|
Recent headlines about PRISM — the U.S. government
program that allows security officials to spy on people’s Internet
activity — confirm what conspiracy theorists have long been foretelling:
Big Brother is watching.
But is the government the only one keeping tabs on what you search for,
watch and discuss with friends? The truth is, there are others out there
— businesses, advertisers, scammers — hoping to line their pockets by
collecting your personal data.
And they have a variety of tools at their disposal to gather the
information they need — tools you might even have with you right now.
That's right — everything from the smartphone in your pocket to the
television in your bedroom can potentially be used to spy on you.
Here are some ordinary gadgets with serious spy potential.
|
|
 |
|
Smartphones
You know your phone is smart, but just how smart is it? Smart enough to
sense your every movement. Smart enough to capture your every word.
Smartphones possess an arsenal of powerful features — including
microphones, GPS receivers, accelerometers and Wi-Fi antennas — that are
meant to help users communicate and access information, but those very
same tools can also be used for spying.
John Harrison, a representative with security software company Symantec,
said mobile devices are increasingly playing host to the kinds of
malware once found only on PCs, such as remote-access Trojans (RATs).
RATs turn devices into Bond-esque spy tools, stealing passwords,
recording video and audio, and launching attacks on other systems.
And smartphones are also vulnerable to other kinds of hacks. In 2010,
researchers at Rutgers University in New Jersey performed a series of
rootkit attacks on smartphones, demonstrating how to remotely activate a
device's microphone to secretly record conversations.
The researchers were also able to install malware that allowed them to
track a user's movements using the phone's GPS receiver.
According to the researchers, smartphone malware is even more dangerous
than malware designed for nonmobile operating systems because users take
their phones everywhere they go.
An infected desktop computer might record all the conversations you have
in your home office, but a smartphone can record all those top-secret
meetings you attend at headquarters or next week's clandestine
rendezvous.
But even if you don't have secrets to keep, your sneaky smartphone can
still cause trouble. Last October, researchers with the U.S. military
developed an Android app that creates a 3D map of a phone's surroundings
by taking candid photos and collecting orientation data with the phone's
accelerometer.
The app, dubbed "PlaceRaider," poses as an innocuous camera app and
sends sensitive smartphone data to an external server. Thanks to this
app, burglars, identity thieves and other criminals could have a
real-time blueprint of your home or business. They could even zoom in on
noteworthy sections of the map, like that pile of financial statements
on the desk or your open underwear drawer.
|
|
|
|
And most recently, researchers at the University of Alabama found that
smartphones are susceptible to an entirely new kind of threat known as a
"context-aware" attack. Such attacks activate malware via sound-based,
magnetic or visual stimuli.
This type of malware could turn your phone into a sleeper agent,
allowing your trusted device to silently bide its time before spilling
all your secrets to some cybercriminal at the drop of a heavy bass line.
Tablets
If your smartphone turns against you, at least you still have your
trusty tablet, right? Wrong. Most tablets have the same operating
systems — as well as the same built-in spy tools — as smartphones do.
Take the accelerometer, for example. Much like a smartphone, your tablet
comes equipped with a little device that senses the orientation of your
tablet. Hence, when you flip the tablet sideways, the screen flips with
it.
But the accelerometer also has the potential to flip your whole world
upside down. A 2011 study by researchers at the University of
California, Davis demonstrated how to use an accelerometer to steal
usernames and passwords.
The researchers’ keylogger app measures the physical motion made when
touching onscreen keys and can detect which keys were touched with 70
percent accuracy. If installed on your tablet, the "TouchLogger" app
could provide scammers with all the information they need to wreak havoc
on your digital world.
Smart TVs
So your mobile devices are all sneaky robots, but what about the
stationary gadgets you keep at home? Surely, those are trustworthy.
Actually, they're not. In December 2012, cybersecurity firm ReVuln
discovered a flaw in Samsung's then-newest-generation of smart TVs.
The flaw granted hackers access to viewers' sensitive data, such as
viewing history and remote files. It also let hackers spread malware to
USB devices attached to TVs.
Luigi Auriemma and Donato Ferrante, co-CEOs of ReVuln, said any device
that takes an input from the environment, whether it's using Wi-Fi or
some other means, is vulnerable.
"It's also interesting to consider that even a device not accessible
from the Internet is at risk because it can be attacked from LAN [a
local area network] through a compromised PC, or via other attack
vectors like USB or Bluetooth," Auriemma and Ferrante wrote in an email
interview with TechNewsDaily.
