iPhone hacked into spiPhone to eavesdrop and track what you type on nearby PC

From: http://blogs.computerworld.com/
By: Darlene Storm

You sit down at your desk, set down your mobile phone, boot your computer and then start work. Would it occur to you that a hacker might be using your smartphone as a spying device to track what you were typing?

Thanks to a hack by a research team at George Institute of Technology, your mobile phone can now be turned into a spiPhone that eavesdrops on the sound of your fingers tapping away on the keyboard to detect pairs of keystrokes and determine what you're typing. According to Georgia Tech, the snooping works by "using a smartphone accelerometer - the internal device that detects when and how the phone is tilted - to sense keyboard vibrations as you type to decipher complete sentences with up to 80% accuracy."

Here's the deal, you could download an innocent looking app that doesn't ask for any special permission to access your smartphone sensors. But whammo! You could be a targeted victim for spying because most mobile phones have no accelerometer security and request no permission for access to the accelerometer. You would not know the app was laced with a specially crafted malware to turn your phone into a spiPhone.

In case you are unfamiliar with an accelerometer, it can be found in all sorts of consumer electronics for the purposes of detecting motion input, orientation sensing, or be used for image stabilization. Accelerometers are common in smartphones "to present landscape or portrait views of the device's screen, based on the way the device is being held." In fact, accelerometers are in many devices such as Wii remotes and nunchuks, Nintendo 3DS, and PS3 DualShock 3 remotes, car collision notification systems that call for help after "detecting crash-strength G-forces," and even "sleep phase" alarm clocks use an accelerometer to sense a sleeper's movement so it will not awaken a person during the REM phase.

Although the accelerometer spying experiments started with an iPhone 3GS, it was too difficult to decipher the typing results. Patrick Traynor, assistant professor in Georgia Tech's School of Computer Science, said, "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."

Researchers previously tapped into microphones for this type of attack, but manufacturers have installed security precautions in mobile phones' microphones; when a user installs a new app, the phone's OS asks if the app can access the mic. While a phone's microphone is much more sensitive and can analyze vibrations about 44,000 times per second, compared to an accelerometer which samples vibrations only 100 times per second, the accelerometers in most phones have no security precautions.

"The way we see this attack working is that you, the phone's owner, would request or be asked to download an innocuous-looking application, which doesn't ask you for the use of any suspicious phone sensors," said Henry Carter, a PhD student in computer science and one of the study's co-authors. "Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening."

The eavesdropping technique does not detect single keystrokes, but "works through probability and by detecting pairs of keystrokes." It "listens" to "keyboard events" in pairs, then determines if the keys typed were on the left or right side of the keyboard and if they were close to each other or farther apart. Then it takes those pairs of keys depressed and runs them against a preloaded dictionary with 58,000 words, "each word of which has been broken down along similar measurements (i.e., are the letters left/right, near/far on a standard QWERTY keyboard)." It works reliably on words that are at least 3 letters and can accurately decipher what was typed about 80% of the time.

Traynor said not to be paranoid that hackers are spying on your keystrokes through your iPhones. "The likelihood of someone falling victim to an attack like this right now is pretty low," he said. "This was really hard to do. But could people do it if they really wanted to? We think yes." Until manufacturers build in some security on accelerometers, Traynor added that users can get around this vulnerability by keeping their mobile phones in their pockets or purses, or move the phone further away from the keyboard.

The findings of this research, "(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers," and will be presented this week at the 18th ACM Conference on Computer and Communications Security in Chicago.

The image and article above were garnered from a news release provided by George Institute of Technology.

How to spy on your neighbors with an unmanned aerial vehicle

Dean Takahashi
From: http://venturebeat.com/

Two do-it-yourself hackers have built an unmanned aerial vehicle that they can use to spy on computer networks from above. Created on a lark as an intellectual curiosity, the project shows that it’s not that hard to create a low-cost UAV that could do some serious damage to your neighbor’s privacy.

Security researchers Richard Perkins (pictured in purple) and Mike Tassey (in black) told an audience at the Black Hat security conference in Las Vegas how they created the mini spy plane for just a few thousands of dollars. They jokingly called their talk the “Aerial Cyber Apocalypse” and refer to their cyber attack method as “war flying.”

