Lincolns “Connectivity” Takes Luxury Car Status to an Extreme

Cars have a single purpose, getting you from A to B. Sometimes you do want to enjoy the journey a little more so you splash out on a nicer car, a concept that goes to the extreme in the line of luxury vehicles, something Lincolns new SUV concept titled the “Connectivity” has everything a luxury car needs and then some!

Okay, first off look at doors. The “Gull” doors open up and to help you get that extra few inches from the floor steps descend to pave your way through the arched entrance like a god. If that wasn’t enough then why not enjoy the four screens built into the backs of the headrests. Instagram, Facebook maybe even Netflix while you’re parked up waiting for the kids to come out from school.

With all the modern safety features like automatic braking and a lane keeping system (designed to keep you in lane surprisingly), you will also get to avoid those tight parking spaces thanks to the four cameras that sit around the vehicle to give you that overhead image of how close to denting your new car you really are.

With all these you could be asking what else could they fit in the vehicle? What do you keep in your boot because with the Connectivity you will be looking at your wardrobe. We are not joking, located at the back of the vehicle is a “custom wardrobe management system” which seems to make this vehicle seem at home in a spy movie.

GCHQ Could Be Fined For Latest Series Of Job Adverts

GCHQ are known for their presence within the UK as the cyber spies, the first and last defence against digital threats within the UK. In recent years though they have not had the best image, with incidents like being given permission to spy on politicians, recommending users store their passwords in software and do away with remembering them and breaching human rights with their internet surveillance. Their latest issue may be something a little more low-tech, with their latest job adverts possibly resulting in them being fined.

Hackney council has stated that they will fine and ask that GCHQ clean up their advertisements as they didn’t have permission to create the advert in Shoreditch.

Featuring a pun on their name, combined with a web address, the adverts were created by using a technique called reverse graffiti. This means that instead of applying paint or another material atop the surface, you use a stencil and a power washer to remove and clean off the top layer of dirt, resulting in a white depiction of your stencil.

The adverts have also been spotted in Manchester, Birmingham, Wolverhampton and Leeds.  GCHQ claim that they were led to believe that Hackney Borough Council had an issue with clean graffiti on street furniture, not pavements.

If only they had a copy of the email that people sent with this information…

Snooper Charter Powers are Increasingly Worrying

Security is one thing, from a virus on your phone or PC to a coordinated breach and remote access that compromises your computer. While we may not want to believe them, they are the things that happen more than anyone would want and as such, people are employed to look out for any risks and report and maybe even fix them. Security researchers are essential in the world where our digital security is as important to many as locking your door. So what does the new law that the UK government want enforced mean for you? For one it’s more than often known as the Snooper Charter, and its powers could be a problem for security researchers and even you.

The typical process for security researchers upon finding a backdoor, something that can give anyone access to your system, is to check your findings with colleagues and make sure that it is, in fact, a security risk, then to alert your client, normally the creator of the software or the owner of it at least. They then report it, get a fix out and then you can reveal to the world that they need to update in order to receive this fix.
Under the snooper charter, though, even so much as revealing a backdoor could be punishable with up to 12 months in jail or a fine. For someone who spends their life finding these flaws, the risk of you exposing one created by the government, could put you not only out of a job but also out of work for good.

If that wasn’t enough, intercepting information, equipment interference (hacking) and retaining communications data would also be protected under gag orders, including those for bulk communications data collection, such as all the emails sent from your home IP.

Granting access to all your information, without having to provide anything for scrutiny. This is made all the worse by that fact that even in talking to your MP, to prove someone innocent of a crime they were falsely accused for or even in the court when you’re being charged using this information, it would become illegal to even disclose that these tactics were used to obtain the information.

With these powers and the charter as it is, not only would the government and agencies have abilities to access and obtain information with little oversight, but you would be unable to discuss or reveal that these activities even took place.

US Navy’s Tiny Spy Drones Can Listen In to Enemy

At the Department of Defense’s “Lab Day” last week at the Pentagon, scientists from the Naval Research Laboratory unveiled the newest iteration to spy drones, small enough to fit in the palm of the hand.  US military scientists have invented a miniature drone to glide in the enemy’s airspace and listen in to them. These can be deployed by an airplane or balloon in a large numbers such that it will be impossible for the enemy to pick them all up. It looks like a flying bird from the ground, according to officials. It is cheap, tiny and intelligent glider that can glide to its intended coordinates.

