Archives for

Privacy

How to use Android Device Manager for tracking your kids

Field Trip

Privacy and security have grown to become very big concerns in today’s highly-connected world. With a considerable part of the world’s population owning a mobile device, it’s likely that these devices are also being used to keep track of our whereabouts, too. There has been quite some buzz about government agencies spying on calls and messages. Even private companies are keeping tabs on our locations, preferences and context for purposes of advertising.

Not everyone is highly concerned about tracking, however. Some would argue that if you don’t have anything to hide, anyway, then you should not worry. For some, it’s a matter of knowing what kind of information to share on insecure networks. For more secure communications, there are enterprise-grade platforms like Samsung KNOX or Silent Circle.

Still, tracking does have its uses. Your smartphone utilizes a mix of GPS sensors and multiple tracking platforms (like WiFi and cellular triangulation) for practical purposes like navigating with the map application and finding nearby establishments. With both Android Device Manager and Apple’s “Find My iPhone” you can find, ring and remotely wipe a mobile device from the web or another registered device. Some third-party apps like Prey also give you more functionality for a marginal cost.

ADM tracking

These could come in handy when keeping tabs on your loved ones, too. I know there are privacy concerns, but sometimes the peace of mind and security that comes with knowing your loved ones are safe (or safely on the way) can be priceless. With Android, this can easily be done through Android Device Manager. The app is accessible both from the web interface or through a standalone Android app. While it is intended to be used for tracking your own device if it gets lost, this app can also be useful for keeping tabs on loved ones.

Register shared Google accounts

It’s simple: register a shared Google account on each of the devices you want to track, and Android does the rest. You can login from the web using this shared account, and you can then choose from among the different registered devices. If you’re logging in from an Android smartphone or tablet, simply use the account picker to select the account you have associated with these other devices.

Of course, this assumes that the devices you intend to track have an active data connection and have location services activated. And using such a system should also mean that you have the permission of the person involved — your spouse, significant other or child, perhaps.

I have found this system useful for keeping tabs on my grade-school aged kids when they’re going on field trips or sleepovers. They may not always be available to answer calls or texts, but I could at least use Android Device Manager to track their location, especially when wandering off to unknown or unwanted places would be cause for concern. For spouses or significant others, however, this might be a bit more intrusive, and it may actually be useful if you suspect infidelity — legal considerations aside! (This topic is worth yet another post, altogether.)

This is, of course, a rudimentary way of keeping track of kids, but it does work, even if within its limitations. If you want more functionality, a startup called HereO is raising $100,000 on IndieGoGo to produce GPS- and SIM-enabled smartwatches that can keep tabs on your kids. The device comes with panic alerts, places notification, tamper alert and other features. This is certainly one device I’d be interested in having out in the market.

For now, ADM does the job for me. But if there are any other great ideas, apps or devices out there, feel free to contribute through the comments or through our Mailbag.

Samsung Galaxy devices come with OTA backdoor access, your data may be at risk

galaxy s3 microsd card problem

This just in: If you’re using a Samsung Galaxy smartphone or tablet, your device might just contain a backdoor that could let attackers remotely control your device or access data stored in it.

According to Paul Kocialkowski, a developer for custom ROM Replicant, the backdoor basically involves protocols used by the Radio Interface Layer (RIL) in communicating with the device’s modem — or the chip that does the actual communication with the cellular tower. Kocialkowski cites the difference between devices’ two processors: (1) the general-purpose applications processor that runs Android, and (2) the one in charge of radio communications with the telephony network.

Over-the-air backdoor access

The concern here is that because the baseband is proprietary, there is no knowing what kind of backdoors manufacturers have put into the system. “This processor always runs a proprietary operating system, and these systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device.”

While developing Replicant, which is marketed as a fully free/libre version of Android, without the licensed or proprietary aspects that come shipped with devices, Kocialkowski said that the team discovered a few backdoors that Samsung may have implemented in its Galaxy line of devices. “[T]he proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system,” he writes on a guest article at the Free Software Foundation blog. The program is shipped on Galaxy devices, and the developer says it is “possible for the modem to read, write, and delete files on the phone’s storage.”

Kocialkowsi says that on most Galaxy devices, the baseband has sufficient privileges to modify user data stored on the device itself. A technical discussion is offered on Replicant’s wiki, where devices like the Galaxy S3 and Note 2 are listed to be vulnerable, as well as the Nexus S and Galaxy Nexus, Galaxy S, S2, Note and certain variants of the Galaxy Tab 2 . The Replicant developers showcased proof of concept, where a string of data was retrieved from the device’s storage using the backdoor.

