Google Is Tracking Peoples Location Even When You Turn That Service Off

(THIS ARTICLE IS COURTESY OF ‘THE VERGE’ NEWS)

(OPED: WHY IS THIS NOT CRIMINAL, AND WHY ARE THE GOOGLE EXECUTIVES NOT CHARGED WITH FELONIES FOR DOING THIS? I BELIEVE THAT SERIOUS PRISON TIME IS THE ONLY WAY TO STOP COMPANIES AND GOVERNMENT AGENCIES FROM VIOLATING THE CITIZENS CONSTITUTIONAL RIGHTS!)(trs)

Android phones gather your location data and send it to Google, even if you’ve turned off location services and don’t have a SIM card, Quartz reported today.

The term “location services” oftentimes refers to exact GPS data for app usage, such as Google Maps finding your best commute route, or Uber figuring out exactly where you’re standing to let drivers know your pickup point. Quartz’s report details a practice in which Google was able to track user locations by triangulating which cell towers were currently servicing a specific device.

Since January, all kinds of Android phones and tablets have been collecting the addresses of nearby cellular towers and sending the encrypted data to Google’s push notifications and messaging management system when connected to the internet. It’s a practice that customers can’t opt out of — even if their phones are factory reset.

A Google spokesperson said in a statement to The Verge that all modern Android phones use a network sync system that requires mobile country codes and mobile network codes, so tower info called “Cell ID” codes were considered an “additional signal to further improve the speed and performance of message delivery.” Google ultimately discarded the cell tower data and didn’t go through with the original plan.

A source familiar with the matter stated that Google added the cell tower data-collecting feature to improve its Firebase Cloud Messaging, where devices have to ping the server at regular intervals in order to receive messages promptly.

The findings are surprising, given that cell tower data is usually held by carrier networks and only shared with outside companies under extreme circumstances. Through Google’s practices this year, an individual’s particular location within a quarter-mile radius or less could be determined with the addresses of multiple cell towers. This has particular security implications for individuals who wish to not be tracked, meaning that the safest way to avoid being tracked at all is probably to stick to burner phones. It could also create a bigger target for hackers looking to obtain personal information.

An update that removes this cell tower data-collecting feature will roll out by the end of this month, according to Google. Google’s terms of service, at the time of publish, still vaguely state, “When you use Google services, we may collect and process information about your actual location” using “various technologies… including IP address, GPS, and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points and cell tower.” Google does offer details on how to control Google’s location access points, though after reading through the instructions, the company could admittedly do a better job of making this clearer and simpler for its general consumers.

Wikileaks: The CIA Is Using Popular TVs, Smartphones And Cars To Spy On Their Owners

(THIS ARTICLE IS COURTESY OF THE WASHINGTON POST)

Wikileaks: The CIA is using popular TVs, smartphones and cars to spy on their owners

March 7 2017

Wikileaks posts alleged trove of CIA hacking tools

Embed Share

 
Anti-secrecy group Wikileaks on Tuesday said it had obtained a top-secret trove of hacking tools used by the CIA to break into phones, communication apps and other electronic devices, and published confidential documents on those programs. (Reuters)

The latest revelations about U.S. government’s powerful hacking tools potentially takes surveillance right into the homes and hip pockets of billions of users worldwide, showing how a remarkable variety of every day devices can be turned to spy on their owners.

Televisions, smartphones and Internet-connected vehicles are all vulnerable to CIA hacking, according to the Wikileaks documents released Tuesday. The capabilities described include recording the sounds, images and the private text messages of users, even when they use encrypted apps to communicate. The CIA also studied whether it could infect vehicle control systems used by modern cars and trucks, which Wikileaks said could allow “nearly undetectable assassinations.”

In the case of a tool called “Weeping Angel” for attacking Samsung SmartTVs, Wikileaks wrote, “After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on, In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.”

The documents, which The Washington Post could not independently verify and the CIA has declined to confirm, list supposed tools for cracking into such widely popular devices as Apple’s iPhone or the Android smartphones whose operating system is made by Google, but there are marked differences from the 2013 revelations by the National Security Agency’s former contractor Edward Snowden.

His documents largely described mass surveillance of Internet-based communications systems, more often than the individual devices that appear to have been the focus of the CIA. By targeting devices, the CIA could gain access to even well-encrypted communications, on such popular apps as Signal and WhatsApp, without having to crack the encryption itself. The Wikileaks reports appear to acknowledge that difference by saying the CIA “bypassed” as opposed to defeated encryption technologies.

Resignation and frustration rippled through Silicon Valley on Tuesday as technologists grappled with revelations of yet another government attempt to exploit their systems.

“The argument that there is some terrorist using a Samsung TV somewhere – as a reason to not disclose that vulnerability to the company, when it puts thousands of Americans at risk — I fundamentally disagree with it, “ said Alex Rice, chief technology officer for Hacker One, a startup that enlists hackers to report security gaps to companies and organizations in exchange for cash.

