FTC Warns Apps Could Be Invading Your Privacy

We all love downloading that new app. Be it a game or something more practical for everyday use, we love exploring it and finding out what it does. Seems like some Apps may be returning the favour and not even telling us about it as several apps could be invading your privacy.

The Federal Trade Commission (FTC) have warned several developers for mobile software that their apps may, in fact, be invading their customers privacy without even their notice. The Silverpush framework and several overs don’t request permission to use your microphone but still do. It only gets worse as it appears that the apps are capable of “producing a detailed log of the television content viewed while a user’s mobile device was turned on for the purpose of targeted advertising software and analytics”. So by having your phone near you when you watch TV means you could be advertising your favourite shows to third parties without even knowing it!

Silverpush is already known to listen for ultrasonic sounds to check for multiple devices within the vicinity such as your laptop or tablet. By knowing what devices you have around you the company is able to pick up and generate more detailed advertising profiles, some of which you are never even aware was being generated.

Silverpush, an India-based company, states that the techniques aren’t used domestically but the FTC want apps having to specifically request access to your device’s microphone.

Ransomware Just Got Worse By The Use of JavaScript

Ransomware is probably one of the peskiest and most annoying things that your computer can catch. Not only do you lose access to your files, you have to pay a criminal to release them again. Even if you should choose to pay, there is no guarantee what-so-ever that the criminal will release the files again or hide more malware to hit you again once you are “free”. If that wasn’t bad enough, a new version of Ransom32 has arrived that exploits JavaScript in order to infect you and worst of all, barely any anti-virus and anti-malware programs will catch it at this time.

While all this sounds bad, there are ways to protect yourself and if you use common sense while surfing the web, then you should be safe anyway. Stay away from dubious websites and don’t touch any archive or executable downloaded from anything but official manufacturer websites. But let us get back to the new malware in question, the ransomware called Ransom32.

Ransom32 is built on the NW.js-Framework which was developed to build desktop applications on a javascript base. A really cool framework by the way. That, unfortunately, means that where we usually only see Windows users that are at risk, those with Linux and MacOS are equally vulnerable to Ransom32. Thanks to the use of this framework, the ransomware is able to get past the sandbox environment that JavaScript runs in these days.

The security researcher Fabian Wosar from EmsiSoft discovered the new Ransom32 as a self-extracting RAR-Archiv. If that archive is unpacked, it will hide in your temp folder and disguise itself as the Chrome web browser and be visible as Chrome.exe. This is where advanced users already had noticed it and not used any automatic-unpack function. However, should the new chrome.exe be executed, then it will start to encrypt all your files with AES-128 bit CTR-mode and also place itself firmly in the systems autostart features.

The Ransom32 creators have also made it very easy for people to use their tool. Evil minded people can access the tool via a Tor address. When on the site, they can customize the tools features before downloading it. The creators reportedly also use the same network for their control servers and connections. To top the whole thing off, the creators take 25 percent of the accumulated ransoms for themselves, and everything stays anonymous thanks to the use of Bitcoins.

We can only hope that the virus scanners and anti-malware tools get an update soon so the less tech-minded people won’t get infected by this nasty new piece of software. You can also read a lot more details about this new piece of software on the EmsiSoft blog.

GCHQ Releases Open-source Spy Tool on GitHub

Open source surveillance has changed the ball game somewhat after British Intelligence security service GCHQ has created an account on well-known code repository site, and one of the fairly recent targets of China’s Great Cannon attack tool, GitHub.

What has exactly been created? It’s an open sourced tool by the name of “Gaffer”, which according to Google is a British slang term for boss; anyway, the tool is written in Java and according to the tools official GitHub page, is a framework that simplifies the storage of “large-scale graphs in which the nodes and edges have statistics such as counts, histograms and sketches,” not exactly Spectre, but hey ho.  The tool has been primarily developed as a graph database with the aim of offering the capability to retrieve data on nodes of interest.

Below is a summary of the tool and its key features

  • Allow the creation of graphs with summarised properties within Accumulo with a very minimal amount of coding.
  • Allow flexibility of statistics that describe the entities and edges.
  • Allow easy addition of new types of nodes and edges.
  • Allow quick retrieval of data on nodes of interest.
  • Deal with data of different security levels – all data has a visibility, and this is used to restrict who can see data based on their authorizations.
  • Support automatic age-off of data.

Gaffer is being distributed under the Apache 2.0 licence which allows you and me to modify and distribute the code in any way, as long as the original copyright notice and disclaimer are preserved.

For those who are excited about updates to this tool, anyone? The official GitHub page for this tool also announces that Gaffer 2 is in development and aims to “create a more general framework that offers the best of Gaffer with improvements”

It will be rather worthwhile to follow this tool through various developments and applications to see how it’s being utilized in the wider world; it would not surprise me if it’s in the news very soon.

Image courtesy of theregister

Optical Nanotechnology Sensor Claimed to be as Good as a Dog’s Nose

Researchers for the Oregon State University have created a new technology by combining optical tech with nanocomposite thin-films to develop a new type of cheap sensor, which is said to be fast, highly sensitive and able to detect and analyse a wide range of gases.

The sensor is said to be suited to detect carbon dioxide and may find potential use in industrial applications or systems designed to store the gas underground.

However, there are many other applications for the sensor. The researchers have filed a patent on the invention and are working in collaborating with a variety of industries to perfect and help commercialize the product.

“Optical sensing is very effective in sensing and identifying trace-level gases, but often uses large laboratory devices that are terribly expensive and can’t be transported into the field,” said Alan Wang, a photonics expert and an assistant professor in the OSU School of Electrical Engineering and Computer Science.”By contrast, we use optical approaches that can be small, portable and inexpensive,” Wang said. “This system used plasmonic nanocrystals that act somewhat like a tiny lens, to concentrate a light wave and increase sensitivity.”

The sensor works by having a metal-organic framework of thin films which can quickly absorb gases within material pores and be recycled by simple vacuum processes.

After the thin-film captures the gas molecules near the surface, the plasmonic materials act at a near-infrared range, help magnify the signal and precisely analyze the presence and amounts of different gases.

Detecting gas can also find its use in the explosive diffusion industry, with further applications seen in public places with high risk of terrorism and explosive use, such as airports or border security.

However, a lot of gases required to be monitored in the lab before the sensor can do its job in the field. Other fields that might find potential use for the technology include healthcare, automobile engines and prevention of natural gas leakage.

Thank you Phys.org for providing us with this information