Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

 

source: threatpost.com  | image:  pixabay.com

 

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.

Users of Apple’s Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track ‘every single tap’ users make with external websites accessed via the software.

Researcher Felix Krause, who outlined how Meta tracks users in a blog posted Wednesday, claims that this type of tracking puts users at “various risks”. He warns both iOS versions of the apps can “track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap” via their in-app browsers.

iOS users’ concerns over tracking were addressed by Apple’s 2021 release of iOS 14.5 and a feature called App Tracking Transparency (ATT). The added control was intended to require app-developers to get the user’s consent before tracking data generated by third-party apps not owned by the developer.

Krause said that both iOS apps Facebook and Instagram are using a loophole to bypassed ATT rules and track website activity within their in-app browsers via the use of a custom JavaScript code used in both in-app browsers. That means, when an iOS user of Facebook and Instagram click on a link within a Facebook and Instagram post (or an ad), Meta launches its own in-app browser which can then track what you do on external sites you visit.

Meta’s Use of a JavaScript Injection 

“The Instagram [and Facebook] app injects their JavaScript code into every website shown, including when clicking on ads. Even though pcm.js doesn’t do this, injecting custom scripts into third party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers,” Krause wrote.

Continue reading “Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’”

A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise

 

source: wired.com  |  image: pixabay.com

 

Though often viewed as the “crown jewel” of the US intelligence community, fresh reports of abuse by NSA employees and chaos in the US Congress put the tool’s future in jeopardy.

The federal law authorizing a vast amount of the United States government’s foreign intelligence collection is set to expire in two months, a deadline that threatens to mothball a notoriously extensive surveillance program currently eavesdropping on the phone calls, text messages, and emails of no fewer than a quarter million people overseas.

The US National Security Agency (NSA) relies heavily on the program, known as Section 702, to compel the cooperation of communications giants that oversee huge swaths of the internet’s traffic. The total number of communications intercepted under the 702 program each year, while likely beyond tally, ostensibly reaches into the high hundreds of millions, according to scraps of reportage declassified by the intelligence community over the past decade, and the secret surveillance court whose macroscopic oversight—even when brought to full bear against the program—scarcely takes issue with any quotidian abuses of its power.

Continue reading “A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise”

Taliban weighs using US mass surveillance plan, met with China’s Huawei

 

source: reuters.com  |  image: pixabay.com

 

KABUL, Sept 25 (Reuters) – The Taliban are creating a large-scale camera surveillance network for Afghan cities that could involve repurposing a plan crafted by the Americans before their 2021 pullout, an interior ministry spokesman told Reuters, as authorities seek to supplement thousands of cameras already across the capital, Kabul.

The Taliban administration — which has publicly said it is focused on restoring security and clamping down on Islamic State, which has claimed many major attacks in Afghan cities — has also consulted with Chinese telecoms equipment maker Huawei about potential cooperation, the spokesman said.

Continue reading “Taliban weighs using US mass surveillance plan, met with China’s Huawei”

A Tiny Blog Took on Big Surveillance in China—and Won

 

source: wired.com  |  image: pexels.com

 

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war.

 

AT A LOCATION he keeps secret, John Honovich was on his laptop, methodically scouring every link on a website for a conference half a world away. Hikvision, the world’s largest security camera manufacturer, was hosting the event—the 2018 AI Cloud World Summit—in its hometown of Hangzhou, a city of about 10 million people not far from Shanghai. Honovich, the founder of a small trade publication that covered video surveillance technology, wanted to find out what the latest Hikvision gear could do.

He zeroed in on one section of the conference agenda titled “Eco-Friendly, Peaceful, Relaxed” and found a description of an AI-powered system installed around Mount Tai, a historically sacred mountain in Shandong. A video showed Hikvision cameras pointed at tourists climbing the thousands of stone steps leading to the famous peak. Piano music played as a narrator explained, in Mandarin with English subtitles, that the cameras were there “to identify all visitors to ensure the safety of all.” The video cut to a shot of a computer screen, and Honovich hit pause. He saw a zoomed-in view of one visitor’s face. Below it was data that the camera’s AI had inferred. Honovich downloaded the video and took screenshots of the computer screen, for safekeeping. 

