Evidence that your phone is spying on you

Moderators: Elvis, DrVolin, Jeff

Evidence that your phone is spying on you

Postby Stephen Morgan » Thu Dec 01, 2011 6:31 am

http://www.theregister.co.uk/2011/11/30 ... pying_app/

BUSTED! Secret app on millions of phones logs key taps


Researcher says seeing is believing

By Dan Goodin in San Francisco

Posted in Security, 30th November 2011 02:34 GMT

An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.

In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software.

Ironically, he says, the Carrier IQ software recorded the “hello world” dispatch even before it was displayed on his handset.

Eckhart then connected the device to a Wi-Fi network and pointed his browser at Google. Even though he denied the search giant's request that he share his physical location, the Carrier IQ software recorded it. The secret app then recorded the precise input of his search query – again, “hello world” – even though he typed it into a page that uses the SSL, or secure sockets layer, protocol to encrypt data sent between the device and the servers.

“We can see that Carrier IQ is querying these strings over my wireless network [with] no 3G connectivity and it is reading HTTPS,” the 25-year-old Eckhart says.

The video was posted four days after Carrier IQ withdrew legal threats against Eckhart for calling its software a “rootkit.” The Connecticut-based programmer said the characterization is accurate because the software is designed to obscure its presence by bypassing typical operating-system functions.

In an interview last week, Carrier IQ VP of Marketing Andrew Coward rejected claims the software posed a privacy threat because it never captured key presses.

“Our technology is not real time,” he said at the time. "It's not constantly reporting back. It's gathering information up and is usually transmitted in small doses.”

Coward went on to say that Carrier IQ was a diagnostic tool designed to give network carriers and device manufacturers detailed information about the causes of dropped calls and other performance issues.

Eckhart said he chose the HTC phone purely for demonstration purposes. Blackberrys, other Android-powered handsets, and smartphones from Nokia contain the same snooping software, he claims.

The 17-minute video concluded with questions, including: “Why does SMSNotify get called and show to be dispatching text messages to [Carrier IQ]?” and “Why is my browser data being read, especially HTTPS on my Wi-Fi?”

The Register has put the same questions to Carrier IQ, and will update this post if the company responds. ®
Update

More than 19 hours after this post was first published, Carrier IQ representatives have yet to respond to a request for comment. Meanwhile, computer scientists have uncovered an unrelated Android glitch that could also invade smartphone users' privacy.
Those who dream by night in the dusty recesses of their minds wake in the day to find that all was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes, and make it possible. -- Lawrence of Arabia
User avatar
Stephen Morgan
 
Posts: 3736
Joined: Thu Apr 19, 2007 6:37 am
Location: England
Blog: View Blog (9)

Re: Evidence that your phone is spying on you

Postby elfismiles » Thu Dec 01, 2011 9:22 am

Of course, AJ has been ranting about this and TimeWarner and Google spying on folks (listening in) for a while now.

Saw this yesterday...


Security researcher: Android software ‘Carrier IQ’ records communications
By Stephen C. Webster
Wednesday, November 30, 2011
http://www.rawstory.com/rs/2011/11/30/s ... nications/




...so riddle me this ... GPS data mining / colocating for cross-platform advertising? ...

This day before turkeyday I was at a relative's house. They had just gotten new hardwood floors. We talked about it a lot. I was there less than 24 hours. Next morning I am leaving and begin the drive to other relatives house. I am listening to Pandora in the car on my phone and an advert I've never heard before comes on.

It was for the same kind of hardwood flooring! And NO I'd not searched for the info on my phone or otherwise. \<]
User avatar
elfismiles
 
Posts: 8511
Joined: Fri Aug 11, 2006 6:46 pm
Blog: View Blog (4)

Re: Evidence that your phone is spying on you

Postby seemslikeadream » Thu Dec 01, 2011 10:24 am

9/11's effect on tech


Steve Henn: A couple weeks ago at a conference in Las Vegas, a professor from Carnegie Mellon University named Alessandro Acquisti showed me a neat trick. He takes out his iPhone and boots up a custom-made app. It's designed to take a picture of a person -- any person -- then using a facial recognition program made by PittPatt, the app compares that picture to profile photos published on Facebook. And bingo -- the person's identity is revealed.

Henn: Can you take my picture and see if you can identify me?

Alessandro Acquisti: Ah, we can try.

Henn: Yeah.

Sixty seconds later, Acquisti's iPhone has found me. It has my real name and a picture of me sitting with two of my kids on the stoop of my old house in Washington, D.C. It also had scanned the web and found a picture of me at cocktail party in Los Angeles, holding a martini, with my arm around a colleague. This picture actually got me in trouble with my mother-in-law.

Acquisti: The combination of these technologies is bringing us closer to a world where online and offline data merge.

And when the online and offline worlds merge...

Acquisti: The consequences can be cool, but also very creepy.

The app's creepiest trick comes next: It delivers its best guess at my Social Security number. In my case, it gets the number wrong. But if the app can figure out where you're born from scanning your Facebook page, it has a good shot of getting the number right.

