The Murena: A Semi Dark Phone

June 10, 2022

Mobile phones are outstanding surveillance devices. Forget Google. Technology exists to suck down quite a bit of information no matter what phone one uses. Innovators keep trying to create black phone or completely secure devices. There is a market for these gizmos even if the phones are produced by law enforcement; for example, the ANON.

I noted “The Murena One Shows Exactly How Hard it Is to De-Google Your Smartphone.” The write up is interesting. I noted this passage:

You just can’t have the full Android experience without inviting Google into the equation. Instead, when you log into Google or use its services, Murena tries to mitigate the data Google can collect.

Several observations:

  • Innovators face a similar challenge de-Cooking the iPhone and de-China-ing the Oppo, OnePlus, Xiaomi, and other Middle Kingdom devices
  • The write up makes it clear that Google is the Big Dog when it comes to the Google ecosystem. Not even the Apple has such a lock. For one example of the penetration gap, see this write up.
  • One does not need to expend much effort to access data generated by mobile devices. Those apps? Yep, they are helpful.

How does one avoid leaking data? Some in the European Union use typewriters and carbon paper. Consider that perhaps.

Stephen E Arnold, June 10, 2022

AT&T Innovation: I Thought Banjo Anticipated This Functionality

May 11, 2022

I read “AT&T Will Use Phone Location Data to Route 911 Calls to the Right Responders.” I thought that Banjo (now SafeXai) described a similar function. I thought I read a Banjo patent or two referencing the firm’s systems and methods. Despite this historical thought, I noted this statement in the article:

The company says it’ll be the first US carrier to “quickly and more accurately identify where a wireless 911 call is coming from using device GPS and hybrid information.” That’ll allow it to route the call to the correct 911 call center (public safety answering point or PSAP) which can then “dispatch first responders to the right location faster…

Banjo changed its name, but before its management shift, the company filed and obtained a number of forward-leaning patents. I recall that one of them provided a useful shopping list of off-the-shelf technologies used in smart software.  If anyone is curious, the Banjo patents referencing what I think is a similar notion include US10585724, “Notifying entities of relevant events”, US10582343, “Validating and supplementing emergency call information,” and several others. I recall reading patents held by AT&T which reference this capability. I wonder how many firms can use mobile data to provide useful services to first responders, law enforcement, and intelligence entities. Once a system and method are disclosed, individuals can replicate or exploit some systems.

Collecting data via an app’s software is made more useful with real-time data from other collection points. The value of cross-correlation of data is quite high. I find it interesting that basic LE and intel methods continue to poke their nose through the heavy cloud cover over certain interesting systems and methods. I do long for the days when certain information was secret and kept that way.

Stephen E Arnold, May 11, 2022

Screen Addiction: Digital Gratification Anytime, Anyplace

May 11, 2022

We are addicted to screens. The screens can be any size so long as they contain instantaneous gratification content. Our screen addiction has altered our brain chemistry and Medium explains how in the article, “Your Brain-Altering Screen Addiction Explained. With Ancient Memes.” The article opens by telling readers to learn how much time they spend on their phones by looking at their usage data. It is quickly followed by a line that puts into perspective how much time people spend on their phones related to waking hours.

The shocking fact is that Americans spend four hours on mobile devices and that is not including TV and desktop time! The Center for Humane Technology created the Ledge of Harms, an evidenced-based list of harms resulting from digital addiction, mostly social media. The ledger explains too much screen time causes cognitive impairment and that means:

“The level of social media use on a given day is linked to a significant correlated increase in memory failure the next day.

• The mere presence of your smartphone, even when it’s turned off and face down, drains your attention.

• 3 months after starting to use a smartphone, users experience a significant decrease in mental arithmetic scores (indicating reduced attentional capacity) and a significant increase in social conformity.

• Most Americans spend 1 hour per day just dealing with distractions and trying to get back on track — that’s 5 wasted full weeks a year!

• Several dozen research studies indicate that higher levels of switching between different media channels are significantly linked to lower levels of both working memory and long-term memory.

• Studies even showed that people who opened Facebook frequently and stayed on Facebook longer tended to have reduced gray matter volume in the brain. “

Screen addiction causes harm in the same way as drugs and alcohol. The same thing we turn to reduce depression, anxiety, and isolation creates more of it. Another grueling statistic is that we spend an average of nineteen seconds on content before we switch to another. The switch creates a high by the release of endorphins, so we end up being manipulated by attention-extractive economics.

Tech companies want to exploit this positive feedback loop. Our attention spans are inversely proportional to the better their technology and algorithms are. The positive feedback loop is compounded by us spending more time at home, instead of participating in the real world.

How does one get the digital monkey off one’s back? Cold turkey, gentle reader. Much better than an opioid.

Whitney Grace, May 11, 2022

Does Samsung Sense a Crack in the Googleplex?