And because the backdoor resides on the phone’s modem, which is almost always connected to the mobile network, it means that malicious individuals or organizations — or perhaps government agencies — can potentially gain access smartphones and tablets to spy on mobile users.

Is Samsung at fault?

According to Replicant, Samsung may have originally included the functionality for some legitimate purpose. The concerned RIL protocol was “not found to have any particular legitimacy nor relevant use-case. However, it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a back-door.”

However, it remains to be a risk. And given mobile users’ paranoia against eavesdropping by the NSA, GCHQ and other government spy agencies, this is one big cause of concern, especially for those who use their devices in an enterprise or other potentially sensitive setting.

How to protect your privacy

To address this, Kocialkowski recommends the use of custom ROMs that will prevent data access through the baseband. He says that Replicant — which is the supposed spiritual successor to the ideals that were started by the CyanogenMod team — will prevent access from these backdoors. “Our free replacement for that non-free program does not implement this backdoor,” he writes. “If the modem asks to read or write files, Replicant does not cooperate with it.”

However, given the scope of control that the phone’s firmware has over the hardware, the backdoor may still be used to remotely control the device, such as turn on the microphone to listen in on conversations.

Samsung has not yet provided an official response to the security issue. Replicant has offered to help the company address the fix, however, and would be “very glad to work with Samsung in order to make things right, for instance through releasing free software or documentation that would make it easy for community Android versions to get rid of the incriminated blob.”

The Internet of Things: Will our devices spy on us?

Hal 9000

We earlier reported on Google’s acquisition of Nest for $3.2 billion. Nest, which creates thermostats that automatically adjust temperature based on a user’s proximity, interfaces with devices like smartphones and via the web. Nest also has proximity sensors that can sense whether there is someone about, and will adjust the heat accordingly.

Three billion is dollars a lot of money for a household appliance. At first glance, it seems that Google may have overpaid for the startup, which had been lauded as one of the recent years’ success stories in innovation and re-invention. However, upon deeper analysis, Google might simply be tying up loose ends in its plan to dominate the connected world.

Everything connected

In a recent feature, I discussed how Google’s Nest acquisition is more about the Internet of Things than it is about household appliances. Google already dominates the smartphone market, with Android having an 80 percent share worldwide. Android is also on the rise in the tablet market, with an increasing share, especially in the low-cost space.

Meanwhile, Google is already making inroads into the automotive industry, particularly with its involvement in the new Open Automotive Alliance. The OAA aims to standardize computing interfaces in vehicles — devices that have mostly been cumbersome to use and manage to date. What else is left for Google to dominate than actual things that are connected with each other, then?

Google in every home

With Nest, Google will have the chance to have an inexpensive connected appliance in every home (or at least every home that installs the thermostat), which brings a slew of possibilities in tracking, context awareness and perhaps even keeping tabs on individuals and families. Nest will be able to “talk” with your smartphone, tablet, connected car, and soon connected TVs and other appliances.

Nest says its data gathering activities are meant for “providing and improving Nest’s products and services.” However, there’s probably no stopping Google from leveraging the data collected from households and individuals and using these in its own marketing and advertising campaigns. Some Android apps already have blanket authority to activate the microphone and camera without further approval (take Facebook Messenger, for instance). How difficult can it be for other apps and appliances to also do the same?

There is always a trade-off between convenience and privacy, between speed and security. Appliances like Nest make it easier to manage our household and our expenses. It’s an install-and-forget device — you are essentially letting a device take control the smaller things in life (the temperature at home). You forget it’s there, but you might forget that it also has the ability to keep watch, a la Big Brother.

Are we already vulnerable?

To some extent, we are already vulnerable with our smartphones and other connected devices. But having a more permanent fixture in our abodes increases the potential for misuse and abuse, and not only from Google or whoever controls the platform. How about fake apps and malware apps that come with spyware as a payload. Google can only do so much in ensuring the security of apps on Google Play, and the company is often reactive rather than proactive in preventing malware on the application store.

How bad will it be once malware is able to attack critical systems at home, such as energy and security? Can malicious hackers overload our electrical systems at home? Can they cause physical harm or discomfort if they can hack our home appliances?

Google has been connecting people in innovative ways. It seems its acquisition of a connected appliance signals the shift to connecting things as the next focus in innovation. The question now is how intrusive the Internet of Things can be for us humans.

Apps and permissions: Is Facebook Messenger spying on us?

