spyware – Digital Dark Matter

February 18, 2018

The spy among us

An interesting and balance article about the potential risks for digital assistants. With Amazon Echo now available in Australia we have the gamut of choice when it comes to our digital assistants.

While I don’t think any of the products on offer today necessarily create a significant risk, they do introduce a vulnerability that can be exploited. You will be providing a cloud enabled device with a lot of information about yourself. You are also relying on security practices of the company that provides the digital assistant. As recent years have shown, few if any companies can claim to be perfect in the area of data protection.

The one thing that I think will be on the horizon with these that we haven’t seen as yet is the introduction of these devices into the business world. I personally can’t conceive of a justification for them today, but if you think back a few years we could probably have said the same about WiFi and the iPad!

Looking forward to this brave new world.

https://worldview.stratfor.com/article/surveillance-operative-lurking-living-room

January 29, 2018January 29, 2018

From little things, big breaches grow

With everything being connected these days and recording for our convenience and future reference, these types of data mashups are inevitable I suspect. It does go to show that sometimes the smallest and seemingly insignificant piece of electronics can lead to a very significant security issue.

The report referenced in the article also provides some additional interesting insights (https://www.gao.gov/assets/690/686203.pdf)

https://www.theverge.com/2018/1/28/16942626/strava-fitness-tracker-heat-map-military-base-internet-of-things-geolocation

January 29, 2018

In 2018, you don’t listen to your phone, your phone listens to you!

This article. while probably not much of a surprise – we have seen this type of thing before, does highlight a couple of valuable points to consider.

Your phone is essentially a listening device that permits you to make phone calls. There is a denial by the agency that this took place, but given the research behind this and the fact that if you search for spying/eavesdropping apps in the Google Play store you will find a selection of spying apps that you can purchase today, I think that is reasonable to assume this is more than plausible. If you are a nation state or just needing to conduct sensitive business discussions, phones can pose a risk.

Your users are your weakest link. No matter what sophisticated countermeasures you put in place they will always be undone by a user wanting to see the animated dancing bunny or some other cool thing on the Internet. Security awareness training can help, but it is sometimes not sufficient these days. Analyzing the environment the users are in and adjusting security controls appropriately is sometimes needed.

Don’t trust the app store. Google has had major issues over the years but Apple is not immune either. Both are getting better, but so too are the attackers.

https://www.nytimes.com/2018/01/18/technology/lebanese-intelligence-spy-android-phones.html