Play safe on the mobile, secure your devices!


SAFE Play ON MOBILE

All a sinister person needs to do to spy on you is to simply penetrate your smartphone or tablet.

OF late, spying has been a household word after revelations of Prism, a clandestine mass electronic surveillance programme operated by the United States National Security Agency (NSA), by former NSA contractor Edward Snowden. 

But one does not need an entire state programme to spy on someone.

All that a sinister person needs to do is to penetrate their intended victim’s smartphone or tablet. Which is quite an easy thing to do, actually. One of the common methods used is spyware.

Such spyware can easily be found by searching on Google although they are usually not free.

There is a possibility that consumers might download spyware from an identified party or an unknown source accidentally. – Goh Chee Hoh

This is what happened when a husband in Singapore suspected his wife of having an affair. On the pretence that his phone was not working, he borrowed his wife’s phone to make a call but instead installed a spyware app.

The husband was then able to see the calls made (but not hear the actual conversation), messages sent and her location at that point, from a computer using a Web-based application that communicated with the app.

When the information confirmed that she was having an affair, he continued to monitor her phone for some time before posting the information online, including the messages she sent to her “lover”. He did not reveal any personal details about themselves but this is how the news became public.

However, many have questioned the authenticity of the story, with some brushing it off as a publicity stunt to sell the spyware app.

Nevertheless, it pays to be safe, as there are apps that can do such things and they are easily obtainable from the Web.

“Mobile phones are an integral part of consumers’ lives, with two thirds of adults worldwide reporting that they use a mobile device to access the Internet,” says David Hall, senior manager of regional product marketing for Norton at Symantec Corporation.

“As we use our mobile phones in new and innovative ways, we’re also putting sensitive information at risk.”

“Spyware is a type of malware (malicious software) that logs information and then forwards that information from your device,” explains Rob Forsyth, director for Asia Pacific at Sophos Ltd.

Usually, such spyware is capable of operating quietly in the background so it can easily go unnoticed by an unsuspecting device owner.

“For a regular user, it is very difficult to figure out that they’ve been infected,” says Goh Su Gim, security advisor for Asia Pacific at F-Secure (M) Sdn Bhd. “There’s no obvious signs.”

In fact, it may surprise you to know that such threats could actually come from a source that’s known to you.

“There is a possibility that consumers might download spyware from an identified party such as their spouse, friends, colleagues, business associates or from an unknown source accidentally,” says Goh Chee Hoh, managing director for South-East Asia at Trend Micro Inc.

As an example, he describes a mobile phone monitoring service which uses Nickispy, a family of viruses that attacks Android devi­ces). It is said to be capable of monitoring a mobile user’s activities and whereabouts. The Chinese website which offers this service charges subscribers fees costing US$300 to US$540 (RM900 to RM1,620).

“This spyware sends MMS to the victim’s mobile device. Once the MMS is downloaded, the cybercriminal is granted access to your line of communications,” Chee Hoh says.

This security issue is further compounded in cases where a consumer uses the same device for both work and personal purposes.

“From a personal user’s standpoint, one can experience loss of privacy whereas from a business perspective, an organisation may lose sensitive data which can lead to loss of revenue,” he explains.

Had such an act been committed in Malaysia, it would go against Section 231 of the Communications and Multimedia Act 1998. Using an app to obtain information from another person’s phone can land the offender a RM50,000 fine or a prison term not exceeding two years if convicted.

The Malaysian Communications and Multimedia commission (MCMC), our multimedia industry nurturer and regulator, also said that it does not act alone when pursuing offenders.

“We look at each case individually and help other agencies like the police, for example, when upholding the law,” said Sheikh Raffie Abd Rahman, MCMC head of strategic communications.

No privacy on the Net !


Revelations about PRISM, a US government program that harvests data on the Internet, has sparked concerns about privacy and civil rights violations. But has there ever been real privacy and security on the WWW?

