Recent headlines about PRISM — the U.S. government program that allows security officials to spy on people’s Internet activity — confirm what conspiracy theorists have long been foretelling: Big Brother is watching.
But is the government the only one keeping tabs on what you search for, watch and discuss with friends? The truth is, there are others out there — businesses, advertisers, scammers — hoping to line their pockets by collecting your personal data.
And they have a variety of tools at their disposal to gather the information they need — tools you might even have with you right now. That's right — everything from the smartphone in your pocket to the television in your bedroom can potentially be used to spy on you.
Here are some ordinary gadgets with serious spy potential.
Smartphones
You know your phone is smart, but just how smart is it? Smart enough to sense your every movement. Smart enough to capture your every word.
Smartphones possess an arsenal of powerful features — including microphones, GPS receivers, accelerometers and Wi-Fi antennas — that are meant to help users communicate and access information, but those very same tools can also be used for spying.
John Harrison, a representative with security software companySymantec, said mobile devices are increasingly playing host to the kinds of malware once found only on PCs, such as remote-access Trojans (RATs). RATs turn devices into Bond-esque spy tools, stealing passwords, recording video and audio, and launching attacks on other systems.
And smartphones are also vulnerable to other kinds of hacks. In 2010, researchers at Rutgers University in New Jersey performed a series of rootkit attacks on smartphones, demonstrating how to remotely activate a device's microphone to secretly record conversations.
The researchers were also able to install malware that allowed them to track a user's movements using the phone's GPS receiver.
According to the researchers, smartphone malware is even more dangerous than malware designed for nonmobile operating systems because users take their phones everywhere they go.
An infected desktop computer might record all the conversations you have in your home office, but a smartphone can record all those top-secret meetings you attend at headquarters or next week's clandestine rendezvous.
But even if you don't have secrets to keep, your sneaky smartphone can still cause trouble. Last October, researchers with the U.S. military developed an Android app that creates a 3D map of a phone's surroundings by taking candid photos and collecting orientation data with the phone's accelerometer.
The app, dubbed "PlaceRaider," poses as an innocuous camera app and sends sensitive smartphone data to an external server. Thanks to this app, burglars, identity thieves and other criminals could have a real-time blueprint of your home or business. They could even zoom in on noteworthy sections of the map, like that pile of financial statements on the desk or your open underwear drawer.
And most recently, researchers at the University of Alabama found that smartphones are susceptible to an entirely new kind of threat known as a "context-aware" attack. Such attacks activate malware via sound-based, magnetic or visual stimuli.
This type of malware could turn your phone into a sleeper agent, allowing your trusted device to silently bide its time before spilling all your secrets to some cybercriminal at the drop of a heavy bass line.
Tablets
If your smartphone turns against you, at least you still have your trusty tablet, right? Wrong. Most tablets have the same operating systems — as well as the same built-in spy tools — as smartphones do.
Take the accelerometer, for example. Much like a smartphone, your tablet comes equipped with a little device that senses the orientation of your tablet. Hence, when you flip the tablet sideways, the screen flips with it.
But the accelerometer also has the potential to flip your whole world upside down. A 2011 study by researchers at the University of California, Davis demonstrated how to use an accelerometer to steal usernames and passwords.
The researchers’ keylogger app measures the physical motion made when touching onscreen keys and can detect which keys were touched with 70 percent accuracy. If installed on your tablet, the "TouchLogger" app could provide scammers with all the information they need to wreak havoc on your digital world.
Smart TVs
So your mobile devices are all sneaky robots, but what about the stationary gadgets you keep at home? Surely, those are trustworthy.
Actually, they're not. In December 2012, cybersecurity firm ReVuln discovered a flaw in Samsung's then-newest-generation of smart TVs.
The flaw granted hackers access to viewers' sensitive data, such as viewing history and remote files. It also let hackers spread malware to USB devices attached to TVs.
Luigi Auriemma and Donato Ferrante, co-CEOs of ReVuln, said any device that takes an input from the environment, whether it's using Wi-Fi or some other means, is vulnerable.
"It's also interesting to consider that even a device not accessible from the Internet is at risk because it can be attacked from LAN [a local area network] through a compromised PC, or via other attack vectors like USB or Bluetooth," Auriemma and Ferrante wrote in an email interview with TechNewsDaily.