It is being called CICADA: Close-in Covert Autonomous Disposable Aircraft. It is named after the insect that inspired its invention, the Cicada, which spends years underground before appearing in great swarms, reproducing and then dropping to the ground dead. It is so small that eighteen of those can fit inside a six-inch cube. It has no motor and consists of only about 10 parts. The prototype costs about a thousand USD to build, but it can be brought down to $250 on mass production. In a test about three years ago in Yuma, Arizona, Cicada drones were released from 57,600 feet (17,500 meters). The little drone flew about 11 miles(17 KM), landing within 15 feet of its target which proves its accuracy.

Thank you Defence News  for providing us with this information.

Snowden: US and UK Spies Hacked SIM Card Manufacturer

It’s been reported that spies from both the UK and the US hacked into a SIM card company. The information, once again coming from Edward Snowden, details efforts to steal codes that allowed the spies to eavesdrop on communications between phones and cell towers.

The company in question, Gemalto, produces SIM cards in 85 countries and chances are your SIM card was made by them. The hack provided the codes required to decrypt pretty much any communications between mobile phones.

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. The Intercept

The hack is unprecedented as it meant that GCHQ and the NSA had essentially given themselves the ability to capture any mobile communications from the air. Gemalto says that they “take this publication very seriously”.

“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated techniques to try to obtain Sim card data,” – Gemalto

Source: BBC News

Android Malware Fakes Power-off to Spy on You

The security company AVG has discovered a particular devious little piece of malware in the Android ecosystem, one that seemingly can spy on you while your phone is turned off.

The malware digs into your phone and actually just fakes a power down. You’ll get the animation and the screen as well as LEDs will turn off – exactly the same as if you’d turn your phone off.

Now that you’re completely unaware that the phone is running, the malware can make phone calls, send messages, transfer your files as well as record you through the built-in cameras and microphone. That’s kinda creepy.

The good news is, this malware can only attack rooted phones, so the general public is safe. But even people with rooted phones can be safe from this attack, at least if they use AVG’s security solution. It can both detect and deal with this new threat dubbed the ‘Android/PowerOffHijack.A’ that can attack Android 5.0 and below.

The company spokesperson told that at least 10,000 devices were infected so far, but mostly in China where the malware was first introduced and offered through the local, official app stores.

Thanks to AVG for providing us with this information

Your Phone Could Be Spying on You Using Its Gyroscope

Lately, it seems that there is a lot of surveillance paranoia about and people are being a bit more careful what apps they are allowing to use the microphone on their device. This new trick could make your phones gyroscope act as a crude microphone and there is currently no way to stop it.

In a presentation at the Usenix security conference, researchers from Stanford University and Rafael, Isreal’s defence research group are planning to present a technique they have found to eavesdrop on people using gyroscopes that are already in smartphone devices. Gyroscopes are tiny sensors that enable the device to find out its orientation and allows motion-based games, auto-rotate and even camera stabilisation. Now researchers have found that they are sensitive enough to turn into crude microphones because they can pick up soundwaves. For android users, unlike the microphones that are built into the phones, there is no way to deny an app or website access to the sensor or data, meaning there is no way to turn it off.

Due to the crude nature of the microphone it’s certainly not very practical, only certain sounds and words are clear enough to understand. However, Boneh says that more work on speech recognition algorithms could refine the quality and make the audio far clearer. He also has said that this should serve as a warning to google to change how easily Android apps could exploit the sensors and that its actually quite dangerous the amount of access they have to them. Iphones do have gyroscopes in them, but they are limited to how sensitive they are, this means that they are not susceptible to this trick, but also means that google could just tweak the software and make sure that Android devices are private.

Thanks to Wired for supplying us with this information.

Image courtesy of Rob Rogers

BIOS Vulnerability Still Roaming Wild despite Warnings

A multi-year effort to prevent hackers from altering computers while they boot up has largely failed and the flaws are still being exploited despite their disclosures. According to researchers from the federal founded MITRE lab, many Intel customers have still not adopted the revised security design distributed in March after even more vulnerabilities were discovered.

This could leave many newer Windows computers exposed, MITRE told Reuters ahead of their Black Hat presentation.

