#Report: Security concerns over compulsory app launched by Hong Kong government
This is part of a report published by #TechOpenFund on July 27, 2022. The investigation was conducted by #7ASecurity and #OTFRedTeamLab in 2022:
//...This exercise involved both a privacy audit and a security audit of the #LeaveHomeSafe #Android and #iOS apps.
The privacy audit could not conclusively prove malicious intent or unauthorized tracking of Hong Kong citizens. However, the security audit demonstrated that these applications have not been professionally audited by any competent security firm before, and that significant flaws exist in the current software security development lifecycle.
This is particularly concerning given that the app was originally introduced more than a year and a half ago, was made mandatory in some fashion for 9 months and recently began requesting real name registration and tracking user’s movements.
While no clear privacy violation could be conclusively proven during the audit at runtime, a number of application artifacts, likely inherited from underlying dependencies or simply security vulnerabilities introduced by mistake, were found during this exercise.//
Read the full article:
https://www.opentech.fund/news/7asecurity-otf-red-team-lab-partner-completes-blackbox-pentest-and-privacy-audit-of-leavehomesafe-app/
Source: Open Tech Fund #Jul27
#MassSurveillance #Track #Privacy #App #PoliceState #Pandemic
This is part of a report published by #TechOpenFund on July 27, 2022. The investigation was conducted by #7ASecurity and #OTFRedTeamLab in 2022:
//...This exercise involved both a privacy audit and a security audit of the #LeaveHomeSafe #Android and #iOS apps.
The privacy audit could not conclusively prove malicious intent or unauthorized tracking of Hong Kong citizens. However, the security audit demonstrated that these applications have not been professionally audited by any competent security firm before, and that significant flaws exist in the current software security development lifecycle.
This is particularly concerning given that the app was originally introduced more than a year and a half ago, was made mandatory in some fashion for 9 months and recently began requesting real name registration and tracking user’s movements.
While no clear privacy violation could be conclusively proven during the audit at runtime, a number of application artifacts, likely inherited from underlying dependencies or simply security vulnerabilities introduced by mistake, were found during this exercise.//
Read the full article:
https://www.opentech.fund/news/7asecurity-otf-red-team-lab-partner-completes-blackbox-pentest-and-privacy-audit-of-leavehomesafe-app/
Source: Open Tech Fund #Jul27
#MassSurveillance #Track #Privacy #App #PoliceState #Pandemic
#MassSurveillance
#TikTok Browser Can Track Users’ Keystrokes, According to New Research
// The web browser used within the TikTok app can track every keystroke made by its users, according to new research that is surfacing as the Chinese-owned video app grapples with U.S. lawmakers’ concerns over its data practices.
The research from Felix Krause, a privacy researcher and former Google engineer, did not show how TikTok used the capability, which is embedded within the in-app browser that pops up when someone clicks an outside link. But Mr. Krause said the development was concerning because it showed TikTok had built in functionality to track users’ online habits if it chose to do so.
Collecting information on what people type on their phones while visiting outside websites, which can reveal credit card numbers and passwords, is often a feature of malware and other hacking tools. While major technology companies might use such trackers as they test new software, it is not common for them to release a major commercial app with the feature, whether or not it is enabled, researchers said. //
Read more:
https://www.nytimes.com/2022/08/19/technology/tiktok-browser-tracking.html
Source: New York Times #Aug19
#BigBrother #CreditCard #Privacy
#TikTok Browser Can Track Users’ Keystrokes, According to New Research
// The web browser used within the TikTok app can track every keystroke made by its users, according to new research that is surfacing as the Chinese-owned video app grapples with U.S. lawmakers’ concerns over its data practices.
The research from Felix Krause, a privacy researcher and former Google engineer, did not show how TikTok used the capability, which is embedded within the in-app browser that pops up when someone clicks an outside link. But Mr. Krause said the development was concerning because it showed TikTok had built in functionality to track users’ online habits if it chose to do so.
Collecting information on what people type on their phones while visiting outside websites, which can reveal credit card numbers and passwords, is often a feature of malware and other hacking tools. While major technology companies might use such trackers as they test new software, it is not common for them to release a major commercial app with the feature, whether or not it is enabled, researchers said. //
Read more:
https://www.nytimes.com/2022/08/19/technology/tiktok-browser-tracking.html
Source: New York Times #Aug19
#BigBrother #CreditCard #Privacy
NY Times
TikTok Browser Can Track Users’ Keystrokes, According to New Research
In the web browser used within the TikTok app, supplementary code lets the company track every character typed by users. The company said the capability was for troubleshooting.
