Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Smartphone. Show all posts

Is Your Android Device Tracking You? Understanding its Monitoring Methods

 

In general discussions about how Android phones might collect location and personal data, the focus often falls on third-party apps rather than Google's built-in apps. This awareness has grown due to numerous apps gathering significant information about users, leading to concerns, especially when targeted ads start appearing. The worry persists about whether apps, despite OS permissions, eavesdrop on private in-person conversations, a concern even addressed by Instagram's head in a 2019 CBS News interview.

However, attention to third-party apps tends to overshadow the fact that Android and its integrated apps track users extensively. While much of this tracking aligns with user preferences, it results in a substantial accumulation of sensitive personal data on phones. Even for those trusting Google with their information, understanding the collected data and its usage remains crucial, especially considering the limited options available to opt out of this data collection.

For instance, a lesser-known feature involves Google Assistant's ability to identify a parked car and send a notification regarding its location. This functionality, primarily guesswork, varies in accuracy and isn't widely publicized by Google, reflecting how tech companies leverage personal data for results that might raise concerns about potential eavesdropping.

The ways Android phones track users were highlighted in an October 2021 Kaspersky blog post referencing a study by researchers from the University of Edinburgh and Trinity College. While seemingly innocuous, the compilation of installed apps, when coupled with other personal data, can reveal intimate details about users, such as their religion or mental health status. This fusion of app presence with location data exposes highly personal information through AI-based assumptions.

Another focal point was the extensive collection of unique identifiers by Google and OEMs, tying users to specific handsets. While standard data collection aids app troubleshooting, these unique identifiers, including Google Advertising IDs, device serial numbers, and SIM card details, can potentially associate users even after phone number changes, factory resets, or ROM installations.

The study also emphasized the potential invasiveness of data collection methods, such as Xiaomi uploading app window histories and Huawei's keyboard logging app usage. Details like call durations and keyboard activity could lead to inferences about users' activities and health, reflecting the extensive and often unnoticed data collection practices by smartphones, as highlighted by Trinity College's Prof. Doug Leith.

Report States Many Phones To Soon Get Satellite Connectivity

 

A new partnership between satellite phone company Iridium and chip giant Qualcomm will bring satellite connectivity to premium Android smartphones later this year. It implies that handsets can communicate with passing satellites to send and receive messages even in areas with no mobile coverage.

Qualcomm chips are found in many Android-powered smartphones. Apple announced a satellite feature for the iPhone 14 in September 2022. The service is currently only available for sending and receiving basic text messages in an emergency.

Bullitt, a British smartphone maker, was the first to launch its own satellite service, beating Apple to the punch. It is also intended for emergency use and will initially be available in select areas.

Iridium was the first satellite phone system, launching its first satellite into orbit in 1997. In 2019, it completed a refresh of its 75-spacecraft network.

The satellites cover the entire globe and fly in low orbit, approximately 485 miles (780 kilometres) above the Earth, and groups of them can communicate with one another, passing data between them.

Qualcomm stated that the new feature, dubbed Snapdragon Satellite, will initially be included only in its premium chips and is unlikely to appear in low-cost devices.

However, it will ultimately be rolled out to tablets, laptops, and even vehicles, and will also become a service that is not limited to emergency communication - though there will most probably be a fee for this.

Satellite connectivity is widely regarded as the next frontier for mobile phones because it addresses the issue of "not-spots," or areas with no existing coverage. These are more common in rural or remote areas.

It has already been used to provide broadband coverage by services like Elon Musk's Starlink. Satellite broadband is faster and more reliable than cable or fiber connections but is more expensive.

But since countries such as India and China prohibit the use of satellite phones, the use of the feature will be subject to local government regulations.

Elon Musk is Planning to Develop an Alternate Smartphone

If Apple decides to remove Twitter from the App Store, Elon Musk has an easy strategy,  to build his own smartphone. 

Musk has changed a lot about Twitter since he joined at the end of October, including major staff cuts and firings that prompted managers in charge of data privacy and content moderation to resign.

In terms of content filtering, Musk fundamentally supports the right to free expression. Additionally, he apparently intends to attempt and make money for Twitter through explicit content. When Jack Dorsey was in charge, content filtering was more deliberate and concentrated on user 'safety,' outlawing obscenity, hate speech, and violence. 

Musk tweeted on Friday night, "If Apple & Google expel Twitter from their app stores, @elonmusk should manufacture his own smartphone," in response to the conservative commentator Liz Wheeler. The prejudiced, snooping iPhone & Android would be cheerfully abandoned by half of the country. A foolish little smartphone ought to be simple for the man who makes rockets to Mars, right? ”

"I sincerely hope it never comes to that, but indeed, If there is no other option, I will develop an alternate phone," Musk said.