Apple's World Wide Developers Conference Begins In San Francisco

Google Play’s app permission system is meant to inform users of how far into our data and device an application will be able to access before we install an app, or before updating an app with revised permissions. But most users are not likely to bother reading the entire thing, which means we may already be allowing some apps to eavesdrop on our conversations and track usage by accepting app permissions.

Such is the case with Facebook, which has, time and again, been accused of invading into user privacy. This concern was highlighted a few weeks back when the standalone Messenger app permissions were updated to now include access to call records, as well as access to the phone’s mic and camera and contact data. Messenger now wants to do the following and asks for blanket permission upon install or update:

  • “Record audio with the microphone … at any time without your confirmation”
  • Take videos and photos using the camera
  • Access the phone’s call log
  • Read data about contacts stored on the phone, “including the frequency with which you’ve called, emailed or communicated in other ways with specific individuals”

Android Messenger app permissions

In short, the Facebook app could essentially spy on a user and keep track of mobile usage and habits, and even conversations. The issue transcends Android, actually, as Facebook’s Messenger service has been criticized of tracking data across other mobile and desktop platforms.

Facebook Messenger under fire

In a recent class action lawsuit filed in California, Facebook has been accused of tracking URLs sent or received by users in its Messenger service, which includes the standalone Messenger app and the private messaging service built into Facebook. According to the plaintiffs, Facebook is profiting from the data gleaned from supposedly private conversations.

Granted, Facebook is known to keep track of usage, content and user information in order to aid its targeted ad campaigns for advertising clients. So-called “free” services like most social networks, email providers and other cloud services today, are free because these profit from advertising and other commercial revenue arising from their ability to track and analyze user behavior. Therefore, we can expect social networks and even services like Google’s AdWords to target commercial messages based on our interests — which can be beneficial, after all, if we don’t want spammy and unrelated messages.

The problem, however, is that the claim that private messaging is “private” in the first place, which is a misrepresentation, according to the plaintiffs’ lawyer.

Representing to users that the content of Facebook messages is ‘private’ creates an especially profitable opportunity for Facebook, because users who believe they are communicating on a service free from surveillance are likely to reveal facts about themselves that they would not reveal had they known the content was being monitored.

The class action lawsuit seeks up to $10,000 in damages for each Messenger user in the US. Facebook, however, maintains that the allegations are “without merit” and it intends to “vigorously” defend itself from the lawsuit.

Cause for paranoia?

Will you still use Facebook Messenger knowing that the app can automatically keep track of your activity by monitoring content and even turning on your phone’s mic and camera at any time without alerting you? Do you actually review each item on an app’s permissions page before installing it? And are there instances when you decided against installing an application because of the level of access it wants from you?

Sometimes, access to a device’s resources, such as the camera, mic, contact list and call log, might be necessary in ensuring a smooth user experience. For instance, Messenger can be used to make VoIP calls, after all. And the latest version matches users with your phonebook entries, so you can use the app to chat with people in your address book, but who may not yet be your friend on Facebook itself. But such unfettered access might be prone to abuse, and there’s no knowing what app developers can actually have their applications do? Add to this the ever-looming threat of the NSA eavesdropping on all our conversations.

It’s bad enough that a reputable developer such as Facebook would be accused of spying on users through its mobile application. Imagine the potential danger and damage that could be caused by a malicious developer that distributes apps that pretend to be the real thing, but are, in fact, fake. In an increasingly connected and mobile environment, is our private data safe and secure at all?

Image credits: Info Wars

Here’s how the NSA can listen in on your conversations

Satellite dishes

Earlier this year, NSA whistleblower Edward Snowden gave us a peek into how far-reaching the agency’s digital spying activities are. US and foreign citizens alike decried how the NSA’s PRISM program can hone in on supposed enemies of the state and pick up relevant conversations — all in the name of national security, of course.

Among these voices is German Chancellor Angela Merkel. Who’s stopping the Americans from spying on everyone else? German magazine Der Spiegel reports that US intelligence agencies actually have eavesdropping equipment at about 80 embassies globally. And, if the authorities have the ability to eavesdrop on billions of conversations simultaneously, what’s stopping them from targeting even locals — anyone can be an enemy of the state.

It seems the technology to eavesdrop on conversations is more far-reaching than we have originally thought. A recent article on the Washington Post describes how the NSA can listen in by cracking the encryption technology used in phone calls across different kinds of mobile technologies. According to the Post, encryption experts have actually complained that the encryption technology known as A5/1 is vulnerable to attacks, but carriers and device manufacturers have not yet upgraded to stronger encryption. Snowden’s leaks include information that the NSA can easily decrypt and unscramble A5/1 even without the encryption key.