#Surveillance
Portable charger in China Turned into Eavesdropping Device and GPS Locator
In China, a portable charger can become an eavesdropping device and a GPS locator. Acoording to Chinese media, with the installation of SIM card, such portable charger can eavesdrop a long distance away and locate the user accurately.
These devices come in various colours and models, but most have the functionality of "remote monitoring recording" and "precise positioning".
They cost from RMB300 to RMB600 and can be bought on some online platforms.
In China, a journalist from #Banyuetan (#半月談) successfully modifies a portable charger from a store with RMB300. He downloads a "#GPS365" app onto his phone. After logging in with the username and password given by the seller, the screen shows the device location, tracking record, contact list, messages etc.
The journalist puts "location" in trial and finds out that the activity tracking of the user can be seen clearly with the portable charger. Even places like underground and car parks can still be accurately shown on the system.
The staff told the journalist that the charger could record sound from the surroundings and automatically send the recording to the phone once the environment noise exceeds 50dB with "Sound Control Convo (#聲控語聊到)" installed in the app. The portable charger can also pick up phone calls automatically.
Source: RFA #Jul27
https://www.facebook.com/454004001340790/posts
#GPS #SoundControl #Tracking #Taobao #Privacy #Security #PrecisePositioning #MadeinChina
Portable charger in China Turned into Eavesdropping Device and GPS Locator
In China, a portable charger can become an eavesdropping device and a GPS locator. Acoording to Chinese media, with the installation of SIM card, such portable charger can eavesdrop a long distance away and locate the user accurately.
These devices come in various colours and models, but most have the functionality of "remote monitoring recording" and "precise positioning".
They cost from RMB300 to RMB600 and can be bought on some online platforms.
In China, a journalist from #Banyuetan (#半月談) successfully modifies a portable charger from a store with RMB300. He downloads a "#GPS365" app onto his phone. After logging in with the username and password given by the seller, the screen shows the device location, tracking record, contact list, messages etc.
The journalist puts "location" in trial and finds out that the activity tracking of the user can be seen clearly with the portable charger. Even places like underground and car parks can still be accurately shown on the system.
The staff told the journalist that the charger could record sound from the surroundings and automatically send the recording to the phone once the environment noise exceeds 50dB with "Sound Control Convo (#聲控語聊到)" installed in the app. The portable charger can also pick up phone calls automatically.
Source: RFA #Jul27
https://www.facebook.com/454004001340790/posts
#GPS #SoundControl #Tracking #Taobao #Privacy #Security #PrecisePositioning #MadeinChina
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
Images from over 700 surveillance cameras in Taiwan leaked, all using Huawei chips
The Taiwanese media has reported that over 700 private surveillance cameras have been leaked live on websites such as Insecam. The leaked footage included postnatal care homes, clinics, some homes' entrances, living rooms and even bedrooms, all of which had one thing in common: the cameras used Huawei chips.
A bun shop owner in the Datong district of Taipei City said that she was scared to see the images of her shop on the internet. She never thought that these images would be made public, and the thought of being watched at work made her feel uncomfortable. The surveillance cameras used in these leaked locations all have Huawei chips built into them, most of which are HiSilicon Hi3516 chips.
Source: Unwire.hk #Dec08
#Taiwan #Huawei #Privacy #Camera #Chips
https://unwire.hk/2022/12/08/taiwan-cctv-hacked-and-leaked/tech-secure/
The Taiwanese media has reported that over 700 private surveillance cameras have been leaked live on websites such as Insecam. The leaked footage included postnatal care homes, clinics, some homes' entrances, living rooms and even bedrooms, all of which had one thing in common: the cameras used Huawei chips.
A bun shop owner in the Datong district of Taipei City said that she was scared to see the images of her shop on the internet. She never thought that these images would be made public, and the thought of being watched at work made her feel uncomfortable. The surveillance cameras used in these leaked locations all have Huawei chips built into them, most of which are HiSilicon Hi3516 chips.
Source: Unwire.hk #Dec08
#Taiwan #Huawei #Privacy #Camera #Chips
https://unwire.hk/2022/12/08/taiwan-cctv-hacked-and-leaked/tech-secure/
Unwire.hk
台灣逾 700 監視鏡頭畫面外洩 全部採用華為晶片
台灣傳媒日前報導,當地有超過 700 個私人的監視鏡頭畫面,在包括 Insecam 等網站直播公開。外洩的畫面包括產後護理院、診所、部份更是住家的門口、客廳,甚至睡房,所有畫面外洩地方都有一個共通點,就是監視鏡頭均採用華為的晶片。