As more home devices, like TVs and gaming consoles, come equipped with
these "attack vectors," they said, the chance of spyware spreading to
every device you own increases exponentially. Take, for example, the
Flame (aka Flamer, aka Skywiper) malware toolkit of 2012.
|
|
|
|
That piece of mega-malware was spread from USB to USB, infecting
hundreds of machines running Windows’ XP, Vista and 7 operating systems.
Once infected, hackers used compromised computers to perform some of the
most advanced spy maneuvers the world has ever seen.
Flame — which is believed to have been developed by an unknown national
government — could detect keystrokes, take screenshots, monitor user
activity both on and offline, record conversations and even spy on other
devices connected to the same Wi-Fi network. It then sent this data to a
dozen different servers around the world.
Imagine the espionage that could occur if such spyware were compatible
with mobile operating systems, like Android, or if it could be spread
over the Internet as well as through USB devices.
Cable boxes
You're probably thinking that because your TV isn't connected to the
Internet, your television habits are safe from the prying eyes of
hackers and other unsavory characters, and you might be right. But then
again, you might be wrong.
Although ideas about how to hack this type of device are still in their
infancy, the mere possibility that it could happen could introduce
privacy concerns.
In 2011, Verizon submitted a patent application for a TV set-top cable
box equipped with motion and audio sensors that track viewers' every
movement and utterance, all for the sake of bombarding them with
targeted advertisements.
If the patent is ever approved, Verizon's voyeuristic device will be
sure to wipe away any illusions you had about your privacy in the
presence of consumer electronics.
Gaming consoles
While spying cable boxes are not yet a reality, spying Xboxes are. Ever
since Microsoft debuted its first Kinect-compatible Xbox console in
2010, gamers have been speculating about whether they’re being spied on
in their bedrooms.
|
|
 |
|
This year, Microsoft is set to roll out a new console, the Xbox One —
and rumors about its cyborglike capabilities, coupled with Microsoft's
ambiguous language surrounding user privacy, aren't doing much to calm
those fears.
Like its predecessors, the One connects to the Internet through the Xbox
Live service, which must be manually shut off when not in use. That's
right, unless you remember to shut it off, the One will be watching.
But what does the One do with the data it collects from gamers? Is this
information sent directly to Mordor? To Microsoft?
Unfortunately, that much isn't completely clear. However, it's worth
mentioning that much like Verizon, Microsoft also submitted a patent
application in 2011 for an app — most likely for the Xbox One — that
would track Xbox users’ TV watching and then reward them with advertiser
coupons and other promotions.
According to The Verge, these rewards would be granted to users who
watch an entire television series from start to finish, or to those who
don't leave the room during commercials.
Smart meters
Right now, you're probably thinking, "I'll just give up playing video
games, stop watching TV and flush my cellphone down the toilet." But
before you do anything drastic, you should know this: They'll still be
watching you.
"Smart" technology — such as refrigerators with touch screens, and
wireless electric meters — might help you save money on your utility
bills, but these connected devices also help hackers peer into your
home.
Last year, a group of German researchers demonstrated the inherent
vulnerabilities in smart-meter systems by hacking into an electric
company's wireless network and intercepting the supposedly private
information of its users.
Equipped with a digital fingerprint of a home's power usage, the
researchers could tell when residents were at home, away or asleep. They
could even tell what movies people were watching in their living rooms.
Although cybercriminals are likely not interested in your preference for
the original “Toy Story” movie, they might like to know when you're
spending the week in Disneyland.
But keep in mind that not all smart appliances offer up such valuable
information to cybercriminals.
"Will [hackers] make their way onto my washing machine or refrigerator
and see how much milk I have?" said Symantec's Harrison. "I am not sure
too many hackers would care about that kind of thing."
But for gadgets that do transmit information that could line a hacker's
pockets, Harrison recommends taking a few precautionary measures.
"Think before you click," Harrison said. "Users should be careful with
which links they click on, even from people they know. If an email seems
vague or out of character for that person, don't open it or click on the
link. Just clicking on a malicious link can silently infect your system
with a drive-by download."
And if you're worried that your TV or webcam is spying on you, Harrison
said, there's a low-tech fix for that: Simply put a piece of tape over
the camera.
To further thwart those nasty spies, consider a security software
solution for all your devices, especially the ones you bring everywhere.
And never underestimate the power of a good password.
|