make a stand and accept that it’s a hoax, and let others know.

There’s also something called a “barcode photo” that people talk about on BlackBerry forums. I don’t use a BlackBerry so I don’t know what this is, but apparently you shouldn’t share this barcode with people you don’t trust. It lets strangers add your BlackBerry to their contacts and send you hoaxes etc. You should stay in control of your privacy and choose who to share details with.

Flash Cookies

Posted by on 8 September, 2009 No comments

Some people know what a cookie is, what it’s good for and how it can be abused. If you don’t here’s a very short summary:

  • Cookies are codes that web sites save to your computer
  • They’re used to help web sites remember who you are. E.g. when you log onto eBay and come back the next day, it remembers who you are.
  • Marketing companies use them to keep track of how many of their ads you saw and where you might have seen them

So they’re not really a bad thing but marketing companies use them to track things about you. Then there are programs that try to delete them off your PC. Usually these programs are branded with words like “anti-spyware”, this isn’t completely accurate but that’s where you’ll see them. This is all fine so far.

And you can always delete cookies yourself. In Internet Explorer there’s an option in the Tools menu. All other browsers have similar options, usually in a tools or settings menu.

But there’s another kind of cookie that often gets overlooked – they’re called Flash cookies.

Unlike regular cookies, Flash cookies are not stored in your web browser’s settings. Deleting all privacy data leaves Flash cookies alone. Even deleting all cookie files off your drive skips Flash cookies.

Flash has a feature that lets web sites store a bit of information on your computer, just like a regular “cookie”. By itself this is harmless, but some developers have taken advantage of its features and use them to track you just like regular cookies. This by itself could be seen as a minor annoyance, it’s not dangerous.

But it’s also possible for a web site to restore a cookie that you deleted. Now this is a misuse of privacy. You see, when you tell your computer to delete all privacy data, and it later reappears, things are happening against your will – this is morally bad. The way they do it is developers create some code that uses Flash to store a copy of a cookie and if the cookie is gone it rewrites it.

What can you do about it?

On Windows you can install “Better Privacy” or “Ccleaner”.

On Mac OS X you can install “Flush.app” or delete the Flash cookie files the hard way.

There’s also a great deal more information in this article.

It’s now up to Adobe (the company that makes Flash) and web browsers to treat this as a privacy bug and to improve their browsers.

Smartphones can be used to spy on you

Posted by on 23 July, 2009 No comments

Phones have become quite sophisticated devices recently, hence the term “smartphone”. They can connect to the internet, download programs, and keep track of your life. All useful features.

Phones can also be used to spy on you, as some people in United Arab Emirates discovered. In this case a network carrier (Etisalat) sent their customers an update that installs on their BlackBerry phones. They told their customers that the update was “required for service enhancements.”

What they didn’t tell their customers is that the update contains spyware made by a company called SS8 Networks. This spyware sent information to their company using the phone (which incidentally drained their batteries from uploading so much data).

It’s still unclear what this spyware actually does, or why it was installed on their customers’ phones. You can read more information on this incident here.

In theory phone spyware could activate the phone’s microphone and/or camera and send information to another site. Or it could intercept SMS’s and phone calls. And so many phones these days also GPS receivers in them so spyware could also theoretically keep track of your location. This is all scary stuff.

There isn’t much we can do about this threat at the moment, if your life or work involves privacy then consider using an old phone with limited features instead of today’s smartphones.

Privacy In Web Browsing

Posted by on 6 July, 2009 No comments

When you visit a web site then later visit another web site, your web browser keeps a history of these sites. You can see this history by going to your browser’s menu and clicking on History.

In the past this history was private because it exists only on your PC. But recently it’s been proven that it’s possible for web sites to get a peek into your browser history. This could be a privacy concern for some people. Here’s how it works.

Some people have come up with some clever code they can place on their site. It basically asks your browser if you’ve visited a particular site before. For a demonstration click here and click on the Get Started link in the centre. Don’t worry, nothing bad will happen, it’s just a demonstration.

So how does this affect you?

You just need to be aware that privacy on the internet is fairly limited these days. If you have something to hide (for whatever reason) or you’d just like a bit more privacy, there are steps you can take to prevent this. It’s a bit technical for beginners but with a bit of effort it’s achievable.

  • Some browsers now have a “privacy” mode. For example, Google Chrome calls it “incognito”. Privacy mode doesn’t keep track of which sites you’ve been to.
  • You can use Firefox and install something called the “NoScript addon”. This will block the code I mentioned above.

It was possible to read Facebook Profiles with a hack

Posted by on 23 June, 2009 No comments

Yesterday a web site published a hack for Facebook that lets anyone read anyone’s profile. It was possible to read details such as location, gender, relationship status, political views, religious views, etc. It didn’t matter what privacy settings people had set, this hack made it all visible.

Today Facebook have acknowledged the problem and fixed it.

This is a good reminder that when you publish information online, you lose some control over it. If something is so private that you can’t risk others seeing it then don’t publish it.

You can read more about the exploit here.

Can Twittering Help Thieves?

Posted by on 16 June, 2009 No comments

luggage stuffed with money A business owner in USA had been twittering about his upcoming holiday, and provided further updates when they’d left home for their holiday. Then their home was burgled. Was is chance or did someone know the house would be empty via Twitter?

It’s not possible to know but it certainly raises awareness about how safe it is to tell strangers about your travel plans. And this doesn’t just apply to Twitter, but to any social site where you’re giving personal information to strangers.

Read the full article here.

Web Sites That Ask For Your Other Passwords

Posted by on 2 June, 2009 No comments

Social web sites are all the rage these days, such as Facebook, MySpace, Twitter, and there are hundreds of less popular ones as well. The idea with them is that all your friends and family can join and you can share aspects of your life such as photos and comments.

mystery cubeOften these same sites will ask for other passwords, in an effort to help you find more of your friends and family. For example, when you sign up to Badoo.com it asks you for your MSN username and password. They do this so they can log into MSN with your account, get a list of your contacts, and invite them to join Badoo. Facebook can do this too only on a grander scale.

It’s good in theory but there are some large risks involved. When you sign up and are prompted to enter your MSN details (or any other account), consider these questions:

  • Who runs Badoo? Is it some guy sitting at home with no one to answer to?
  • Do you trust the company (such as Badoo) and all of their employees?
  • What is their privacy policy? Who are they accountable to if they breach their privacy policy?
  • Do they store your MSN password? (You have no way of knowing this for sure)
  • Have their servers been hacked and is someone else also capturing your password? (Again you have no way of knowing this, web sites get hacked every day)

You can see where this is leading. If you enter your other passwords into someone’s web site you’ve lost control and put yourself at some risk.

So when you sign up to a new site and it asks you for other passwords you already have, your initial reaction should be to refuse. Then consider if the benefits of doing so are worth the risk.

I’d like to thank our regular reader Nick for bringing this issue up.