Android phones, or at least some of them, contain a serious glitch that an attacker could exploit to steal data, eavesdrop on your calls or even wipe your phone clean.
A team of computer science researchers from North Carolina State University discovered the flaw on eight smartphones from HTC, Motorola, Samsung and Google. In their paper, “Systematic Detection of Capability Leaks in Stock Android Smartphones,” the researchers explain that the issue stems from coding bugs, called “capability leaks,” within Android’s permission-based security system.
An attacker that exploits a capability leak on a targeted phone could also obtain a phone’s geo-location data and send premium-rate text messages, all without the victim’s knowledge.
“Several privileged (or dangerous) permissions that protect access to sensitive user data or phone features are unsafely exposed to other apps which do not need to request these permissions for the actual use,” the researchers wrote.
Read More
By Beata Balogová
For the Slovak Spectator
The scandal involving the wiretapping of several Slovak journalists by military intelligence agents has cost Defense Minister Ľubomír Galko his job.
But as more information behind the secret monitoring program of the Military Defense Intelligence (VOS) has unfolded, government officials have learned that one of the journalists monitored on Galko’s watch was also wiretapped when the ministry was controlled by a nominee of the Smer party in 2007.
It has also emerged that the recent VOS operation involved wiretapping the head of TV news channel TA3 and two senior Defense Ministry employees, according to leaked documents obtained by Slovak media outlets.
“The whole story of wiretapping which is being uncovered today was also going on under previous governments,” said Prime Minister Iveta Radičová, who Nov. 22 asked President Ivan Gašparovič to dismiss Galko. “It is high time to reach an agreement and [start] an initiative over control mechanisms for the intelligence services.”
The prime minister will serve as Galko’s replacement until new elections are held in March 2012.
Radičová in her response also said it is now obvious that the “intelligence services have been doing everything possible – except what they were originally supposed to do and what their main role should be.”
The Pravda and Nový Čas dailies reported Nov. 21 that three reporters from Pravda’s domestic political department – editor Patrícia Poprocká and reporters Peter Kováč and Vanda Vavrová – as well as the head of TV news channel TA3, Michal Gučík, had been wiretapped by the VOS. The alleged wiretapping ended after the fall of the government in October, according to Pravda.
Galko’s Freedom and Solidarity Party (SaS) has continued to back him. He argues that the wiretaps were performed legally and were intended to uncover criminal activity.
In Slovakia, military intelligence activities are performed by two organizations operating under the Defense Ministry: the Military Defense Intelligence (VOS), which conducts counterintelligence, and the Military Intelligence Service.
The request to apply what are known as “information technical devices” to bug journalists was signed by the head of the VOS, Pavol Brychta, and the wiretapping, which was reportedly intended to monitor the so-called “contact base” of three journalists, was approved by a judge. Brychta confirmed these details to the parliamentary committee for the oversight of military intelligence Nov. 22.
Brychta told the committee the journalists in question had participated in the leaking of sensitive information from the Defense Ministry, according to Peter Žiga, the Smer MP who leads the committee.
Opposition Smer party leader and former Prime Minister Robert Fico called the wiretapping program an assault on democracy and the foundations of the state, and suggested Galko had confirmed in live coverage that the information published by the media was genuine.
“It is one of the most serious abuses of power, to an extent that we don’t dare to dream of,” Fico told reporters Nov. 24.
It was later revealed that Smer-nominated former Defense Minister Jaroslav Baška admitted the VOS had also monitored at least one journalist during Fico’s government. In a media statement, Baška objected to comparisons made between the present affair and the wiretapping of Poprocká by the VOS in 2007, when the department was led by František Kašický, another Smer nominee, and Baška, who was deputy minister at the time. Poprocká, one of the Pravda reporters allegedly monitored by the VOS this year, was bugged in 2007 under Kašický when she worked as editor of the Žurnál weekly.
The VOS under Galko also used suspected leaks of classified information from the ministry as its justification for wiretapping journalists. Only a few days before the scandal broke, the Defense Ministry had filed a criminal complaint over suspicions that fraud had occurred during the government’s conclusion of a contract to buy a mobile communication system, MOKYS, which had cost Slovakia several billion Slovak crowns.