Phil Schiller, a senior Apple marketing executive that oversees the company's App Store, deactivated his Twitter account last week, which could be a terrible sign for Twitter. After Musk criticized Apple's fees on Twitter, calling them a hidden 30% tax on the internet, Schiller made the change.











The Russian Expert Listed the Main Signs of Smartphone Surveillance

 

Along with the unconditional benefits, the smart devices around us also carry a number of dangers. Thus, with the help of a smartphone, attackers can gain access to the personal data of its owner. According to Evgeny Kashkin, associate professor of the Department of Intelligent Information Security Systems at RTU MIREA, there are several signs that may indirectly indicate that your smartphone has become a spy. 

"An important point, in this case, is the requirement for applications to use a camera, microphone, as well as access to data (images and videos) on the phone during installation. Of course, you can disagree with this point during the installation, but most likely, then the application will not work at all or will work incorrectly," the expert explains. 

According to him, for a number of applications, these access rights are mandatory for work, but there are applications where "such rights for normal operation are simply absurd." For example, a home internet account status application. 

Another important factor, in his opinion, is the use of geolocation in applications. At the same time, it`s not only about GPS, but also the use of cellular data, as well as connections to various web resources. Such an approach, on the one hand, can greatly facilitate the search for the right companies within walking distance in a number of search engines, but, on the other hand, the cell phone conducts a "total" tracking of your movements. The key question, in this case, is how the data will be used by those who collect it. 

A number of companies have gone even further in this context. They started tracking the email messages of the users. Thus, with the banal purchase of an electronic plane ticket, the system will notify you in advance of the departure date, and on the day of departure, it will build you a route to the airport, taking into account traffic jams. 

He also advises paying attention to the sudden and uneven loss of battery power. This may indicate that a malicious program is running in the background that can use the phone to carry out a DDOS attack. 

Another alarming symptom is the sudden freezing of the phone or even turning it off for no objective reason. And finally, the occurrence of noises and extraneous sounds during a conversation may also indicate that your phone is being monitored. 

Alert for Smart Phone Users, How Their Data is Extracted by Apps Via Location Tracking

 

With more mobile apps entering the new world of smartphone users, only a few know about the dangers of the gizmo. A recent report demonstrated that enabling apps with required permissions and accessing these apps could contribute to the leakage of personal data via the phone tracking feature. The privacy impacts of some of the permissions provided to apps and services are not known by mobile users and researchers were able to classify what kind of data is being obtained from apps with tracking feature. 

Two researchers from the University of Bologna, Italy, and Benjamin Baron from University College London, UK, are indeed studying how the processing of these data could constitute an invasion of consumer privacy. To this end, the investigators have built a smartphone app – TrackingAdvisor – which captures user location simultaneously. The app may collect personal information from the same data and request users to provide input about the validity of information in terms of data sensitivity and to rate its importance. 

“Users are largely unaware of the privacy implications of some permissions they grant to apps and services, in particular when it comes to location-tracking information”, said Mirco Musolesi from the University of Bologna. 

These data contain confidential information, including the user's place of residence, preferences, desires, demographics, and personality information. Published in the ACM Proceedings for Interactive, Mobile, Wearable, and Ubiquitous Devices, via the TrackingAdvisor application used in the report, researchers were able to identify what personal information the software gathered and how vulnerable it is to privacy. 

The TrackingAdvisor app monitored more than 2,00,000 locations, found nearly 2,500, and collected over 5,000 pieces of personality and demographic data. Researchers discovered, among the data obtained, that confidential information was also collected on fitness, socio-economic status, race, and religion. 

“We think it is important to show users the amount and quality of information that apps can collect through location tracking”, Musolesi added. “Equally important for us is to understand whether users think that sharing information with app managers or marketing firms is acceptable or deem it a violation of their privacy”. 

According to the researchers, analyses like this pave the way for the advancement of tailored advertisement schemes, in particular, the data they consider is more sensitive for the consumers. Thanks to the previously established privacy settings, this could also lead to systems which, could automatically prevent the collection of sensitive data from third parties.

Hackers Can Now Clone Your Key Using Just a Smartphone Microphone and a Program

Earlier this year researchers at the National University of Singapore came up and published a paper enumerating how, utilizing just a smartphone microphone and a program designed by them, a hacker can clone your key.

The key, named SpiKey, is the sound made by the lock pins as they move over a typical key's edges. 

The paper written by Soundarya Ramesh, Harini Ramprasad, and Jun Han, says that “When a victim inserts a key into the door lock, an attacker walking by records the sound with a smartphone microphone." 