So how did we end up here?

Fred Cate is a law professor and privacy guru at Indiana University. He says after 9/11, two independent trends dovetailed and reinforced each other. The federal government was investing hundreds of millions in surveillance technology and research to try and keep us safer. And companies like Google and Facebook were remaking the digital landscape. There was a data-collecting revolution.

Fred Cate: 9/11 and the sort of huge growth in social networking and in profiling and collecting Internet traffic -- those events are really parallel with each other.

And Cate says:

Fred Cate: We have gotten more used to more surveillance. And it's not clear that that's just attributable to the events of 9/11. But particularly when you think of the types of security we all go through now -- would have been pretty close to unthinkable a decade ago.

And some of the technologies that make this world possible only work today because of 9/11. Just take a look a facial recognition -- it's one of the technologies that makes Acquisti's app work -- but 10 years ago, it didn't work that well.

Michael Sipes is a vice president of PittPatt.

Michael Sipes: So the intelligence community funded the early development of the technology because they had a problem. They're collecting information at a rate faster than they could process it and make use of it.

And facial recognition could help. Sipes' company spun out of a Carnegie Mellon lab that received hundreds of thousands of dollars in funding from ARPA -- the intelligence communities research arm. In this industry, that same basic story plays out again and again.

Prof. Allen Yang helped create another powerful facial recognition program that can recognize people even when they're wearing glasses, masks or hats that cover some of their features.

Allen Yang: My research is funded by two grants -- one is from the Army Research Office, another is from the other is the Army Research Lab.

These investments after 9/11 created breakthroughs. Here's PittPatt's Michal Sipes.

Sipes: The technology -- the facial recognition technology -- is just now really becoming reliable to become useful to a consumer.

And venture capitalists and tech giants noticed. Some of the most successful new companies in America today make their money collecting and analyzing data about us, and using it to create new services or tailor ads aimed at our individual whims.

Fred Cate says just imagine if you were a car dealer. You could hook Acquisti's app up to your surveillance cameras, identify potential customers, then check their incomes and credit ratings while they wandered around your lot.

Cate: These technologies only succeed in the market because people love them.

Alessandro Acquisti has no plans to sell his app or make it public. In fact, the prospect of that horrifies him. But Cate thinks the commercial pressure to use technology like this will be intense. And some of the biggest companies in America agree. PittPatt was just bought by Google. But its technology only exists because of investments the government made in research in the wake of the attacks 10 years ago.

In Silicon Valley, I'm Steve Henn for Marketplace.
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Evidence that your phone is spying on you

Postby seemslikeadream » Thu Dec 01, 2011 10:42 am

Trade in surveillance technology raises worries

By Sari Horwitz, Shyamantha Asokan and Julie Tate, Updated: Thursday, December 1, 6:30 AM

Northern Virginia technology entrepreneur Jerry Lucas hosted his first trade show for makers of surveillance gear at the McLean Hilton in May 2002. Thirty-five people attended.

Nine years later, Lucas holds five events annually across the world, drawing hundreds of vendors and thousands of potential buyers for an industry that he estimates sells $5 billion of the latest tracking, monitoring and eavesdropping technology each year. Along the way these events have earned an evocative nickname: The Wiretappers’ Ball.

The products of what Lucas calls the “lawful intercept” industry are developed mainly in Western nations such as the United States but are sold throughout the world with few restrictions. This burgeoning trade has alarmed human rights activists and privacy advocates, who call for greater regulation because the technology has ended up in the hands of repressive governments such as those of Syria, Iran and China.

“You need two things for a dictatorship to survive — propaganda and secret police,” said Rep. Christopher H. Smith (R-N.J.), who has proposed bills to restrict the sale of surveillance technology overseas. “Both of those are enabled in a huge way by the high-tech companies involved.”

But the overwhelming U.S. government response has been to engage in the event not as a potential regulator, but as a customer.

The list of attendees for this year’s U.S. Wiretappers’ Ball, held in October at the North Bethesda Marriott Hotel and Conference Center, included more than 20 federal agencies, Lucas said. Representatives of 43 countries also were there, he said, as were many people from state and local law enforcement agencies. Journalists and members of the public were excluded.

On offer were products that allow users to track hundreds of cellphones at once, read e-mails by the tens of thousands, even get a computer to snap a picture of its owner and send the image to police — or anyone else who buys the software. One product uses phony updates for iTunes and other popular programs to take control of personal computers.

The Commerce Department regulates exports of surveillance technology, but its ability to restrict the trade is limited. Intermediaries sometimes redirect sales to foreign governments, even those subjected to economic sanctions, once products leave the United States. The State Department, which has spent $70 million in recent years to promote Internet freedom abroad, has expressed rising alarm over such transactions but has no enforcement authority.

Industry officials say their products are designed for legitimate purposes, such as tracking terrorists, investigating crimes and allowing employers to block pornographic and other restricted Web sites at their offices.

