Month: December 2017

Posted on

Snowden-Backed App ‘Haven’ Turns Your Phone Into a Home Security System

Your digital security, any sufficiently paranoid person will remind you, is only as good as your physical security. The world’s most sensitive users of technology, like dissidents, activists, or journalists in repressive regimes, have to fear not just hacking and online surveillance, but the reality that police, intelligence agents, or other intruders can simply break into your home, office, or hotel room. They can tamper with your computers, steal them, or bodily detain you until you cough up passwords or other secrets.

To help combat that threat, one of the world’s most well-known activists against digital surveillance has released what’s intended to be a cheap, mobile, and flexible version of a physical security system. On Friday, the Freedom of the Press Foundation and its president, famed NSA leaker Edward Snowden, launched Haven, an app designed to transform any Android phone into a kind of all-purpose sensor for detecting intrusions.

Haven uses your phone’s sensors to monitor for changes in sound, light, and movement.

Guardian Project

Safe Haven

Designed to be installed on a cheap Android burner, Haven uses the phone’s cameras, microphones and even accelerometers to monitor for any motion, sound or disturbance of the phone. Leave the app running in your hotel room, for instance, and it can capture photos and audio of anyone entering the room while you’re out, whether an innocent housekeeper or an intelligence agent trying to use his alone time with your laptop to install spyware on it. It can then instantly send pictures and sound clips of those visitors to your primary phone, alerting you to the disturbance. The app even uses the phone’s light sensor trigger an alert if the room goes dark, or an unexpected flashlight flickers.

“Imagine if you had a guard dog you could take with you to any hotel room and leave it in your room when you’re not there. And it’s actually smart, and it witnesses everything that happens and creates a record of it,” Snowden said in an encrypted phone call with WIRED from Moscow, where he has lived in exile since 2013. “The real idea is to establish that the physical spaces around you can be trusted.”

Since he became the director of the Freedom of the Press Foundation in early 2016, Snowden has led a small team of programmers and technologists working on security tools. The results so far range from software that only allows secrets to be decrypted if a group of collaborators combine their secret keys, to a hardware modification for the iPhone that’s designed to detect if malware on the device is secretly transmitting a user’s data.

The ‘Evil Maid’ Problem

The notion of a smartphone-based alarm system arose when Micah Lee, a technologist at the news outlet The Intercept and board member of the Freedom of the Press Foundation, suggested it to Snowden in early 2017. Lee hoped for a new approach to the perennial problem that the cybersecurity community calls the “evil maid” attack: It’s very difficult to prevent someone with physical access to your computer from hacking it.

Eventually, Lee and Snowden’s group of developers at the Freedom of the Press Foundation partnered with the security-focused nonprofit Guardian Project to build and test a software solution to that problem. “We thought, is there a way we can use a smartphone as a security device,” says Nathan Freitas, the director of the Guardian Project. “Take all the surveillance technologies in smartphones and flip them on their head, to keep watch on all the things you care about when you’re not there?”

‘Imagine if you had a guard dog you could take with you to any hotel room and leave it in your room when you’re not there.’

Edward Snowden

In practice, Haven could protect its users from more than just hands-on computer hackers; it could guard against everyone from abusive spouses to authoritarian police. In November, the groups teamed up with the Colombian activism group Movilizatorio to conduct a trial with social justice activists—a group that’s been the target of dozens of assassinations over the last year, in the fallout of tense negotiations between guerrilla groups and the country’s government. Movilizatorio founder Juliana Uribe Villegas says the app provided a key reassurance that month, for a group of 60 testers, that government or criminals agents weren’t breaking into their homes to plant surveillance equipment or, far worse, to kidnap or physically harm them.

“It’s very significant for them to know that they have tools they can use themselves when the government isn’t protecting them,” Uribe Villegas says. “It’s great to think about cybersecurity, but in countries like ours, personal security is still at the top of our list.”

Privacy First

Of course, any device that takes pictures and records audio clips in your home or office and sends them over the internet might sound more like an intolerable privacy violation than a security measure, especially for someone as privacy-sensitive as Snowden, who hasn’t even carried a mobile phone since he first became a fugitive from the US government in 2013.

Haven sends encrypted alerts when activity triggers your phone’s sensors.

