Is Your Phone Secure? Think Before Answering, Please

November 21, 2023

green-dino_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

I am not going to offer my observations and comments. The article, its information, and the list of companies from The Times of India’s “11 Dangerous Spywares Used Globally: Pegasus, Hermit, FinFisher and More” speaks for itself. The main point of the write up is that mobile phone security should be considered in the harsh light of digital reality. The write up provides a list of outfits and components which can be used to listen to conversations, intercept text and online activity, as well as exfiltrate geolocation data, contact lists, logfiles, and imagery. Some will say, “This type of software should be outlawed.” I have no comment.


Are there bugs waiting to compromise your mobile device? Yep. Thanks, MSFT Copilot. You have a knack for capturing the type of bugs with which many are familiar.

Here’s the list. I have alphabetized by the name of the malware and provided a possible entity name for the owner:

  • Candid. Maybe a Verint product? (Believed to be another product developed by former Israeli cyber warfare professionals)
  • Chrysaor. (Some believe it was created by NSO Group or NSO Group former employees)
  • Dark Tequila. (Requires access to the targeted device or for the user to perform an action. More advanced methods require no access to the device nor for the user to click)
  • FinFisher. Gamma Group  (The code is “in the wild” and the the German unit may be on vacation or working under a different name in the UK)
  • Hawkeye, Predator, or Predator Pain (Organization owning the software is not known to this dinobaby)
  • Hermit. RCS Lab (Does RCS mean “remote control service”?)
  • Pegasus. NSO Group Pegasus (now with a new president who worked at NSA and Homeland Security)
  • RATs (Remote Access Trojans) This is a general class of malware. Many variants.
  • Sofacy. APT28 (allegedly)
  • XKeyscore (allegedly developed by a US government agency)

Is the list complete? No.

Stephen E Arnold, November 21, 2023

Telegram: A Super App with Features Al Capone Might Have Liked

November 1, 2023

When I mention in my law enforcement lectures that Telegram, a frisky encrypted super app for thumb typers, is “off the radar” for some analysts, I get more than a few blank looks. Consider this: The “special conflict” or whatever some in the Land of Tolstoy call it, pivots on Telegram. And why not? It allows encrypted messages, both public and private. A safety conscious user can include an image or a video snippet and post it to the Musky service with a couple of taps. Those under attack can disseminate location data to a mailing list of Telegram contacts. The app makes it possible to pay for “stuff,” often that stuff is CSAM or information about where to pick up an order containing contraband.

11 1 soldiiers foxhole

The soldier with the mobile phone says, “Hey, this hot content video content is great on Telegram.” The other soldier says, “Jump to the Spies-R-Us service. I will give you the coordinates for the drone assault. Also, order some noodle latkes to Checkpoint Grhriba at 1800 hours.” Thanks, MidJourney. WW2 cartoonists would be proud of you.

Pivot to the Israel Hamas war. Yep, Telegram is in use. Civilians, war fighters, even those in prison with mobile devices are Telegramming away. The Russian brothers who created the original app may not have anticipated its utility in war zones.

My research team has noted that some Clear Web sites discuss slippery subjects like carding. Then the “buy now” or similar action points to a Telegram “location.” What about the Dark Web? Telegram makes it possible to do “Dark Web things” without the risk and hassle of operating a Dark Web site or service. Pretty innovative, right? And what about that Dark Web traffic? Our analysis suggests that one will find Dark Web bots, law enforcement from numerous countries, and a modest number of human bad actors who cannot or have not embraced Telegram.

Now the super app is getting some enhancements, if the information in Gadgets360 article is accurate. “Telegram Update Brings Advanced Reply Options, Link Preview Customizations, Account Colors, More.” Enhancements include:

Replying to a message from one chat to another. Will this be useful for certain extremist users doing fund raising or recruiting?

  • Customize shared links. Will this be useful to CSAM purveyors?
  • Fast forward and rewind videos in Telegram messages. Winner for some video content vendors.
  • Telegram also has a special feature. Some Telegram users pay for these services. Yep, money. Subscription money.

And the encryption thing? Reasonably good. Possibly less open than the UK Covid information allegedly from WhatsApp.

Stephen E Arnold, November 1, 2023

Those Mobile Phones Are Something, Are They Not?

May 23, 2023

Vea4_thumb_thumb_thumb_thumb_thumb_tNote: This essay is the work of a real and still-alive dinobaby. No smart software involved, just a dumb humanoid.