U.S. law generally requires law enforcement agencies to obtain court orders when intercepting domestic Internet or phone communications. But such restrictions do not follow products when they are sold overseas.

“This technology is absolutely vital for civilization,” said Lucas, president of TeleStrategies, which hosts the events, officially called Intelligent Support Systems World Conferences. “You can’t have a situation where bad guys can communicate and you bar interception.”

But the surveillance products themselves make no distinction between bad guys and good guys, only users and targets. Several years of industry sales brochures provided to The Washington Post by the anti-secrecy group WikiLeaks, and released publicly Thursday, reveal that many companies are selling sophisticated tools capable of going far beyond conventional investigative techniques.

“People are morally outraged by the traditional arms trade, but they don’t realize that the sale of software and equipment that allows oppressive regimes to monitor the movements, communications and Internet activity of entire populations is just as dangerous,” said Eric King of Privacy International, a London-based group that seeks to limit government surveillance. Sophisticated surveillance technology “is facilitating detention, torture and execution,” he said, “and potentially smothering the flames of another Arab Spring.”

Surging demand worldwide

Demand for surveillance tools surged after the Sept. 11, 2001, attacks, as rising security concerns coincided with the spread of cellphones, Skype, social media and other technologies that made it easier for people to communicate — and easier for governments and companies to eavesdrop on a mass scale.

The surveillance industry conferences are in Prague, Dubai, Brasilia, the Washington area and Kuala Lumpur, whose event starts Tuesday. They are invitation-only affairs, and Lucas said he bars Syria, Iran and North Korea, which are under sanctions, from participating.

The most popular conference, with about 1,300 attendees, was in Dubai this year. Middle Eastern governments, for whom the Arab Spring was “a wake-up call,” are the most avid buyers of surveillance software and equipment, Lucas said. Any customers who come to the event are free to buy the products there.

“When you’re selling to a government, you lose control of what the government is going to do with it,” Lucas said. “It’s like selling guns to people. Some are going to defend themselves. Some are going to commit crimes.”

The suppliers are global as well. About 15 of the vendors for the conference in Bethesda were based in the United States, said Lucas. Others were from Germany, Italy, Israel, South Africa and Britain; many of these also have U.S. offices targeting the market for law enforcement agencies and other government buyers.

Of the 51 companies whose sales brochures and other materials were obtained and released by WikiLeaks, 17 have secured U.S. government contracts in the past five years for agencies such as the FBI, the State Department and the National Security Agency, according to a Washington Post analysis of federal procurement documents.

Privacy experts say the legal framework governing the industry has not kept up with its growth, and products sold for legitimate purposes, such as blocking access to certain Web sites or investigating sexual predators, can easily be adapted for broader surveillance purposes.

Far-reaching tools

The brochures collected by WikiLeaks make clear that few forms of electronic communication are beyond the reach of available surveillance tools. Although some simple products cost just a few hundred dollars and can be purchased on on eBay or Amazon, the technology sold at the trade shows often costs hundreds of thousands or millions of dollars. Customization and on-site training can provide years of revenue for companies.

One German company, DigiTask, offers a suitcase-sized device capable of monitoring the Web traffic of users at public WiFi hotspots such as cafes, airports and hotel lobbies. A lawyer representing the company, Winfried Seibert, declined to elaborate on its products. “They won’t answer questions about what is offered,” he said. “That’s a secret. That’s a secret between the company and the customer.”

The FinFisher program, which creates fake updates for iTunes, Adobe Acrobat and other programs, was produced by a British company, Gamma International. The Wall Street Journal reported on this product, and several other surveillance tools described in sales brochures, in an article last month. Apple said it altered iTunes to block FinFisher intrusions Nov. 14.

A Gamma spokesman, Peter Lloyd, said that FinFisher is a vital investigative tool for law enforcement agencies and that the company complies with British law. “Gamma does not approve or encourage any misuse of its products and is not aware of any such misuse,” he said.

The WikiLeaks documents, which the group also provided to several European news organizations and one in India, do not reveal the names of buyers. But when “Arab Spring” revolutionaries took control of state security agencies in Tunisia, Egypt and Libya, they found that Western surveillance technology had been used to monitor political activists.

“We are seeing a growing number of repressive regimes get hold of the latest, greatest Western technologies and use them to spy on their own citizens for the purpose of quashing peaceful political dissent or even information that would allow citizens to know what is happening in their communities,” said Michael Posner, assistant secretary of state for human rights, in a speech last month in California. “We are monitoring this issue very closely.”

In Syria, where President Bashar al-Assad’s efforts to crush an uprising have left 3,500 dead by U.N. calculations, police have reportedly been using surveillance technology to eavesdrop on electronic communications and block access to Web sites.

Syrian activist Rami Nakhle said that after he set up an online newspaper and started blogging about human rights issues, Syria’s secret police began summoning him for regular interrogations that involved threats of torture and a day in solitary confinement. Officers made it clear that they had watched him online despite his efforts to conceal his identity.