As more home devices, like TVs and gaming consoles, come equipped with these "attack vectors," they said, the chance of spyware spreading to every device you own increases exponentially. Take, for example, the Flame (aka Flamer, aka Skywiper) malware toolkit of 2012.
That piece of mega-malware was spread from USB to USB, infecting hundreds of machines running Windows’ XP, Vista and 7 operating systems. Once infected, hackers used compromised computers to perform some of the most advanced spy maneuvers the world has ever seen.
Flame — which is believed to have been developed by an unknown national government — could detect keystrokes, take screenshots, monitor user activity both on and offline, record conversations and even spy on other devices connected to the same Wi-Fi network. It then sent this data to a dozen different servers around the world.
Imagine the espionage that could occur if such spyware were compatible with mobile operating systems, like Android, or if it could be spread over the Internet as well as through USB devices.
Cable boxes
You're probably thinking that because your TV isn't connected to the Internet, your television habits are safe from the prying eyes of hackers and other unsavory characters, and you might be right. But then again, you might be wrong.
Although ideas about how to hack this type of device are still in their infancy, the mere possibility that it could happen could introduce privacy concerns.
In 2011, Verizon submitted a patent application for a TV set-top cable box equipped with motion and audio sensors that track viewers' every movement and utterance, all for the sake of bombarding them with targeted advertisements.
If the patent is ever approved, Verizon's voyeuristic device will be sure to wipe away any illusions you had about your privacy in the presence of consumer electronics.
Gaming consoles
While spying cable boxes are not yet a reality, spying Xboxes are. Ever since Microsoft debuted its first Kinect-compatible Xbox console in 2010, gamers have been speculating about whether they’re being spied on in their bedrooms.
This year, Microsoft is set to roll out a new console, the Xbox One — and rumors about its cyborglike capabilities, coupled with Microsoft's ambiguous language surrounding user privacy, aren't doing much to calm those fears.
Like its predecessors, the One connects to the Internet through the Xbox Live service, which must be manually shut off when not in use. That's right, unless you remember to shut it off, the One will be watching.
But what does the One do with the data it collects from gamers? Is this information sent directly to Mordor? To Microsoft?
Unfortunately, that much isn't completely clear. However, it's worth mentioning that much like Verizon, Microsoft also submitted a patent application in 2011 for an app — most likely for the Xbox One — that would track Xbox users’ TV watching and then reward them with advertiser coupons and other promotions.
According to The Verge, these rewards would be granted to users who watch an entire television series from start to finish, or to those who don't leave the room during commercials.
Smart meters
Right now, you're probably thinking, "I'll just give up playing video games, stop watching TV and flush my cellphone down the toilet." But before you do anything drastic, you should know this: They'll still be watching you.
"Smart" technology — such as refrigerators with touch screens, and wireless electric meters — might help you save money on your utility bills, but these connected devices also help hackers peer into your home.
Last year, a group of German researchers demonstrated the inherent vulnerabilities in smart-meter systems by hacking into an electric company's wireless network and intercepting the supposedly private information of its users.
Equipped with a digital fingerprint of a home's power usage, the researchers could tell when residents were at home, away or asleep. They could even tell what movies people were watching in their living rooms.
Although cybercriminals are likely not interested in your preference for the original “Toy Story” movie, they might like to know when you're spending the week in Disneyland.
But keep in mind that not all smart appliances offer up such valuable information to cybercriminals.
"Will [hackers] make their way onto my washing machine or refrigerator and see how much milk I have?" said Symantec's Harrison. "I am not sure too many hackers would care about that kind of thing."
But for gadgets that do transmit information that could line a hacker's pockets, Harrison recommends taking a few precautionary measures.
"Think before you click," Harrison said. "Users should be careful with which links they click on, even from people they know. If an email seems vague or out of character for that person, don't open it or click on the link. Just clicking on a malicious link can silently infect your system with a drive-by download."
And if you're worried that your TV or webcam is spying on you, Harrison said, there's a low-tech fix for that: Simply put a piece of tape over the camera.
To further thwart those nasty spies, consider a security software solution for all your devices, especially the ones you bring everywhere. And never underestimate the power of a good password.
No comments:
Post a Comment