Guardian Project

But Haven takes some serious measures to prevent its surveillance mechanisms from being turned against a phone’s owner. It integrates the encrypted messaging app Signal, so that every alert, photo, and audio clip it sends to the user is end-to-end encrypted. As another safeguard, users can also configure Haven to work with the Android app Orbot, which has an option to turn your phone into a so-called Tor Onion Service—essentially, a server on the darknet. That means the Haven phone’s event log can be accessed remotely from your desktop or another phone, but only over Tor’s near-untraceable connection. In theory, that means no eavesdropper can break in to access those audio and photo snapshots of your sensitive spaces.

“Now you can take this huge aggregation of sensors available on any phone today—accelerometers, light sensors, cameras, microphones—and make it work for you and only you,” Snowden says. He notes that despite his personal avoidance of carrying a smartphone, even he has used Haven in hotel rooms while traveling and even at home, albeit only with some additional precautions that he declined to fully detail.

In WIRED’s initial tests of Haven’s beta version, the app successfully detected and alerted us to any attempts to approach a laptop on an office desk, reliably sending photos of would-be evil maids over Signal. If anything, the app was too sensitive to saboteurs; it picked up and alerted us to every stray office noise. The app’s accelerometer detection was so hair-triggered that even leaving the phone on top of a computer with a moving fan inside created hundreds of alerts. You can set thresholds for the audio, but it was tricky choosing a level that wouldn’t trigger false positives. Freitas says the developers are still working on fine-tuning those controls, but that users may have to experiment.

Snowden acknowledges that Haven can’t stop an intruder bent on physically harming someone. But by simply detecting and recording their presence, it might just make them think about the consequences of that intrusion’s documentation, and give victims a significant tool they haven’t had before. “If you’re the secret police making people disappear, Haven changes the calculus of risk you have to go through,” Snowden says. “You have to worry that every possible cell phone might be a witness.”

from Wired Top Stories http://ift.tt/2BxW3Ox
via IFTTT

Posted on

South Korea fittingly equips high-speed train with high-speed LTE

The Winter Olympics are in South Korea in 2018, which is the perfect excuse to refine old technologies and show off new ones in advance of the huge crowds that will descend on the country early next year. Today, Samsung announced that, in partnership with the Korean telecom company KT, the world’s first LTE-R network on a high-speed train is live.

The new Wonju-Gangneung high-speed train can travel up to 155 miles per hour and is 75 miles long. It was clearly built with the crowds of the Winter Olympics in mind, as the press release states that the train "will provide the public faster, easier access to the largest winter sports facilities in Korea, including PyeongChang." LTE-R will operate across the line’s seven stations, and works with older technologies, such as the Trunked Radio System, VHF systems, and the public safety network (PS-LTE).

LTE-R, or LTE-Railway, is a wireless communication system to connect those operating and working on trains with those on the ground. It allows for fast, reliable communication and signaling, overcoming the challenges of using an LTE network at high speeds. It includes features such as Mission-Critical Push-to-talk, or MCPTT, and a dedicated core network to operate the service.

Samsung is the supplier for five different LTE-R projects in South Korea. The technology is already in place on the Busan Metro line, which was launched in April 2017. This is the first application of the technology to a high-speed train line.

Source: Samsung

from Engadget http://ift.tt/2Dra6Tm
via IFTTT

Posted on

Manchester City signs second FIFA pro as ‘dedicated PS4 player’

Sports teams the world over are adding gamers to their rosters, but it’s particularly common in football. Manchester City FC signed its first eSports pro, Kieran "Kez" Brown, last summer, and today the club’s announced Marcus "ExpectSporting" Jorgensen (aka Marcuzo) has become the second pad warrior to join the squad. Jorgensen previously competed for Danish football club Brøndby IF, with his biggest win to date being the FIFA Interactive Club World Cup held this past August.

Jorgensen’s first start for Man City will be in late January for the FUT Champions Cup in Barcelona. Interestingly, he’s joined the club as its "dedicated PS4 player," which means by default, Kieran Brown will only be seen with an Xbox controller in hand from now on. We didn’t realise the scene has matured to the extent that FIFA players are now platform exclusives, too.

Source: Manchester City FC

from Engadget http://ift.tt/2pidmhd
via IFTTT

Posted on

Specially prepared photos shown bypassing Windows Hello facial recognition

SySS demonstrates using the printout of the IR photo to trick Windows Hello on a Surface Pro 4.

Security researchers at a German security firm, SySS, have shown that the Windows Hello facial recognition can be tricked by using specially prepared printouts of photographs. Microsoft added an “enhanced anti-spoofing” mode in the Windows 10 Creators Update earlier this year that properly defeats the attack, but it’s neither enabled by default nor compatible with all Windows Hello hardware.

