Google Reports Hackers Have For Years Put ‘monitoring implants’ In iPhones
The Guardian (8/30/19)
An unprecedented iPhone hacking operation, which attacked “thousands of users a week” until it was disrupted in January, has been revealed by researchers at Google’s external security team.
The operation, which lasted two and a half years, used a small collection of hacked websites to deliver malware on to the iPhones of visitors. Users were compromised simply by visiting the sites: no interaction was necessary, and some of the methods used by the hackers affected even fully up-to-date phones.
Once hacked, the user’s deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database.
The one silver lining is that the implant was not persistent: when the phone was restarted, it was cleared from memory unless the user revisited a compromised site. However, according to Ian Beer, a security researcher at Google: “Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.” …
Amazon’s Doorbell Camera Ring Is Working With Police – And Telling Them What To Say To The Public
The Guardian (8/30/19)
Ring, Amazon’s camera-connected smart doorbell company, has cameras watching hundreds of thousands of doorsteps across the US. It’s also keeping an eye on what local police say online.
Records obtained through an information request show how Ring uses corporate partnerships to shape the communications of police departments it collaborates with, directing the departments’ press releases, social media posts and comments on public posts.
Ring, which was acquired by Amazon in 2018, sells smart doorbells that allow users to monitor their doorstep remotely and operates Neighbors by Ring, an accompanying app that lets users view footage uploaded by other Ring owners.
In recent months, Ring has partnered with hundreds of US law enforcement agencies, offering departments access to its platform in exchange for outreach to residents. Ring says the program gives police more resources to solve crimes, while critics fear the company is quietly building up a for-profit private surveillance network. Ring’s power over police departments’ communications with the citizens they serve is just the latest question about the company’s operations.
Andrew Ferguson, a law professor and the author of The Rise of Big Data Policing said there has been a rise of tech company influence on police work over the past decade, but shaping marketing language within police departments represents a new level of “distortion of public safety rule”.
“Police should not have dual loyalty to a private company and the public – their loyalty should be to the public,” he said. “Any sort of blurring of that line causes us to question that loyalty.” …