Apple, Google, Samsung, and a covey of Chinese mobile phone innovators have improved modern life. Imagine. People have a phone. No sharing  one telephone in a fraternity house, a cheap flat, or at an airport, just call, text, vlog, or swipe.

Are their downsides? For a quarter century the American Psychological Association was not sure. Now an outfit called Sapien Labs provides additional information about mobile phone usage.

For me, there were several highlights in the article “Kids Who Get Smartphones Earlier Become Adults With Worse Mental Health.”

First, the idea that young people who tap, swipe, and suck down digital information are unlikely to emulate Jonathan Edwards, Mother Teresa, or the ambiguous St. Thomas of Aquinas. The article states:

the younger the age of getting the first smartphone, the worse the mental health that the young adult reports today.

Obvious to some, but a scientific study adds more credence to the parent who says no to a child’s demand for a mobile phone or tablet.

Second, women (females) are more affected by the mobile phone. The study points out six categories of impact. Please, consult the article and the full study for the academic details. Again. No big surprise, but I wouldn’t ignore the fact that in some male cohorts, suicides are increasing. Regardless of gender, mobile phones appear to nudge some into wackiness or the ultimate solution to having friends make fun of one’s sneakers.

Third, I was surprised to learn that some young people get phones when they are five years old. I have seen very young children poking at an iPad in a restaurant or playing games on the parental unit’s mobile phones in an airport. I did not know the child had a phone to call his own. Good marketing by Apple, Google, Samsung, and Chinese outfits!

The study identifies a number of implications. Again, I am okay with those identified, but the cyber crime crowd was not discussed. My own perception is that mobile devices are the catalyst for a wide range of cyber crime. Once again, the unintended consequences of a mobile device have the capacity to enable some societal modifications that may be impossible to remediate.

Again: Nice work!

Stephen E Arnold, May 23, 2023

Divorcing the Google: Legal Eagles Experience a Frisson of Anticipation

April 24, 2023

No smart software has been used to create this dinobaby’s blog post.

I have poked around looking for a version or copy of the contract Samsung signed with Google for the firms’ mobile phone tie up. Based on what I have heard at conferences and read on the Internet (of course, I believe everything I read on the Internet, don’t you?), it appears that there are several major deals.

The first is the use of and access to the mindlessly fragmented Android mobile phone software. Samsung can do some innovating, but the Google is into providing “great experiences.” Why would a mobile phone maker like Samsung allow a user to manage contacts and block mobile calls without implementing a modern day hunt for gold near Placer.

The second is the “suggestion” — mind you, the suggestion is nothing more than a gentle nudge — to keep that largely-malware-free Google Play Store front and center.

The third is the default search engine. Buy a Samsung get Google Search.

Now you know why the legal eagles a shivering when they think of litigation to redo the Google – Samsun deal. For those who think the misinformation zipping around about Microsoft Bing displacing Google Search, my thought would be to ask yourself, “Who gains by pumping out this type of disinformation?” One answer is big Chinese mobile phone manufacturers. This is Art of War stuff, and I won’t dwell on this. What about Microsoft? Maybe but I like to think happy thoughts about Microsoft. I say, “No one at Microsoft would engage in disinformation intended to make life difficult for the online advertising king. Another possibility is Silicon Valley type journalists who pick up rumors, amplify them, and then comment that Samsung is kicking the tires of Bing with ChatGPT. Suddenly a “real” news outfit emits the Samsung rumor. Exciting for the legal eagles.

The write up “Samsung Can’t Dump Google for Bing As the Default Search Engine on Its Phones” does a good job of explaining the contours of a Google – Samsung tie up.

Several observations:

First, the alleged Samsung search replacement provides a glimpse of how certain information can move from whispers at conferences to headlines.

Second, I would not bet against lawyers. With enough money, contracts can be nullified, transformed, or left alone. The only option which disappoints attorneys is the one that lets sleeping dogs lie.

Third, the growing upswell of anti-Google sentiment is noticeable. That may be a far larger problem for Googzilla than rumors about Samsung. Perceptions can be quite real, and they translate into impacts. I am tempted to quote William James, but I won’t.

Net net: If Samsung wants to swizzle a deal with an entity other than the Google, the lawyers may vibrate with such frequency that a feather or two may fall off.

