Spyware

Tech News

Five MORE warning signs that your phone may be spying on you

You might not want to hear it, but suspicious spouses may be behind one of those reasons

Featured Tech News photo

If what we wrote about the warning signs your phone might be spying on you got your attention, buckle up because there’s more that ConsumerAffairs uncovered thanks to experts from VPNOverview. Spoiler alert: one may be your spouse.

In and amongst your WhatsApp, Words With Friends, and all the other apps that suck up your time, the VPNOverview analysts said that some viruses and spyware could be hidden alongside your legitimate apps.

“It is good practice to regularly go th...

Read article
Featured Tech News photo

Latest Articles

  1. Roku and Instacart now offering on-screen ordering and one-hour delivery of products
  2. AI isn't always as smart as we think it is
  3. Hurricane Helene may cause problems for the semiconductor industry
  4. CNN online? That will be $3.99
  5. DirecTV acquires Dish and Sling TV for $1

Not sure how to choose?

Get expert buying tips about Spyware delivered to your inbox.

    By entering your email, you agree to sign up for consumer news, tips and giveaways from ConsumerAffairs. Unsubscribe at any time.

    Thanks for subscribing.

    You have successfully subscribed to our newsletter! Enjoy reading our tips and recommendations.

    Recent Articles

    Newest
    • Newest
    • Oldest
    Article Image

    Spyware apps found on Google's official Play Market

    Researchers say over 4,000 malicious apps targeting Android users are circulating in third-party marketplaces

    Consumers are constantly being reminded to only download apps to their devices that have been thoroughly vetted and published on reputable marketplaces. However, a recent discovery by mobile security firm Lookout shows that even these sources aren’t infallible.

    In a blog post published last week, researchers working for the firm found that a single threat actor has attempted to publish over 4,000 spyware apps since February 2017, with at least three of them making their way to the Google Play Store.

    One of the apps, called Soniac, was marketed as a customizable communications program and was downloaded up to 5,000 times before Google removed it from the marketplace. The researchers found that the app was chock full of spyware capabilities, including the ability to record audio, make calls, send text messages, and retrieve contacts and other sensitive information.

    Ars Technica reports that the other two apps – Hulk Messenger and Troy Chat – had been available on Google’s marketplace but had been removed earlier by either the company or the developer. The researchers say that the remaining 4,000+ malicious apps are still being distributed in alternative markets, and are being categorized as part of a malware family that Lookout calls “SonicSpy.”

    “What’s commonly seen in all SonicSpy samples is that once they compromise a device they beacon to command and control servers and await instructions from the operator who can issue one of seventy three supported commands,” said Lookout researcher Michael Flossman. “The way this has been implemented is distinct across the entire SonicSpy family.”

    What to do

    The researchers say that once the SonicSpy apps have been downloaded, they will often remove their launcher icons to hide their presence on the device and establish a connection to the operator’s control server.

    To avoid downloading one of these malicious apps, consumers are reminded to only install apps from trusted sources on trusted marketplaces. However, since at least some of these apps have made it onto Google’s marketplace, consumers are urged to exercise even more caution and to scrutinize any non-Google app sources, with the exception of Amazon’s official Android offerings.

    "Anyone accessing sensitive information on their mobile device should be concerned about SonicSpy. The actors behind this family have shown that they're capable of getting their spyware into the official app store and as it's actively being developed, and its build process is automated, it's likely that SonicSpy will surface again in the future," the security researchers said.

    Consumers are constantly being reminded to only download apps to their devices that have been thoroughly vetted and published on reputable marketplaces. Ho...

    Article Image

    HP laptops and tablets come with pre-installed keylogger, researchers say

    The software records users' keystrokes, including passwords and other sensitive information

    Privacy is a precious commodity in today’s consumer culture, with computer users having to contend with spyware, malware, phishing attempts, and a host of other insidious tech-related probes. While the following doesn’t seem to fall under that same malicious category, owners of certain HP laptops may be surprised to learn that their every keystroke may have been recorded, including those used to enter sensitive passwords and log-in information.

    A team of Swiss security researchers at ModZero have found that these devices come pre-installed with an audio driver that basically acts as a keylogger. For those who don’t know, a keylogger is a program or device that records and stores all the keystrokes you make on your device. Someone with access to a keylogger would be able to see any private or sensitive information.

