Tag Archive for: Location

Hackers figure out your computer’s location via malware Whiffy Recon

/in


Hackers can accurately determine your location with the new malware Whiffy Recon. The data can potentially be used as leverage to let victims fulfil the hacker’s wishes.

The new malware Whiffy Recon searches for a computer’s location. Researchers from Secureworks first encountered the malware in the Smoke Loader botnet.

Malware for botnets

The malware was developed for computers that are already infected. The set of devices infected by the same malware family is also called a botnet. As users, there is no way to find out if devices in your possession are related to such a botnet.

Authorities recently succeeded in destroying the largest global botnet ‘Qakbot’. This operation makes about 700,000 computers no longer vulnerable to the new malware Whiffy Recon.

So, through other botnets, the malware can still do damage, and it already appears to be doing that currently through Smoke Loader. In this malware, the initial infection happens through a phishing message containing a malicious zip file.

Google Geolocation API helps

The malware currently only targets Windows devices. The operating system possesses Wireless AutoConfig Service (WLANSVC) that hackers can abuse to connect to the nearest routers via Wi-Fi. WLANSVC is used to verify whether the infected device has a Wi-Fi connection. Once that is assured, the malware will scan for Wi-Fi routers every minute.

With the data obtained from the scan, the hackers can find out the exact location of the infected device. To do this, they upload the data to the Google Geolocation API. This service accurately determines the location through a combination of Wi-Fi access points and transmission towers.

Threat and entry search

In repeating the scan every minute, the malware is used as a tracker. Moving an infected work device from the office to home, for example, will give hackers your work and home address if the device connects to a Wi-Fi router in both places.

“Demonstrating access to geolocation information can be used to intimidate victims or pressure them to comply with demands,” the researchers state. A threat message from a hacker is indeed much more intimidating if it appears…

Source…

Google settles location tracking lawsuit for only $39.9M • The Register

/in


in brief Google has settled another location tracking lawsuit, yet again being fined a relative pittance.

Washington State Attorney General Bob Ferguson’s office announced the $39.9 million fine last week, along with news that Google will have to implement several state-ordered tracking reforms that clarify what data is being gathered and for what purposes. 

“Today’s resolution holds one of the most powerful corporations accountable for its unethical and unlawful tactics,” Ferguson said in a statement. 

The lawsuit is similar to others filed across the country last year, with attorneys general in Indiana, Texas and Washington, DC joining Washington state in suing Google over claims it used “dark patterns” to trick users into allowing location tracking and data collection, while also making it difficult to opt out. 

In January, Washington DC and Indiana announced a joint settlement with Google that netted the pair $9.5 million and $20 million respectively, which the Washington state AG’s office said it chose not to sign onto in a bid to earn more money for state coffers. 

“Instead of joining a multistate settlement, Ferguson’s office independently filed its own lawsuit and obtained this resolution. The Attorney General’s Office estimates Washington received more than double the amount it would have received under the wider multistate settlement,” the Ferguson’s office said. 

While it’s true that Washington state earned itself considerably more than DC or Indiana, it’s worth noting, as we so often have to do at El Reg, that even a $40m settlement is unlikely to make Alphabet accountants take pause.

In Q1 of this year, Google’s parent company announced [PDF] it had made $15.05 billion in net profit.

Ferguson’s office said it intends to use its Google fine to continue enforcing the Consumer Protection Act. Its enforcement body, the Consumer Protection Division, receives minimal cash from the government and is largely funded by recoveries in cases like this one.

Critical vulnerabilities of the week: KeePass edition

Users of password manager KeePass, beware: it contains a nasty vulnerability that could be used to retrieve all but the first character of a user’s…

Source…

How to Make Sure You’re Not Accidentally Sharing Your Location

/in


Your devices and apps really, really want to know where you are—whether it’s to tell you the weather, recommend some restaurants you might like, or better target advertising at you. Managing what you’re sharing and what you’re not sharing, and when, can quickly get confusing.

It’s also possible that you have inconsistencies in the various location histories logged by your devices: Times when you thought you’d switched off and blocked location sharing but you’re still being tracked, or vice versa.

Here we’ll cover everything you need to consider when it comes to location tracking, and hopefully simplify it along the way. Whether you want to give out access to your current location or not, you should be in control of these settings, and not be caught unawares by additional options that you missed.

How Location Tracking Gets Confusing

Google via David Nield

You can turn off Google Location History—but it’s just the start.

What happens if you distinctly remember turning location tracking off on a device, yet your position is still popping up on a map? Or maybe you thought you’d left the feature on, yet you’re seeing gaps in your location history? There are a few explanations, but essentially you need to remember all the different ways your location can be logged: by your devices, by your apps, and by websites you visit.

For example, you might have disabled location tracking on a phone but left it enabled on a tablet. Alternatively, you might have a laptop that’s tracking where you are in the background, even though you thought you’d disabled the feature in the apps you use. If you want location tracking completely enabled or disabled, you need to factor in all these different ways of keeping tabs on where you are.

If you have a Google account, this is a good illustration. Head to your account settings on the web, then choose Data and Privacy and Location History. Select Devices on This Account, which may reveal some phones, tablets, and laptops that you’d forgotten about—any device with a check next to it in this list is saving your movements to your Google account for future reference.

View more

You can click Turn Off to disable this, but note the caveats that are listed in the…

Source…

FTC Sues Data Broker For Selling Sensitive Location Data

/in


The Federal Trade Commission (FTC) has filed a lawsuit against an Idaho-based data broker called Kochava, alleging that its customized data feeds allow purchasers to track end users at sensitive locations like places of worship and addiction recovery centers.

The lawsuit is the latest move by the FTC around data security and privacy policies under Lina Khan’s administration since she was sworn in as the FTC chair in June 2021. In March, the FTC cracked down on online retailer CafePress after the company allegedly covered a major data breach and failed to secure customers’ sensitive data, while in August the commission announced its intent to scrutinize the surveillance and data collection tactics of big tech and ad tech firms.

“Of the privacy cases that have come out, this is the first one that most clearly reflects Lina Khan’s administration taking a big swing,” said Ben Rossen, special counsel with Baker Botts, who is a former senior attorney at the FTC with experience handling high-profile privacy and data security investigations. He noted that Kochava’s data collection practices here “are not terribly unusual, but it does potentially cause significant harm to consumers when they’re not aware it’s going on.”

Kochava, which was founded in 2011, is a self-described “mobile measurement platform” that collects data for advertising purposes or for clients to be able to analyze foot traffic at their stores.

The company has collected geolocation data from hundreds of millions of mobile devices that is categorized to match unique mobile device identification numbers – which are assigned to consumer mobile devices to assist marketers in advertising – with timestamped latitudinal and longitudinal locations, alleges the FTC. The company has sold this access on publicly accessible online data marketplaces for a monthly subscription fee. The FTC said it examined a data sample with precise location data collected from more than 61 million unique mobile devices in the previous week, for instance.

The FTC said that these measures violate the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” The data collected by…

Source…