I Wonder...
If this will give manufacturers an incentive to take security of their devices seriously?
Ahahahahahaha...couldn't say that with a straight face.
WikiLeaks has dumped online what appears to be a trove of CIA documents outlining the American murder-snoops' ability to spy on people. The leaked files describe security exploits used to compromise vulnerable Android handhelds, Apple iPhones, Samsung TVs, Windows PCs, Macs, and other devices, to read messages, listen in via …
Fuck the lot of them, the easiest thing is to just roll over and die and then those ruling elite cunts cant farm you, its been going on since before Roman times. Divide and conquer ad infinitum.
Then what will they do. Keep paying out benefits for the stupid to keep breeding.
the government is spying on you
Quick rip out the internet and smash your smart TV....... after you've downloaded a box set of 'the walking dead' and saved tonight's football on the tivo.....
Mind you , one misplaced IP address and the CIA etc are listening to a 4 month old baby sleeping instead of the Russian 2nd trade secretary bonking an MPs typist.....
All bought to you via some need to have everything connected to the internet whether its needs to be or not
If you look at the reference in the wiki leaks article https://wikileaks.org/ciav7p1/ and note the reference to Weeping Angels, then look at the wiki reference for Weeping Angels https://en.wikipedia.org/wiki/Weeping_Angel
It indicates a level of planning and tie up between the UK & US, both military/law enforcement as well as organisations like the script writers involved in the Dr Who series.
Do you think these things are just co-incidences? So for your next challenge try and spot what other organisations or entities are also tied in with this planning and execution, and does it spread beyond the UK & US regions, to perhaps the 5 eyes region or even further?
So many possibilities, but not enough data....
When I put electrician's tape over my camera lenses and unplugged by PC and TV at the wall, and used a pre-GPRS mobile, they all laughed. Ha! Who has the last laugh now, spied-on dupes?!? Answer me that!! Ha ha ha ha!
--the one in the tin-foil hat, utterly vindicated
"Ha! Who has the last laugh now, spied-on dupes?!? Answer me that!!"
The government. Because you obviously have something to hide which is highly suspicious. Just to be on the safe side I would recommend ignoring any possible (legit) lottery offers which suddenly declare you the winner of a free vacation to Cuba :P
"one day you might disagree with your Government"
Oh, but I do! And how many of us have sat watching TV and swearing at the witless politicians that allegedly run our country? I'm sure if the idiots were told that if our TVs were bugged we could be sued for slander at some stage.
Mind you, we watch endless reruns of Murder She Wrote, so I have nothing to hide...
1) ...but the original article mentions Linux too
2) most interesting part for me in related HN thread was that CIA had to tag all this cyber-weaponry as "declassified" because otherwise the person who deploys it on hacked systems should be prosecuted
This is because they need to "get into it" first.
Not as trivial as with another OS that can't be audited.
Not saying Linux is perfect or unhackable but it is a tad more difficult to get into Linux servers if they are configured correctly.
The more savvy and seasoned the user, the hardest to hack.
But all of this is moot if the state is after you.
They will apprehend you at your door, bash the hell out of you, get your keys and passwords and simply plant whatever evidence they want on your computer.
And you my dear friends will never know and will hate me once the press writes the corresponding kill piece and the BBC declares me enemy of the people.
"They will apprehend you at your door, bash the hell out of you, get your keys and passwords and simply plant whatever evidence they want on your computer." As some Police officers do already, arrest on sus, take your keys and using 'cain & able' spoof the date and insert something that will get you jail time...
This post has been deleted by its author
Security axioms:
1. If it has an antenna, it can be compromised.
2. If it has an internet connection, it is likely compromised.
3. If it has a microphone, it may be listening.
4. If it has a camera, it may be recording or imaging.
5. If it has a GPS, WiFi, or maybe Bluetooth it is tracking your location.
6. 'Off' may well be 'On'.
7. If it is stored in the cloud, someone else has it.
8. No cloud encryption can be trusted.
9. Two factor authentication with a compromised device is compromised.
10. Encryption with a compromised device is compromised everywhere.
11. Anything that can reach an open or weakly encrypted WiFi should be presumed to be on the internet.
12. If it is backed up to the cloud, someone else has it.
13. Most things new and electronic have an antenna.
14. Connected cars are on the internet.
15. Insurance dongles for cars are an open attack vector.
16. An air gap is not enough.
17. Almost all browsers can be de-anonymized.
18. Using WiFi without a VPN tunnel leaves you open to a bunch of attacks.
19. Most operating systems are either vulnerable or pre-compromised with respect to privacy by their creator.
20. Most browsers leak data to creators and third parties.
Clearly you could list quite a few more.
