Hasta La Gadget!

If you were worried that the universe presented in the smart city-toting Watch Dogs video game, you’ll be glad to know that the garbage bins wont be seeing you any time soon. That is to say: won’t be tracking you from now on. According to a report released by the group responsible for the bins […]

Spying must get boring sometimes. Identifying targets. Wiretapping unsuspecting citizens. Sifting through all that private data. It must get old. Maybe that’s why the NSA introduced gamification elements into its software to encourage a little bit of healthy competition between analysts.

Read more…

As we store and transport more and more information online, we’ve gradually come to realize how easy it is for others to access that information without our permission. From Facebook’s privacy policies to the ongoing NSA leaks, it seems like the ordinary online user has enough reason to log out. Well, I’ve got more bad news for you: anyone can build a powerful spying tool using off the shelf parts, and for under $60 (USD).

Brendan O’Connor is the founder of security and software consultancy company Malice Afterthought. Last week he made headlines when he shared how he built F-BOMB, a small device that runs a software that he calls CreepyDOL . The DOL stands for Distributed Object Locator and “Creepy” with a capital ‘C’ is the perfect word to describe it. O’Connor built the F-BOMB using the popular Raspberry Pi microcomputer and added a Wi-Fi sensor to the device. The cost? $57 (USD). He built 10 F-BOMBs and hooked them up to Reticle, a “command & control system” that he made. Finally he hooked it up to a “data visualization system,” which you can see in the image above and in O’Connor’s video below:

In case the video wasn’t clear enough, the F-BOMB can gather a disturbing amount of wireless data. As New York Times reported – and as the video above proves – with the F-BOMB you can find out not only information on a wireless device but what the user is currently using or accessing through the device: geolocation, websites, email addresses, programs and more.

In my brief chat with O’Connor, he revealed that the device can snoop on wireless devices within about 160ft. He can add other sensors to the F-BOMB as well as adapt it to snoop on wired connections. Further, O’Connor said the F-BOMB is a passive device, so you have no way of knowing if it’s snooping on you. Finally, I asked O’Connor if the situation really is as hopeless for consumers as the New York Times article seemed to indicate. Here’s what he said:

Yes, it really is that hopeless. There are vulnerabilities in all the relevant layers of the stack. The application developers need to stop leaking so much data outside encryption envelopes (e.g., why does iMessage send hardware make and model, and iOS version, unencrypted?). iOS (I’m picking on it here because I use it, but the same problem is larger) should have OS-level support for blocking all non-VPN traffic until a VPN connection is established (once it’s up, the connection is opaque, but while it’s going up, I’ve usually got all the data I need). And the low-level protocol needs to stop encouraging devices to *beacon out all their known networks constantly*. So since there needs to be culture-level shifts at all the layers of the stack, yes, for end-users, the situation is hopeless at the moment.”

In other words, not only is it possible to make a surveillance tool that is small and cheap, the devices that we use are practically inviting prying eyes to take a look at our data. It falls upon us as end users to nag Apple, Microsoft, Google and other companies who create the hardware and software that we use to step their security game up. It would be foolish to believe that they know nothing about the disaster that they’re courting (with our privacy and security at stake). But for some reason they’re not doing anything about it, nor are they telling us how much danger we’re in.

O’Connor intends to sell F-BOMBs soon. Fellow black hats and tinkerers can sign up at Malice Afterthought’s website to find out more about the F-BOMB and when it will go on sale. Ars Technica also has a thorough technical report on the F-BOMB. As for the rest of us? I guess we’d better start learning how to communicate telepathically.

[via Brendan O’Connor & The New York Times via Infoneer Pulse]

President Obama announced a series of reforms to the country’s surveillance practices on Friday at his first full press conference in nearly three months. The actions the administration is taking are many, and there’s still a lot that’s up in the air. One thing’s for sure, though. Obama does not think Edward Snowden deserves any credit.

Read more…

Das Keyboard may be known for making noisy mechanical keyboards, but it also values privacy and security. The company’s new HackShield bags and wallets provide protection from both digital and physical theft.

Similar to the OFF Pocket, the HackShield backpack, messenger bag and wallet are lined with a material that blocks radio frequencies. They’re also made from waterproof polyurethane and weather-resistant ballistic nylon. Both bags can fit a 15″ laptop and have smaller pockets inside so you can stuff in more gadgets and tinfoil hats.

In addition to blocking wireless signals, the messenger bag and the backpack also protect your belongings from thieves. The bags have no external pockets, and their main compartments are protected by Fidlock fasteners, which are easy to close but lock in place.

You can order the HackShield gear from Das Keyboard’s online shop. Both bags cost $179 (USD) while the wallet costs $49.

[via Fancy]