It may sound crazy, but the project shows that it’s not that hard to create one more vector for compromising the security of computer networks — a vector that comes from above the networks and is not likely to be anticipated by anyone who is targeted by it. It’s also one more example of the free-wheeling environment at Black Hat, where security researchers are encouraged to broach whimsical and uncomfortable topics.

The system uses an old foam-based U.S. Army drone airframe (FMQ-117B) that can carry less than 20 pounds altogether. Perkins, a hobbyist collector, had one of these in his basement.

“Doesn’t everyone have one of these at home?” Perkins joked.

The yellow drone (pictured) has wireless hardware on board to capture signals from Wi-Fi networks and then relay them to someone with a remote control unit on the ground. The drone can also imitate the actions of a cell phone tower and hack into cell phone calls (this is not legal, so the researchers did not actually demonstrate this capability onstage).

“This can give hackers direct access to otherwise inaccessible targets,” Tassey said. “They can converge in real-time behind an airplane and penetrate the security of a physical location. No one is looking at the sky.”

Perkins and Tassey controlled the system with a remote control and a Wi-Fi connection. On the ground, they processed data with a generic Intel-based PC with a 3.06 gigahertz processor, 4 gigabytes of main memory, a 500 gigabyte hard drive, and an Nvidia CUDA-based GTX 470 graphics chip.

The GPS transmitter on the drone sends telemetry data via a download link to the base station on the ground, and also enables the ground-based controller to upload flight commands.

In a video, they showed the UAV flying around 500 feet off the ground. It makes a little bit of a buzzing sound but they say you can’t hear it from more than 50 feet away. The airframe was free for them but is available for sale on eBay usually for a few hundred dollars. All told, the researchers spent $6,190 on the project, plus hundreds or thousands of hours of their time.

To target a network, the two send the drone into the air, have it monitor a Wi-Fi network from above, capture the data flowing through that network, and then send the data back to the computer on the ground. They can hack a secure Wi-Fi network with brute force techniques and come up with a password in about 4.5 hours.

In addition, the system can do recon on unencrypted wireless networks, eavesdrop on calls or jam cellular signals and reroute dialed numbers from a cell phone. The device could be used to spy on sensitive national areas, like the secret Area 51 military base in Nevada. Of course, that’s not legal.

“We can follow a target home from a place of work,” Perkins said. “Instead of calling 911, we could redirect your call so you’re calling me. You can customize this to the mission that you want.”

The device could also be used for good. You could, for instance, create an ad-hoc cell phone site in the air to provide service to a disaster area. It could also be used for search and rescue tasks or law enforcement and border protection. The military already uses drones for intelligence purposes.

Tassey said that terrorists could also use this kind of technology to build a fleet of UAVs that could do some serious damage with them. The researchers say that their project isn’t meant to give those people ideas; it’s aimed at raising awareness of the risks that exist.

In one test, the researchers said they detected 50 wireless networks. The Federal Aviation Administration requires that unmanned aircraft fly lower than 400 feet, but the drone that the men created is capable of flying up to 22,000 feet high.

“If we can do this, then the bad guys can do it and they won’t tell you about it,” Perkins said. “You don’t need a Ph.D. from MIT to do this.”

CES: iPhone-controlled drone unveiled at tech show curtain-raiser

AR.Drone – a flying 'quadricopter' with on-board cameras and internal guidance system – shown at Las Vegas industry event

• Bobbie Johnson in Las Vegas
  

• guardian.co.uk, 

The Parrot AR.Drone: 'Easy to control and flies like a dragonfly.' Photograph: Andrew Gombert/EPA

Unmanned drones have become synonymous with controversial military action in some of the most dangerous warzones. But now a child's toy has been created using the same technology.
The AR.Drone, an iPhone-controlled helicopter powered by four separate blades, has been unveiled at the agenda-setting Consumer Electronics Show in Las Vegas.