Police also had hacked into fellow activists’ Facebook accounts, said Nakhle, 29. “Before, they were not very good at this, but now they are getting more advanced.”

Nakhle fled to Lebanon in January and now lives in suburban Washington as a political exile. Many of his friends are still in Syrian prisons. “I am not that idealistic. I know that companies need money, but this is about people’s lives.” he said.

A spokesman at the Syrian Embassy did not respond to messages seeking comment on the government’s use of surveillance technology.

Customers in Syria and China

The Commerce Department is investigating how monitoring devices made by Blue Coat Systems, based in Sunnyvale, Calif., reached Syria despite sanctions, according to several U.S. officials who spoke on the condition of anonymity because they were discussing an ongoing investigation. Blue Coat Systems has said it didn’t know its products were being used by Syria and that the devices in question were intended for the Iraqi communications ministry. A distributor, the company said, shipped the products to a reseller in Dubai.

NetApp, also of Sunnyvale, produced hardware and software that the Syrian government was using to build a system to intercept and catalogue vast amounts of e-mail, according to Bloomberg News. NetApp has denied selling equipment to Syria. The project, which was never finished, also included computer equipment from another California company and two European businesses.

The spread of such technology is not limited to the Middle East. A federal lawsuit filed in May accuses Cisco Systems, a Silicon Valley company, of helping China monitor the Falun Gong spiritual group.

The lawsuit, filed by the U.S.-based Human Rights Law Foundation, alleges that Cisco helped design and provide equipment for China’s “Golden Shield,” a firewall that censors the Internet and tracks government opponents. Cisco has acknowledged that it sells routers, which are standard building blocks for any Internet connection, to China. But it denies the allegations in the suit, saying that it has not customized any items for censorship.

A spokesman for the Chinese Embassy did not respond to messages seeking comment.

U.S. companies that want to export devices “primarily useful for the surreptitious interception of wire, oral or electronic communications” must apply to the Commerce Department for a license to sell to overseas buyers, according to the Export Administration Regulations.

But it can be hard to prove whether an export is “primarily useful” for surveillance. Some products need to be used in combination with other equipment in order to eavesdrop. Even standard anti-virus software can be retooled to read e-mails and attachments.

Daniel Minutillo, a Silicon Valley-based lawyer who advises technology companies, says that in most cases his clients can show that their products have multiple uses, making them exempt from export licensing rules.

Human rights groups want this loophole closed.

“As long as the market is increasing and there is a lack of regulation, it’s a perfect mix,” said Arvind Ganesan, who studies online surveillance for Human Rights Watch. “The Obama administration has not led in this regard, and there are only a few voices in Congress talking about this. It’s a massive oversight.”

Smith’s bill, which has stalled in committee several times in recent years, would prevent sales to countries, such as China and Syria, that restrict Internet freedom. Yet more aggressive U.S. laws might just push the industry overseas if other nations don’t impose similar restrictions. Indian and Chinese vendors have attended Wiretappers’ Balls in recent years.

A State Department official who attended the event in October was pessimistic that government regulation could curb a fast-changing technology sector. “We’ve lost,” said the official, who spoke on the condition of anonymity. “If the technology people are selling at these conferences gets into the hands of bad people, all we can do is raise the costs. We can’t completely protect activists or anyone from this.”
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Evidence that your phone is spying on you

Postby seemslikeadream » Thu Dec 01, 2011 5:22 pm

Carrier IQ data logging controversy prompts scrutiny from US Senate

By AppleInsider Staff
Published: 03:44 PM EST (12:44 PM PST)

Extensive data logging software known as "Carrier IQ" has been discovered to be secretly running on many mobile phones, including a number of handsets powered by Google Android, prompting one U.S. senator to demand answers from the company.

Sen. Al Franken, D-Minn., issued a letter on Thursday to Carrier IQ and its CEO, Larry Lenhart, to explain exactly what his company's software records on users' phones and how it works. Franken's concern was prompted by Trevor Eckhart, a security researcher who has been digging into the presence of Carrier IQ on Android devices.

Eckhart uploaded a video demonstrating how Carrier IQ runs in the background on a stock HTC handset, even though the handset is in airplane mode operating only over Wi-Fi. Even though the handset was not connected to the Sprint network, the Carrier IQ software was tracked logging every action on the device, including key presses and even numbers dialed, even if the number was not called.

On the Android device tested by Eckhart, Carrier IQ continued to run and track user activity even though the software did not appear in Android's list of active processes.

The Carrier IQ software has been shown to be able to log extensive information, including when phones are turned and off, the contents of text messages they receive, what websites are visited on a phone, and even location data. Franken has asked the company to explain exactly what is recorded, whether it is transmitted to other companies, and if the company would allow users to stop this data logging.

"Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information," Franken said in a statement. "The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling.

"This news underscores the need for Congress to act swiftly to protect the location information and private, sensitive information of consumers. But right now, Carrier IQ has a lot of questions to answer."