30 year old tech

A5/1 is actually dated technology — the encryption technology was developed in the 1980s and is still widely used when a phone is connected via 2G networks, even as 3G and 4G networks are currently available in many markets. Some carriers have reportedly upgraded their 2G networks to support the stronger A5/3 encryption, which makes it more difficult — or at least less practical — for spooks to eavesdrop on everyone’s calls (it reportedly requires 100,000 times more computing power to crack the encryption).

Even then, the encryption only goes between the mobile device itself and the cellular tower. Eavesdropping can be done by spoofing the cellular antenna and recording the communications from that point. Alternatively, since communications are un-encrypted within the mobile provider’s internal network, this can also be an injection point for eavesdropping if a government agency has access (which can either come during a call or after the fact).

Should we be the ones responsible?

This underscores the importance of end-to-end encryption, which is readily available to both consumers and enterprises in the form of third-party applications. If you don’t trust your cellular service provider to have adequate security measures, then apps like Silent Circle and Wickr will protect your conversations, assuming both you and the other party have the app. This is something that can and should be arranged if you need to protect your conversation (say, you’re talking about confidential business deals). But it certainly requires additional effort and might not be practical for all purposes (you might not care if the NSA eavesdrops on you calling for pizza delivery).

But should this be necessary? Can’t we simply trust our mobile carriers to be responsible with ensuring the best encryption so our conversations are secure? Some developers are already building improved encryption into the OS, such as CyanogenMod. Should this not be the case with everyone, like Google and Apple?

Right now, the choice to go for better security lies on users. The tools are readily available, but may not necessarily be required if you do not intend to hide anything, anyway. And because of the rise of social media and varied attitudes toward privacy, vulnerabilities still exist outside of the cellular network. This means it’s probably not as simple as just giving focus on mobile phone encryption.

CyanogenMod adds encryption to SMS: Is regular text messaging finally secure?

Cyanogenmod

Digital privacy is perhaps the biggest issue of 2013, and this is likely to extend far beyond the new year. With whistleblowers leaking information that government agencies are spying on our conversations, who would not be paranoid? And if it’s not government, it’s the multitude of service providers that use our personal information — brand preferences, online habits, geo-location, demographics — as means to target their advertising message.

We earlier discussed a few apps that could help in improving privacy in conversations, and these include the likes of Telegram and Silent Circle, which employ peer-to-peer encryption to ensure messages are safe from prying eyes. However, there are limitations to using add-on apps for secure messaging. First, there is the added effort of having to install an app just for secure messaging. Secondly, your correspondents would be limited to those also using those apps. Third, some apps are not free — Silent Circle, for one charges a monthly fee for each user.

Granted, you will likely want to have private and secure conversations with a limited set of people, wouldn’t it be good if all your chats and text messages were secure in the first place? iOS users seem to have this luxury, at least with iMessage. Apple claims that the service has unbreakable encryption, and the company does not turn over data to authorities. Now, security researchers have challenged this claim, but the fact remains that Mac, iPhone, iPad and iPod touch users already have a built-in app for secure messaging. The limitation here, again, is that you can only message securely with other iMessage users. SMS fallback (sending to a non-iMessage user) will still be insecure.

For Android users, Google does not exactly offer a default messaging app aside from the stock SMS and Hangouts. The onus is upon the user to choose an alternative messaging app, even — that’s the beauty of Android. But an effort from the developers of CyanogenMod might lead to more secure SMS in the future.

CyanogenMod and WhisperPush

For CyanogenMod, encrypted messaging comes in the form of WhisperPush, based on the open-source TextSecure protocol. The Cyanogen team is already baking this functionality into nightly 10.2 builds, and promises to include it in version 11 onward. “Your messages to other CM or TextSecure users (regardless of iOS or Android) will automatically be encrypted and secured,” developers have written. And if the intended recipient does not have TextSecure, then the message sending will fall back into unsecured SMS.

In summary, WhisperPush will encrypt messages sent through SMS, for as long as both sender and recipient are compatible with the platform. With the technology, encrypted messaging can be extended to any SMS application, which includes either the stock SMS app that comes with the device, or the multitude of replacement apps on Google Play.

TextSecure uses end-to-end encryption with local-generated keys, and the technology likewise employes forward secrecy. Meta data might be vulnerable to snooping, however. But with TextSecure being open source, developers and users alike are free to scrutinize the code to check for potential vulnerabilities.