NSA_rivacy demonstrators-obamaDemonstrators hold posters during a demonstration against the US Internet surveillance program of the NSA, PRISM, at Checkpoint Charlie in Berlin, Germany, ahead of US President Barack Obama’s visit to the German capital.

IMAGINE a time before email, when all your correspondence was sent through the post. How would you feel if you knew that somebody at the post office was recording the details of all the people you were corresponding with, “just in case” you did something wrong?

I think quite a few of you would be upset about it.

Similarly, some Americans are furious over revelations made about a system called PRISM. In the last few weeks, an allegation has been made that the US government is harvesting data on the Internet by copying what travels through some of its Internet Service Providers.

The US Director of National Intelligence has said that PRISM “is not an undisclosed collection or data mining program”, but its detractors are not convinced that this doesn’t mean no such program exists.

I think there are mainly two kinds of responses to this revelation: “Oh my God!” and “What took them so long?”.

The Internet has never really been secure. Because your data usually has to travel via systems owned by other people, you are at their mercy as to what they do with it. The indications are that this is already being done elsewhere.

Countries such as China, India, Russia, Sweden and the United Kingdom allegedly already run similar tracking projects on telecommunications and the Internet, mostly modelled on the US National Security Agency’s (unconfirmed) call monitoring programme. For discussion, I’ll limit myself for the moment to just emails – something that most people would recognise as being private and personal.

I find many people are surprised when I tell them that sending email over the Internet is a little bit like sending your message on a postcard. Just because you need a password to access it, doesn’t mean it’s secure during transmission.

The analogy would be that your mailbox is locked so only you can open it, but those carrying the postcard can read it before it reaches its final destination. Of course, there are ways to mitigate this. One has to be careful about what one put in emails in the first place. Don’t send anything that would be disastrous if it were forwarded to someone else without your permission.

You could also encrypt your email, so only the receiver with the correct password or key could read it, but this is difficult for most end users to do. (For those interested in encrypting emails, I would recommend looking at a product called PGP.)

The analogy holds up for other Internet traffic. It’s easy to monitor, given enough money and time. And as easy as it is for the Good Guys to try to monitor the Bad Guys, it’s just as easy for the Bad Guys to monitor us hapless members of the public.

But who do we mean by the Bad Guys? Specifically, should the government and law-enforcement agencies be categorised as ‘Bad Guys’ for purposes of privacy? Generally, the line oft quoted is “if you have nothing to hide, then you have nothing to worry about”.

Yet, I think we all accept that there should be a fundamental right to privacy, for everybody from anybody. An interesting corollary to being able to express your thoughts freely is that you should also be able to decide when and how you make them public.

The fault in relying on organisations that say “trust us” isn’t in the spirit of their objectives, but in how the humans in them are flawed in character and action.

An example quoted regularly at the moment is how the FBI collected information about Martin Luther King because they considered him the “most dangerous and effective Negro leader in the country”.

One way of defining the boundaries are by codifying them in laws. For example, the Malaysian Personal Data Protection Act prohibits companies from sharing personal data with third parties without the original owner’s consent.

However, this law explicitly does not apply to the federal and state governments of Malaysia. Another clause indicates that consent is not necessary if it is for the purpose of “administration of justice”, or for the “exercise of any functions conferred on any person by or under any law”.

In relation to the revelations of PRISM, several questions come to mind: Can Internet traffic (or a subset of it) be considered “personal data”? Is it possible for government agencies to collect and store such data without your consent?

And if so, what safeguards are there to ensure that this personal data is accurate, is used correctly and is relevant for storage in the first place?

This should be a sharp point of debate, not just in terms of which of our secrets the government can be privy to, but also of which of the government’s information should be readily accessible by us.

True, there is so much data out there that analysing it is not a trivial task. However, companies such as Google are doing exactly that kind of work on large volumes of unstructured data so that you can search for cute kittens. The technology is already on its way.