Just days after filing the complaint, Slovak newspaper editorial offices received anonymous information about the purchase of military trucks and military emergency vehicles. According to Galko, two of these newspapers, Pravda and Nový Čas, had “published stories about alleged illegal wiretapping of journalists by the military counterintelligence.”
Galko also said that on the one hand he understands the emotions and outrage of journalists, but “on the other hand, if there is suspicion that a crime has been committed, I am personally convinced there is no difference between a politician, or a minister for that matter, an employee, a businessman, a regular person or a journalist.”
Radičová said the Justice Ministry will review the decisions of the judges who approved the wiretaps, but added that the media did publish confidential information and violated the law by doing so.
Former general prosecutor Dobroslav Trnka has been tapped to lead the government probe into the affair.
Beata Balogová can be reached at news [at] praguepost [dot] com
Image: Flickr via Joe Howell
North Carolina State University researchers have uncovered a malicious little flaw in the Android mobile OS, reports The Register. Turns out its pretty easy to build and distribute an app that can do all kinds of terrible things users won’t want it to – including call recording.
When you install a new Android app, you set its “permissions” — you get to tell it what it can and can’t do. Google Maps should be able to access your location, for example, but Angry Birds has no business recording your phone calls.
This backdoor works by skipping this essential step. Upon installation, an app can potentially not tell you what it’s actually doing.
To demonstrate the bug, researchers created an app that was successfully able to do all kinds of things you’d never want an app to do without your knowledge — record phone calls, send unauthorized text messages, and track the phone’s (your) location.
The EVO 4G proved most susceptible to the problem while the Nexus S and Nexus One proved most secure.
Manufacturers say they are aware of the problem and should be addressing it shortly. Until then, be extra careful while installing your Android apps!
A man accused of murdering two soldiers refused to answer detectives’ questions because his solicitor feared their consultations would be bugged, a court has heard.
Colin Duffy’s former lawyer Pat Vernon said Northern Ireland police refused to provide reassurances on his concerns over monitoring at Antrim custody suite.
Solicitor Manmohan Sandhu was imprisoned for unrelated offences after an earlier case where his conversations with a client were recorded at the same police station.
Duffy and co-accused Brian Shivers deny the murder of Sappers Mark Quinsey and Patrick Azimkar, who were shot outside their army base in Antrim.
Duffy’s then-solicitor Mr Vernon told Antrim Crown Court: “We were not in a position to answer any questions because of my inability to advise Mr Duffy, given the failure of the police to confirm that the interview was not being monitored.”
Sappers Quinsey, 23, and Azimkar, 21, were shot dead by the Real IRA as they collected pizzas with comrades outside Massereene Army base in Antrim town in March 2009.
Duffy, 44, from Forest Glade in Lurgan, Co Armagh, and Shivers, 46, from Sperrin Mews, in Magherafelt, Co Londonderry, deny two charges of murder and the attempted murder of six others – three soldiers, two pizza delivery drivers and a security guard.
Duffy was advised by his solicitor during days of police interviews about the attack. He was counselled to deny membership of any organisation or any involvement after he told his solicitor he was not guilty. His legal team at the trial want the interviews excluded and the judge to avoid drawing any adverse inference from Duffy’s non-cooperation.
Prosecution lawyer Paul Ramsey QC said Mr Vernon had reiterated several times that no evidence had been put to his client and asked why he had not similarly put his concerns about monitoring on the record during interviews.
Mr Vernon responded: “I had made it clear to them (police) that I was not happy with their assurances so they were aware of my concerns about the question of monitoring.” He said he was given a letter which neither confirmed nor denied the monitoring but linked any such move to the surveillance commissioner.
The National Intelligence Service (EYP) eavesdropped on almost 1,400 people this year but this played a significant role in tackling organized crime and domestic terrorism, Citizens Protection Minister Christos Papoutsis told Parliament on Friday.
Papoutsis said EYP had bugged 778 people in 2010 and 1,392 this year. He added that another 500 wiretapping operations were currently being carried out by secret service agents. Papoutsis defended the operations, saying EYP had helped in numerous cases.
I believe that thanks to EYPs involvement, along with the setting up of the financial police and the continuing work of the electronic crimes squad, we have managed to trace a number of organized crime and terrorist gangs.
Responding to questions about EYPs procedure for eavesdropping, the minister said that agents obtain permission from both the judiciary and the privacy watchdog before listening in on conversations.