A moving coil speaker being used as a microphone only registers pressure waves, within its frequency response. To be sure it's can't tell the difference between high frequency acceleration that's both changing direction 180 degrees very rapidly and is also axial to the speaker coil, but that I would argue is a very rare situation. No use for integrating acceleration to give speed and integrating that to give position - apart from anything else, it lacks two necessary axes.
As a side issue, while a speaker *can* be used as a microphone, the usual setup in a digital audio system is microphone -> preamp -> ADC -> digits -> DAC -> amplifier -> speaker. The whole point of the microphone idea is that you need access to the speaker wires where the microphone goes in. Unless the whole of the audio interface industry for PCs (and generic systems: phones, TVs, IoT crap etc) has been designed with an undocumented link from the post-amp back to the preamp, it seems difficult to assume that this is a likely option.
Which is not to say that it's not impossible, but I suspect that it needs either global interference with the chipsets, or one-off specialist adaptation (e.g. four resistors or so adding, and some code changes).
This post has been deleted by its author
This post has been deleted by its author
Hi, Bandikoto,
But who and/or what individually benefits is always the money shot question to be answered for clarity of purpose and transparency of covert and clandestine mission, for surely all common or garden spies/semi-autonomous agents and professional Walter Mitty types always follow orders and report to others.
Is the answer in the clue that has one following the money to identify the base raw source of current woes and future tribulations, or are you likely to find heavenly hosts and the holy grail which rewards with bounty that know no bounds?
Be they both one and the same at all times and a curse that has no rhyme or reason to exist, other than to torment the ignorant masses for the enrichment of an arrogant few with systems easily crashed with news of secrets and news of new secrets yet to come?
Questions, questions, questions …… and all have answers if you have a fervent desire and rabid need to know. And how strange that so little is asked of vital matters in favour of delivering viral opinions for media to plug as hard enough fact to be spread as news rather than proclaim as just the work of penny dreadful fiction and fantasist spam for the masses which just truly benefits a troubled and troublesome few, who be not a few chosen.
For many years before Snowden I've been predicting this. The usual response was to label me a conspiracy-freak crazy and dismiss me with "why would the government want to spy on my phone/web surfing/e-mail/TV/etc.?"
My answer was simple. Because They Can. Add in a profit or means to control others and it becomes inevitable and imminent. There is always one or a few who will do anything, no matter how onerous or horrible. If ten thousand people recoil in horror before a prospective action, the ten thousand and first will happily do it. You won't sell phone-hacking software to oppressive governments? Okay, but Cellebrite will.
So moving on, apply this simple question: can it be done? If the answer is Yes, someone is already doing it. Wikileaks et. al. only provide confirmation.
To be sure, the usual response still is to label people a conspiracy-freak crazy - not sure whether people simply haven't heard of a specific leak (trust me, still plenty would go "huh?" if asked who Snowden is...), are they shell-shocked into numbness and denial by the deluge of leaks of late, or simply bury their heads into the sand with the attitude that nobody they know ever suffered any direct consequence of any of this so it clearly doesn't matter. But regardless of which of these they go with, in my experience people outside IT _still_ call anyone crazy who wastes even a second of their time with any such "nonsense" *.
* I'm still utterly stumped trying to explain to anyone why I prefer not using phonebook-slurping malware like WhatsApp and its ilk. "I'm using it and I'm fine, you freak!"
-- then they will get you.
To me, naive fule that I are, it seems that running a write-protected thumb-drive OS configured to use a VPN into TOR -- of course using a no-JavaScript browser, Disconnect or similar plug-in, etc -- might be current best practice for staying unnoticed. (Going from your ISP into a VPN is less attention-getting than going directly to TOR, I believe.)
(No, I don't mean all the time, just when you want privacy for whatever reason.)
But if you make yourself interesting to a nation-state agency, then your privacy becomes much more fragile. Again, IMHO. So in my playbook, as it currently stands, the prime directive is do not be interesting in the first place.
No, I do not like the idea of the CIA (NSA, et al) capturing my regular surfing. But my web use is pretty much in the middle of the Internet bell curve, I think. Nothing to see there, quite boring really. If I were to wish to browse to more attention-catching sites, then I might use a more secure and anonymous system.
But of course that's all just talk on my part. I do not merely seem boring, I really am boring.
"So your argument is that your obscurity provides your security."
Only sorta. And not very sorta at that.
If I were relying on obscurity I would not bother with a read-only OS like TAILS or TENS or Kodachi -- that's one step toward not getting hacked. If I were relying on obscurity, I would not bother with VPN+TOR+privacy plugins -- those are steps toward maintaining anonymity.
My point is, if you become interesting to the big boys, then they will go as far as they need to go. Your home may have been your castle in 1920, but nowadays they will break in and mod your PC for you while you are out quaffing a cold one. If that's what they think they need to do. And of course they have many, many other options before the physical break-in.
Wear a mask. But when you need to take the mask off -- and you will, often -- that's when you must be boring and obscure.