    In this case, the keylogger was found to be part of a debugging feature on audio drivers that were installed on several models of HP laptops and tablets. CNET reports that executable files within the drivers recorded keystrokes and sent the information to a log file in a public directory in the device’s hard drive.

    “This type of debugging turns the audio driver effectively into keylogging spyware. On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015,” the researchers said.

    Never meant for finished products

    The researchers found that 28 HP laptop and tablet models that have this keylogging feature. They include:

    • HP EliteBook 820 G3 Notebook PC
    • HP EliteBook 828 G3 Notebook PC
    • HP EliteBook 840 G3 Notebook PC
    • HP EliteBook 848 G3 Notebook PC
    • HP EliteBook 850 G3 Notebook PC
    • HP ProBook 640 G2 Notebook PC
    • HP ProBook 650 G2 Notebook PC
    • HP ProBook 645 G2 Notebook PC
    • HP ProBook 655 G2 Notebook PC
    • HP ProBook 450 G3 Notebook PC
    • HP ProBook 430 G3 Notebook PC
    • HP ProBook 440 G3 Notebook PC
    • HP ProBook 446 G3 Notebook PC
    • HP ProBook 470 G3 Notebook PC
    • HP ProBook 455 G3 Notebook PC
    • HP EliteBook 725 G3 Notebook PC
    • HP EliteBook 745 G3 Notebook PC
    • HP EliteBook 755 G3 Notebook PC
    • HP EliteBook 1030 G1 Notebook PC
    • HP ZBook 15u G3 Mobile Workstation
    • HP Elite x2 1012 G1 Tablet
    • HP Elite x2 1012 G1 with Travel Keyboard
    • HP Elite x2 1012 G1 Advanced Keyboard
    • HP EliteBook Folio 1040 G3 Notebook PC
    • HP ZBook 17 G3 Mobile Workstation
    • HP ZBook 15 G3 Mobile Workstation
    • HP ZBook Studio G3 Mobile Workstation
    • HP EliteBook Folio G1 Notebook PC

    In a statement, HP explained that the feature should never have been included in the final versions of the devices. "Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version," the company said.

    HP vice-president Michael Nash said that a patch for the issue has been added to Windows update and can also be accessed at HP’s website.

    Privacy is a precious commodity in today’s consumer culture, with computer users having to contend with spyware, malware, phishing attempts, and a host of...

    Article Image

    Department of Justice confirms that its agents require warrants before using Stingray to spy on you

    But the Department of Homeland Security, plus state and local police, do not

    Last Thursday, the Department of Justice announced the immediate implementation of what it called an “enhanced policy” regarding the use of “cell-site simulators,” also known as “Stingrays.”

    The enhanced policy essentially confirms that federal agents under DoJ jurisdiction – including those from the FBI, Drug Enforcement Administration, U.S. Marshals Service, Bureau of Alcohol, Tobacco and Firearms, and others, must get warrants before using Stingray technology to collect information about people.

    However, this policy only covers organizations under direct DoJ jurisdiction, which does not include agents of the Department of Homeland Security, nor state- or local-level police.

    The Fourth Amendment to the Constitution, which was ratified in December 1791 along with the rest of the Bill of Rights, sets limits on the government's behavior by guaranteeing “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures,” unless the government obtains a warrant based on probable cause to suspect that the person being searched is actually guilty of a crime.

    New technology argument

    And ever since 1791, whenever new technology has been introduced, various members of the government have tried arguing that the constitutional restrictions on their behavior shouldn't apply to this new technology, too. Such debates have become especially contentious ever since cell phones, the Internet, computers and related items made it technologically possible for governments to spy on their populations more thoroughly than ever before.

    What exactly is a cell-site simulator, and why is its use so controversial? As the name suggests, cell-site simulators are devices that simulate cell phone towers in a way that forces cell phones in the area to broadcast information which can be used to locate and identify them. And of course, if you know the location and movement of a given cell phone, you probably know the same information about the cell phone's owner.

    In February, the American Civil Liberties Union released records it had obtained via Freedom of Information requests from police agencies across the state of Florida, detailing widespread law enforcement use of Stingray surveillance. This surveillance was kept secret not only from ordinary American citizens, but from judges and the court system, too.

    That secrecy was allegedly justified in the name of “national security” even though, as the ACLU noted at the time, a detailed list of over 250 investigations from just one city's police department showed that not a single case was actually related to national security. Since 2008, Florida alone spent more than $3 million on Stingrays and related equipment, according to the ACLU.