Privacy experts say the CIA may have been forced into focusing on vulnerable devices because the Internet overall has become more secure through more widespread deployment of encryption. In this new world, devices have become the most vulnerable link.

“The idea that the CIA and NSA can hack into devices is kind of old news,” said Johns Hopkins cryptography expert Matthew Green. “Anyone who thought they couldn’t was living in a fantasy world.”

Snowden’s revelations and the backlash made strong encryption a major, well-funded cause for both privacy advocates and, perhaps more importantly, technology companies that had the engineering expertise and budgets to protect data as it flowed across the world.

Google, Microsoft, Facebook, Yahoo and many other companies announced major new initiatives, in part to protect their brands against accusations by some users that they had made it too easy for the NSA to collect information from their systems. Many Web sites, meanwhile, began encrypting their data flows to users to prevent snooping. Encryption tools such as Tor were strengthened.

Encrypting apps for private messaging, such as Signal, Telegram and WhatsApp exploded in popularity, especially among users around the world who were fearful of government intrusion. In the days following the U.S. presidential election, Signal was among the most downloaded in Apple’s app store and downloads grew by more than 300 percent.

Open Whispers Systems, which developed Signal, released a statement: “The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption.” WhatsApp declined to comment, and Telegram did not respond to requests for comment. Google declined to comment, while Samsung and Apple did not immediately respond to requests for comment.

U.S. government authorities complained loudly that the new wave of encryption was undermining their ability to investigate serious crimes, such as terrorism and child pornography. The FBI sued Apple in hopes of forcing it to unlock an iPhone used by the San Bernadino killers before announcing it had other ways to crack the device amid heavy public criticism.

Against that backdrop, many privacy advocates argued that devices — often called “endpoints” for their place on chains of communications that can criss-cross continents — were the best available target left in a world with widespread online encryption. The Wikileaks documents suggests that the CIA may have reached the same conclusion.

“It would certainly be consistent with the hypothesis that we’ve made real progress in the encryption we’ve been introducing,” said Peter Eckersley, technology projects director for the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “It’s impossible to be 100 percent certain, but reading the tea leaves, it’s plausible.”

The Wikileaks revelations also will serve as a reminder that, for whatever the political backlash to revelations about digital spying, it is not going away and probably will continue to grow. The focus on hacking into individual devices — rather than the messages traveling between them — is likely to increase pressure on companies to make those devices safer because, as experts have long said, they are the most vulnerable target in a long chain of digital interactions.

That could be especially important for U.S. tech companies, such as Google, Apple and Facebook, that have worked to rebuild their reputations as stewards of their users’ privacy in recent years.

Cybersecurity experts, meanwhile, reacted with alarm to the news of the Wikileaks release.

“This is explosive,” said Jake Williams, founder of Rendition Infosec, a cybersecurity firm. The material highlights specific antivirus products that can be defeated, going further than a release of NSA hacking tools last year, he said.

The CIA hackers, according to WikiLeaks, even “discussed what the NSA’s …hackers did wrong and how the CIA’s malware makers could avoid similar exposure.”

Hackers who worked at NSA’s Tailored Access Operations unit said the CIA’s library of tools looked comparable. The description of the implants, which are software that enable a hacker to remotely control a compromised device, and other attack tools appear to be “very, very complex” and “at least on par with the NSA,” said one former TAO hacker who spoke on condition his name not be used.

The WikiLeaks release revealed that they have sophisticated “stealth” capabilities that enable hackers not only to infiltrate systems, but evade detection, as well as abilities to “escalate privileges” or move inside a system as if they owned it.

“The only thing that separates NSA from commodity malware in the first place is their ability to remain hidden,” the former TAO hacker said. “So when you talk about the stealth components, it’s huge that you’re seeing a tangible example here of them using and researching stealth.”

Computer security experts noted that the release includes no actual tools or exploits, “so we don’t know if WikiLeaks did not get them or is just not choosing to publish them,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley. “However we should assume that whoever stole this data has access to the exploits and tools.”

He noted that the dates in the files suggest the tools were taken in February or March 2016 and that there are at least two documents marked Top Secret, “which suggests that somebody in early 2016 managed to compromise a Top Secret CIA development system and is willing to say that they did.”

One internal CIA document listed a set of Apple iPhone “exploits” — or tools that can be used to compromise the device by taking advantage of software flaws. Some of the tools are based on “zero-days,” which are software vulnerabilities that have not been shared with the manufacturer. So “some of these descriptions will allow Apple to fix the vulnerabilities,” Weaver said. “But at the same time, they’re out in the public and whoever stole this data could use them against U.S. interests.”

Motivation Booster

stuff don't matter here

moviewarden.wordpress.com/

Motion-picture Reviews

Suicidal with a Side of Playful

This blog is about everything and nothing. Factual and fictional... You decide which is which.

Superduque

Mi patria es todo el mundo.

Past the Isle of Dogs

My adventures in self-publishing and other gibberish

Damian Daily

Books, Travel & Entertainment

%d bloggers like this: