#Report: Security concerns over compulsory app launched by Hong Kong government

This is part of a report published by #TechOpenFund on July 27, 2022. The investigation was conducted by #7ASecurity and #OTFRedTeamLab in 2022:

//...This exercise involved both a privacy audit and a security audit of the #LeaveHomeSafe #Android and #iOS apps.

The privacy audit could not conclusively prove malicious intent or unauthorized tracking of Hong Kong citizens. However, the security audit demonstrated that these applications have not been professionally audited by any competent security firm before, and that significant flaws exist in the current software security development lifecycle.

This is particularly concerning given that the app was originally introduced more than a year and a half ago, was made mandatory in some fashion for 9 months and recently began requesting real name registration and tracking user’s movements.

While no clear privacy violation could be conclusively proven during the audit at runtime, a number of application artifacts, likely inherited from underlying dependencies or simply security vulnerabilities introduced by mistake, were found during this exercise.//

Read the full article:
https://www.opentech.fund/news/7asecurity-otf-red-team-lab-partner-completes-blackbox-pentest-and-privacy-audit-of-leavehomesafe-app/

Source: Open Tech Fund #Jul27

#MassSurveillance #Track #Privacy #App #PoliceState #Pandemic

#MassSurveillance
#TikTok Browser Can Track Users’ Keystrokes, According to New Research

// The web browser used within the TikTok app can track every keystroke made by its users, according to new research that is surfacing as the Chinese-owned video app grapples with U.S. lawmakers’ concerns over its data practices.

The research from Felix Krause, a privacy researcher and former Google engineer, did not show how TikTok used the capability, which is embedded within the in-app browser that pops up when someone clicks an outside link. But Mr. Krause said the development was concerning because it showed TikTok had built in functionality to track users’ online habits if it chose to do so.

Collecting information on what people type on their phones while visiting outside websites, which can reveal credit card numbers and passwords, is often a feature of malware and other hacking tools. While major technology companies might use such trackers as they test new software, it is not common for them to release a major commercial app with the feature, whether or not it is enabled, researchers said. //

Read more:
https://www.nytimes.com/2022/08/19/technology/tiktok-browser-tracking.html

Source: New York Times #Aug19

#BigBrother #CreditCard #Privacy

#Surveillance
Portable charger in China Turned into Eavesdropping Device and GPS Locator

In China, a portable charger can become an eavesdropping device and a GPS locator. Acoording to Chinese media, with the installation of SIM card, such portable charger can eavesdrop a long distance away and locate the user accurately.

These devices come in various colours and models, but most have the functionality of "remote monitoring recording" and "precise positioning".

They cost from RMB300 to RMB600 and can be bought on some online platforms.

In China, a journalist from #Banyuetan (#半月談) successfully modifies a portable charger from a store with RMB300. He downloads a "#GPS365" app onto his phone. After logging in with the username and password given by the seller, the screen shows the device location, tracking record, contact list, messages etc.

The journalist puts "location" in trial and finds out that the activity tracking of the user can be seen clearly with the portable charger. Even places like underground and car parks can still be accurately shown on the system.

The staff told the journalist that the charger could record sound from the surroundings and automatically send the recording to the phone once the environment noise exceeds 50dB with "Sound Control Convo (#聲控語聊到)" installed in the app. The portable charger can also pick up phone calls automatically.

Source: RFA #Jul27
https://www.facebook.com/454004001340790/posts

#GPS #SoundControl #Tracking #Taobao #Privacy #Security #PrecisePositioning #MadeinChina

Images from over 700 surveillance cameras in Taiwan leaked, all using Huawei chips

Source: Unwire.hk #Dec08

#Taiwan #Huawei #Privacy #Camera #Chips

Read more
⬇️⬇️⬇️

Images from over 700 surveillance cameras in Taiwan leaked, all using Huawei chips

The Taiwanese media has reported that over 700 private surveillance cameras have been leaked live on websites such as Insecam. The leaked footage included postnatal care homes, clinics, some homes' entrances, living rooms and even bedrooms, all of which had one thing in common: the cameras used Huawei chips.

A bun shop owner in the Datong district of Taipei City said that she was scared to see the images of her shop on the internet. She never thought that these images would be made public, and the thought of being watched at work made her feel uncomfortable. The surveillance cameras used in these leaked locations all have Huawei chips built into them, most of which are HiSilicon Hi3516 chips.

Source: Unwire.hk #Dec08

#Taiwan #Huawei #Privacy #Camera #Chips

https://unwire.hk/2022/12/08/taiwan-cctv-hacked-and-leaked/tech-secure/