Later, with the help of a translator, he scrutinized every bit of text on that screen. One set of characters, the translator explained, suggested each visitor was automatically sorted into categories: age, sex, wearing glasses, smiling. When Honovich pointed at the fifth category and asked, “What’s this?” the translator replied, “minority.” Honovich pressed: “Are you sure?” The translator confirmed there was no other way to read it.

Continue reading “A Tiny Blog Took on Big Surveillance in China—and Won”

Ring Is in a Standoff With Hackers

source: wired.com  |  image: pixabay.com

WHAT’S MORE CONTROVERSIAL than a popular surveillance camera maker that has an uncomfortably cozy relationship with American police? When ransomware hackers claim to have breached that company—Amazon-owned camera maker Ring—stolen its data, and Ring responds by denying the breach.

But we’ll get to that.

Five years ago, police in the Netherlands caught members of Russia’s GRU military intelligence red-handed as they tried to hack the Organization for the Prohibition of Chemical Weapons in The Hague. The team had parked a rental car outside the organization’s building and hid a Wi-Fi snooping antenna in its trunk. Within the GRU group was Evgenii Serebriakov, who was caught with further Wi-Fi hacking tools in his backpack.

 

Ring Is in a Standoff With a Ransomware Gang

ALPHV, a prolific group of hackers who extort companies with ransomware and leak their stolen data, said earlier this week that it had breached security camera maker Ring and threatened to dump the company’s data online if it doesn’t pay. “There’s always an option to let us leak your data …” the hackers wrote in a message to Ring on their leak site. Ring has so far responded with a denial, telling Vice’s Motherboard, “We currently have no indications of a ransomware event,” but it says it’s aware of a third-party vendor that has experienced one. That vendor, Ring says, doesn’t have access to any customer records. 

Meanwhile, ALPHV, which has previously used its BlackCat ransomware to target companies like Bandai Namco, Swissport, and hospital firm Lehigh Valley Health Network, stands by its claim to have breached Ring itself, not a third-party vendor. A member of the malware research group VX-Underground shared with WIRED screenshots of a conversation with an ALPHV representative who says that it’s still in “negotiations” with Ring.

Chinese surveillance from above may make stealth planes obsolete | Opinion

source: sun-sentinel.com  |  image: pixabay.com

 

When Pentagon brass rolled out the bat-shaped B-21 Raider late last year amid self-congratulatory speeches and glowing news reports, they touted it as the ideal deterrent against Beijing’s military ambitions. Projected to cost some $720 million apiece, the airplane was called the ultimate in radar-evading technology, able to carry out conventional and nuclear strikes virtually undetected in China and elsewhere.

As a journalist who covered previous stealth aircraft, the praise evoked disturbing echoes of glaring design flaws. Such missteps initially made the B-21′s predecessor, the Air Force’s B-2 Spirit, less stealthy and more difficult to operate than advertised. Northrop Grumman Corp. built both bombers.

Now, former senior officials involved in the classified B-21′s early development worry the Pentagon is repeating a version of those mistakes, this time by underestimating Beijing’s ability to closely track the latest bomber from space.

Continue reading “Chinese surveillance from above may make stealth planes obsolete | Opinion”

China’s Top Airship Scientist Promoted Program to Watch the World From Above

source: nytimes.com, contributed by FAN, Bill Amshey  |  image: pixabay.com

 

Corporate records and media reports reveal an airship scientist at the center of China’s high-altitude balloon program. Companies he has founded were among those targeted by Washington.

In 2019, years before a hulking high-altitude Chinese balloon floated across the United States and caused widespread alarm, one of China’s top aeronautics scientists made a proud announcement that received little attention back then: His team had launched an airship more than 60,000 feet into the air and sent it sailing around most of the globe, including across North America.

The scientist, Wu Zhe, told a state-run news outlet at the time that the “Cloud Chaser” airship was a milestone in his vision of populating the upper reaches of the earth’s atmosphere with steerable balloons that could be used to provide early warnings of natural disasters, monitor pollution or carry out airborne surveillance.