The obvious question with any kind of facial recognition-based biometric authentication system is, how easily can it be tricked with a photograph? Since it’s easy to take a picture of someone’s face, often without them even knowing, a facial recognition system that can be fooled by a photo isn’t much use. The Windows Hello system has two main parts: there’s the physical hardware, which for Hello is a webcam with infrared illumination and detection, and the software algorithms, which are part of Microsoft’s Biometric Framework. With this design, Microsoft can refine and improve the algorithms, and the improvements should work for any compatible hardware.

Windows Hello’s infrared requirement should protect it from being spoofed by regular photos. So what the researchers from SySS did was use a photo taken with an infrared camera. This photo was then adjusted to change its contrast and brightness and printed at a low resolution on a laser printer. The resulting picture was successful at authenticating a user with Hello on two separate devices: a Surface Pro 4, using its integrated camera, and a laptop, using a discrete LilBit USB camera.

While the picture produced this way would not fool an RGB camera, it looks sufficiently close to what the infrared camera expects to see to allow the attacker to log on.

The Windows 10 Creators Update, version 1703, included a little-documented feature called “enhanced anti-spoofing.” Enabled by changing a registry key or Group Policy setting, the exact purpose or effect of this setting isn’t entirely clear. It appears that it integrates infrared and RGB data, making the infrared-only photo distinguishable from a real human. With this setting enabled, the picture was no longer effective.

However, this setting isn’t a panacea. As well as the awkwardness of enabling it—there’s no user interface for it, so modifying the registry is the only way to go—it’s not available for all Hello hardware, and there’s no obvious way of knowing if it will work or not. The cameras integrated into Microsoft’s Surface devices support enhanced anti-spoofing, but the LilBit that was tested doesn’t. We also haven’t seen compatibility with this feature disclosed on spec sheets, either for laptops or for standalone cameras. Additionally, even if compatible with your hardware, the setting isn’t enabled by default, at least for systems that were upgraded to Windows 10 1703.

Taken together, all this means that a security option that every Windows Hello user should want to enable probably isn’t turned on and may not even work.

Listing image by SySS

from Ars Technica http://ift.tt/2BuxSRo
via IFTTT

Posted on

Hotel charged guests $350 after bad online reviews, so Indiana AG sues

Enlarge /

This is the “Patio Suite” at the Abbey Inn.

from Ars Technica http://ift.tt/2zeRtPw
via IFTTT

Posted on

Bitcoin’s price plunges amid broad cryptocurrency sell-off

After rocketing to a high above $19,500 last Sunday, bitcoin’s price has been steadily dropping this week. Those losses accelerated overnight, with the cryptocurrency falling below $13,000.

Bitcoin’s losses come amid a broad cryptocurrency selloff. As of Friday morning, every major cryptocurrency was posting double-digit 24-hour losses. Ethereum is down 28 percent over the last 24 hours, Bitcoin Cash is down 37 percent, and Litecoin is down 32 percent.

Data from <a href="http://ift.tt/2BOOdwR;

To be fair, all of these currencies—like bitcoin—have seen massive gains in recent weeks. They’re all well above their value at the start of December, to say nothing of values earlier in the year.

But the broad-based blockchain slide comes as a growing chorus of experts warn that cryptocurrency valuations could be an unsustainable bubble. Yesterday, a beverage company called the Long Island Iced Tea Company renamed itself “Long Blockchain” and was rewarded somewhat hysterically with a nearly 3-fold increase in its stock price. This story, and others like it, has convinced some observers that we’re seeing a repeat of the 1990s technology boom.

One factor weighing on bitcoin in particular is the network’s skyrocketing transaction fees. Two weeks ago, the daily average fee to send a bitcoin transaction hit an all-time high of $26. This week, the network left that record in the dust, with the average fee on Thursday reaching more than $50.

Of course, bubble warnings have been common throughout the cryptocurrency boom of the last year, and bitcoin has had several double-digit crashes before. In each of these past cases, bitcoin recovered its value and zoomed to new heights. The big question is whether this time is different.

from Ars Technica http://ift.tt/2BzHeLE
via IFTTT

Posted on

Washington state: Comcast was “even more deceptive” than we thought

Comcast

from Ars Technica http://ift.tt/2BjEjTc
via IFTTT