Detecting Malicious Trackers

From Slashdot:

Apple and Google have launched a new industry standard called “Detecting Unwanted Location Trackers” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple’s AirTags being used for malicious purposes.

Several Bluetooth tag companies have committed to making their future products compatible with the new standard. Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking…

Continue reading Detecting Malicious Trackers

Smashing Security podcast #370: The closed loop conundrum, default passwords, and Baby Reindeer

The UK Government takes aim at IoT devices shipping with weak or default passwords, an identity thief spends two years in jail after being mistaken for the person who stole his name, and are you au fait with the latest scams?

All this and much more … Continue reading Smashing Security podcast #370: The closed loop conundrum, default passwords, and Baby Reindeer

Stalkerware Vendor Hacked

The stalkerware company LetMeSpy has been hacked:

TechCrunch reviewed the leaked data, which included years of victims’ call logs and text messages dating back to 2013.

The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy. (LetMeSpy claims to delete data after two months of account inactivity.)

[…]

The database also contained over 13,400 location data points for several thousand victims. Most of the location data points are centered over population hotspots, suggesting the majority of victims are located in the United States, India and Western Africa…

Continue reading Stalkerware Vendor Hacked

Fines as a Security System

Tile has an interesting security solution to make its tracking tags harder to use for stalking:

The Anti-Theft Mode feature will make the devices invisible to Scan and Secure, the company’s in-app feature that lets you know if any nearby Tiles are following you. But to activate the new Anti-Theft Mode, the Tile owner will have to verify their real identity with a government-issued ID, submit a biometric scan that helps root out fake IDs, agree to let Tile share their information with law enforcement and agree to be subject to a $1 million penalty if convicted in a court of law of using Tile for criminal activity. So although it technically makes the device easier for stalkers to use Tiles silently, it makes the penalty of doing so high enough to (at least in theory) deter them from trying…

Continue reading Fines as a Security System

Smashing Security podcast #292: Trussterflucks and eBay stalking

Has new UK prime minister Liz Truss been careless with her mobile phone, and hear the most extraordinary story of corporate cyberstalking.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer … Continue reading Smashing Security podcast #292: Trussterflucks and eBay stalking

Prison for ex-eBay staff who aggressively cyberstalked company’s critics with Craigslist sex party ads and funeral wreaths

Two men, who previously worked at eBay, have been sentenced to prison after admitting their role in a cyberstalking campaign that targeted the editor and publisher of a newsletter that criticised the company.

Read more in my article on the Hot for S… Continue reading Prison for ex-eBay staff who aggressively cyberstalked company’s critics with Craigslist sex party ads and funeral wreaths

Tracking People via Bluetooth on Their Phones

We’ve always known that phones—and the people carrying them—can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that that’s not enough.

Computer scientists at the University of California San Diego proved in a study published May 24 that minute imperfections in phones caused during manufacturing create a unique Bluetooth beacon, one that establishes a digital signature or fingerprint distinct from any other device. Though phones’ Bluetooth uses cryptographic technology that limits trackability, using a radio receiver, these distortions in the Bluetooth signal can be discerned to track individual devices…

Continue reading Tracking People via Bluetooth on Their Phones

AirTags Are Used for Stalking Far More than Previously Reported

Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey:

Motherboard requested records mentioning AirTags in a recent eight month period from dozens of the country’s largest police departments. We obtained records from eight police departments.

Of the 150 total police reports mentioning AirTags, in 50 cases women called the police because they started getting notifications that their whereabouts were being tracked by an AirTag they didn’t own. Of those, 25 could identify a man in their lives — ex-partners, husbands, bosses — who they strongly suspected planted the AirTags on their cars in order to follow and harass them. Those women reported that current and former intimate partners­ — the …

Continue reading AirTags Are Used for Stalking Far More than Previously Reported

Smashing Security podcast #269: Trezor Deep Throat, a CCTV stalker, and Amazon’s list of banned words

There’s monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner’s CCTV cameras, and what are the naughty words Amazon doesn’t want its staff using?

All this and much more is discussed in the latest edition o… Continue reading Smashing Security podcast #269: Trezor Deep Throat, a CCTV stalker, and Amazon’s list of banned words

Stalking with an Apple Watch

The malicious uses of these technologies are scary:

Police reportedly arrived on the scene last week and found the man crouched beside the woman’s passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the woman’s passenger side front car wheel and then used the Watch to track her movements. When police eventually confronted him, he admitted the Watch was his. Now, he’s reportedly being charged with attaching an electronic tracking device to the woman’s vehicle.

Continue reading Stalking with an Apple Watch