Stephen E Arnold, April 24, 2023

Social Unhappiness, Disruption, and the Crime Explosions

March 9, 2023

Note: No smart software on earth writes like a dinobaby channeling his inner Jonathan Swift.

The mobile phones are responsible for: [a] fights on Carnival Cruise ships, [b] teens killing themselves, [c] stupid committee decisions that make the camel analogy comparatively harmless, and [d] an efflorescence of cyber crime.

How do I know this?

I read an essay called “Honestly, It’s Probably the Phones.” I admit I took the main argument of the essay and extended it. That argument proved stretchy, and I think the write up is on to something.

I noted this passage:

The first reason smartphones should be our prior is that the timing just lines up really well. The smartphone was invented in 2007, but it didn’t really become commonplace until the 2010s, exactly when teen happiness fell off a cliff…. First, they’re a distraction — the rise of smartphones was also the rise of “phubbing”, i.e. when people go on their phones instead of paying attention to the people around them. Second, phones provide a behavioral “nudge”, like a pantry stocked with junk food — when your phone is right there in your pocket, it’s easier to just text a friend instead of going and hanging out, even if the latter would be less fulfilling. And third, in-person interaction is a network effect. If 20% of people would rather be on their phones, that reduces everyone else’s options for in-person hangouts by 20%.

Okay, I am sold.

I want to shift gears and switch to a write up which purports to present facts. For the purposes of this blog post, I want to assume that the information in The US Sun (an estimable news source) article “Google Issues Six Major Alerts to Billions – You Face Bank Wipeout If You Ignore Them” is correct.

The article identifies a lottery scam, a tech support scam, fake jobs and invoices scams, Google account recovery scams, gift card scams, and blackmail and extortion scams. The idea seems to be that Google has created a massive ecosystem of crime. With most Google interactions taking place on mobile phones, it seems as if Google and its fellow traveler Apple are making clear that more than teen self-harm is a consequence of these gizmos.

Now what’s the fix? Perhaps a variation of “first, let’s kill all the lawyers” is a step too far. What about a driver’s license approach? No mobile and no phone until one reaches a certain age? What about a variation of the ever popular Chinese social credit system? Trouble in high school? No mobile for you.

I prefer that parents and guardians play a major role. I think smart software might be worth considering as a method for filtering to certain demographics some content. Why not ask the Dilbert cartoonist for some ideas.

I would suggest that the confluence of mobile phones and outfits like Google may have been like a lab experiment gone wrong. A clueless high school student (not in the science club, of course) mixes two apparently harmless household substances and makes the entire class sick. How does that get fixed? The answer, “Not easily.”

Stephen E Arnold, March 9, 2023

Apple Think: Characteristics of Working in a Ring with Echoes

December 30, 2022

Have you been reminded to think in 360 degrees. The idea, as I recall, is to look at a problem, opportunity, or action from different angles. Instead of screwing up because a decider verifies a preconceived idea, the 360 method is supposed to avoid overlooking the obvious.

What about those Apple AirTags? Was 360 degree think in operation when the idea of finding a lost phone was hatched? In my opinion, an Apple AirTag is useful for many good news use cases. iPhone users will want several, maybe six, maybe a dozen. Just clip one on a key ring, and in theory one can locate those keys. Find your luggage. Keep an eye on the cat. The trick is to sign up for the assorted Apple services which make the AirTag function.

Many Apple employees work in a circular structure which looks like a hula hoop. Could the building be a concretization of the metaphor for 360 degree thinking? If so, I cannot understand why the AirTag application for stalking was not identified as a use case? What about tracking an expensive auto so a car thief can drive off after the owner leaves the vehicle at the mall? Could an assassin use the AirTag to verify the target was at a location without having to use other means to achieve the kind of future Mr. Putin envisions for Mr. Volodymyr Zelenskyy?

Did the Apple professionals doing 360 degree thinking in the circular building consider these applications of the AirTag? My hunch is that Apple does Ring Think. It makes money, but the unforeseen consequences appear to be mere downstream details.

What about iPhone’s ability to detect a user who is in a car crash. The idea is that an accident is detected by the iPhone. Authorities are notified. Help is dispatched. Perfect. Has something been overlooked by Ring Think via the 360 degree analysis.

You decide.

Apple Watch and iPhone Crash Detection Software an Issue for Search and Rescue Crews” reports:

One of the new features on the iPhone and Apple Watch is crash detection. It is designed to detect car crashes and if needed, alert the local authorities.

Perfect. Car crash. Alert authorities. What did the Apple wizards overlook? Here’s a quote from the write up:

“It’s quite sophisticated,” Dwight Yochim, a senior manager with the B.C. Search and Rescue Association told Global News. “It [the crash detection in an iPhone] recognizes a sudden change in speed, sound of crunching metal and glass and even the airbag deploying. But for whatever reason, people in the backcountry and maybe it’s just our B.C. backcountry enthusiasts, they’re just hardcore, and the falling and the kind of crashing through the woods literally is setting it off.”

Apple allegedly has issued software to help address the accidental alert. These unintentional, accidental alerts have consequences. The write up reports that Mr. Yochim said:

“We do 2,000 calls a year now. And we did a report a couple of years ago that showed that we’re probably going to hit 3,000 in about 10 years. So the more of these false calls we have, the more time it takes away from our members,” Yochim said. “They’re putting in 400,000 hours now in training, administration and incidents. And so every one of these calls is four or five hours for a dozen people to respond. Then you find out there’s some puzzled subject at the end going, ‘I didn’t even realize I activated it’.”

I am not all that interested in AirTags and automatic alerts. The issue is that these are two specific examples of functionality that has a number of applications. Some good and some bad.

However, what less visible, more subtle examples of failed 360 analysis and Ring Think are in the Apple ecosystem? What if some of the flubs and ignored applications have far greater consequences. Instead of knowing a human trafficker will target an individual for abduction, the latent use case is invisible and will emerge without warning?

What’s the responsibility of a company which relies on Ring Think to minimize the impact of their innovations?

Here’s a thought for the New Year: There is no remediation. Society has to live with technical activities. Therefore, why should an Apple type of organization leave its spaceship shaped structure and worry about a kidnapped child?

Why bother? Or, it’s not our problem because we are only human. And, my fave, we’re not able to predict the future. But the big reason is look at the good our work does.

Yep, I got it.

Stephen E Arnold, December 30, 2022

The Murena: A Semi Dark Phone

June 10, 2022

Mobile phones are outstanding surveillance devices. Forget Google. Technology exists to suck down quite a bit of information no matter what phone one uses. Innovators keep trying to create black phone or completely secure devices. There is a market for these gizmos even if the phones are produced by law enforcement; for example, the ANON.

I noted “The Murena One Shows Exactly How Hard it Is to De-Google Your Smartphone.” The write up is interesting. I noted this passage:

You just can’t have the full Android experience without inviting Google into the equation. Instead, when you log into Google or use its services, Murena tries to mitigate the data Google can collect.

Several observations:

  • Innovators face a similar challenge de-Cooking the iPhone and de-China-ing the Oppo, OnePlus, Xiaomi, and other Middle Kingdom devices
  • The write up makes it clear that Google is the Big Dog when it comes to the Google ecosystem. Not even the Apple has such a lock. For one example of the penetration gap, see this write up.
  • One does not need to expend much effort to access data generated by mobile devices. Those apps? Yep, they are helpful.

How does one avoid leaking data? Some in the European Union use typewriters and carbon paper. Consider that perhaps.

Stephen E Arnold, June 10, 2022

AT&T Innovation: I Thought Banjo Anticipated This Functionality

May 11, 2022

I read “AT&T Will Use Phone Location Data to Route 911 Calls to the Right Responders.” I thought that Banjo (now SafeXai) described a similar function. I thought I read a Banjo patent or two referencing the firm’s systems and methods. Despite this historical thought, I noted this statement in the article:

The company says it’ll be the first US carrier to “quickly and more accurately identify where a wireless 911 call is coming from using device GPS and hybrid information.” That’ll allow it to route the call to the correct 911 call center (public safety answering point or PSAP) which can then “dispatch first responders to the right location faster…

Banjo changed its name, but before its management shift, the company filed and obtained a number of forward-leaning patents. I recall that one of them provided a useful shopping list of off-the-shelf technologies used in smart software.  If anyone is curious, the Banjo patents referencing what I think is a similar notion include US10585724, “Notifying entities of relevant events”, US10582343, “Validating and supplementing emergency call information,” and several others. I recall reading patents held by AT&T which reference this capability. I wonder how many firms can use mobile data to provide useful services to first responders, law enforcement, and intelligence entities. Once a system and method are disclosed, individuals can replicate or exploit some systems.

