Samsung Galaxy spying defeated?

As I’ve written before, I kept noticing ads pop up on Facebook and Twitter which seemed suspiciously as if they were triggered by conversations held around my phone. I got so fed up with this this summer that I briefly listed my Samsung Galaxy phone on Craigslist. And yet, something pulled me back. A friend pointed out that certain apps – even system ones – could be removed from the phone without actually rooting it. I have always been impressed with the Galaxy’s hardware; it was Samsung’s bloatware that drew my suspicion. Samsung’s locked my phone down so tightly that rooting it is out of the question. Perhaps this other method might work?

After carefully examining apps in Android’s app permissions page, paying particular attention to system apps (which usually are firmly entrenched and can’t be removed), my eyes focused on one quite innoculous one that called itself SmartThings.

I already tweeted my discovery of two separate SmartThings apps, each with wildly different permissions, but a search of the phone’s packages never turned up any of the more entrenched, system version of SmartThings.

After more Googling, I found the name of the offender, a mysterious package called com.samsung.android.beaconmanager.
Continue reading

Who are Pat and Alex and why are they texting people about their homes?

Earlier this week, two separate neighbors received a curious text. A person calling themselves Pat expressed interest in buying their homes.

One from 919-373-6758 read:

“Hey there, so sorry if I have the wrong number. I am Pat and would love to contact [homeowner]. Regarding a property in [homeowner address], in order to determine if there is interest in selling. Do I have the right number?”

the other from 919-769-6879, read:

“Hey there, This is Pat, I am trying to reach out [homeowner – sic]. Regarding a property in [homeowner address], to see if selling it would be an option. You wouldn’t know the owner or would you?”

Both were sent at the same time of day, 9:33 AM, but on two separate days. They were from two different phone numbers as well. Another neighbor received a similar text on Nov 20th, I’m told. (Coincidentally, I’ve been getting and ignoring scammy calls at home from 919-769-68xx numbers for several weeks now).

Being the curious sort, I did a few Google searches for this text and came across a number of similar texts, only from different alleged people. A search of the venerable 800notes.com shows only one other similar text, this one from “Alex” from the number 832-934-9960:

“Hello, apologies if this is not a good number. This is Alex, I am looking for [homeowner]. Regarding a property in [homeowner address], in order to see if selling it would be an option. You don’t know the owner or do you?”

Obviously these are connected. How many people are getting them? How come there isn’t more information about them online? How is it that both my friends got the texts on separate days but at 9:33 AM on those days? And what’s the ultimate goal here? Is this just some bot that is out there, doing data cleanup to match phone numbers with names and addresses?

I’ll keep you posted as I learn more about this supposed scam.

Update 10 Jan:

I found another Internet hit, this thread on the City-Data website. This one’s from someone in Minnesota and dates from November 2018:

Over the past several months, I have been getting texts asking if I want to sell my house in Maricopa County. Each one has a different phone #. each message has a different message. My wife has gotten a couple as well (again, a different phone # and message each time).

Today, I got this one which is pretty typical:
Exact words:
“Hi (and my actual 1st name)! My name is Alex, I’m a local home buyer reaching out to see if you’re interested in an offer for your home on (my actual address)? Thx

I refuse to text back. But a couple of times, I called with my Google Phone # (same phone but with a hidden #) and got a vmail message asking to leave my name and address. I left out the address but gave my google, non-traceable #) and said that I wanted to sell my property”. No response….

I googled the number that came in on the text just today which is 480-531-6397. Another time from 623-295-0692 (he was “looking to buy a house in our neighborhood”). There are other phone #’s. I’m not alone with the 623 extension https://800notes.com/Phone.aspx/1-623-295-0692

Does anybody know what their scam might be? People who have called or texted back haven’t gotten a call back. Something smells fishy.

The most recent entry (again, November 2018) on that 800notes page adds a new name to the mystery, a “Tim.”

Got a text message. Says his name is Tim with Home Buyers. Wanted to see if I wanted to sell my house.
Scam?

