Category: security

Detekt

A new free open-source anti-surveillance tool called was released on Thursday (Windows-only). Says :

The open-source tool, dubbed Detekt, was developed by security researcher Claudio Guarnieri. It was released in partnership with Amnesty International, Digitale Gesellschaft, the Electronic Frontier Foundation and Privacy International.

Detekt scans computers for infection patterns associated with several families of remote access Trojans (RATs): DarkComet RAT, XtremeRAT, BlackShades RAT, njRAT, FinFisher FinSpy, HackingTeam RCS, ShadowTech RAT and Gh0st RAT.

I downloaded and ran the tool. All my PCs came up clean (see screenshot below). Apparently I’m not important enough to be surveilled. I am not sure whether to be relieved or insulted.

Detekt screenshot
Detekt screenshot

Runaway Android apps

[UPDATE June 5, 2014] Multiple observations confirm: Instagram (which behaves (mostly) properly on Wi-Fi connections) becomes a CPU hog on carrier (cellular) connections. Not sure why, will report here if I find out more.

***

[UPDATE June 2, 2014] In an effort to gain a better understanding of what’s going on inside my Nexus 4, I installed two utility apps:  and . Lookout scans and monitors for malware, and offers a bunch of other security features; Watchdog alerts me when an app exceeds a certain CPU threshold.

First impressions are great. Phone runs cool. Interesting observation: When I kill Instagram — the worst offender — through Watchdog, it stays dead. By comparison, when I used to force-stop Instagram via the Android device (system) settings, it would often start up again right away by itself.

***

My phone (Google Nexus 4) has been getting really hot lately, draining the battery in the process. I started monitoring running Android processes and services, and found out that several apps sometimes don’t close when I tell them to, but keep running and consuming CPU cycles and battery juice. The biggest offender is Instagram, followed by Facebook (which starts on boot and keeps running (and restarts itself after a force-stop, the nerve!)), Google Play Music (which seems to randomly start itself on a whim, or possibly gets launched by Google Drive), and MailDroid (as ).

[UPDATE May 17, 2014] Adding Snapchat to the list of runaway apps that must be force-stopped after every use.

My response:

  • Remove the Facebook app, which I have been threatening to do for a while. I am not leaving Facebook, just removing the app from my phone.
  • Scale back the use of the Instagram app, and force-stop the app after each use.
  • Scale back the use of the Google Drive app, and force-stop Google Play Music after each use (confirm cause-and-effect).
    • [UPDATE from a ]: “Google support told me to uncheck the box Settings > Accounts > Google > Accounts > [myemail]@gmail.com > Sync Google Play Music. I had sync checked before the update as well, but it caused no problems. In any event, this didn’t do all that much good. The app is like the freakin’ Terminator — force stops won’t kill it.”
    • [UPDATE from A.T.]: Disabled Google Play Music. Problem solved.
    • [UPDATE from A.T.]: Also wiped a ton of other Google shit off my phone. It felt great.
  • Stay away from the MailDroid app.
  • Monitor Android system activity regularly for runaway apps and force-stop them as needed.
  • Reboot my phone daily.

Poll: Who is at fault in the Snapchat – Google standoff?

A mobile app I had been using for a while (Snapchat) began crashing after an operating system upgrade (Android 4.2 to 4.3). Not only does the app crash, but it takes down and reboots the device. To me this clearly points to an operating system vulnerability, and the app maker went on the record to say so.

Nothing unusual so far. What happens next is unusual. Firstly, the OS maker (Google) keeps mum for 227 days and counting. Secondly, Google does nothing to fix the problem for 227 days and counting. And thirdly, people on social media blame the app for the crashes.

That last one is the reason for this poll. Do you think an app maker should be responsible for the OS’s stability?

[UPDATE April 30, 2014] I was just made aware that WhatsApp and Skype also crash an Android device identical to mine after the OS update. So this is CLEARLY not Snapchat’s fault.

Jurnalizm, the ABC way

How is this not like ?

In case you haven’t heard it yet, here’s the story: A “funnyman” tricks a US Olympic athlete into tweeting a fake video purporting to show a wolf on the loose in the athlete’s hotel in Sochi. The funnyman’s network (ABC) knows about the plan, but keeps mum. The story goes viral, as other legit news networks (NBC, CNN) report it as true. The funnyman goes “Sike!” ABC goes:”It is a piece of comedy.” Ha-ha!

Not everyone’s laughing.   and managing editor overseeing Olympics coverage:

“It wasn’t just that it was a potentially viral video. The news was that security may have been breached where the athletes stay. How did a wolf get into a place that was supposedly fortified? Was there a hole in the fence? Were there other weaknesses? How did it get past the guards? Was it even a wolf? These were all legitimate questions in the context of what has been reported about Sochi.”

In my opinion this “prank” goes well beyond stupid and irresponsible, into malicious and probably criminal. Confession: I am a little angrier than usual because I thought the story was true and shared it on social media as such. I am also no fan of ABC’s for other reasons.

Here’s the video:

On the Google+/Gmail integration

[UPDATE January 26, 2014] Not to toot my own horn (actually, yes), I must note that I published this post three days before Google announced the . By acquiring Nest Google totally validated this post’s main point.

***

Google’s biggest problem in the consumer space is the perception among a growing number of users that Google knows way too much about them. A growing number of users feel uneasy about the way Google connects various facets of users’ online activities. Users are concerned about the unknowable ways Google may escalate this in the future. I know of many users who have been, or have recently begun to for that reason.

So what does Google do? As if in total oblivion, they launch a that gives legitimacy to those exact concerns. ()

What are you thinking, Google? What are you thinking? I know users can opt out, but they can also opt out of Gmail and Google+. Is this what you want?

I am available to consult on new product ideas. My first consultation is free. Here it is: Revert.

What if Snapchat crashes Android on purpose?

Lemma: When observed reality doesn’t yield to conventional explanation, there exists a conspiracy theory that can tie it all together nicely.

My Snapchat started crashing and taking my device down with it on August 5, 2013 — the day my Google Nexus 4 phone updated itself to the Android 4.3 operating system (OS). Multiple OS and Snapchat application updates (and nearly five months) later, the phenomenon continues. Occasionally — seemingly randomly — Snapchat causes the device to crash and reboot.

I have written several blog posts about this. What boggles the mind isn’t the inconvenience of the situation. It is the totally inexplicable indifference towards the issue by Google — the maker of Android and of my Google Nexus 4 phone. Why doesn’t Google seem to care that a legit application can take down its operating system at will? Or is there more to the story?

Keanu Snapchat Android conspiracy

What if Snapchat has found a security hole in the Android operating system that Google can’t patch? What if Snapchat (which ) knows that it’s sitting on a gold mine? What if Snapchat is trying to extort from Google a lot more? What if there are other players involved? What if Snapchat is talking to other “buyers”? I can think of a few who would pay billions for the ability to crash any mobile device at will.

Just some food for thought during the holidays. I am tagging this with “humor” because, you know…

What does Android 4.4.2 fix?

Android 4.4.2 was released just a few days after the release of KitKat 4.4. Unusual. Why the rush? What horrible bugs does 4.4.2 fix? (And why was there no 4.4.1?)

Android 4.4.2 removes App Ops

The Electronic Frontier Foundation (EFF) offers an answer . It turns out Google “accidentally” released an “experimental” feature (called “App Ops”) in Android 4.3, allowing users to control application access to user information such as contact list and phone calls. This horrible oversight had to be remedied quickly by the release of Android 4.4.2, which removes this option.

I have often wondered why Facebook, Twitter, and the like need to know who is calling me and the caller’s number. I still don’t know, but apparently this is crucial for the apps’ proper functioning.

Puh-leeze!

[UPDATE December 14, 2013] InformationWeek offers a of the same issue.

Android 4.4.2 System Update screenshot
Android 4.4.2 System Update screenshot

Snapchat exposes severe Android 4.3 bug

[UPDATE October 10, 2014] It turns out Snapchat messages don’t self destruct, after all.

Hackers have warned that thousands of nude images sent via the mobile-messaging service Snapchat, many of which users believed self-destructed after being sent, are to be released online in a searchable database.

Messaging boards on the notorious website 4chan have been filling up with news of the imminent leak, already being referred to as “The Snappening”. –

I found out about this story from  (via ). Cuban’s startup develops and markets the Snapchat competitor .

***

[UPDATE August 02, 2014] I have replaced Snapchat* with — the product of Marc Cuban’s latest startup. I thank my friend for the suggestion.

Described as “WhatsApp meets Snapchat,” texts sent via Cyber Dust automatically disappear 24 seconds after being read. Importantly, these messages cannot be traced and are not stored anywhere – not even on Cyber Dust’s servers – assuring all users a high level of privacy and security. –

*As I was sending a final Snapchat message to my contacts, Snapchat crashed and rebooted my device, as if to eliminate any doubt about the appropriateness of my decision.

***

[UPDATE August 01, 2014] Crash. Reboot. Been happening on my Google Nexus 4 since August 5, 2013. #WTF. Read below for detailed account of year-long experience and fixes attempts. (SPOILERS: There are no fixes, unfortunately.)

***

[UPDATE July 02, 2014] Snapchat just crashed and rebooted my Google Nexus 4 phone (now running Android 4.4.4). Which means that my previous conclusion that Android 4.4.3 had fixed the problem was wrong. Or that Android 4.4.4 reintroduced the problem (the device never crashed under 4.4.3).

Whatever the cause, and whatever the solution, this saga is a sad testament to how buggy all software is.

***

[UPDATE June 21, 2014] In the twelve days since my Google Nexus 4 device updated itself to Android 4.4.3, Snapchat has not crashed once. I received a report from another Google Nexus 4 user that Snapchat crashed once on his device, but unlike before, it DID NOT TAKE DOWN THE DEVICE with it.