The reach of Carrier IQ extends to Nokia, Research in Motion, and even previous versions of Apple's iOS platform, but research has shown that the logging abilities of the software were not nearly as extensive on Apple's platform prior to iOS 5. iOS hacker Grant Paul, known by his handle "chpwn," revealed in a blog post that Carrier IQ on the iPhone does not have access to the user interface layer, where text entry is done.

"I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such it is not sending any of this data remotely," he said. That's a stark contrast from Android, however, where Eckhart's tests have shown Carrier IQ's ability to record a great deal of information.

Apple issued a statement on Thursday to All Things D and revealed that Carrier IQ has not been a part of its iOS software since the release of iOS 5 in October, though traces of the inactive software do remain. The company also denied that it has collected any personal information from its users.

“We stopped supporting Carrier IQ with iOS 5 in most of our products and will remove it completely in a future software update," the company's official statement reads. "With any diagnostic data sent to Apple, customers must actively opt-in to share this information, and if they do, the data is sent in an anonymous and encrypted form and does not include any personal information. We never recorded keystrokes, messages or any other personal information for diagnostic data and have no plans to ever do so.”

For its part, Carrier IQ has said that it is "counting and summarizing performance, not recording keystrokes or providing tracking tools." It claims its customers "have stringent policies and obligations on data collection and retention." The company's website boasts that its software is installed on more than 141 million handsets.



Franken challenged both Apple and Google earlier this year when it was revealed that a detailed log of location data was stored on users' iPhones. Apple explained that the data was stored as a result of a software bug, and quickly addressed the issue with a software update in the form of iOS 4.3.3.

Apple and Google also explained their privacy policies in a public hearing before the U.S. Senate Judiciary Subcommittee on Privacy, Technology and the Law. Bud Tribble, Apple's vice president of software technology, explained that his company makes user privacy one of its highest priorities, and revealed that Apple conducts random audits to ensure that developers follow App Store rules.

While the previous scrutiny from Franken was focused on mobile platforms created by Google and Apple, this latest inquiry could prove to be more about U.S. carriers. The Verge's Nilay Patel reported on Thursday that "pure" Google devices that ship with stock Android, including Nexus phones and the original Xoom tablet, do not include Carrier IQ tracking software.

"Each of those devices was launched in direct partnership with Google as the flagship for a new version of Android, so it seems that the addition of Carrier IQ comes from OEMs and carriers after Google open-sources Android's code," he wrote. "Carriers requiring manufacturers to include Carrier IQ would also explain why references to the software have been found in iOS -- Apple works much more closely with carriers since it builds both the hardware and software of the iPhone."

Carrier IQ


The full text of Franken's letter to Carrier IQ is included below:

Dear Mr. Lenhart,

I am very concerned by recent reports that your company’s software—pre-installed on smartphones used by millions of Americans—is logging and may be transmitting extraordinarily sensitive information from consumers’ phones, including:

when they turn their phones on;
when they turn their phones off;
the phone numbers they dial;
the contents of text messages they receive;
the URLs of the websites they visit;
the contents of their online search queries—even when those searches are encrypted; and
the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.



It appears that this software runs automatically every time you turn your phone on. It also appears that an average user would have no way to know that this software is running—and that when that user finds out, he or she will have no reasonable means to remove or stop it.

These revelations are especially concerning in light of Carrier IQ’s public assertions that it is "not recording keystrokes or providing tracking tools" (November 16), "[d]oes not record your keystrokes," and "[d]oes not inspect or report on the content of your communications, such as the content of emails and SMSs" (November 23).

I understand the need to provide usage and diagnostic information to carriers. I also understand that carriers can modify Carrier IQ’s software. But it appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.

These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.

I ask that you provide answers to the following questions by December 14, 2011.

(1) Does Carrier IQ software log users' location?

(2) What other data does Carrier IQ software log? Does it log:
a. The telephone numbers users dial?
b. The telephone numbers of individuals calling a user?
c. The contents of the text messages users receive?
d. The contents of the text messages users send?
e. The contents of the emails they receive?
f. The contents of the emails users send?
g. The URLs of the websites that users visit?
h. The contents of users’ online search queries?
i. The names or contact information from users’ address books?
j. Any other keystroke data?

(3) What if any of this data is transmitted off of a users’ phone? When? In what form?

(4) Is that data transmitted to Carrier IQ? Is it transmitted to smartphone manufacturers, operating system providers, or carriers? Is it transmitted to any other third parties?

(5) If Carrier IQ receives this data, does it subsequently share it with third parties? With whom does it share this data? What data is shared?

(6) Will Carrier IQ allow users to stop any logging and transmission of this data?

(7) How long does Carrier IQ store this data?

(8) Has Carrier IQ disclosed this data to federal or state law enforcement?

(9) How does Carrier IQ protect this data against hackers and other security threats?

(10) Does Carrier IQ believe that its actions comply with the Electronic Communications Privacy Act, including the federal wiretap statute (18 U.S.C. § 2511 et seq.), the pen register statute (18 USC § 3121 et seq.), and the Stored Communications Act (18 U.S.C. § 2701 et seq.)?

(11) Does Carrier IQ believe that its actions comply with the Computer Fraud and Abuse Act (18 U.S.C. § 1030)? Why?

I appreciate your prompt attention to this matter.

Sincerely,

AL FRANKEN
Chairman, Subcommittee on Privacy
Technology and the Law
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Evidence that your phone is spying on you

Postby Luther Blissett » Fri Dec 02, 2011 1:41 pm

The Spyfiles
WikiLeaks: The Spy Files

Mass interception of entire populations is not only a reality, it is a secret new industry spanning 25 countries

It sounds like something out of Hollywood, but as of today, mass interception systems, built by Western intelligence contractors, including for ’political opponents’ are a reality. Today WikiLeaks began releasing a database of hundreds of documents from as many as 160 intelligence contractors in the mass surveillance industry. Working with Bugged Planet and Privacy International, as well as media organizations form six countries – ARD in Germany, The Bureau of Investigative Journalism in the UK, The Hindu in India, L’Espresso in Italy, OWNI in France and the Washington Post in the U.S. Wikileaks is shining a light on this secret industry that has boomed since September 11, 2001 and is worth billions of dollars per year. WikiLeaks has released 287 documents today, but the Spy Files project is ongoing and further information will be released this week and into next year.

International surveillance companies are based in the more technologically sophisticated countries, and they sell their technology on to every country of the world. This industry is, in practice, unregulated. Intelligence agencies, military forces and police authorities are able to silently, and on mass, and secretly intercept calls and take over computers without the help or knowledge of the telecommunication providers. Users’ physical location can be tracked if they are carrying a mobile phone, even if it is only on stand by.

But the WikiLeaks Spy Files are more than just about ’good Western countries’ exporting to ’bad developing world countries’. Western companies are also selling a vast range of mass surveillance equipment to Western intelligence agencies. In traditional spy stories, intelligence agencies like MI5 bug the phone of one or two people of interest. In the last ten years systems for indiscriminate, mass surveillance have become the norm. Intelligence companies such as VASTech secretly sell equipment to permanently record the phone calls of entire nations. Others record the location of every mobile phone in a city, down to 50 meters. Systems to infect every Facebook user, or smart-phone owner of an entire population group are on the intelligence market.
Selling Surveillance to Dictators

When citizens overthrew the dictatorships in Egypt and Libya this year, they uncovered listening rooms where devices from Gamma corporation of the UK, Amesys of France, VASTech of South Africa and ZTE Corp of China monitored their every move online and on the phone.

Surveillance companies like SS8 in the U.S., Hacking Team in Italy and Vupen in France manufacture viruses (Trojans) that hijack individual computers and phones (including iPhones, Blackberries and Androids), take over the device, record its every use, movement, and even the sights and sounds of the room it is in. Other companies like Phoenexia in the Czech Republic collaborate with the military to create speech analysis tools. They identify individuals by gender, age and stress levels and track them based on ‘voiceprints’. Blue Coat in the U.S. and Ipoque in Germany sell tools to governments in countries like China and Iran to prevent dissidents from organizing online.

Trovicor, previously a subsidiary of Nokia Siemens Networks, supplied the Bahraini government with interception technologies that tracked human rights activist Abdul Ghani Al Khanjar. He was shown details of personal mobile phone conversations from before he was interrogated and beaten in the winter of 2010-2011.
How Mass Surveillance Contractors Share Your Data with the State

In January 2011, the National Security Agency broke ground on a $1.5 billion facility in the Utah desert that is designed to store terabytes of domestic and foreign intelligence data forever and process it for years to come.

Telecommunication companies are forthcoming when it comes to disclosing client information to the authorities - no matter the country. Headlines during August’s unrest in the UK exposed how Research in Motion (RIM), makers of the Blackberry, offered to help the government identify their clients. RIM has been in similar negotiations to share BlackBerry Messenger data with the governments of India, Lebanon, Saudi Arabia, and the United Arab Emirates.
Weaponizing Data Kills Innocent People

There are commercial firms that now sell special software that analyze this data and turn it into powerful tools that can be used by military and intelligence agencies.

For example, in military bases across the U.S., Air Force pilots use a video link and joystick to fly Predator drones to conduct surveillance over the Middle East and Central Asia. This data is available to Central Intelligence Agency officials who use it to fire Hellfire missiles on targets.

The CIA officials have bought software that allows them to match phone signals and voice prints instantly and pinpoint the specific identity and location of individuals. Intelligence Integration Systems, Inc., based in Massachusetts - sells a “location-based analytics” software called Geospatial Toolkit for this purpose. Another Massachusetts company named Netezza, which bought a copy of the software, allegedly reverse engineered the code and sold a hacked version to the Central Intelligence Agency for use in remotely piloted drone aircraft.