May 6, 2022

It seems someone does not have much confidence in the Google. SamMobile suggests, “If Google Can’t Do Android Anymore, Maybe it Should Be Left to Samsung.” Writer Adnan F. begins by observing how valuable Android is to Google, delivering a steady stream of users to its other (Android default) services like Gmail, YouTube, and Maps. He also concedes the company updates the OS regularly, but is underwhelmed by its efforts. Perhaps, he suggests, Google has been lured into a sense of complacency by its distinct lack of competitors for the not-Apple mobile device market. This is where, to Adnan F.’s mind, Samsung could come in. He writes:

“Samsung has clearly taken the lead in advancing the cause of Android, perhaps more so than Google itself. Then again, Samsung does happen to be the largest global vendor of Android devices. It may rely on Google for the OS but there’s no question that it’s Google that needs Samsung and not the other way around. Often it feels that a light bulb goes off at Google whenever it sees Samsung create a feature that Android should have had. Then it wastes no time in copying that feature. Here’s an example and here’s another, and in the immortal words of DJ Khaled, another one. Let’s not forget that several Android 12 features are copied from One UI and even from Samsung’s outdated TouchWiz UI!. Samsung’s One UI features are also being copied for Android 13. Today, Google went ahead and copied Samsung’s Smart Switch app. It’s as if Google is sitting in an exam and looking over the shoulder of the smart kid – that’s Samsung in this scenario – hoping to copy its work. Where it should have been Google taking the lead, it’s Samsung that’s influencing some of the major feature additions to Android.”

It is not an unreasonable suggestion. As the write-up points out, the two companies are close partners and have collaborated before. But would Google ever hand over the Android reins, even to a trusted friend? We are not so sure.

Cynthia Murrell, May 6, 2022

App Tracking? Sure, Why Not?

May 4, 2022

Big tech companies, including Google, Facebook, and Apple, are supposed to cut back on the amount of data they collect from users via apps. Despite the lip service to users, apps are still collecting data and it appears these companies will not stop anytime soon. Daiji World explains how much data apps are still gathering in: “Apps Still tracking Users’ Data On Apple App Store.”

A University of Oxford research term investigated 1759 Apple IOS apps in the United Kingdom App Store. The team monitored these apps before and after Apple implemented new tracking policies that supposedly make it harder to track users. Unfortunately, these apps are still tracking users as well as collecting user fingerprinting. The team found hard evidence of user tracking:

“The researchers found real-world evidence of apps computing a mutual fingerprinting-derived identifier through the use of “server-side code” — a violation of Apple’s new policies and highlighting the limits of Apple’s enforcement power as a privately-owned data protection regulator. ‘Indeed, Apple itself engages in some forms of user tracking and exempts invasive data practices like first-party tracking and credit scoring from its new privacy rules,’ claimed Konrad Kollnig, Department of Computer Science, University of Oxford.”

Apple’s Privacy Nutrition Labels are also inaccurate and are in direct conflict with Apple’s marketing claims. It is a disappointment that Apple is purposely misleading its users. Enforcing user privacy laws is sporadic, and tech companies barely follow what they set for themselves. Apple has its own OS, so they have a closed technology domain that they control:

“ ‘Apple’s privacy efforts are hampered by its closed-source philosophy on iOS and the opacity around its enforcement of its App Store review policies. These decisions by Apple remain an important driver behind limited transparency around iOS privacy,” [the research team] emphasised.”

Does this come as a surprise for anyone? Nope.

Apple can d whatever it wants because it is a prime technology company and it develops everything in-house. The only way to enforce privacy laws is transparency, but Apple will not become crystal clear because it will mean the company will lose profits.

Whitney Grace, May 4, 2022

Nudge, Nudge: Internet of Things Leads to the Internet of Behavior

March 23, 2022

By now most of us are aware that our search and social-media histories are used to fine-tune the targeted marketing that comes our way. But did you know the Internet of Things also contributes marketing intel? ReadWrite examines “The Developing Internet of Behavior Technology and its Applications.” Yes, the IoT has led to the IoB because of course it did. Writer Dronacharya Dave reports:

“A device such as a smartphone can easily track and note a user’s movements and obtain their real-time geographical positions. With the help of advanced technologies, companies can connect smartphones to devices like cameras, laptops, and voice assistants. Today, smartphones can even record the text and voice of the users. In addition, brands can get information about the users with the help of IoB, such as likes, dislikes, and interests. … Internet of Things (IoT) and Internet of Behavior (IoB) together can provide a lot of important information to the companies for making better decisions related to their marketing and branding efforts.”

One might be surprised by the data that can be garnered from connected gadgets. Naturally there is personal data, like name, gender, IP address, and browser cookies. Engagement data answers whether a user favors communication through texting, email, mobile apps, or social media. Behavioral data includes purchase history, product usage information, and qualitative data like mouse movements. Finally, attitudinal data reports factors like consumer satisfaction, product desirability, and purchase criteria. This seems like a lot of information to surrender for the ability to count steps or preheat one’s oven on the ride home. The write-up tells us how companies get their hands on this data:

“The data and information from the consumers are collected from different websites, sensors, telematics, beacons, social media platforms, health monitors (like Fitbit), and others. Each of these collects additional data from consumers while indulging in doing online activities. Everything is captured by the IoB technology, from the time spent online to all that a user searches for. For example, with the application of IoB, websites can capture the information on the amount of time spent by the customers while searching the website. This data can be highly profitable for the marketing and advertising activities if analyzed accurately.”

The post examines ways marketing departments can make the most of this data and supplies a couple of examples. It also gives an obligatory nod to the risk involved—that bad actors could get their hands on this trove of user data if companies’ security measures are at all lacking. But surely every company is on top of cybersecurity best practices, right?

Cynthia Murrell, March 23, 2022

The Price of a Super Secure Mobile for Questionable People

December 29, 2021

Criminals are sometimes the smartest people in the world, but other times they are the dumbest. The Sydney Morning Herald reported a story on some of the latter in, “‘Invulnerable To Law Enforcement’: More Alleged Drug Criminals Outed By Encrypted App.” Australian criminals Duax Ngakuru and Hakan Ayik were used an encrypted phone platform that was surreptitiously created by law enforcement.

Australian and New Zealand law enforcement teamed together on Operation Ironside and they infiltrated the encrypted AN0M phone network. Authorities monitored Ngakuru and Ayiks’ drug activity for three years:

“The work of Australian and New Zealand authorities has – especially since Operation Ironside was unveiled publicly in June with sweeping arrests and raids across the globe – made the Ngakurus and Ayik among the most wanted men on the planet, crippling the drug syndicates the trio helped operate.

The police files also reveal how the AFP’s infiltration of the encrypted AN0M phone network suggest the Ngakurus and Ayik successfully imported many drug shipments into Australia and New Zealand over many years. On May 17, Shane Ngakuru was covertly recorded using his AN0M phone device to describe sending “methamphetamine to New Zealand, Melbourne, and Perth” from his base in Thailand.”

The bad actors believed they were invulnerable and the most powerful men in Turkey if not Oceania. While their drug operations were cleverly planned, the stupidity surfaces when they did not research their communication networks. Their so-called invulnerability comes about when they thought AN0M could not be hacked. They did not check up on updates or in other bad acting communities to see if there were hints of police crackdowns.

The US FBI, CIA, and other law enforcement organizations never shared information in the past, but they discovered it was mutually beneficially to do so. Criminals often do the same. Unfortunately Ayik and Ngakurus’ egos got the best of them.

Whitney Grace, December 29, 2021

Verizon and Google Are Love Birds? Their Call Is 5G 5G 5G

December 22, 2021

The folks involved with electronic equipment for air planes are expressing some concerns about 5G. Why? Potential issues related to interference. See the FAA and others care about passengers and air freight. Now Verizon and Google care about each other and are moving forward with more 5G goodness. (Please, turn off those 5G mobiles.)

Verizon is regarded as the top mobile provider in the United States. Verizon earns that title, because the company is always innovating. Tech Radar has the story on one of Verizon’s newest innovations: “Verizon Partners With Google Cloud On 5G Edge.” Google Cloud and Verizon will pool their resources to offer 5G mobile edge with guaranteed performance for enterprise customers.

Verizon is promising its 5G networks will have lower latency with faster speeds, reliable connections, and greater capacity. The mobile provider will deliver on its 5G and lower latency promise by decentralizing infrastructures and virtualizing networks, so they are closer to customers. Edge computing means data is processed closer to its collection point. This will enable more advanced technology to take root: smart city applications, telemedicine, and virtual reality.

Google Cloud’s storage and compute capabilities are what Verizon needs to deliver 5G:

“The partnership will initially combine Verizon’s private on-site 5G and its private 5G edge services with Google Distributed Cloud Edge, but the two companies have said they plan to develop capabilities for public networks that will allow enterprises to deploy applications across the US.”

Verizon’s new Google partnership makes it the first mobile provider to offer edge services with Amazon Web Services, Google Cloud, and Microsoft Azure.

The advancement of 5G will transform developed countries into automated science-fiction dreams. Verizon 5G edge sounds like it requires the use of more user data in order for it to be processed closer to the collection point. Is this why Verizon has been capturing more of late? Will 5G networks require more private user data to function?

One of my colleagues at Beyond Search had the silly idea that the Verizon Google discussions contributed to Verizon’s keen interest in capturing more customer data. Will the cooing of 5G 5G 5G soothe those worried about having a 757 visit the apartments adjacent O’Hare Airport? Of course not. Verizon and Google are incapable of making technical missteps.

