Q http://www.news.com.au/technology/g...-vulnerabilities/story-fn6vihic-1227485884359 IT’S the dirty little secret that’s facilitating what’s being called the biggest breach of privacy ever. Government, security agencies and the telecommunications industry will be forced to explain a security hole that allows hackers to listen in to conversations and hijack Australians’ mobile phones after it’s exposed by a 60 Minutes investigation, the program claims. In an investigation into mobile security spanning three continents, reporter Ross Coulthart believes he has uncovered a security vulnerability that could affect any of us, and there’s nothing being done to stop it. “What it means is that your smartphone is an open book,” he told news.com.au “Criminals now have access to these huge security holes to steal your data and listen in to your calls. We know telephone companies know about it, we know security agencies know about it, but nothing is being done.” German hacker Luca Melette demonstrated the tracking and bugging vulnerability in the SS7 German hacker Luca Melette demonstrated the tracking and bugging vulnerability in the SS7 signalling network to 60 Minutes. Source: Channel 9 By tapping in to SS7, a signalling system in use by more than 800 telecommunication companies across the world including major Australian providers, hackers are able to listen in to conversations, steal information stored on mobile phones, and track the location of the phone’s user. The system, Coulthart says, has long been in use by spies and has been a secret of perpetrators of international espionage. It’s believed to be the very tactic used by Australian spies in tracking the phone calls of the wife of the Indonesian president, Coulthart says. But recently, organised crime, commercial spies and potential terrorists have been exploiting this security loophole for their gain, 60 Minutes claims to have uncovered. “The allegation in our story is the reason this security vulnerability has not been fixed is because it suits the spooks,” Coulthart said. “Until very recently corporate criminals didn’t know about it, but now it’s very clearly being misused by corporate and organised crime.” Even PM Tony Abbott could be exposed to the huge security hole in our mobile phone network. WATCH the Extra Minutes: https://t.co/sAYsiF4E1n — 60 Minutes Australia (@60Mins) August 16, 2015 With the help of a German hacker, who also works as a consultant to security agencies, and using Independent Senator Nick Xenophon as a guinea pig the program shows how easy it is for a politician’s mobile phone, or anyone’s for that matter, to be intercepted and listened in on. “We were able to then track that phone on a map,” Coulthart said. “You can imagine what that means for a company executive going to a secret meeting or a prime minister travelling around the world. “But it’s not just those sorts of people who are vulnerable, basically it means your smartphone is an open book and you can no longer assume that it’s just the intelligence services or police that might be listening to your phone.” ‘The most breathtaking breach of privacy’ Senator Nick Xenophon, at Parliament House in Canberra, speaks to Ross Coulthart in Berlin while Luca Melette listens to the call using the SS7 hack. Source: Channel 9 Using a cryptophone, which allows the detection of the use of devices known as IMSI-catchers (International Mobile Subscriber Identity) that facilitate mobile eavesdropping, Coulthart said he was alerted to at least 10 devices trying to hack into his calls while in Sydney. “I detected multiple intercepts, including right outside the Australian Stock Exchange,” he said. “It’s pretty surreal to be standing outside the stock trading centre, and to be hacked. I hope it was law enforcement, but knowing how criminals use these devices there was a question mark in my mind.” ‘We are carrying around the weapon of our own destruction’| The great untold security breach of our time on #60Mins https://t.co/xILeoa05kx — 60 Minutes Australia (@60Mins) August 16, 2015 Coulthart says intercepts were also detected “all over particular suburbs in Sydney”. “A quiet residential suburb, and your phone’s being hacked. It may be a drug dealer, hopefully it’s the cops, but one of the things we drill down on in this story is that there is no monitoring for these kinds of devices. We’re confident that at least some of the devices we tracked are operating illegally.” Coulthart said he found the security vulnerabilities uncovered “mind-boggling”, and said Xenophon felt the same pledging to demand a full inquiry into the issue. “It’s the end of privacy as we know it, and what’s really disturbing is that this is vulnerability that was first identified back in 2008,” he said. “Then it was speculated that it could be used to track people, but now we’ve proven that it can be used to secretly listen in on phone calls. It’s just the most breathtaking breach of privacy, I think, ever. “The government, security agencies, and telecommunications industry, need to explain why this hole has not been fixed.” UQ
This has been noted by many security conferences since as far back as 2013. quite surprised 60 minutes has only just covered it.
Q http://www.abc.net.au/news/2015-08-16/metadata-retention-privacy-phone-will-ockenden/6694152 How your phone tracks your every move Updated August 17, 2015 16:36:38 In the digital age, how much of your life is actually private? To find out, ABC reporter Will Ockenden got access to his metadata. This is what that data looks like. Introduction As we move through the modern world many of our actions leave behind an electronic footprint; who collects that data and what they do with it have become critical questions for modern society. Australia's new data retention laws mean phone and internet companies have to save this information for two years: that's every time you call someone, where you call them from, which cell tower your phone pings every time it connects to the internet, and more. On a mission to find out what that data might reveal, ABC reporter Will Ockenden took a 'surveillance selfie': he got access to his own metadata, and now for the first time you can see what an individual Australian's metadata actually looks like. And we want your help analysing it. Tracking device Critics say Australia's data retention scheme is mass surveillance, and metadata is used to track where people go. The Attorney-General's Department says that's a myth, but what do you think? ABC App users, click through to see the interactive version of this story This article includes an interactive component which is not supported on this platform. For the full interactive experience in this article, you will need a modern web browser with JavaScript enabled. Find out more about browser support at ABC News Online. This map shows a day-by-day rundown of every time Will's phone communicated with a tower for an outgoing call, a text message or an internet connection. The markers are the locations of the cell towers his phone contacted; the lines between them show direction of travel (though not his route) based on the time of the connections. Use the slider to explore Will's daily routine. How often does your phone spy on you? Will's metadata showed that his approximate location and other information had been captured: 12,100 times in six months 67 times a day 3 times an hour In the debate over mandatory data retention, the Federal Government and security agencies repeatedly said there was nothing to worry about. "We're talking here about metadata; we're not talking here about the content of communications," Prime Minister Tony Abbott said in February. "It's just the data that the system generates." But metadata still says a lot about your day-to-day life. The dataset Will Ockenden received contained a year's worth of outgoing call and SMS records, and six months of his 'data sessions', which are the records kept every time his phone connected to the internet over the mobile network. Um, what's metadata again? Let's face it: metadata can be hard to explain or understand. Here's an explanation in 3 points: Start by thinking about making a mobile phone call. What you say on the phone is the content. This is not metadata. The time of your call, who you called, how long the call lasted and which cell tower your phone contacted are all logged, traditionally for billing purposes. That information is metadata. Find out more. All in all, this simple data request returned 13,000 individual records. There were 1,500 outgoing phone calls and SMSes but the vast majority - 11,200 records – were data sessions, complete with the time and date his phone connected to the mobile network and which cell tower it connected to. In other words, by carrying a smartphone Will was in effect carrying a tracking device that logged roughly where he was every 20 minutes of every day, on average. Government departments, police and security agencies have access to all the data Will received about himself - and more - without the need for a warrant. Pattern recognition Being able to follow someone's daily movements is one thing but it's once we start to collate and visualise the data that patterns can start to emerge. This article includes an interactive component which is not supported on this platform. For the full interactive experience in this article, you will need a modern web browser with JavaScript enabled. Find out more about browser support at ABC News Online. These heatmaps show how often Will's phone communicated with different cell towers, and uses the patterns of those pings to make a rough guess at the journeys he made between them all. The greater the concentration on the heatmap the more often Will was in the area. Filter the heatmaps to see what patterns emerge when you view different slices of time in Will's life. If you explore the heatmaps above, you can get an intimate portrait of aspects of Will's life. We are going to be using these same tools to explore Will's metadata and will report on our conclusions in coming days. You can do the same: see if you can figure out the answers to questions such as: where Will lives; how he gets to and from work every day; when he leaves Sydney; where he goes, and for how long. The social network Metadata doesn't just show information about an individual, it is also about connections to other people and organisations. This article includes an interactive component which is not supported on this platform. For the full interactive experience in this article, you will need a modern web browser with JavaScript enabled. Find out more about browser support at ABC News Online. It was a simple task to filter Will's data in order to find his top 10 contacts: the people he communicates with most often. Choose a contact to see how and when Will communicated with them. To preserve their privacy, and Will's relationships, we've concealed his contacts' identities. But even so there are some patterns at play here. See if you can work them out - we'll be quizzing you on this later in the week. What can you find? Over the coming days we're going to use these tools to delve deeper into Will's data and report back on what we discover. We'll be writing about what we can infer about Will, as well as how police and other agencies might use data like this. But we want your help. We're releasing these exploratory tools so you can tell us what you're able to find out about Will. You can also get the complete dataset to explore yourself. Let us know what you've found using the form below. External Link: Form: What did you find out about Will? What's in the data? The dataset Will Ockenden received from Telstra included: Who he called and texted (in our dataset, exact phone numbers have been hidden and replaced by unique identifying codes). How long each phone call lasted. The time of the communication. The location of the cell tower contacted when outgoing calls were initiated. The location of the cell tower contacted for SMS and internet connections. Other data that is kept and available to agencies, but which was not released to Will, includes but is not limited to: Details of incoming phone calls. The time, date, size and recipients of emails. The file type and size of any attachments sent or received with emails. Details about internet usage including how much bandwidth the internet service provides. Credits Reporter: Will Ockenden Producer, additional reporting: Tim Leslie Developers: Colin Gourlay & Simon Elvery Photographer: John Donegan Editor: Matt Liddy Topics: federal-government, internet-technology, sydney-2000 First posted August 16, 2015 17:00:36 UQ
Not to mention that android phones all have a huge sms security issue and the majority of them will never get patched even if Google fixes it.
I don't use my mobile phone anymore and don't miss him. No Facebook, no Twitter, no Snapshot, no Whatsapp.... Even if you load the battery of your mobile phone it is possible that information about your identity is send somewhere. The batteries have an identity which can be linked with where you are. Loading 1 minute is already enough to lose some of your privacy.
http://www.forbes.com/sites/gordonk...ows-8/?utm_campaign=yahootix&partner=yahootix Windows will be adding spyware to your computer. I have already disabled automatic update for Windows 7.
Q http://www.smh.com.au/nsw/vodafone-...ens-mobile-phone-records-20150912-gjl1ql.html Vodafone admits employee accessed Fairfax journalist Natalie O'Brien's mobile phone records Date September 12, 2015 Telco giant Vodafone Hutchison Australia has admitted that an employee illegally accessed the mobile phone records of Fairfax Media investigative journalist Natalie O'Brien. A spokeswoman emphasised that a lone employee had "accessed some recent text messages and call records of a customer" in January 2011. Fairfax journalist Natalie O'Brien Fairfax journalist Natalie O'Brien Photo: Anthony Johnson O'Brien, a reporter for the The Sun-Herald, had in that month broken a major story about a security breach which saw the details of millions of Vodafone customers available online with widely used and shared generic passwords. O'Brien was at the time a Vodafone customer. Vodafone's admission that an employee accessed O'Brien's mobile phone record comes on the back a report published in The Australian on Saturday that detailed a leaked email written by Vodafone Group's then head of fraud Colin Yates. In an email written in 2012, Mr Yates said he had "no reason to believe" the allegations O'Brien's phone records were accessed were not correct and there was a "huge risk" to Vodafone if the information "gets into the public domain". "If the issue relating to breaching the reporter's privacy by searching her private call records and text messages gets into the public domain, this could have serious consequences given it is a breach of the Australian Telecommunications Act," the email said. "And [it] would certainly destroy all the work done by VHA over the past months to try and restore their reputation." In a statement on Saturday afternoon, Vodafone Hutchison Australia (VHA) denied any allegations of improper behaviour. The statement goes on to say that in June 2012, VHA became aware that an employee had accessed O'Brien's records. "VHA immediately commissioned an investigation by one of Australia's top accounting firms. The investigation found there was no evidence VHA management had instructed the employee to access the messages and that VHA management were fully aware of their legal obligations in relation to customer information," the statement said. A company investigation into privacy breaches following O'Brien's story was undertaken, the statement said, to "determine if any VHA staff had breached privacy laws or engaged in any criminal behaviour, not to discover the source of damaging media stories". O'Brien was aware her phone records had been accessed prior to The Australian's report and said she was "absolutely outraged". NSW Council for Civil Liberties president Stephen Blanks called on the government to investigate the incident as a matter of priority. "What's extraordinary is that the regulatory system is inefficient to find out about this blatant breach of law and one has to bear in mind that Vodafone's business is entirely dependent on a government license," Mr Blanks said. "It's very disturbing that one telecommunications carrier thinks nothing of breaching the privacy of its customers in order to find out information of commercial advantage to it." Australian Communications and Media Authority and Office of the Information Commissioner spokespeople said they did not have any comments to make on the allegations. Aside from revealing allegations that O'Brien's phone records were illegally accessed, Yates' leaked email suggested the telco had hidden the full extent of the security breach revealed by O'Brien's article, allegedly telling authorities that it was instead a "one-off incident". "As you know this is in fact not the case and VHA has been suffering these breaches since Siebel [the telco's data system] went live and did nothing or very little to close off the weaknesses that allowed them to occur," the email written by Mr Yates said. According to the report, Mr Yates wrote that Vodafone was "forced to act by the news story becoming public". The VHA spokesperson denied that any any incorrect statements were made to the Privacy Commissioner or any other authorities about the security breach. UQ
Useless, because Microsoft downloads 6Gb of Windows 10 preparations on your HD without your permission. This is the map I am speaking about: c: $Windows.~BT