The technology is designed to be unobtrusive, although there are still potential loopholes. For one, the “silent” and automatic fallback is found to be an issue for some, because it nullifies the security offered by encryption. This might be a minor hurdle that can be fixed in a final release.

What’s exciting here is that secure cross-platform messaging may actually be possible without the need to install separate sets of apps for each need. TextSecure is meant to run in the background, and users are free to simply send SMS as they normally would, but can expect an additional layer of privacy and security on top of SMS.

There is, of course, the limitation that only CyanogenMod offers this functionality as an included feature, at this point. But what’s stopping developers from integrating TextSecure into Android, iOS or any other mobile platform?

Privacy vs. connectivity: Can there be a balance?

Security and privacy

Vint Cerf, one of the fathers of the Internet, has said that privacy may actually be “an anomaly.” He says this in the context of an increasingly connected world. We now take things like instant messaging, email and social networking for granted, when only a few decades ago many households relied on public-switch telephone networks and the post office for communications.

Cerf’s contention is that human behavior is inherently social, such that we tend to prefer reaching out, which is evident with how social media has grown in popularity. However, this may come at the expense of privacy. You don’t even have to consider recent issues surrounding NSA eavesdropping, as well as targeted advertising by companies like Google, Facebook and the like. Cerf said that even accidental or incidental participation can expose us without our knowledge. As an example: if you’re unwittingly caught on a person’s uploaded photo and someone tags you, then your photo will be exposed for all the world (or at least that person’s friends) to see, even if you did not upload the picture yourself.

Cerf, who is currently a VP at Google and the company’s chief Internet evangelist, said that we need to “develop new social conventions that are more respectful of people’s privacy.”

On a more personal basis, this brings us to think about the balance between privacy and connectivity when exchanging communications. I have been exploring apps and networks that espouse privacy. For instance, I earlier featured two applications, VK-developed Telegram, as well as Silent Circle, which comes from the makers of PGP. I am now currently trying out another freemium app called Wickr, which likewise promises military-grade encryption.

Wickr, available on Google Play and the iTunes App Store, offers features like text messaging, voice messages and file exchange, a self-destruct mechanism for messages, a “shredder” for forensically erasing messages and data from your devices, and peer-based encryption. Wickr says it does not store data on its servers, which means no third party will be able to request the company to turn over information.

All of this is great news for a privacy advocate, of course. It’s free, and I would assume the creators intend to monetize the app through other means, like selling premium features. But my main concern here would be the ease through which I can connect with someone. True enough, Wickr comes with email and mobile number integration, which ideally makes it easier to find someone who is already on the network. But as how messaging services go, you’re likely to find most of your friends on more popular and open networks like Viber, WhatsApp or Facebook Messenger. That’s because these networks would have already populated your contact list based on your existing contacts. Secondly, these already have big user bases, which increases the likelihood of finding a contact.

Granted, when you want to ensure privacy in your communication, it’s probably because you want to secure (1) the message, and (2) the identity of the other party. You may not necessarily want to keep secret a conversation about something as mundane as a relative’s recent birthday party, how weird the weather today is, or how Red Bull Racing seems to have an undue advantage in the recent Formula One seasons.

However, if you are discussing terms with a potential employer, you wouldn’t want your current boss to find out, would you? Or, if you are discussing a confidential business proposal, you wouldn’t want details to leak. I can think of other possible reasons for keeping communications private, and these include both licit and illicit uses.

I have had the chance to install apps that promise better security, such as Telegram and Wickr. The problem is that my contact list is empty, except for a few other test accounts — which are actually owned by my wife and my kids. Would these privacy-enhancing apps be any use if I have no one else to talk to (my wife prefers Facebook Messenger and my kids prefer Viber instead)?

My point here is that, if I had the choice, then I would prefer all my communications to be private and secure. However, as it stands, most of the people I talk to are on Facebook Messenger, which is a highly insecure platform. Do I mind? Not always. If I want to discuss privately, then I would probably ask the other party to install the more secure app, and then move to that platform once we are on.

But still, in a perfect world, all our messaging apps would ideally be secure from day one. Agree?

Image credit: Cloud security

The smartphone kill switch: Pros and cons

Mobile phone pickpocket

Have you ever lost a mobile phone? Or, worse, have you had a mobile phone stolen from you? I have experienced being pick-pocketed firsthand, although I was able to recover the device later on. It wasn’t a pleasant experience, and I made sure to better secure my devices from that point on.