Intel’s point person on the issue, Bruce Monroe, said that he didn’t know how many suppliers and computer makers had followed Intel’s recommendations. “We’re not privy to whether they’ve fixed it or not. We asked them to let us know.”

The NSA Director Keith Alexander already urged the chief executives of major American technology companies years ago to do something about the boot-up procedure (BIOS). Because the start-up code is given more authority, hackers who break the code can make major changes to programs and hide their presence as well as survive power-down and reboots.

The successor called Unified Extensible Firmware Interface (UEFI) is widely adopted now and has features like secure boot where digital signatures are checked before code is run. Microsoft was one of the first to embrace the new system with their Windows 8.

With flaws like this, it’s no surprise that well-funded spying programs as those exposed by Edward Snowden can continue to succeed against targets that depend on a complex supply chain.

MITRE made a similar presentation at last years Black Hat conference where Corey Kallenberg and Xeno Kovah broke into Dell’s boot-up process. Since the talk they have deployed sensors to about 10.000 computers to determine whether the boot procedures were still vulnerable. A shocking 55 percent of them still were, but the actual percentage is said to be even higher as the checks were done by Intel’s old UEFI guidelines that still allowed for memory corruption.

The threat is very real as shown for recent events. The 2011 Mebromi attack on Chinese computers using the Phoenix BIOS, last years report by Der Spiegel about the NSA tool called DeityBounce and just earlier this year Reuters reported about a U.S. Defense Contractors product, priced over $100k, for “incapacitating target computers by attacking BIOS and other critical elements”.

Thank you Reuters for providing us with this information

Images courtesy of Hardware Analysis

British Intelligence Agecy Accredits UK Master’s Degree in Cyber Spying

British Intelligence Agency, GCHQ, is said to have started accrediting six UK universities, which can now teach people the art of ‘cyber spying’. The degree initiative comes from part of the UK’s cyber security strategy published back in 2011.

The strategy itself is said to recognize that education is a crucial key to improving defenses against hackers and online fraud. Francis Maude, the Cabinet Office minister, stated that cyber security is a key part of the government’s future plans for the British economy, emphasizing that it would make the “UK one of the safest places in the world to do business online”.

“Through the excellent work of GCHQ, in partnership with other government departments, the private sector and academia, we are able to counter threats and ensure together we are stronger and more aware.” Maude said.

Universities around the UK were required to submit their master’s degree courses for certification. At present, GCHQ-approved courses in cyber security can be found at Edinburgh Napier University, Lancaster University, the University of Oxford and Royal Holloway, University of London.

In addition to the previously mentioned universities, GCHQ is said to have given out provisional accreditation to Cranfield University’s cyber defence and information assurance course, and the University of Surrey’s information security course.

Thank you BBC for providing us with this information
Image courtesy of BBC

Security Experts Say That USB Security is Fundamentally Broken

The common USB stick has become the most common way of sharing and storing files on-the-go. With this in mind, a variety of malware and viruses were created in an attempt to take control of computers who do not have any security measures installed, such as antivirus software. Other means of ‘cleaning’ an USB drive would be to format its content, leading to every file being deleted along with any malware and virus program that might be present on the drive.

However, two security researchers state that security problems with USB drives run deeper than expected. They state that the “risk isn’t just in what they carry, it’s built into the core of how they work.” This is why security researchers Karsten Nohl and Jakob Lell plan to present a proof-of-concept malicious software by the name of BadUSB which is stated to highlight that USB devices have long been fundamentally broken.

BadUSB can be installed on a USB device to completely take over a PC silently, alter files and even redirect the user’s internet traffic. The malware is said to be installed on the flash drive’s firmware and not the memory, which means that the code can remain hidden long after the flash memory has been erased. Also, the researchers state that there is no easy fix for the vulnerability. They say that the USB stick needs to be blocked from sharing its content with the system or, plainly said, the USB drive needs to be physically removed to stop the infection.

“You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s ‘clean,’” says Nohl. But unless the IT guy has the reverse engineering skills to find and analyze that firmware, “the cleaning process doesn’t even touch the files we’re talking about.”

It is said that the vulnerability is not limited to USB drives. All sort of USB devices, spanning from keyboards to smartphones and even cameras can have their firmware reprogrammed with the malware in question. The researchers have stated that they used the BadUSB program on an Android device, having a “grab bag of evil tricks” happening as a result. Nohl and Lell tell that it replaced software being installed with a corrupted or backdoored version and even impersonated a USB keyboard that suddenly started typing commands.