Collecting data via an app’s software is made more useful with real-time data from other collection points. The value of cross-correlation of data is quite high. I find it interesting that basic LE and intel methods continue to poke their nose through the heavy cloud cover over certain interesting systems and methods. I do long for the days when certain information was secret and kept that way.

Stephen E Arnold, May 11, 2022

Screen Addiction: Digital Gratification Anytime, Anyplace

May 11, 2022

We are addicted to screens. The screens can be any size so long as they contain instantaneous gratification content. Our screen addiction has altered our brain chemistry and Medium explains how in the article, “Your Brain-Altering Screen Addiction Explained. With Ancient Memes.” The article opens by telling readers to learn how much time they spend on their phones by looking at their usage data. It is quickly followed by a line that puts into perspective how much time people spend on their phones related to waking hours.

The shocking fact is that Americans spend four hours on mobile devices and that is not including TV and desktop time! The Center for Humane Technology created the Ledge of Harms, an evidenced-based list of harms resulting from digital addiction, mostly social media. The ledger explains too much screen time causes cognitive impairment and that means:

“The level of social media use on a given day is linked to a significant correlated increase in memory failure the next day.

• The mere presence of your smartphone, even when it’s turned off and face down, drains your attention.

• 3 months after starting to use a smartphone, users experience a significant decrease in mental arithmetic scores (indicating reduced attentional capacity) and a significant increase in social conformity.

• Most Americans spend 1 hour per day just dealing with distractions and trying to get back on track — that’s 5 wasted full weeks a year!

• Several dozen research studies indicate that higher levels of switching between different media channels are significantly linked to lower levels of both working memory and long-term memory.

• Studies even showed that people who opened Facebook frequently and stayed on Facebook longer tended to have reduced gray matter volume in the brain. “

Screen addiction causes harm in the same way as drugs and alcohol. The same thing we turn to reduce depression, anxiety, and isolation creates more of it. Another grueling statistic is that we spend an average of nineteen seconds on content before we switch to another. The switch creates a high by the release of endorphins, so we end up being manipulated by attention-extractive economics.

Tech companies want to exploit this positive feedback loop. Our attention spans are inversely proportional to the better their technology and algorithms are. The positive feedback loop is compounded by us spending more time at home, instead of participating in the real world.

How does one get the digital monkey off one’s back? Cold turkey, gentle reader. Much better than an opioid.

Whitney Grace, May 11, 2022

Does Samsung Sense a Crack in the Googleplex?

May 6, 2022

It seems someone does not have much confidence in the Google. SamMobile suggests, “If Google Can’t Do Android Anymore, Maybe it Should Be Left to Samsung.” Writer Adnan F. begins by observing how valuable Android is to Google, delivering a steady stream of users to its other (Android default) services like Gmail, YouTube, and Maps. He also concedes the company updates the OS regularly, but is underwhelmed by its efforts. Perhaps, he suggests, Google has been lured into a sense of complacency by its distinct lack of competitors for the not-Apple mobile device market. This is where, to Adnan F.’s mind, Samsung could come in. He writes:

“Samsung has clearly taken the lead in advancing the cause of Android, perhaps more so than Google itself. Then again, Samsung does happen to be the largest global vendor of Android devices. It may rely on Google for the OS but there’s no question that it’s Google that needs Samsung and not the other way around. Often it feels that a light bulb goes off at Google whenever it sees Samsung create a feature that Android should have had. Then it wastes no time in copying that feature. Here’s an example and here’s another, and in the immortal words of DJ Khaled, another one. Let’s not forget that several Android 12 features are copied from One UI and even from Samsung’s outdated TouchWiz UI!. Samsung’s One UI features are also being copied for Android 13. Today, Google went ahead and copied Samsung’s Smart Switch app. It’s as if Google is sitting in an exam and looking over the shoulder of the smart kid – that’s Samsung in this scenario – hoping to copy its work. Where it should have been Google taking the lead, it’s Samsung that’s influencing some of the major feature additions to Android.”

It is not an unreasonable suggestion. As the write-up points out, the two companies are close partners and have collaborated before. But would Google ever hand over the Android reins, even to a trusted friend? We are not so sure.

Cynthia Murrell, May 6, 2022

Next Page »

  • Archives

  • Recent Posts

  • Meta