With tracking apps and systems like Find my iPhone, Prey and even Android’s built in remote management, it’s now easier to find lost devices — or at least attempt to find where you may have left your phone or where a likely thief has taken it. You may have read about success stories in which these apps had been used to find the whereabouts of lost phones, including mug-shots of the perpetrators or fencers. If phone recovery is not a success, then at least one can wipe out personal data from the device, so that it doesn’t fall into the wrong hands.

According to a study by mobile security company Lookout, 112 mobile phones are stolen every minute in the US alone. Every day, $7 million worth of smartphones are lost (including those that are stolen). Cellular phone thefts account for 30 to 40 percent of robberies around the country. In total, loss of mobile devices have cost consumers $30 billion in 2012 alone.

Securing our smartphones

Earlier this year, lawmakers, law enforcement agencies and consumer advocacy groups launched the “Secure our Smartphones” initiative, which aims to pressure the mobile device industry for better safeguards against theft. The proposal called for device manufacturers to incorporate a “kill switch” on their smartphones, to reduce incidence of device theft. The idea behind the kill switch is supposedly simple. A stolen phone can be remotely — and permanently — disabled by a user or carrier when reported lost.

To some extent, carriers can already disable the use of mobile devices if these are reported stolen, or even if a user fails to comply with contract. This is usually done by blacklisting the IMEI or ESN. However, this comes with a few limitations. For example, even if an IMEI were included in a blacklist registry, a particular ID number would have to be blacklisted by all carriers, in order for the blacklist to be effective.

This would be useless, however, if the device were sold in another country, where carriers may not support an IMEI blacklist. In fact, there is a big grey market for mobile devices across different countries, where pre-owned devices are sold. And yes, this potentially include stolen goods.

Moreover, the IMEI can be spoofed by modifying a device’s baseband. This can be easily done with a few software tools made by the rooting or jailbreaking community. This means it’s still possible to use a device even if it is blocked by the carrier through IMEI. Some smartphone users actually spoof the IMEI of feature-phones in order to avoid additional tethering or data charges.

The kill switch, on the other hand, would render a device permanently useless. The intent here is to discourage cellular phone theft, and to protect any sensitive data that may be stored on the device.

Killing the kill switch

According to the San Francisco district attorney’s office, Samsung has actually been planning to pre-load its smartphones with a kill switch. This move would, however, require approval from mobile carriers, and AT&T, Verizon Wireless, Sprint and T-Mobile reportedly rejected the idea of a kill switch. According to the DA, the carriers appear to be concerned about losing revenue from device insurance premiums.

Is a kill switch the answer, in the first place? The CTIA, a trade group that represents mobile carriers, doesn’t believe so, saying that the kill switch is also vulnerable to potential abuse.

So far, theft-deterrent is the primary reason the SOS initiative wants a kill switch. To my mind, there might be additional benefits to this:

  • Privacy and data integrity. Data wipes can only go so far. A kill switch that will render a device totally useless would benefit the enterprise market, especially businesses that want to make sure their data does not fall into the wrong hands. For regular consumers like us, we have better assurance that our private messages, information, photos and other media cannot be accessed.
  • Safety. The concept of the kill switch has also been discussed by proponents from the Department of Homeland Security. After all, cellular phones have been known to act as remote-control switches for explosive devices. Being able to kill what could possibly a detonator might aid in bomb defusing efforts.

The kill switch does come with a few risks, which is the main contention of carriers:

  • Malicious hacking or malware. A device might be vulnerable to attack by malicious hackers, who may be able to trip the kill switch remotely or by distributing malware.
  • Phone recovery. There is also the concern that a permanently-disabled device might be found by the legitimate user later on, who would then be unable to use the phone or recover any data that may be stored in it.
  • Consumer advocacy. The kill switch might also be abused by carriers that want to prevent users from switching networks, which might affect devices sold under contract.

A catch-all measure?

To my mind, the concept of the kill switch might easily be considered a catch-all measure against mobile phone theft. But until lawmakers, device manufacturers and carriers agree on the best way to better protect against loss or theft, it would be a good idea for us consumers to be more proactive when it comes to our own safety.

For instance, while there is no absolute deterrent to getting robbed, pick-pocketed or mugged, we could perhaps avoid being in situations in which theft could be possible. Try not to set your smartphone on restaurant tables, where you might easily forget it (it’s bad manners, after all!). Try to avoid displaying your device in public. Use a phone-tracking software. Lock your phone with a PIN, password or pattern lock, as it helps add a layer of protection to your data.

The list goes on. And as long as mobile devices are considered to be valuable commodities, they are still vulnerable to loss and theft.

Image credit: Pickpocket

Concerned about privacy and security? Here are 2 apps you should try

This guy could be listening to your conversations (Image credit: Touchstone Pictures)
This guy could be listening in on your conversations (Image credit: Touchstone Pictures)

You don’t have to be German Chancellor Angela Merkel to be concerned about the privacy and security of your phone conversations. If you’re worried that someone might be recording your calls or reading your messages, then you share the sentiments of the 60 percent or so of the American public that has decried the National Security Agency’s spying activities.

(more…)

FortressFone claims to be an anti-hacking smartphone

A new device called the FortressFone promises to keep your private data from being accessed by unauthorized persons. It is a timely solution to the growing concern caused by recent security-related issues.

fortress-fone

FortressFone is described as an 256-bit AES encrypted device using professional-grade standards defined by the NSA. It is based on the Samsung Galaxy platform, which the phone maker believes to be the best solution for its purpose of providing security.

Setting itself apart from other secure systems, the company claims that it offers a three-tier solution, protecting users on the levels of software, hardware, and operating system. To achieve its goal, Ziklag Systems installs an internally-designed hardened kernel to replace the Android kernel on the smartphone. The Ziklag Systems kernel will be in charge of controlling the various parts of the smartphone that are frequently threatened by security breaches, including the sensors, the microsphones, cameras, radios, internal storage, and USB port. Each FortressFone arrives pre-installed with the security system, as well as a secure SD card.

FortressFone was created by a startup called Ziklag Systems. Ziklag Systems was founded and is headed by Stephen Bryen, who is a former Deputy Undersecretary of Defense for Trade Security Policy in the 80s, and the founder of an organization called the Defense Technology Security Administration. The other members of the Ziklag Systems team are security advocates who have experience in various government and private agencies.

Ziklag Systems explains that today’s mobile devices are vulnerable to various risks. Malware is a common threat, infecting as much as 33 million Android devices in the past year. Mobile devices are also at risk against Spyphones, which are used to collect information from mobile phones. Ziklag Systems says that while government, military, or business leaders are often the target, this does not prevent Spyphone operators from tapping into the information of regular people.

Ziklag Systems’ solution for these smartphone and tablet threats involve “secure mobile technology” that is supposedly tailored to meet the needs of consumers from various sectors, such as information technology, banking and finance, government, defense, and commercial facilities, among others.

The website does not reveal the exact specifications or features of the smartphone, which makes it difficult for consumers to have a clearer picture of the device. Ziklag Systems, however, invites those who are interested to send the company a direct message for an evaluation of one’s security risks and a demonstration of the FortressFone solution.

Would you consider purchasing the FortressFone?

via fastcompany, ziklag 1, 2

DuckDuckGo Search & Stories now available for Android users

DuckDuckGo Search & Stories is now available for downloading free of charge for Android users who want to read interesting articles but are worried about their online privacy. The app promises to offer completely anonymous searches that do not track, filter bubble, save, or reveal the personal information that users provide.

duckduckgo-android

The app pulls information from a long list of sources, but does not tailor these results according to what it may deem a particular user wishes to see. These sources are categorized into seven: current events, entertainment, magazine, newspaper, sports, technology, and trivia. Among the sources are: CNN, BBC, The Guardian, NPR, Yahoo! Reuters, reddit Aww, Dear Abby, reddit Pics, The New Yorker, Time, New York Times, Wall Street Journal, ESPN, Hacker News, Lifehacker, reddit Programming, reddit AMA, Quora, reddit TIL, and a handful of others.

The app’s features are consistent with the original DuckDuckGo’s mission. For those who are unfamiliar with DuckDuckGo, it is a search engine that claims to be different from Google or Bing in that it does not save one’s search history, click history, Facebook likes, among others. According to the company, this effectively prevents the user from missing other search results. It also does not believe in building profiles that identify its users, and eventually selling those profiles to other companies. This policy protects users against having their personal information revealed in case the search engine gets hacked, or employees decide to take a look at the data. It prioritizes the most shared stories, whether via e-mailing or reddit upvotes, from these sources.

DuckDuckGo’s statements regarding privacy are relevant in light of the recent PRISM scandal, which led some consumers to question whether their private information is safe in the hands of online companies. DuckDuckGo received more attention because of such scandal, and could possibly get more with the new app.