    Not the locals

    But the Department of Justice's new policy doesn't apply to local police departments. Indeed, right now it's impossible to say for certain how many Stingray towers there are, or how many government departments (at all levels) use them. The ACLU has produced a map illustrating “Stingray tracking devices: who's got them?” However, as the ACLU said in an explanation of the maps' limitations:

    The ACLU has identified 54 agencies in 21 states and the District of Columbia that own stingrays, but because many agencies continue to shroud their purchase and use of stingrays in secrecy, this map dramatically underrepresents the actual use of stingrays by law enforcement agencies nationwide.

    Stingrays, also known as "cell site simulators" or "IMSI catchers," are invasive cell phone surveillance devices that mimic cell phone towers and send out signals to trick cell phones in the area into transmitting their locations and identifying information. When used to track a suspect's cell phone, they also gather information about the phones of countless bystanders who happen to be nearby.

    Which is why Linda Lye, an attorney with the ACLU of Northern California, told Ars Technica that the DoJ policy mandating federal agents get warrants before using Stingray is “a welcome and overdue first step, but it is just a first step. It doesn’t cover non-DOJ entities and it doesn’t cover the locals.”

    Last Thursday, the Department of Justice announced the immediate implementation of what it called an “enhanced policy” regarding the use of “cell-site simu...

    Schwarzenegger Terminates Spychip Bill

    It's back to Square One for California privacy advocates.

    October 5, 2006
    It's back to Square One for California privacy advocates hoping to restrict the use of "spychip" technology in the state, after Gov. Arnold Schwarzenegger vetoed a bill passed by the General Assembly.

    Schwarzenegger said the measure might contradict forthcoming federal guidance for technology used in government identification, specifically relating to the REAL ID act, which mandates national standards for verifying the identity of driver's license applicants.

    The so-called spychip technology -- technical known as radio frequency identification (RFID) (RFID) -- is a leading contender for use in nationally-readable ID cards.

    "I am concerned that the bill's provisions are overbroad and may unduly burden the numerous beneficial new applications of contactless technology," Schwarzenegger said in his veto statement.

    The bill, sponsored by state Senator Joseph Simitian (D-Palo Alto), would have implemented multiple safeguards into any machines capable of reading RFID-tagged cards, provided information on the locations of RFID tag machine readers throughout the state, and ensured consumers had control of how their information was transmitted.

    With RFID technology, any product -- or person, for that matter -- can be tracked and catalogued. It's the potential to track humans that has alarmed many privacy advocates.

    Organizations such as the American Civil Liberties Union (ACLU) hoped that passage of the California law would trigger other states to pursue similar measures. Privacy advocates such as Liz McIntyre criticized Schwarzenegger's veto as an example of "his admiration for paternalistic power."

    "He's in the cat bird seat now, but his perspective might change if he becomes the tracked rather than the person doing the tracking, "McIntyre told ConsumerAffairs.com.

    "It's a shame he had the opportunity to protect what's left of California citizens' privacy, but chose instead to terminate the bill."

    McIntyre and partner Katherine Albrecht have led the charge for more public awareness of the usage of RFID tags, or spychips, in public life.

    Their book of the same name details many examples of government and business pushing the use of RFID tagging for everything from jeans to medical patients.

    McIntyre and Albrecht also head CASPIAN (Consumers Against Supermarket Privacy Invasion And Numbering), which opposes the usage of "loyalty cards" and collecting information on shoppers' buying habits.

    The duo had previously brought attention to Levi Strauss and Co.'s attempts to test RFID tracking chips imbedded in men's jeans at stores in Mexico. Levi Strauss refused to disclose the location of the tests, possibly fearing a consumer backlash and boycott.

    In spite of the criticism, government agencies and businesses are pushing ahead with various RFID initiatives. Leading RFID technology designer VeriChip has been petitioning the Pentagon to "tag" all military personnel with chips containing their personal health information.

    Hackers and security analysts have repeatedly demonstrated that RFID chips can be "read" and copied easily, enabling thieves to make off with any information stored therein, but to no avail.

    If RFID tags make it into the new REAL ID driver's licenses, that will be one more item on the list for a program with estimated costs running in the hundreds of millions.

    Critics of the plan say that the initiative is one step closer to a national ID card, as well as a potential gold mine for identity thieves who will take advantage of the massive project to harvest information from unsuspecting Americans.

    Schwarzenegger Terminates Spychip Bill...