The researchers tell that the infection can travel both from a computer to the USB and the other way around. Matt Blaze, a computer science professor from the University of Pennsylvania, is also aware of the shallow security veil that USB drives present. He also speculates that the NSA could have made a common practice out of infecting USB devices using this approach.

Matt points to a spying device by the name of ‘Cottonmouth’, which has been revealed in one of Edward Snowden’s leaks. The device, which hid in a USB peripheral plug, was advertised in a collection of NSA internal documents as surreptitiously installing malware on a target’s machine. However, the exact mechanism for that USB attack wasn’t described.

Thank you Wired for providing us with this information
Image courtesy of Wired

Chinese Authorities Pay an ‘Unexpected’ Visit to Microsoft Offices

Microsoft offices from Beijing, Shanghai, Guangzhou and Chengdu have been unexpectedly visited by the Chinese State Administration for Industry & Commerce, according to a report from Reuters. A spokesperson for the company has confirmed the visit, but declined to give a reason for the inspection ‘outside of working hours’.

The company is said to have become a target for the Chinese government since former U.S. National Security Agency contractor, Edward Snowden, revealed the various spying programs enforced by the agency, including PRISM. However, Microsoft states that its goal is to provide quality products, security and reliability to customers.

“We aim to build products that deliver the features, security and reliability customers expect and we’re happy to answer the government’s questions.” the company’s spokesperson stated.

The Chinese state media have been out to get American tech firms since the NSA leaks went online, calling for “severe punishment” for companies found to be helping the U.S. government steal secrets and monitor the country’s activities. Microsoft’s OneDrive has even been targeted by activists this month, having its services disrupted in China.

Further anti-U.S. activities have been stated to be present in central government offices, where the Chinese have banned installing and/or using Windows 8 on new computers. The ban has been stated to still be in effect even today.

Given the above, Microsoft still plans to release its Xbox One console in China this September, while also aiming to form ties with China Telecom Corp and e-commerce company, Inc.

Thank you Reuters for providing us with this information

Edward Snowden Reveals he was Trained as a Spy and Not an Analyst

After leaking information about NSA activities and other secret plots, Edward Snowden makes another statement to the press. This time around, he reveals his own past relations with the secret service and what he actually did when working for them.

Edward Snowden revealed that he was actually trained to be a spy and not as an analyst. In a press statement he mentions that he had worked undercover for the CIA and NSA in different places around the world while pretending to have an assigned job and even a fake identity. He also admits that the secret service denies these allegations while attempting to use a position is his career to ‘distract’ and hide his true work experience.

Snowden added that he had also worked as a lecturer at the Joint Counterintelligence Training Academy, where he states to have developed sources and methods for keeping information and people secure in the most hostile and dangerous environments around the world.

Having been charged with espionage and revoking his passport, Edward Snowden hasn’t been able to leave Russia, where he sought refuge. However, he continues to unveil how the US secret service support mass, warrantless surveillance while civil libertarians, technology companies and others oppose it, emphasising the lack of transparency.

Thank you CNN for providing us with this information

IBM and DARPA Working On Self-Destructing Chips

Self-destructing devices have only been seen in spy movies. But it is bound to become a reality now, since reports point to a partnership between IBM and the Defense Advanced Research Projects Agency, or DARPA for short, to develop self-destructing chips.

Now don’t think that the chips will go up with a big bang as you have seen in previous movies. It is said that last year, DARPA has announced its intentions to build similar devices. The plan intended the development of a chip that will degrade partially or completely into its surroundings when triggered.

IBM has heard of DARPA’s idea and joined in, bringing a $3,45 million contract to start on the project. It is known under the name of Vanishing Programmable Resources (VAPR) and is said to develop a new class of electronics.

DARPA program manager, Alicia Jackson, stated that while commercial chips made for everyday use last nearly forever (in theory), they are going to make something slightly different, and make something that would last precisely as long as they are needed.

IBM is looking into putting all resources and make something that would render a silicone chip into unrecognisable dust, while DARPA is thinking that a trigger element, such as a reactive metal layer or fuse, could be the key to finding the solution.