DuckDuckGo Search & Stories may be found on Google Play and the Amazon Appstore for Android. It requires a minimum of Android 2.2 to function. An iOS version is available, as well.

via phonearena

Apple publishes customer privacy statement, reveals getting 4k+ requests for data from government

Apple maintained its commitment to customer privacy in a fresh statement regarding the company’s implication in the NSA issue about customer data requests from government agencies.

apple

Apple said that it came to know about the government’s PRISM program around the beginning of the month when news organizations questioned them about it. However, the company denied giving the government direct access to customer information. Furthermore, Apple clarified that before it grants a government request for data, it requires a court order.

Each request, the company claims, is reviewed by Apple’s legal team. If indeed there is a necessity for the request for customer data to be given, Apple says that it grants only the smallest set of information possible.

On the other hand, if the request itself is problematic, Apple declines to provide the information.

Moreover, Apple avers that it does not keep a huge amount of information regarding its customers. It even fails to give some types of information to the government simply because it has not collected such data. For instance, Apple does not save data regarding the location of consumers. Another example would be the messages sent via FaceTime and iMessage. These messages, according to Apple, have end-to-end encryption. In other words, only those involved in the conversation will have access to the message.

In the end, Apple assured its customers that it will continue protecting their privacy while remaining lawful to government policies.

Apple revealed that between the dates of December 1, 2012 to May 31, 2013, it had received some 4,000 to 5,000 requests for customer data from the government. Such information was used in matters of national security as well as in criminal investigations. Apple had asked for and had gotten permission to publish this information, according to its press release.

Apple’s statement is similar to those released by other tech companies following the NSA issue. Facebook, for its part, revealed that it had gotten some 9,000 to 10,000 data requests from the government whereas Microsoft had gotten around 6,000 to 7,000 requests. Google has also asked for permission from the government to divulge the number of requests it had received.

Click here to read the full statement on Apple’s website.

via techcrunch

Larry Page Just as Dumbfounded at Discovery of Government PRISM Program as Everybody else

Prism

We first heard word of Verizon and their order to hand over millions of the network user’s call records, but it seems this month that the ‘Verizon order’ is just the start. A new PRISM government scheme is a program that, according to other sources, will allow the NSA and FBI to have access to some of the most influential internet services, including Facebook, Apple and Google.

Apple and Facebook have already denied such claims, and now Google’s Larry Page has stood up to address the issue. Page wrote a post on the Googleblog blogspot to explain that Google was not involved with the PRISM scheme, and then went onto discussing how exactly their rules and regulation work in accordance with the government and any data they may want to access through Google.

Larry also explained his seriousness about Google’s strict data protection policies, and went on to explain that he wants Google to be as transparent as possible when it comes to these areas of business.

So, is PRISM actually something real or a simple troll? Right now there’s no real way of knowing- leaked documents contained information on the program, and included PowerPoint slides stating the internet companies involved with the government scheme.

But on the other hand, all companies have openly stated they are not part of any PRISM scheme and all representatives sounded shocked when they addressed the claims they were sharing data with the NSA and FBI.

It’s unlikely any of this will lead to anywhere, but it does bring up a very important debate- do we need to let go of our privacy concerns now that the world is becoming more connected, or should we hold onto them and make the rules of such privacy more clear and transparent? I’m sure there are stories for both sides, but it seems that the general public still feels the need for internet privacy.

Source: Droid-Life

Google rejects Glass facial recognition apps for now

Google will not approve facial recognition apps for Google Glass, at least for the moment, until it ensures that strict privacy protections are established. Thus, such facial recognition apps still have hope of getting approved once the Mountain View, California-based technology giant is able to guarantee that they may not be used in privacy abuses.

google-glass

Google’s announcement, which was posted on its Google Plus page, stems from expressions of concern that it had received regarding the possibility of apps that have a facial recognition function.

Such concerns have already reached Congress, where US Congressman Joe Barton, wrote a letter to Google about the feature’s potential for misuse. Such letter, which was a response to Google’s claim that the product lets users capture and share images and messages, was signed by several other lawmakers.

In the letter, Barton and the others questioned Google on several points. The first one asks for more details about Facial Recognition Technology, particularly about whether people could choose not to be included in the device’s ability to record and share images taken of them by users of Google Glass. Next, it tried to clarify whether Google Glass would record information without consent. Lastly, it wanted more details on the capability of Google Glass to store information on the device, and whether there could be some assurance that the data stored would be protected.

In addition to the statement on Google Plus, Google also updated the device’s developer site. It now states that applications using the camera to identify other subjects, such as those with facial recognition and voice print functions, are currently not approved.

The Next Web notes that the new policy regarding facial recognition apps only covers Glassware apps.

At this point, it is still unclear when Google will release its privacy protection policies that will allow for the approval of facial recognition apps.

via thenextweb, joebarton