Boasting built-in military grade systems such as wind compensation and autopilot functions, the drone is able to hover for hours over a single spot – or fly under the command of a pilot using a wireless controller such as an iPhone.
The toy also boasts a number of other hi-tech embellishments, including a pair of on-board cameras and a computerised internal guidance system that allow it to track objects and react to the environment automatically.
"With video cameras and a powerful computer, we have developed a very stable drone that is easy to control and flies like a dragonfly," said Henri Seydoux, the founder and chief executive of the Paris-based company behind the toy, Parrot.
A spokesman for the company, which is better known for making Bluetooth headsets and in-car systems, would not say how much the AR Drone will cost – but confirmed that it would be available to buy later this year.
"Our first project was a Bluetooth race car. We've developed it, but I was not satisfied," said Seydoux. "So I started with the idea of a quadricopter."
The company was demonstrating the device at the annual Consumer Electronics Show in Las Vegas, one of the world's biggest technology industry showcases.
Thousands of computer buffs and hi-tech entrepreneurs are expected in the city this week as the world's most powerful electronics brands fight it out for top billing. Among the 2,500 companies in attendance are Microsoft, Sony, Samsung and Nokia – who are all launching major new products at the event.
The show's organisers expect more than 100,000 enthusiasts to turn up over the next four days to get their hands on new products such as touchscreen tablet computers, record-breaking television screens and electronic books.
Despite the focus on expensive gadgets and gizmos, however, toys are an increasingly significant part of the show – with a manufacturers showing off robots and hi-tech contraptions aimed at youngsters.
The high levels of interest and excitement come despite a difficult period for the event, which is entering its 42nd year. In 2009 many exhibitors were left reeling by the global economic crisis, and many have scaled down their plans for this year's show.
Organisers say that visitor numbers could be even lower this week than they were this time last year, although more new companies have signed up to exhibit than ever - a signal that the excitement that was absent last year has returned.
"There's a great deal of enthusiasm leading into 2010 that just wasn't there in the 2009 show," said Jason Oxman, a senior vice-president of the Consumer Electronics Association, which organises the event.

Caught on tape: Burglars target wrong techie

Grateful police say they've "never seen anything like this before"

By Paul McNamara
From: http://www.networkworld.com/

Maybe the Supreme Court ought to consider this scenario as it grapples with legal issues surrounding private electronic communications filtering into and out of the workplace.

A Framingham, Mass., resident received an urgent text message at work on Friday. It was from his home computer reporting the presence of movement inside of his apartment, which he had equipped with a motion detector and surveillance camera after a recent burglary.

The guy logs on, calls up the video feed, and bingo: Two burglars are having their way with his stuff. He calls the cops, who I'm going to presume have rarely had an easier collar.

From a MetroWest Daily News report:

Kevin John Fegan, 27, and Joshel Garcia, 18, both of Framingham, were inside the 205 Beaver St. apartment when police arrived and arrested them at 9:30 a.m., never knowing they were being watched via computer, Deputy Police Chief Craig Davis said.

The break-in and theft were also recorded for future use in court proceedings, the deputy chief said.

"I've never seen anything like this before," said Davis. "It's awesome."

Police have not released the name of citizen crime-fighter (nor his tape), perhaps partly due to the fact that one of the "suspects" lives nearby.

10 cutting-edge spy gadgets
Top 10 Buzzblog Posts for 2009

Burglars are caught in the act all the time by commercial surveillance equipment -- examples here, here and this one where some knucklehead hit a Las Vegas store catering to mixed martial artist fans. And I presume those home-protection services snag a miscreant or two now and then. But I don't recall reading of a do-it-yourselfer having this kind of success.

Hope his neighbors are properly expressing their gratitude.

Historic Amish Town Has More Spycams Than Major U.S. Cities

articles.latimes.com — Laid out in 1730, the whole town is 4 square miles around a central square. Amish families still sell quilts in the nation's oldest public market, and the Wal-Mart provides a hitching post to park a horse and buggy. But poverty is double the state's average. How security cameras affect crime is open to debate.

click here for the whole article: Lancaster, Pa., keeps a close eye on itself

Shared via AddThis