IISI, which says that the software could be wrong by a distance of up to 40 feet, sued Netezza to prevent the use of this software. Company founder Rich Zimmerman stated in court that his “reaction was one of stun, amazement that they (CIA) want to kill people with my software that doesn’t work."
Orwell’s World

Across the world, mass surveillance contractors are helping intelligence agencies spy on individuals and ‘communities of interest’ on an industrial scale.

The Wikileaks Spy Files reveal the details of which companies are making billions selling sophisticated tracking tools to government buyers, flouting export rules, and turning a blind eye to dictatorial regimes that abuse human rights.
How to use the Spy Files

To search inside those files, click one of the link on the left pane of this page, to get the list of documents by type, company date or tag.

To search all these companies on a world map use the following tool from Owni


http://www.wikileaks.org/the-spyfiles
The Rich and the Corporate remain in their hundred-year fever visions of Bolsheviks taking their stuff - JackRiddler
User avatar
Luther Blissett
 
Posts: 4990
Joined: Fri Jan 02, 2009 1:31 pm
Location: Philadelphia
Blog: View Blog (0)

Re: Evidence that your phone is spying on you

Postby Hammer of Los » Fri Dec 02, 2011 11:47 pm

...

You know, this sort of thing could make a person paranoid.

It's a good job I neither own nor use a mobile phone.

I can't stand the things. I don't want to be at another's beck and call every minute of the day.

I need time and space to meditate upon time and space.

...
Hammer of Los
 
Posts: 3309
Joined: Sat Dec 23, 2006 4:48 pm
Blog: View Blog (0)

Re: Evidence that your phone is spying on you

Postby Stephen Morgan » Sat Dec 03, 2011 5:18 am

Hammer of Los wrote:...

You know, this sort of thing could make a person paranoid.

It's a good job I neither own nor use a mobile phone.

I can't stand the things. I don't want to be at another's beck and call every minute of the day.

I need time and space to meditate upon time and space.

...


My thoughts exactly except that I need one because the JCP demand a phone number and I've never had a landline.

But yes, horrible things.
Those who dream by night in the dusty recesses of their minds wake in the day to find that all was vanity; but the dreamers of the day are dangerous men, for they may act their dream with open eyes, and make it possible. -- Lawrence of Arabia
User avatar
Stephen Morgan
 
Posts: 3736
Joined: Thu Apr 19, 2007 6:37 am
Location: England
Blog: View Blog (9)

Re: Evidence that your phone is spying on you

Postby elfismiles » Thu Oct 22, 2015 10:11 am

This has been increasingly happening to me ...

So last night I spoke of spray foam insulation to my wife within earshot of our phones. And this is what I see in my FuckBook news stream this morning...

Image

elfismiles » 01 Dec 2011 13:22 wrote:Of course, AJ has been ranting about this and TimeWarner and Google spying on folks (listening in) for a while now.

Saw this yesterday...


Security researcher: Android software ‘Carrier IQ’ records communications
By Stephen C. Webster
Wednesday, November 30, 2011
http://www.rawstory.com/rs/2011/11/30/s ... nications/




...so riddle me this ... GPS data mining / colocating for cross-platform advertising? ...

This day before turkeyday I was at a relative's house. They had just gotten new hardwood floors. We talked about it a lot. I was there less than 24 hours. Next morning I am leaving and begin the drive to other relatives house. I am listening to Pandora in the car on my phone and an advert I've never heard before comes on.

It was for the same kind of hardwood flooring! And NO I'd not searched for the info on my phone or otherwise. \<]
User avatar
elfismiles
 
Posts: 8511
Joined: Fri Aug 11, 2006 6:46 pm
Blog: View Blog (4)

Re: Evidence that your phone is spying on you

Postby backtoiam » Thu Oct 22, 2015 10:29 am

From what I understand apps are bad about that. If people read and understood the privacy policy in a lot of apps they would be surprised. Activate your mic, collect your address books, and just about anything else you can think of. I don't know which apps are the worst because I don't use a smart phone.
"A mind stretched by a new idea can never return to it's original dimensions." Oliver Wendell Holmes
backtoiam
 
Posts: 2101
Joined: Mon Aug 31, 2015 9:22 am
Blog: View Blog (0)

Re: Evidence that your phone is spying on you

Postby Iamwhomiam » Thu Oct 22, 2015 10:48 am

I remember reading something or maybe I heard it listening to a radio show that Amazon wanted to deliver to you a product before you had decided to order it. This was supposedly based upon their learning your shopping habits from your online and in person purchases, movements and browsing.

I suppose the pre-crime police forces are being assembled in the wings as I write this... oh! wait, I must be paranoid - I don't have a smart phone!

Boy, am I glad I have anti-intrusion software on my laptop. Makes me feel so much safer, you know. I'm using this impenetrable ancient mac now... Gotta go! There's someone pounding on my door... be right back....

On edit:

Ha! It was the FedEx guy. He just brought me a new RFID card.

Now, without a phone, they will know all my movements, when, where and which purchases I make, when I sleep, and If my card's in my pant's pocket, how long I spend on the toilet.

