Hasta La Gadget!

Tensions between the US and Europe continue to escalate, after the EU voted to begin an “in-depth inquiry” into allegations that the NSA and other US security agencies bugged EU premises as well as regularly monitor the communications European citizens. The Civil Liberties Committee investigation – supported by 483 votes to 98 (with 65 abstentions) – sees the EU demand full details from the US on how, exactly, programs like PRISM affect EU member states, in addition to exploring greater protections for whistleblowers like Edward Snowden.

That could include formal “procedures allowing whistleblowers to unveil serious violations of fundamental rights” as well as international agreements for how such people should be handled. As it stands, Edward Snowden – the former NSA contractor who revealed details of PRISM and other spying behaviors – is currently in a no-mans-land of residence, seeking asylum from around twenty different countries but without a passport as it has been rescinded by the US government.

Repercussions for EU-US relations could be significant. Members of the European Parliament have apparently called for potentially extreme cuts in data sharing, “including suspending the current air passenger and bank data deals.” Those are the schemes which see the EU and US share passenger name record data for travelers, as well as tracking potential terrorist financing.

Although the new investigation may seem, at first glance, specifically critical to the US, the EU also wants to know what’s going on with reports that other countries operate their own comprehensive spying schemes. “Parliament also expresses grave concern about allegations that similar surveillance programmes are run by several EU member states, such as the UK, Sweden, The Netherlands, Germany and Poland” the EU said in a statement. “It urges them to examine whether those programmes are compatible with EU law.”

The end goal, the EU says, is for a more comprehensive – and fair – data-sharing system to be established, with MEPs demanding that “the final deal must ensure that EU citizens’ access to the US judicial system is equal to that enjoyed by US citizens.”

The Civil Liberties Committee is expected to present its findings by the end of the year, though the PRISM fall-out is likely to worsen considerably before that happens. The US government is yet to comment on the new inquiry.

PRISM fallout: EU votes to investigate US, threatens to cut data sharing is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

Sony has begun its global roll-out of “my Xperia“, the company’s mobile security service that offers “Find my iPhone” style remote tracking, locking, and wiping for Xperia Android phones. Trialled as a limited beta back in February, “my Xperia” should begin hitting phones more broadly across the globe “over the next few weeks” Sony says, providing greater peace-of-mind for Xperia owners.

Like Apple’s service, “my Xperia” has various levels of security and protection. If you’ve lost your phone around the house somewhere, or left it lying on a cafe table perhaps, it’s possible to log into the web interface (at myxperia.sonymobile.com) and remotely trigger the phone to sound an alert. That’ll happen even if your Xperia is in silent mode, with the default being maximum volume.

The web UI also shows mapping data of where the phone last checked in; Sony says that, if it can’t instantly get a fix, it will keep trying and then send users an email when a location has been pinpointed. There’s also the option to override the current PIN or whatever other security is on the Xperia, and reset it to a new 4-digit PIN code remotely.

A message – such as the offer of a reward for safe return, and a contact number – can optionall be flashed up on the display.

Finally, as a last resort, it’s possible to wipe the Xperia altogether, either just the internal memory, or the memory card (if loaded), or both. Sony claims that, once that’s done, the only way to recover any of the files would be a restore from backup.

It’s a potentially valuable service, given the amount of personal data and account access our phones commonly hold, though Sony’s system is not the first time we’ve seen it for Android from a major OEM. HTC Sense Online, the company’s web-based component for Android phones running the Sense skin, went live back in 2010 and also offered remote location, locking, wiping, and other services, including accessing messages and contacts saved on the phone through the desktop browser.

However, HTC axed the online side of Sense in early 2012, after effectively leaving it to languish with little investment and minimal marketing. Also yet to show its hand is Google itself, though the company is undoubtedly looking at remote security for Android.

In the meantime, third-party options are on offer for those not using a Sony Xperia phone. Lookout, for instance, offers an Android app with the same functionality.

VIA AndroidBeat

Sony my Xperia goes global: “Find my iPhone” for Sony Androids is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

A doozy of an Android bug has been discovered by Bluebox Security’s Bluebox Labs, one that affects all Android releases since 1.6 Donut. With the vulnerability, malicious coders can create a trojan application to serve whatever purpose they’d like, whether to steal a user’s information or take over control of the device. More information will be given at Black Hat USA 2013 in a keynote speech.

According to Bluebox Labs, because of how many versions of Android are affected, a potential 900 million devices could suffer from the vulnerability, which involves a means for modifying APK code without harm to the app’s cryptographic signature. As such, a perfectly legit app can be converted into a trojan that slips under the radar.

The company goes on to specify that apps developed by the handset’s makers pose a greater risk due to their elevated privileges. Because of this, one of these apps that are exploited and turned into a trojan can give the hacker complete access to the mobile OS’s apps and system, as well as all their related data. The ramifications of this are two-fold:

Depending on the intent of the hacker, personal data like text messages, emails, any documents on the device, account passwords that are saved, pictures, and other related items can be swiped, potentially giving access to things like bank accounts and revealing contacts’ information. In addition, this can be taken a step further so that the hacker has the ability to use the device to send text messages, snap pictures, record videos, make phone calls, etc.

In an extreme case, the vulnerability could be used to create a botnet.

According to Bluebox, it informed Google of this Android vulnerability in February of this year. To take care of the issue, every device manufacturer will need to create a patch and roll it out to its users, who will then need to install it. The security firm says it will release “tools/material” and more info about this vulnerability during Blackhat USA 2013, which takes place later this month.

SOURCE: BlueBox

Android vulnerability discovered affecting devices running version 1.6 and later is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

This year, the Fourth of July celebrations take a special importance for those who care about privacy and want to protest the NSA surveillance exposed in recent leaks.

Yesterday, game publisher Ubisoft was hacked, leading to usernames and passwords on their ubi.com website being stolen. However, it seems that a lot of Ubisoft fans are wondering if it’s a serious situation or just a publicity stunt for a marketing campaign for Ubisoft’s upcoming game Watch Dogs, which is a game based on hacking into various computer systems.

When Ubisoft posted about the hack on their Facebook page, many fans commented on and questioned whether or not the hack was actually legitimate, or just propaganda for Watch Dogs. Users asked questions like, “Are you sure its not just a watch dogs promotional stunt?” and commenting, “this is probably a Watch Dogs stunt,” and “hacked by Aiden Pearce.”

It seems the questionable hack was brought up after the fact that users received an email from Ubisoft, but noted that the email looked like spam with some users saying that the email was in German and full of grammatical mistakes. Other users noted that there was no signature attached to the email, so they couldn’t tell who it was from. Even the email address seemed a bit weird: email_ubi@email.ubi.com.

However, Ubisoft clarified over and over that it was a real hack, giving users a link to change their passwords. While the game publisher says that passwords are encrypted, there’s still a chance that they could be cracked by the hackers, so they’re warning all users to change their passwords before the hackers end up cracking them to get access to further information.

Ubisoft also says that financial information is safe, as the publisher doesn’t host that information on their website or server, but rather through a third-party. Then again, if a hacker ended up logging into your account, they could eventually find their way to your financial information and other personal info. Hacked or not, it’s always a good idea to change your password every so often to prevent peeping eyes from gaining access to your info.

Ubisoft hack spawns Watch Dog promo conspiracy theories is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.