DARPA is looking to use the process in its gadgets, which could effectively destroy them if lost or recovered by an opposing party, so as not to divulge the technology. Basically as you see in spy movies, where the agencies have all the high-tech that self-destruct if they are to fall into the wrong hands.

Thank you Tech Spot for providing us with this information
Image courtesy of Tech Spot

NSA Reportedly Snoops Millions Of Text Messages With The Dishfire Program

NSA has been reportedly using SMS messaging to extract data on location, contact networks and credit card details of mobile users. British spies were given access by the NSA to search the collected “metadata”, information about the text messages but not the actual contents, of British citizens.

The Guardian and Channel 4 have reported that the program, codenamed Dishfire, collects every data it can from the handsets and sends it back to the NSA for processing. It works by collecting and analysing automated text messages such as missed call alerts or texts sent to inform users about international roaming charges. It is also said that the project can work out phone users’ credit card numbers using texts from banks.

“All of GCHQ’s work is carried out in accordance with the strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate and that there is rigorous oversight,” the statement cited.

The statement is taken from an internal NSA presentation from 2011 on the Dishfire program and papers from the GCHQ facility. The report comes a day before US President Barack Obama is due to give a long-awaited speech proposing curbs on NSA phone and internet data dragnets exposed by fugitive intelligence contractor Snowden.

Thank you ZDNet for providing us with this information

People Are Spying On You And Hacking Your Computer

How safe are you while you are on the computer? Using your anti-virus, and your firewall, perhaps other methods of keeping you safe, like keeping all of your software up to date will keep you fairly secure. Not everyone does this though, not keeping software up to date, or even your operating system. If you don’t update some vital software that you run on your computer when there is an update it can compromise all security on your machine, giving a hacker full access to your system, even giving them the ability to hack your webcam and see you while you are sitting at your computer.

Mark Ward of the BBC wrote an article showing us one vulnerability that some people have when they don’t keep Java up to date. You can view his article Licensed to hack: Cracking open the corporate world HERE. He shows us how he was able to inject coding into a website which notified him when someone had viewed the page and then gave him full access to their computer. This isn’t just for some kid sitting in their moms basement writing code, or anything, this is also for big corporations which have loads of hits each day. Corporations are able to easily gain control of users computers, accessing files, spying on them, and giving them an inside edge to their customer base.

The only suggestion I can give you to prevent this from happening is to make sure that your computer, and everything running on your computer is 100% up to date, though it doesn’t seem like that will prevent someone from gaining access to your computer, it is just one preventative measure that you are able to take.

Image courtesy of  Security Blog


China Expresses Strong Dissatisfaction Over US Accusations

The Chinese is not liking United States’ alleged accusation and has expressed “resolution opposition” and strong dissatisfaction. U.S. accused China of cyber espionage by using the Chinese origin IT products to spy on United States’ internal operations within the government and its organizations, such as products made by Huawei, ZTE and also involving Lenovo in some form. It is also noted earlier that Sprint who will be acquiring a Japanese based carrier that it will comply by not using Chinese origin IT hardware. Ever since, 2 of the world’s top economies have been mudslinging each other ever.

China points out that the accusations made by United States has no grounds as the only evidence is nothing more than series of attacks on U.S. of which half of it originated from China.

The new provision that was introduced some days back which will be signed as a law on Thursday will stop NASA and even Department of Justice and Department of Commerce will not be allowed any IT hardware made in China, unless there is a federal approval from law enforcement officials before acquiring them from China.

It is estimated by U.S. Congressional Research Service that Chinese advanced IT imports to United costs $129 Billion. Stopping this also could violate World Trade Organization’s rules, but on the other hand, China did not sign the agreement setting international rules for government procurement with WTO, therefore points to the possibility of the Chinese trying to repair the situation to be futile.

It is noted in China Dail and The People’s Daily that Shen Danyang, the spokesperson for the Ministry of Commerce, China that the the bill that United States drafted sends a ‘very wrong signal’. He also said,”This will directly impact partnerships of Chinese enterprises and American business as they conduct regular trade. This abuse of so-called national security measures is unfair to Chinese enterprises, and extends the discriminatory practice of presumption of guilt. This severely damages mutual trust between the U.S. and China.”

The Chinese foreign ministry spokesman Hong Kei who urged U.S. to abandon the law said that the bill uses internet security as an excuse to take discriminatory steps against Chinese companies.

Source: Reuters