The user “superstition480” on the City-Data thread says the outfit is “1 800 Fair Offer”:

The main company doing this, is called “1 800 Fair Offer”. They illegally robocall consumers trying to buy their houses FAR below market value. The company is owned by an arrogant guy named Sean Terry. This goof actually has videos posted on YouTube to teach his followers how to illegally robocall for more leads. I am in the process of filing a complaint with the Arizona State Attorney General’s office, and am also considering a class action suit against this company for their illegal robocalling.

I’m going to see what I can find out about “1 800 Fair Offer” and if there have been any complaints against them for illegal robocalling/texting.

Teen Vogue story on Facebook prompts sponsored content fears, vanishes – Business Insider

This is some sneaky shit on Facebook’s part.

After pondering it for a day, I think its audience wasn’t Teen Vogue but actually Congress. Not that anyone in Congress reads Teen Vogue, but Facebook COO Sheryl Sanberg was all too happy to crow about this puff piece. I think Facebook was trying desperately to show Congress its serious about policing itself when in actuality it only cares about money.

I feel bad for Teen Vogue as the teen magazine has been running really good stories explaining cybersecurity. Of course, they also run stories telling teens about the joys of anal sex, so it’s a wash I guess. At any rate,any credibility Teen Vogue may have had is gone now. Hope the money was worth it.

Here’s the original story, captured by The Internet Archive’s magnificent Wayback Machine.

(Also, that’s the least clickbait-y headline EVER. Obviously it wasn’t meant for teens.)

An uncritical story in Teen Vogue about Facebook’s efforts to secure its social network ahead of the 2020 election caused bewilderment over contradictory messages about whether it was paid for by Facebook — before it just disappeared completely.

On Wednesday, Teen Vogue published “How Facebook Is Helping Ensure the Integrity of the 2020 Election.” It’s a 2,000-plus-word story comprising a series of interviews with various senior Facebook employees about how the Silicon Valley tech giant is working to avoid nefarious political activity in the US’s coming presidential election.

The positive tone of the piece, and lack of byline indicating who wrote it, led some on Twitter to speculate that it was a piece of sponsored content — that is, an article paid for and overseen by Facebook to promote itself.

This suspicion was seemingly confirmed when, some time after publishing, Teen Vogue appended a note to the top of the story, reading: “Editor’s note: This is sponsored editorial content.”

The note raised questions about editorial ethics — why wasn’t this disclosed from the start? — but the saga didn’t end there. Facebook instead denied that it was sponsored content, saying it was just a regular article, and the note disappeared from the top of the story again.

Source: Teen Vogue story on Facebook prompts sponsored content fears, vanishes – Business Insider

bellingcat – Guide To Using Reverse Image Search For Investigations – bellingcat

Reverse image search is one of the most well-known and easiest digital investigative techniques, with two-click functionality of choosing “Search Google for image” in many web browsers. This method has also seen widespread use in popular culture, perhaps most notably in the MTV show Catfish, which exposes people in online relationships who use stolen photographs on their social media.

However, if you only use Google for reverse image searching, you will be disappointed more often than not. Limiting your search process to uploading a photograph in its original form to just images.google.com may give you useful results for the most obviously stolen or popular images, but for most any sophisticated research project, you need additional sites at your disposal — along with a lot of creativity.

This guide will walk through detailed strategies to use reverse image search in digital investigations, with an eye towards identifying people and locations, along with determining an image’s progeny. After detailing the core differences between the search engines, Yandex, Bing, and Google are tested on five test images showing different objects and from various regions of the world.

Source: bellingcat – Guide To Using Reverse Image Search For Investigations – bellingcat

‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age

When hackers began slipping into computer systems at the Office of Personnel Management in the spring of 2014, no one inside that federal agency could have predicted the potential scale and magnitude of the damage. Over the next six months, those hackers — later identified as working for the Chinese government — stole data on nearly 22 million former and current American civil servants, including intelligence officials.

The data breach, which included fingerprints, personnel records and security clearance background information, shook the intelligence community to its core. Among the hacked information’s other uses, Beijing had acquired a potential way to identify large numbers of undercover spies working for the U.S. government. The fallout from the hack was intense, with the CIA reportedly pulling its officers out of China. (The director of national intelligence later denied this withdrawal.)Personal data was being weaponized like never before. In one previously unreported incident, around the time of the OPM hack, senior intelligence officials realized that the Kremlin was quickly able to identify new CIA officers in the U.S. Embassy in Moscow — likely based on the differences in pay between diplomats, details on past service in “hardship” posts, speedy promotions and other digital clues, say four former intelligence officials. Those clues, they surmised, could have come from access to the OPM data, possibly shared by the Chinese, or some other way, say former officials.

The OPM hack was a watershed moment, ushering in an era when big data and other digital tools may render methods of traditional human intelligence gathering extinct, say former officials. It is part of an evolution that poses one of the most significant challenges to undercover intelligence work in at least a half century — and probably much longer.The familiar trope of Jason Bourne movies and John le Carré novels where spies open secret safes filled with false passports and interchangeable identities is already a relic, say former officials — swept away by technological changes so profound that they’re forcing the CIA to reconsider everything from how and where it recruits officers to where it trains potential agency personnel. Instead, the spread of new tools like facial recognition at border crossings and airports and widespread internet-connected surveillance cameras in major cities is wiping away in a matter of years carefully honed tradecraft that took intelligence experts decades to perfect.

Source: ‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age

Facebook audio snooping almost certainly prompted targeted ad

A story in July’s Consumer Reports discussed the possibility of our social media apps secretly listening to us:

Well, it’s technically possible for phones and apps to secretly record what you say. And lots of people sure seem to think they do.

According to a nationally representative phone survey of 1,006 U.S. adults conducted by Consumer Reports in May 2019, 43 percent of Americans who own a smartphone believe their phone is recording conversations without their permission.

But, to date, researchers have failed to find any evidence of such snooping.

While there might not be any fire yet, there sure as hell is smoke.
Continue reading

Electronics testing at the airport

I haven’t posted a TSA story in a while because I’m lucky enough not to travel as often as I did. When I have traveled, I have come to appreciate how professional the team at my home airport, Raleigh-Durham, is. I’ve never had a bad experience with them and this – I want to stress – is not a bad one, either. Just unusual.

For years I have enjoyed the benefit of TSA-Pre, allowing me to speed through security lines. Naturally, I headed into the TSA-Pre line when I flew out of Raleigh on Wednesday morning. Expecting all to be well, I was intrigued when I apparently set off the metal detector.

“Wait right here, sir,” the screener said, calmly. “We’re going to screen your electronics.”

I waited on the mat next to the metal detector while another agent got through checking another traveler’s electronics. He invited me over and I carried my bags to the testing station.

“Got any thing that is sharp, going to stick me, contraband, etc?” he asked. When I answered no, he politely asked if I had a laptop in the bag. I showed him the pocket it was in and he laid it out on the counter.

He then swabbed my laptop with a chemical pad, popped the swab into the sensor for analysis, and stepped away. To my surprise, the sensor began beeping. My newish work laptop had only been on my office desk and my home desk – not to the coca fields of South America or anything. I began to think over kind of substance could have possibly set off this false alarm.
Continue reading

Our car’s keyfob was hacked – the question is how?

We were out of town over the weekend and at 5:30 AM Saturday I awakened to the sound of one beep of our car’s “alarm” horn. Thinking it was the neighbor’s car and knowing our car was locked, I went back to bed. When we walked to the car later that morning, the hatch was standing wide open. Nothing appeared to be touched or taken.

I was immediately concerned that somehow our keyfob had been hacked. Kelly thought something probably bumped up against one of our keyfobs and that caused it to open. We’ve had the car for years, though, and an “accident” like this has never happened. If something pressed a keyfob button, why would it sound just one beep of the horn alarm? Why not trigger it to sound repeatedly, as would happen if it were a single press of the button? Seems unlikely an accidental press of a button would cause one clean beep and then cause the hatchback to open.

So, naturally I am fascinated with whatever technology was used for this! There are a couple of approaches.
Continue reading

Rep. Joe John statement on Abe Zeiger’s arrest

NC House District 40 Representative Joe John was the person Abraham Zeiger was due to meet on Friday before Zeiger was arrested for carrying a pistol and two fully-loaded magazines into the North Carolina General Assembly building. Rep. John read the following statement on the House floor Monday night:

This gentleman actually had an appointment to see me. I made the following statement on the House floor Monday night:

Members, last week I had an 11:30 AM Wednesday constituent appointment with a resident of House District 40, whom I had not met previously, to discuss some fairly non-controversial issue. 11:30 came and went without the appointment being met, not all that unusual as many of you have experienced. When I went to lunch at 12:30, he was still a no-show.

We learned later that day the reason my appointment never arrived. He had been detained at our legislative building security check-in while attempting to enter this building with a loaded handgun and two full clips concealed in his bag, and had consequently been arrested and charged accordingly. He reportedly gave no explanation for his actions and was actually remarkably silent.

I want to thank publicly the members of the NC General Assembly Police Department who were on duty last Wednesday and acted expeditiously and appropriately. I would also like to thank the Legislative Services Officer and the Rules Chair for their follow-up and the many of you who expressed your concern.

That being said, in light of very recent events, I would ask each of you, for a moment, to imagine that the gentleman’s appointment was with you, in your office, rather than with me in mine. This incident after all took place, not hundreds of miles away in the distant states of Ohio and Texas, but right here, not only in our North Carolina capital city, but in this very building where we work and govern and spend so many hours. And as you reflect, I would ask you to consider whether it is now not time to throw partisanship and ideology into the trashcan, and to sit down for a full, frank and open-minded conversation about reaching a North Carolina common sense consensus with regards to role of firearms in our state.

I considered this often over the past weekend which Evelyn and I were able to spend at the coast with two adult children and three young granddaughters. I, for one, greatly enjoyed being “Pa” at the beach, I look forward to many more such weekends, and I am more than ready to have the conversation of which I spoke. If any of you feel the same, please let me know.

AP: Man with gun stopped by security at N Carolina legislature

Here’s an uncredited AP story on the arrest of Zeiger. It includes a quote from his attorney:

“It is unfortunate that any malice be attributed to such an upstanding citizen who merely made an oversight,” Gibson wrote.

Nice spin there, counselor! At the checkpoint, Zeiger was specifically asked whether he had any weapons in his bag. That should’ve been enough to trigger (so to speak) Zeiger’s memory that perhaps he did, in fact, have a weapon in his bag and that he should take it back to his vehicle. Oversight, my ass.

I look forward to Zeiger’s day in court.

August 2, 2019

RALEIGH, N.C. (AP) — A man faces charges of carrying a concealed handgun into North Carolina’s legislative building, which this year implemented airport-style security measures for people seeking to interact with lawmakers.

Abraham James Zeiger, 36, of Raleigh was charged with trying to carry the gun into the building on Wednesday, police records show. He sought to enter the building to speak to his legislator and didn’t realize he was carrying the gun, attorney Emily Gibson said in an email Friday.

“It is unfortunate that any malice be attributed to such an upstanding citizen who merely made an oversight,” Gibson wrote.

The General Assembly’s police chief and its chief management officer didn’t return a call Friday seeking more details about the arrest.

Zeiger was stopped by officers who spotted a suspicious item as his bag passed through an X-ray scanner, The News & Observer of Raleigh reported . Officers found a 9 mm handgun and two magazines, each loaded with 15 bullets, General Assembly Police Chief Martin Brock told the newspaper.

The arrest marked the first instance of a gun being found during the screening process at the entrance to the state’s legislative building, which hosts staff and legislative offices, hearing rooms and the chambers where the 50-member Senate and 120-member House meet.

Legislative activities were minimal this week as lawmakers try to overcome Gov. Roy Cooper’s veto of the two-year state budget. On Wednesday, House members discussed a commission to oversee the purchase and sale of milk and approved legislation to expand the requirement for adults to report claims of child sex abuse to the authorities.