Sunday, August 17, 2014

Spies used YouTube videos and Microsoft log-ins to take over devices


Watching silly YouTube videos and checking your Microsoft Live account might sound harmless enough -- too harmless, in fact, to lead to a security breach. But, thing is, they're not as safe as you think: if a law enforcement agency or your government wanted to keep tabs on your actions, they could've easily used those activities to inject malware into your system. According to a paper published by Morgan Marquis-Boire at the University of Toronto's Citizen Lab, spies used to be able to piggyback on unencrypted YouTube streams and Microsoft Live log-ins by intercepting traffic and using that to open a window into your life. Yes, that means being able to see your emails, bank accounts, IMs and many other things you'd rather keep to yourself. Thankfully, Microsoft and Google have already encrypted those connections, Marquise-Boire writes on The Intercept , to prevent anyone from exploiting them. Mountain View has even started encouraging other websites to encrypt their connections with the promise of a better ranking in its search results.


The study names Hacking Team and FinFisher as two of the companies that sell law enforcement agencies "network-injection" technologies like this for around $1 million dollars. In fact, Italian company Hacking Team is known for developing software to spy on people's emails, phone calls and the like specifically for sale to law enforcement in countries not blacklisted by NATO. It's unclear whether the company actively transacts with the US government, but it doesn't even matter -- Marquise-Boire says the country's (as well as the UK's, Russia's, Israel's and China's) intelligence agency already has a similar system of its own.


You can read the full paper at The Citizen Lab if you wish to delve into the technology behind network-injection systems... or you can just watch a cute cat vid now that it's ostensibly safe to do so.



Filed under:


Comments


Via: The Verge


Source: The Citizen Lab, University of Toronto, The Intercept


Related Posts:

  • Razer's smart wristband is finally arriving December 2nd Razer's Nabu wristband has been long in the making, but it's finally here... well, almost. The gear maker has announced that its hybrid activity tracker and smartwatch will be available in North America on December 2nd. Acc… Read More
  • LG's mobile division is getting a new CEO, too A few days ago, it was rumored that Samsung was planning to replace its head of mobile in a bid to reverse slumping smartphone sales. Now, local rival LG is doing the same thing, albeit for a very different reason. CNET is… Read More
  • Kim Dotcom says he's broke Megaupload founder Kim Dotcom might have been able to reclaim his New Zealand finances earlier this year, but his ensuing legal fight against internet piracy charges has apparently evaporated that. The entrepreneur told the… Read More
  • Lego car becomes an avatar for a worm Remember the OpenWorm project, in which researchers reproduced the genome of a nematode worm digitally and made it wiggle around on a screen? If you take the "brain" of that worm and use it to power a robotic car, you end u… Read More
  • The world's largest solar power plant is now up and running Solar power just hit one of its biggest milestones, in more ways than one. First Solar recently finished building Topaz, a 550-megawatt plant that represents the largest active solar farm on the planet. And we do mean large… Read More

0 comments:

Post a Comment