Perhaps I am being over-cautious, but it seems a bit fantastical that people can know your deepest and darkest secrets by just monitoring a sequence of 1’s and 0’s. But, to quote science fiction author Phillip K. Dick, “It’s strange how paranoia can link up with reality now and then”.

Contradictheory
By DZOF AZMI

> Logic is the antithesis of emotion but mathematician-turned-scriptwriter Dzof Azmi’s theory is that people need both to make sense of life’s vagaries and contradictions. Speak to him at star2@thestar.com.my.

Related post:

US Spy Snowden Says U.S. Hacking China Since 2009

FCC Proposes:Fine for Google Wi-Fi snooping ‘obstruction’


By TheStreet Staf

WASHINGTON — The Federal Communications Commission has proposed fining Google(GOOG_) $25,000 for obstructing an investigation into the company’s collection of data from unencrypted Wi-Fi networks in 2010, according to a published media report.

 Although the FCC has decided there was insufficient evidence to conclude that the data collection violated federal rules, the commission said Google deliberately impeded the investigation, The Wall Street Journal reported Saturday.

The probe looked at whether Google broke rules designed to prevent electronic eavesdropping when its Street View service collected and stored the data from the Wi-Fi networks, the newspaper reported.

The FCC proposed the fine late Friday night, the Journal said.

Google may appeal the proposed fine before the commission makes it final, the Journal said. The company has said that it inadvertently collected the data and stopped doing so when it realized what was going on, the newspaper added.

Shares of Google closed Friday down $26.41 at $624.60.

FCC proposes fine for Google Wi-Fi snooping case ‘obstruction’

By Zack Whittaker

Summary: The U.S. FCC has proposed a $25,000 fine after Google “impeded and delayed” an investigation into collecting wireless payload data from unencrypted Wi-Fi networks.

The U.S. Federal Communications Commission is proposing a $25,000 fine against Google for “deliberately impeded and delayed” an ongoing investigation into whether it breached federal laws over its street-mapping service, the Wall Street Journal reports.

The FCC initiated an investigation in 2010 after Google collected and stored payload data from unencrypted wireless networks as part of its Google Maps Street View service. Its intended use, Google says, was to build up a list of Wi-Fi network hotspots to aid geolocation services on mobile devices through ‘assisted-GPS.

The U.S. followed suit after many European countries, including Germany, which has some of the strictest data protection and privacy laws in the world. But the European nation went one step further and told Google to withdraw its Street View cars from the country altogether.

Google also drew fire from the UK’s data protection agency after it was told it committed a “significant breach” of the UK and European data lawswhen it collected wireless data from home networks. It was audited by the regulator and was told it “must do more” to improve its privacy policies. Google said it had taken “reasonable steps” to further protect the data of its users and customers.

But the FCC stopped short of accusing Google of directly violating data interception and wiretapping laws, citing lack of evidence. The federal communications authority did not fine the company under eavesdropping laws, as there is no set precedent for applying the law against ‘fair-game’ unencrypted networks.

The FCC took the action after it believed Google was reluctant to co-operate with the authorities after the scandal emerged. An FCC statement added that a Google engineer thought to have written the code that collected the data invoked his Fifth Amendment rights to prevent self-incrimination.

Google can appeal the fine. Despite the fine being a mere fraction of the company’s U.S. annual turnover, not doing so until its legal avenues are exhausted would almost be an admittance of guilt.

The search giant eventually offered an opt-out mechanism for its location database by adding text to the networks’ router name. But further controversy was drawn after another Silicon Valley company offered an opt-out only solution.

Facebook also drew fire from the regulators after the U.S. Federal Trade Commission allowed the social networking giant to settle, allowing users to opt-in to its sharing privacy settings, rather than opting-out; seen as a major win for U.S. users’ privacy on the site.

Newscribe : get free news in real time

Related articles and posts:

Follow

Get every new post delivered to your Inbox.

Join 1,230 other followers

%d bloggers like this: