Just Watching a YouTube Video Can Compromise Your Smartphone
Among the multiple ways of compromising a mobile device, a new method was
recently analyzed by researchers that humans can’t detect: hidden voice
commands.
The research was driven by the emergence
of voice interfaces for computers and was conducted on Android and iOS devices
with the "Google Now" feature activated. With modern smartphones and wearable devices
adopting an "always-on" model in which they continuously
listen for possible voice input, researchers wanted to learn whether hidden
commands that are unintelligible to human listeners could be issued.
In a paper (PDF) describing the experiment, researchers from
Berkeley and Georgetown University revealed that hidden commands that are
effective against existing systems can be issued, and that humans are unlikely
to understand them and might not even notice them. The mobile devices, one the other hand, will
react to these commands.
… researchers say
that it is possible to broadcast hidden commands from a loudspeaker at an event
or to embed them in a trending YouTube video.
Unfortunately, we seem to have a government of “no
consequences.”
Chinese Hacks on FDIC Covered Up by CIO
Threat actors believed to be from China breached the systems of the U.S.
Federal Deposit Insurance Corporation (FDIC), but the
agency’s chief information officer attempted to cover up the incident, according to a report
published this week by the House of Representatives Science, Space and
Technology Committee.
The report revealed that a threat group presumably sponsored by
the Chinese government breached FDIC systems in 2010, 2011 and 2013. The attackers managed to plant malware on 12
workstations and 10 servers belonging to the banking regulator, including
computers used by the chairman, chief of staff and general council.
According to the report, Russ Pittman,
who was the FDIC’s CIO at the time, had instructed employees not to discuss or
proliferate information about the attack to avoid jeopardizing the confirmation
of Martin Gruenberg in the position of FDIC chairman.
… Pittman is not
the only CIO accused of wrongdoings. The
agency’s current CIO, Lawrence Gross, has been called out for failing to notify
Congress of major incidents (i.e. incidents involving more than 10,000
records).
… The agency and
its CIO attempted to downplay the extent of the incident until the FDIC Office
of Inspector General (OIG) conducted an investigation and prompted the
organization to report the breach to Congress. Furthermore, Gross reportedly removed a CISO
who disagreed with him about whether the Florida incident should have been
reported to Congress. Gross’ ability to
serve as CIO of FDIC is now being brought into question.
So this is e-trespassing raised to the equivalent of a “make
my day” law? Can I ask the FBI to stay
away from my website?
Orin Kerr writes:
The U.S. Court of Appeals for the
9th Circuit has handed down a very important decision on the
Computer Fraud and Abuse Act, Facebook v. Vachani, which I flagged just
last week. For those of us worried about
broad readings of the Computer
Fraud and Abuse Act, the decision is quite troubling. Its reasoning appears to be very broad. If I’m reading it correctly, it says that if you tell people not to visit your website, and they
do it anyway knowing you disapprove, they’re committing a federal crime
of accessing your computer without authorization.
Read more on Washington
Post. As always, Orin provides a lot
of food for thought.
By now, I’ve only read the opinion once, and oddly,
perhaps, what caught my eye was fn4:
Simply bypassing an IP address,
without more, would not constitute unauthorized use. Because a blocked user does not receive notice
that he has been blocked, he may never realize that the block was imposed and that
authorization was revoked. Or, even if he
does discover the block, he could conclude that it was triggered by misconduct
by someone else who shares the same IP address, such as the user’s roommate or
co-worker.
So someone going directly to a file on a server from
search results – without going through the site’s or server’s front door – is
not necessarily engaging in “unauthorized use” under CFAA without more? But what more would be needed in that
situation to make criminal application of CFAA appropriate? And if that’s the case, think of the raid on
Justin Shafer who accessed files on a Patterson FTP server when there was
nothing he saw that would have suggested he didn’t have authorization.
Will the government let this stand? I rather doubt it.
Court rules DEA needs warrant to use mobile tracking device
A federal judge in New York on Tuesday ruled that law
enforcement officers need a warrant before using a device that mimics cellphone
towers to help track a person’s mobile phone.
Observers said the ruling was the first of its kind in
federal court. But it is unclear how
important the precedent will be since the government has already changed its
policy to require warrants going forward.
… “Absent a search
warrant, the Government may not turn a
citizen’s cell phone into a tracking device,” the judge wrote in his opinion. “Perhaps recognizing this, the Department of
Justice changed its internal policies, and now requires government agents to
obtain a warrant before utilizing a cell-site simulator.”
The new Justice Department policy last year to require warrants
came only a week after the DEA carried out its search of the home of Raymond
Lambis, the defendant in the case.
(Related) So why
question this?
Judge Koh Grilled at Hearing for 9th Circ. Slot
A Republican senator grilled U.S. District Judge Lucy Koh
on Wednesday about why she said police need warrants to access cellular
location data.
… From her bench
in San Jose, Koh made headlines roughly this time last year in blocking the
government from accessing data called cell-site location information without a
warrant, saying such data has Fourth Amendment protections.
… The senator called Koh's ruling last year the
only of its type. No other courts ruled
that non-content, or meta-data, was subject to protection under the Fourth
Amendment.
Koh, 47, emphasized that she had no precedent to follow,
either from the U.S. Supreme Court, or the Ninth Court, which hears appeals
from 15 judicial districts, including Koh's and three others in California.
Koh said she did her diligence by surveying other circuit
cases and state laws on probable cause.
A 2012 decision by the Supreme Court guided Kohn in
particular.
The ruling U.S. v. Jones "held that GPS [vehicular]
tracking movements on public roads for 28 days did violate the Fourth Amendment
and did require a warrant, and in this particular instance, it was equally a
tracking of movement over 60 days instead of 28 days with tracking without a
warrant," Koh noted.
Everyone is buying tools to surveil themselves. All the video goes to Nest and/or Google.
Nest's outdoor camera and Google A.I. tell you when someone's
at your door
… This particular
unit requires an outlet and does not run on batteries...the use of main power
means the Nest Cam can continue recording and uploading footage...without
needing to turn itself off and activate once movement is detected... On the flip side, should you happen to lose
power to your home, the camera becomes decoration.
There's no built-in storage...so you'll need to make sure
your Wi-Fi remains up and running. That
said...all video streamed is encrypted. Sound
like the perfect solution to add to your security setup? You can pre-order it now for $199.
… What about the
accompanying app? How is that going to
work with the new outdoor camera? Turns
out, it is getting an upgrade, and will be using Google-power A.I. to detect
people via the outdoor camera.
Subscribers to the Nest Aware service will get a new
feature called “person alerts.” This server-based
algorithm will analyze the feed from your camera in real time to distinguish a
human being from anything else that might appear. If the algorithm determines that it’s a
person, it will send an alert to the app.
Nest's person alerts won't use facial recognition to try to identify who
the person in front of the camera is. [Yet. Bob]
(Related) Government
says surveillance earns you a discount – in reality, insurance companies will just
charge more if you don’t surveil yourself.
Joe Cadillic writes:
Big Brother and auto insurance
companies have devised a devious new way to encourage Americans to spy on each
other. They’re offering motorists an
insurance discount, if they purchase and install dashcams in their own
vehicles!
New York Assembly member Alicia
Hyndman and NY Senator Jose Peralta have introduced a bill, that would give New York drivers a
5% auto insurance discount for having a dash camera installed in their car.
Fyi, insurance companies are also
secretly identifying motorists
and passengers using facial biometrics.
Read more on MassPrivateI.
Come on students, try and keep up!
Pokémon Go is Literally Taking Over the World. Here’s What
Marketers Can Keep in Mind
Pokémon Go launched
a week ago. That’s right- seven days. And in that time, there have been more
downloads of the game then of Snapchat. According
to an article on Forbes‘ website, more people
are using Pokémon Go than Instagram and Whatsapp.
People are knocking on strangers’ doors,
taking impromptu trips, and allegedly, discovering
dead bodies while playing the game. In short: Pokémon Go is a global phenomenon,
the likes of which we have not seen in some time.
(Related)
The beginner’s guide to Pokémon Go: A FAQ on how to catch 'em
all
Self-promotion is still marketing. Don’t believe me? Ask Donald Trump.
Let Selena Gomez Help You Get Those Double-Taps: Her 7 Tips
for Becoming the Most-Followed Person on Instagram
With 89.2 million followers, Selena Gomez
is the most followed person on Instagram, trumping her BFF Taylor Swift by 4
million and her ex-boyfriend Justin Bieber by
about 15 million. Not to mention, she's
also beat out all the selfie masters in the Kardashian/Jenner family.
So how did SelGo do it? In an interview with The Hollywood Reporter, the singer admits she really
didn't do much of anything at all—and that might just be the key to her
success.
… With that being said, here
are 7 tips she suggests for gaining a massive following:
Something to share with my students. Just the math tips make it worthwhile.
This Cool Website Will Teach You Hundreds of Google Search
Tips
This cool website called SearchyApp features
an insane amount of tips that’ll help you make the most of Google.
An update.
Tom Brady’s appeal request denied by federal court, so his
suspension stands
(Related) I only
included the article above so I could ask: “Does Ruth like Tom better than
Donald?”
Ruth Bader Ginsburg is the key to Tom Brady’s short-term fate
… Seeking justice
will include seeking a stay of the suspension from Justice Ruth Bader Ginsburg,
the member of the U.S. Supreme Court designated to handle cases arising from
the Second Circuit. If an appeal is
filed, she’ll inevitably be asked to maintain the status quo until the
Supreme Court decides whether to take up the case.
Here’s where it gets very interesting — and potential very
political. Ordinarily, Justice Ginsburg’s
ideology and philosophies ordinarily would make her more likely than not to
grant the stay. In this case, however,
there’s a potential complication. His
name is Donald Trump.
Brady has made no bones about his friendship with Trump. And Justice Ginsburg has made no bones about
her disdain for Trump.
No comments:
Post a Comment