And with that recording alone, the hacker/thief can utilize the time between the audible clicks to determine the distance between the edges along with the key. 

Utilizing this info, a 'bad actor' could then figure out and afterward come up with a series of likely keys. 

 So now, rather than messing around with lock-picking tools, a thief could basically attempt a few pre-made keys and afterward come directly in through the victim's door. 

However of course there are some shortcomings to carrying out this attack as well like the attacker would need to comprehend what kind of lock the victim has or the speed at which the key is placed into the lock is thought to be constant. 

But the researchers have thought of this as well, and they concocted the clarification that, "This assumption may not always hold in [the] real-world, hence, we plan to explore the possibility of combining information across multiple insertions” 

The study authors further clarified, "We may exploit other approaches of collecting click sounds such as installing malware on a victim’s smartphone or smartwatch, or from door sensors that contain microphones to obtain a recording with the higher signal-to-noise ratio. We may also exploit long-distance microphones to reduce suspicion. Furthermore, we may increase the scalability of SpiKey by installing one microphone in an office corridor and collect recordings for multiple doors." 

Taking the case of the supposed 'smart locks' which despite everything still present their own security issues, the Amazon's Ring security cameras, for example, are hacked constantly, so as it were, as the researchers hypothesize, the hacker could, in principle, utilize the microphone embedded in such a camera to capture the sounds your key makes and afterward utilize the SpiKey procedure to create physical keys to your home.

Samsung and SK Telecom Unveil World's First Quantum Security Tech 5G Smartphone


The two companies have recently revealed the world's first QRNG (Quantum Random Number Generator) 5G smartphone. The smartphone is named Galaxy A Quantum (a newer version of the A71 5G) and gives some excellent smartphone features, but QRNG technology makes it different from the rest, as it makes the apps and services prone to hacks. The Normal Random Generated Numbers are used in multiplatform logins like payment platforms and 2 step authentication, which is easy for hackers to infiltrate.


The QRNG technology, with the world's smallest chipset of dimensions 2.5mm by 2.5mm, on the other hand, uses CMOS image sensors and LED. The LED and CMOS sensors are responsible for emitting image noise and capturing the light, respectively, to create a random number of strings with unpredictable patterns. No technology in the industry is capable of hacking the Galaxy A Quantum, one of the most secure smartphones, says SK Telecom. However, it should be noted that the chip SKT IDQ S2Q000 is only for use with SK services. But, the tighter the challenge, the better the hackers. The Galaxy A Quantum has a 6.7-inch super AMOLED Infinity-O display, an in-display fingerprint reader, and a full HD resolution.

A 64-megapixel main camera, 12-megapixel ultrawide-angle camera, 5-megapixel macro camera, and a 5-megapixel depth sensor, together form the rear quad camera setup. The front camera comes with 32 megapixels. "This is the company's first phone with a dynamic OLED panel -- technology that Samsung's marketing department is referring to as "Infinity O AMOLED." We're looking at an HDR10+ screen that uses "dynamic tone mapping" to improve the contrast, keep details visible even in dark spots and optimize colors when you're saying, watching a movie. Unrelated to that, the screen also reduces blue light by 42 percent to minimize eye strain. That's not a special night mode, mind you, but the default experience," Engadget in its review.

It is not the first time that the two companies have worked together, in September 2019, the companies were working on first 8K TV with 5G connectivity. We hope that this won't be the last.

6 Simple Tricks to Prevent your Smartphone from Hackers


If hackers trespass into your smartphones, they can send fake emails, fake alerts using your camera, and even control user activity. According to Denise DeRosa, founder of Cyber Sensible, if even a minute thing in your smartphone is not secured, it makes the device vulnerable to cyber attackers.

The basic problem is that your smartphones are connected to the central hub, where all the data is managed and regulated. If this is ever exposed, your complete digital information is at risk. Regrettably, your smartphone is not safe from all these potential threats, and it is frightening.


But there's no need to worry, follow these six simple steps to ensure the safety of your smartphone.


1. Create a secure password by using a set of random arrangements from different dictionaries. Hackers have always used algorithms to predict the patterns of your password. Experts recommend having at least a 12 character password with capital letters and unique characters. In this way, hackers can never predict your password.

2. Avoid using the same password for different platforms. 
The hacker can have access to all your accounts if you keep the same passwords. For instance, if you visit a malicious website and supply your login credentials, the hacker can steal it.

3. Update every smart device connected to your smartphone. 
It can be an android tv, Alexa, or other smart devices. Use a password manager to keep track of all your passwords. Password managers are helping to keep all your passwords in one place, especially if you have various accounts, which is hard to remember. 

4. Avoid giving privacy permissions to unnecessary apps. 
Every app asks for access permission to user data, gallery, mic, location, and camera. But they don't need all the agreements. 