“Look, there’s America,” Professor Wu said in an accompanying video, pointing on a computer screen to a red line that appeared to trace the airship’s path across Asia, northern Africa, and near the southern edge of the United States. By the time of the report, it was over the Pacific Ocean.

Continue reading “China’s Top Airship Scientist Promoted Program to Watch the World From Above”

Researchers shrink camera to the size of a salt grain- Princeton Engineering

source: https://engineering.princeton.edu, contributed by Artemus Founder, Bob Wallace  |  image: pexels.com

see images of the cameras here

Micro-sized cameras have great potential to spot problems in the human body and enable sensing for super-small robots, but past approaches captured fuzzy, distorted images with limited fields of view.

Now, researchers at Princeton University and the University of Washington have overcome these obstacles with an ultracompact camera the size of a coarse grain of salt. The new system can produce crisp, full-color images on par with a conventional compound camera lens 500,000 times larger in volume, the researchers reported in a paper published Nov. 29 in Nature Communications.

Enabled by a joint design of the camera’s hardware and computational processing, the system could enable minimally invasive endoscopy with medical robots to diagnose and treat diseases, and improve imaging for other robots with size and weight constraints. Arrays of thousands of such cameras could be used for full-scene sensing, turning surfaces into cameras.

Continue reading “Researchers shrink camera to the size of a salt grain- Princeton Engineering”

Protect your privacy: A guide to avoiding drone surveillance

source: foxnews.com  |  image: pexels.com

It’s difficult to learn who owns a drone; some have their registration numbers visible, usually in case the owner loses sight of it.

I share a ton of tips to protect your privacy online. Do this quick 30-second check to keep your Google and Facebook accounts safe if you haven’t yet.

What about when you leave your home? Just about everywhere you go, you’re being watched. 

Not all cameras are out in the open, either. I once found more than a dozen cameras in an Airbnb I rented. Here are my best tips for spotting hidden cams in a rental, new apartment, home, or hotel room. But now we have drones to deal with.

The internet is a dangerous place. Join over 400,000 people and stay updated with my free daily newsletter.

I spy with my eye a drone in the sky

The other day, I heard a familiar buzz while swimming in my backyard pool. Sure enough, a drone hovered overhead and quickly vanished when I shooed it away with my hand. That’s how I got the idea for this post.

Continue reading “Protect your privacy: A guide to avoiding drone surveillance”

NSA leader pushes lawmakers to keep key surveillance power

source: axios.com (contributed by FAN, Bill Amshey)  |  image: nsa.gov

 

The head of the National Security Agency made his case Thursday for lawmakers to keep a key NSA surveillance power intact ahead of a tough reauthorization battle this year.

The big picture: Section 702 of the Foreign Intelligence Surveillance Act is set to expire at the end of the year, jeopardizing a surveillance authority that allows intelligence agencies to collect warrantless online communications from foreign persons.

  • The fight over whether to keep Section 702 intact will take up much of Capitol Hill’s cybersecurity attention throughout the year.

Driving the news: Gen. Paul Nakasone, the head of the NSA and the U.S. Cyber Command, said during an event Thursday that the surveillance power has allowed the U.S. to stop active terrorist plots, foreign ransomware attacks and planned cyber espionage schemes.

  • “This authority provides the U.S. government irreplaceable insights, whether we’re reporting on cybersecurity threats, counterterrorism threats, or protecting U.S. and allied forces,” Nakasone said.
  • “We have saved lives because of 702,” he added.

Why it matters: Nakasone’s comments set the stage for the arguments that the intelligence community is likely to make as lawmakers debate the merits of the program throughout the year.

Yes, but: Civil liberties and privacy advocates have long argued that Section 702 sweeps up far too many Americans’ electronic communications, such as emails and text messages, when they talk with people in other countries.

  • Some Republican lawmakers are also likely to argue for either letting 702 expire or limiting its scope as their party grows more critical of the intelligence agencies.