Privacy is what once was but no longer is. Sadly, it too has gone the way of the Dodo.
Last edited by Iamwhomiam on Thu Oct 22, 2015 11:22 am, edited 1 time in total.
User avatar
Iamwhomiam
 
Posts: 6572
Joined: Thu Sep 27, 2007 2:47 am
Blog: View Blog (0)

Re: Evidence that your phone is spying on you

Postby Elvis » Thu Oct 22, 2015 10:57 am

elfismiles » Thu Oct 22, 2015 7:11 am wrote:This has been increasingly happening to me ...

So last night I spoke of spray foam insulation to my wife within earshot of our phones. And this is what I see in my FuckBook news stream this morning...


Elfi, wow, that is creepy!

I didn't even get a cell phone until about three years ago (a super basic one, not even a camera). The more I hear and see about smartphones, the more determined I am to never own one.

Maybe I mentioned this before, but awhile back I was waiting for a friend to pick me up outside a Greyhound station. I saw him drive by three times, with his head down, looking at his smartphone/GPS doohickie. (It was confused, telling him to drive in circles.) If he had just looked up at the world he would have seen the huge new bus depot and me standing there.
“The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.” ― Joan Robinson
User avatar
Elvis
 
Posts: 7413
Joined: Fri Apr 11, 2008 7:24 pm
Blog: View Blog (0)

Re: Evidence that your phone is spying on you

Postby Twyla LaSarc » Thu Oct 22, 2015 11:18 am

Elvis » Thu Oct 22, 2015 7:57 am wrote:
elfismiles » Thu Oct 22, 2015 7:11 am wrote:This has been increasingly happening to me ...

So last night I spoke of spray foam insulation to my wife within earshot of our phones. And this is what I see in my FuckBook news stream this morning...


Elfi, wow, that is creepy!

I didn't even get a cell phone until about three years ago (a super basic one, not even a camera). The more I hear and see about smartphones, the more determined I am to never own one.

Maybe I mentioned this before, but awhile back I was waiting for a friend to pick me up outside a Greyhound station. I saw him drive by three times, with his head down, looking at his smartphone/GPS doohickie. (It was confused, telling him to drive in circles.) If he had just looked up at the world he would have seen the huge new bus depot and me standing there.


I've had a similar experience at the Portland train station. It kept guiding my friend to the other side of the tracks- facing the station, yes- but in a neighborhood behind the station, over the tracks behind a fence, and not the regular pick-up. We finally met up, but it took awhile to find each other.

I don't think I will ever have one and if some job demands it, I will defang it as much as possible with faraday bags and whatever else when it is not in use. I will also keep my Thomas Guides, thanks.

I do think of the trolling opportunities with my co-workers phones. I can surreptitiously whisper to them when they are charging in the prep area and imagine the lulz when they start feeding them ads for insulation, wood floors and amtrak. :evilgrin
“The Radium Water Worked Fine until His Jaw Came Off”
User avatar
Twyla LaSarc
 
Posts: 1040
Joined: Mon Jun 07, 2010 2:50 pm
Location: On the 8th hole
Blog: View Blog (0)

Re: Evidence that your phone is spying on you

Postby Pele'sDaughter » Thu Mar 31, 2016 4:17 pm

We have Iphones. My son told me that this morning as he was walking out the door he got a message from google that his route to work is clear and it was going to take x minutes to get to his destination. How did it know he was leaving at that moment or where he was going? Google maps was not open or running in the background. :shock:
Don't believe anything they say.
And at the same time,
Don't believe that they say anything without a reason.
---Immanuel Kant
User avatar
Pele'sDaughter
 
Posts: 1917
Joined: Thu Sep 13, 2007 11:45 am
Location: Texas
Blog: View Blog (0)

Re: Evidence that your phone is spying on you

Postby DrEvil » Thu Mar 31, 2016 5:19 pm

Pele'sDaughter » Thu Mar 31, 2016 10:17 pm wrote:We have Iphones. My son told me that this morning as he was walking out the door he got a message from google that his route to work is clear and it was going to take x minutes to get to his destination. How did it know he was leaving at that moment or where he was going? Google maps was not open or running in the background. :shock:


Sounds like Google Now, the "AI" assistant. It learns from experience and is always looking at things like your phone's GPS (no need for Google maps to be open). It's probably learned that your son leaves his house (it knows it's his house because he spends every night there) at about the same time each day, and it also knows that he goes to the same place every day and spends x hours there, so it assumes it's his job (it probably also checked with a map and confirmed that he goes to a business address). Couple that with up to date traffic data and it can spit out a message like the one your son got.

At least it's not a pot smoking, racist anti-feminist troll. Yet.
viewtopic.php?f=8&t=36728&start=90#p593651
"I only read American. I want my fantasy pure." - Dave
User avatar
DrEvil
 
Posts: 3971
Joined: Mon Mar 22, 2010 1:37 pm
Blog: View Blog (0)

Next

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 40 guests