There is little doubt in my mind that Android 4.3 introduced a security vulnerability, which Android 4.4.3 patched 308 (!) days and 4 OS updates later. Many questions remain, some of which will be addressed in a future post. This is the final update to this post.

***

[UPDATE June 10, 2014] I got the Android 4.4.3 update last night. Waiting for Snapchat to crash. It hasn’t yet. I hope it won’t. We all know what it means if it does not, right? ;)

I will report here in a few days.

***

[UPDATE June 06, 2014] I got a Snapchat update overnight, and now in addition to crashing (which it just did), Snapchat does not let me send snaps. The “Send” button just doesn’t work. Does nothing.

For the record, a new Android version (4.4.3) was released yesterday, which I didn’t yet get. I’m willing to give Snapchat and Google the benefit of the doubt and assume that yesterday’s Snapchat update was meant to work with 4.4.3. I’ll report here after I get 4.4.3, which I expect to happen in the next few days.

***

[UPDATE June 06, 2014] The crashes continue. Who do you think is at fault — Snapchat or Google? Vote in this quick poll.

***

[UPDATE June 06, 2014] Snapchat just crashed and rebooted my Google Nexus 4 for the umpteenth time. This has been going on for 305 days and counting. Running all latest software versions, applying all patches as soon as they are released. Still crashing. Shame on you, Google and Snapchat, for not being able (or not willing) to work together to fix this!

***

[UPDATE February 7, 2014] Snapchat crashed and rebooted my Google Nexus 4 twice yesterday. This has been going on for OVER SIX MONTHS, and apparently neither Google nor Snapchat can or would do anything about it. Legitimizes my conspiracy theory perhaps?

[UPDATE December 21, 2013] Snapchat update this morning. Will this stop the Snapchat/Android phone crashes/reboots? And if it does, does that mean that this has been Snapchat’s fault all along? Come back in a few days to read my report.

[UPDATE December 23, 2013] Snapchat just crashed and rebooted my device.

[UPDATE December 24, 2013] Another Snapchat update. This doesn’t make any sense any more. Or does it… New blog post to follow. [UPDATE: Published.]

***

Android 4.4.2 does NOT fix Snapchat crash bug

[UPDATE December 18, 2013] Snapchat just crashed and rebooted my Google Nexus 4 running Android KitKat 4.4.2. So it is still happening. Quite disconcerting that Google hasn’t squashed that Android bug. This is undoubtedly Google’s fault, not Snapchat’s. The OS should not crash due to a “misbehaving” app.

No word from Google on when (or how) they plan to address this issue.

***

Android 4.4.2 is here

[UPDATE December 12, 2013] Last night my Google Nexus 4 updated itself to Android 4.4.2 (strangely skipping 4.4.1). Will this stop the Snapchat crashes? Come back in a few days to read my report.

***

Android 4.4 KitKat does not fix Snapchat crash bug

[UPDATE December 09, 2013] After a relatively smooth (no crashes) period, last night Snapchat crashed/rebooted my device again. It is disturbing that Android — after three updates — still allows itself to be taken down by a legit application that was already on the 4.2 device and operating smoothly until 4.3 came out and the crashes began. Imagine what a rogue, malicious app could do.

***

[UPDATE October 14, 2013] Android still allows itself to be taken down by Snapchat. This began on August 5, 2013 with the release of Android 4.3, and continues to this day. Just how secure is Android?

***

With a message to users delivered with their most recent Android update, Snapchat goes on the record to say that the Nexus 4 device restarts, seemingly caused by Snapchat, are due to a bug in the Nexus 4 Android 4.3 operating system — an issue that is out of Snapchat’s control.

Some history: As soon as my Nexus 4 phone updated itself to Android 4.3, Snapchat started crashing. And not just crashing the app itself — it took the device down with it. This was annoying, but also troubling. Why would an OS upgrade allow a previously-installed app to crash the device? Subsequent updates to Android 4.3 (this is not a typo — Android 4.3 updated itself to Android 4.3) did not fix the problem.

I was not alone in this experience, which generated . I maintained that a robust OS shouldn’t allow an app — rogue or legit — to take down the device. I was in the minority. Many were quick to blame Snapchat, because this can’t be Google’s fault, right? Wrong!

Below is a screenshot of the Snapchat message to users, and a full transcript. I hope Google fixes the bug soon, and goes on the record to explain what had happened.

Snapchat message Nexus 4 Android 4.3 bug
Snapchat message Nexus 4 Android 4.3 bug

Dear Nexus 4 user,

Recently, you may have experienced device restarts while using Snapchat. Unfortunately, this behavior is caused by a bug in the Nexus 4 Android 4.3 operating system and is out of Snapchat’s control. If you would like to let Google know that this issue is important to you, please visit Nexus 4 support. Thank you for your patience.