5. Always use 2 step verification, wherever possible. 
It gives an additional layer of security as the user would then require both the passwords and verification through text, mail or smartphone. 

6. Inform people having access to your account to follow these security measures too. 
Google recommends to set up a family account where the user doesn't need to share his password with other members.

ATFuzzer: A Threat that Misuses USB Chargers, Headsets, and Bluetooth.


A new security threat has been found which can hit various high-tech android devices by exploiting the Bluetooth and USB accessories to attacks the phone. According to a paper published by researchers from Purdue and Iowa University, the base-band processors of many famous Android phones are modified that enables the hacker to get access. By using specifically modified USB and Bluetooth accessories, the experts could explain how these accessories are misused to give directions such as AT commands that regulate the baseband's working. The research also checked various smartphones such as Samsung, LG, HTC, Google, Motorola, and Huawei that are not very latest but still generally used.

Meanwhile, the experts decoded critical information such as the IMEI number, roaming status, and network settings that can help to locate the targets. The researchers also conducted Denial of Service (DoS) initiatives, interrupt Internet connections and use functions such as Do Not Disturb (DND), call logs, blocking, etc.

Ten smartphone devices from different companies were examined. Fortunately, not all the smartphones fell prey to Bluetooth and USB accessories threat. However, various accessories such as phone chargers, speakers and even headsets can be misused to exploit any device by following the given technique.

"The android devices can't possibly be endangered to the AT command interface in any way," concludes the research team. If interested to read the exploits, it could be found at the Github repository. The research paper would be manifested next month at the 35th Annual Computer Security Applications Conference. The attacked smartphones worked on base-band processors built by Samsung, Qualcomm, and Huawei. The experts informed all the concerned devices and base-band providers and remained 3 months still before announcing to the general public about their conclusions. Meanwhile, Samsung has acted by making security patches for its smartphones.

How to be safe?

The users are suggested not to use accessories that are not known. They are also strictly advised against using public chargers as they can be harmful to smartphones. Using trusted accessories and minimal unknown gadgets are the only solution to the problem.

Android phones vulnerable to Qualcomm bugs

Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required.

Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is that both the attacker and targeted Android device must be active on the same shared Wi-Fi network.

“One of the vulnerabilities allows attackers to compromise the WLAN and modem, over-the-air. The other allows attackers to compromise the Android kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android kernel over-the-air in some circumstances,” wrote researchers.

All three vulnerabilities have been reported to Qualcomm and Google’s Android security team and patches are available for handsets. “We have not found this vulnerability to have a public full exploit code,” according to a brief public disclosure of the flaws by the Tencent Blade Team.

Researchers said their focus was on Google Pixel2 and Pixel3 handsets and that its tests indicated that unpatched phones running on Qualcomm Snapdragon 835 and Snapdragon 845 chips may be vulnerable.

A Qualcomm spokesperson told Threatpost in a statement: “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.”

The first critical bug (CVE-2019-10539) is identified by researchers as a “buffer copy without checking size of input in WLAN.” Qualcomm describes it as a “possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length.”

Hackers may soon able to decode what you are typing on your device






The technology advancement in smartphones may soon enable hackers to intercept what the user is typing on their devices by analyzing the sound of the keypad.

The researchers at Cambridge University and Sweden’s Linkoping University were able to extract passwords by deciphering the sound waves generated by fingers tapping on smartphone’s touch screens.

‘When a user enters text on the device’s touchscreen, the taps generate a sound wave. The device’s microphones can recover the tap and correlate it with the keystroke entered by a victim.’

According to the study, using a spying app, a malicious actor can decode what a person is typing. The study was first reported by the Wall Street Journal. “We showed that the attack can successfully recover PIN codes, individual letters, and whole words,” the researchers wrote.


‘The spying app may have been installed by the victim herself, or by someone else, or perhaps the attacker gave the device to the victim with the app pre-installed – there are several companies offering such services, such as mSpy. We also assume the app has microphone access. Many apps ask for this permission and most of us blindly accept the list of demanded permissions anyway.’

The researchers programmed a machine-learning algorithm that could detect and analyze the soundwave for specific keystrokes. On Smartphone, the researchers were able to correctly replicate the passwords seven times out of 27, within 10 attempts. While on tablets, they achieved better results, replicating for password 19 times out of 27 within 10 attempts.

“We found the device’s microphone(s) can recover this wave and ‘hear’ the finger’s touch, and the wave’s distortions are characteristic of the tap’s location on the screen,” the researchers wrote. “Hence, by recording audio through the built-in microphone(s), a malicious app can infer text as the user enters it on their device.”