Whitney Grace, December 22, 2021

Google and Its Penchant for Bold Assertions

December 17, 2021

Google claimed quantum supremacy. Recently Google’s engineers studied the technology of the NSO Group and according to “A Deep Dive into an NSO Zero-Click iMessage Exploit: Remote Code Execution” found the “most technically sophisticated exploit ever seen.” The analysis is thorough and reflects considerable enthusiasm for disentangling some of the inner workings of Apple’s mobile operating system. I can almost hear the chuckles of the Google engineers as they figured out how the NSO Group compromised iPhones simply by sending the unlucky target a message packet.

Several observations:

  1. The NSO Group talks with other entities (people from university, a military unit, colleagues at limited attendance conference, etc.). Consequently information about methods seeps into the intelware community. This community is not quite like the Yacht Club in Manhattan, but it is similar: Traditions, friendships, bon homie, and the like.
  2. Intelware developers associated with other countries often gain access to specialized tools and services via connections with a nation state which is a customer of an specialized services firm, say, for argument’s sake, the NSO Group. It is probable that other entities have examined and replicated some of the NSO Group’s systems and methods. The fact that Google figured out the system and methods of this particular NSO Group service means that other groups can too. (It is possible that some at Google believe that their work is singular and not replicable. Yeah, high school science club thinking, perhaps?)
  3. Due to the connection between high value targets and the cachet of the Apple iPhone, figuring out how to penetrate an iPhone is a high value activity. Apple’s engineers are bright and were in their high school science clubs as well. However, engineers do not design to prevent unforeseeable flaws in their engineering innovations. This means that iPhones have flaws. When a device is the focus of attention of numerous nation states’ intelligence services, commercial enterprises in the zero day business, and companies with staff trained by military intelligence organizations — flaws will be found. My Arnold Rule for this situation is that insights will be discovered of which the original developer had no clue.

Kudos to Google for the NSO Group information. However, like quantum supremacy, the statements about the sophistication of the exploit are a bit like the claim for quantum supremacy. There are other entities in the Intel world which have capabilities which will surprise the “experts” just now discovering the world of intelware. Nice paper, very academic, but it reveals a disconnect between the world of the commercial researcher and the robust, broad intelware ecosystem.

Stephen E Arnold, December 17, 2021

Chinese Company Excitement: Xiaomi

December 15, 2021

Own stock in Alibaba? Well, think Xiaomi.

Lithuania made a discovery during a recent cybersecurity assessment that, honestly, does not surprise us in the least. We learn of the finding in Big Technology’s piece, “A Xiaomi Phone Might’ve Shipped With a Censorship List in Europe. Now What?” A certain Xiaomi phone model sold in Europe was found to carry a built-in censorship list of about 450 political terms, like “democratic movement” and “long live Taiwan’s independence.” The blocklist lay dormant, but it could have been activated remotely at any time. It is thought its inclusion on phones shipped outside China, where censorship is the norm, may have been a mistake. Reporter Alex Kantrowitz writes:

“After the government published its findings, things got weird. The list swelled to more than 1,000 terms, including hundreds of non-political terms like ‘pornography,’ seemingly to turn the political blocklist into something more generic. Then, it disappeared. ‘They reacted,’ Margiris Abukevicius, Lithuania’s vice minister for defense, told me. ‘It wasn’t publicized from their side.’ The accusations, which Xiaomi disputes, clarified just how fraught the West’s relationship is with China’s growing technology power. As China-based tech companies like Xiaomi and TikTok flourish, there’s still no playbook in North America or Europe to deal with their potential to censor or steer culture via algorithms. TikTok, with its inscrutable feed, remains unchecked. And the Lithuanian government’s report on Xiaomi, replicated by another researcher, sparked a collective shrug. ‘Western countries,’ Abukevicius said, ‘are more and more reliant on technologies, and a big part of those technologies comes from countries which are not friendly, which we don’t trust, and it poses risks.’ How to address those risks remains unclear, though. Xiaomi was Europe’s top-selling smartphone manufacturer in the second quarter of 2021, and it’s number two in the world overall.”

Not in the US, though. Xiaomi was blacklisted here until recently, and FCC commissioner Brendan Carr is taking Lithuania’s discovery into account as he decides whether to allow Xiaomi smartphones to run on our wireless networks. In Europe, more countries are investigating the matter. It is uncertain what measures will be taken; an outright ban seems “extreme,” we’re told, considering there is no evidence the blocklist was ever activated within the EU. Kantrowitz points out the bigger issue going forward is a more general one—Western nations need a plan to address the culture clash and potential security risks cropping up on our devices.

Cynthia Murrell, December xx, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta