Surveillance State: Hackers Have Found a Pulsating New Way to Spy on You on Your Phone and FitBit

Hackers may be pickin’ up good vibrations from your phone. All the better to surveil you with, my dear.

Researchers at the Electrical and Computer Engineering school of the University of Illinois at Urbana-Champaign discovered that the vibration motor in your devices can operate like a microphone, according to the researchers’ paper. That means, if a hacker rewires your vibration motor (which TechCrunch reported could be executed “in a minute or two”), they can listen to what you’re saying.

The system, VibraPhone, works on any device with a vibration motor — which includes our phones and wearables.

And it works damn well. Humans were able to understand the recorded words via the vibration motor with greater than 80% average accuracy, according to the researchers’ paper. The researchers note that the “fidelity to which this is possible has been somewhat unexpected.” More great news for malware eavesdroppers: This system doesn’t require any machine learning or pattern recognition to extract the decoded sounds.

It does have a weakness though: high frequencies. So if you’re squeaking like a chipmunk, chances are the system won’t be able to pick up your sounds. This also includes some consonants and vowels like “i” and “e” which have frequencies high enough to be suppressed by the system, according to the paper.

But it’s not all wiretapping and espionage — the VibraPhone can be used for good. The researchers also see the system as a way to recover speech from the vibrations of vocal cords, facial bones or skull, which can help to build better assistive technology for individuals with speech impairment, TechCrunch reported.

And this isn’t the first time researchers have translated sweet vibrations into words — researchers at MIT, Microsoft and Adobe previously created an algorithm that extracted audio from a vibrating potato-chip bag.

Read the Original Article at Mic

Cyber-Warfare: Policing The Dark Web and How it Can Effect National Sovereignty

Cops hack into foreign computers to find cyber criminals

As crime continues to proliferate on the so-called dark web, law enforcement agencies are sometimes having to work outside of their jurisdiction. When a suspected criminal acts on the dark web, authorities are unlikely to know where in the world he or she is physically located. So if they then attempt to take action, they might be inadvertently carrying out an operation that crosses borders.

One researcher argues in a working paper that this raises serious concerns around national sovereignty, and could even lead to retaliation from affected countries or prosecution of investigators.

“Basically, it’s like playing Russian Roulette with cross-border cyber operations,” Ahmed Ghappour, visiting assistant professor at UC Hastings College of Law and author of the paper “Searching Places Unknown: Law Enforcement Jurisdiction on the Dark Web,” told Motherboard in a phone call.

In response to dark web-related crime, law enforcement agencies have moved to more non-traditional means of identifying suspects, in some cases directly hacking criminals’ computers to circumvent the protections given by the Tor anonymity network.

But, because it’s largely impossible to know where a target computer is located before it’s been hacked, the FBI and other bodies are sometimes breaking into computers overseas, without explicit consent of the host country. “At bottom, no country has consented to us hacking them, or hacking their citizens, in the same way that we haven’t consented to another country to hack us,” Ghappour said.

Read the Remainder at Motherboard

 

 

 

An Easy Way for Hackers to Burn Industrial Motors

Hacker stealing data from computer

HACKS THAT CAUSE physical destruction are so rare they can be counted on one hand. The infamous Stuxnet worm was the first, causing physical destruction of nuclear centrifuges in Iran in 2009. In 2014, Germany reported the second known case of physical destruction involving a furnace at a steel mill. Both of these attacks required extensive knowledge to pull off. But now a researcher has found an easy way for low-skilled hackers to cause physical damage remotely with a single action—and some of the devices his hack targets are readily accessible over the Internet.

The hack focuses on variable-frequency drives that control motors operating fans and pumps in water plants, mining operations and in heating and air conditioning systems. The drives are digital devices used to set and maintain the electrical frequency fed to the motors to control their speed. These motors in turn control things like water pumps, rock-crushing systems and air-compression equipment.

Reid Wightman, a security researcher with Digital Bond Labs, found that at least four makers of variable-frequency drives all have the same vulnerability: they have both read and write capability and don’t require authentication to prevent unauthorized parties from easily writing to the devices to re-set the speed of a motor. What’s more, the variable drives announce the top speed at which motors connected to them should safely operate, allowing hackers to determine the necessary frequency to send the device into a danger zone.

Read the Remainder at Wired

State Sponsored Cyber-Terrorism is Here to Stay

I have been talking alot about 4th Generation Warfare on this blog, in particular, the use of State-Sponsored Cyber Warfare that is used against an enemies infra-structure to disable it. This can include attacks on Utilities (water, power, oil/natural gas) Financial (banks, savings and loans, credit unions) and National Defense networks and contractors. We saw an example of this when it was discovered that Russia, in 2011, had planted a Trojan Horse (malware) called Black Energy in vital American infra-structure networks such as nuclear power plants and conventional electric power plants across this nation. It is also believed the same Russian hacker group was responsible for the attack on JP Morgan in July, in which confidential data was exposed of over 83 million people.

Fast forward to the present and the news of the day is the cyber attack by the North Korean “Guardians of Peace” on Sony Entertainment. Being called “Unprecedented” and “The most well planned Cyber-attack in recent history”, the ballsy and expansive hack has exposed tons of personal celebrity and executive information and protected trade secrets. One of the primary motives for the cyber intrusion has been thought to be to stop the release of the movie “The Interview” set to premiere on Christmas Day 2014. The goofy comedy portrays two bumbling Cheech and Chong like idiots attempting to assassinate Kim Jong Un. The film in general is said to portray North Korea in an unflattering light, which has stirred further speculation that the hack, like previous Russian jobs, is state sponsored by North Korea and NOT some “rogue” cyber-criminal gang trying to make a name for themselves in Wired magazine!

To further qualify the Sony hack was well organized and planned, several Theater chains, like Carmike and Arc-Light, have now announced they WILL NOT show “The Interview”. Not long after this came the announcement of the cancellation of the New York premiere of the film due to THREATS OF “9/11 Like” VIOLENCE by the G.O.P.

One has to conclude then, that 4th Generation Warfare has come to full fruition in the 21st Century; even if it only effected the pop-cultural part of a democracy, you have to admit, it effected it in a big way! The Cyber side of war, or one could even use the term “Cyber-Terrorism”, is now a real, viable threat to any Country around the globe. When you look at the big picture, ever since the Sony Hack occurred, it has been plastered all over the news 24/7, with a new story every day on how leaked information caused some problem for a celebrity or executive somewhere. Now, with just a simple threat (that has been backed up by obvious uber-technological skill) several multi-million dollar corporations, to include the all-powerful Sony, have cowed down to these hackers. Never in recent history has so much been accomplished without a gun or not having to shoot a hostage!

Welcome to a Brave New (Cyber) World.

Stay Armed, Stay Vigilant and Stay Dangerous!