Any sufficiently paranoid person will remind you, is only as good as your physical security. The world's most sensitive users of technology, like dissidents, activists, or journalists in repressive regimes, have to fear not just hacking and online surveillance, but the reality that police, intelligence agents, or other intruders can simply break into your home, office, or hotel room. They can tamper with your computers, steal them, or bodily detain you until you cough up passwords or other secrets. To help combat that threat, one of the world's most well-known activists against digital surveillance has released what's intended to be a cheap, mobile, and flexible version of a physical security system. On Friday, the Freedom of the Press Foundation and its president, famed NSA leaker Edward Snowden, launched Haven, an app designed to transform any Android phone into a kind of all-purpose sensor for detecting intrusions.

Safe Haven

Designed to be installed on a cheap Android burner, Haven uses the phone's cameras, microphones and even accelerometers to monitor for any motion, sound or disturbance of the phone. Leave the app running in your hotel room, for instance, and it can capture photos and audio of anyone entering the room while you're out, whether an innocent housekeeper or an intelligence agent trying to use his alone time with your laptop to install spyware on it. It can then instantly send pictures and sound clips of those visitors to your primary phone, alerting you to the disturbance. The app even uses the phone's light sensor to trigger an alert if the room goes dark, or an unexpected flashlight flickers.

"Imagine if you had a guard dog you could take with you to any hotel room and leave it in your room when you’re not there. And it’s actually smart, and it witnesses everything that happens and creates a record of it," Snowden said in an encrypted phone call with WIRED from Moscow, where he has lived in exile since 2013. "The real idea is to establish that the physical spaces around you can be trusted."

Since he became the director of the Freedom of the Press Foundation in early 2016, Snowden has led a small team of programmers and technologists working on security tools. The projects so far range from software that only allows secrets to be decrypted if a group of collaborators combine their secret keys, to a hardware modification for the iPhone that's designed to detect if malware on the device is secretly transmitting a user's data.

The 'Evil Maid' Problem

The notion of a smartphone-based alarm system arose when Micah Lee, a technologist at the news outlet The Interceptand board member of the Freedom of the Press Foundation, suggested it to Snowden in early 2017. Lee hoped for a new approach to the perennial problem that the cybersecurity community calls the "evil maid" attack: It's very difficult to prevent someone with physical access to your computer from hacking it.

Eventually, Lee and Snowden's group of developers at the Freedom of the Press Foundation partnered with the security-focused nonprofit Guardian Project to build and test a software solution to that problem. "We thought, is there a way we can use a smartphone as a security device," says Nathan Freitas, the director of the Guardian Project. "Take all the surveillance technologies in smartphones and flip them on their head, to keep watch on all the things you care about when you’re not there?"

In practice, Haven could protect its users from more than just hands-on computer hackers; it could guard against everyone from abusive spouses to authoritarian police. In November, the groups teamed up with the Colombian activism group Movilizatorio to conduct a trial with social justice activists—a group that's been the target of dozens of assassinations over the last year, in the fallout of tense negotiations between guerrilla groups and the country's government. Movilizatorio founder Juliana Uribe Villegas says the app provided a key reassurance that month, for a group of 60 testers, that government or criminals agents weren't breaking into their homes to plant surveillance equipment or, far worse, to kidnap or physically harm them.

"It's very significant for them to know that they have tools they can use themselves when the government isn’t protecting them," Uribe Villegas says. "It’s great to think about cybersecurity, but in countries like ours, personal security is still at the top of our list."

Privacy First

Of course, any device that takes pictures and records audio clips in your home or office and sends them over the internet might sound more like an intolerable privacy violation than a security measure, especially for someone as privacy-sensitive as Snowden, who hasn't even carried a mobile phone since he first became a fugitive from the US government in 2013.

But Haven takes some serious measures to prevent its surveillance mechanisms from being turned against a phone's owner. It integrates the encrypted messaging app Signal, so that every alert, photo, and audio clip it sends to the user is end-to-end encrypted. As another safeguard, users can also configure Haven to work with the Android app Orbot, which has an option to turn your phone into a so-called Tor Onion Service—essentially, a server on the darknet. That means the Haven phone's event log can be accessed remotely from your desktop or another phone, but only over Tor's near-untraceable connection. In theory, that means no eavesdropper can break in to access those audio and photo snapshots of your sensitive spaces.

"Now you can take this huge aggregation of sensors available on any phone today—accelerometers, light sensors, cameras, microphones—and make it work for you and only you," Snowden says. He notes that despite his personal avoidance of carrying a smartphone, even he has used Haven in hotel rooms while traveling and at home, albeit only with some additional precautions that he declined to fully detail.

In WIRED's initial tests of Haven's beta version, the app successfully detected and alerted us to any attempts to approach a laptop on an office desk, reliably sending photos of would-be evil maids over Signal. If anything, the app was too sensitive to saboteurs; it picked up and alerted us to every stray office noise. The app's accelerometer detection was so hair-triggered that even leaving the phone on top of a computer with a moving fan inside created hundreds of alerts. You can set thresholds for the audio, but it was tricky choosing a level that wouldn't trigger false positives. Freitas says the developers are still working on fine-tuning those controls, but that users may have to experiment.

Snowden acknowledges that Haven can't stop an intruder bent on physically harming someone. But by simply detecting and recording their presence, it might just make them think about the consequences of that intrusion's documentation, and give victims a significant tool they haven't had before. "If you’re the secret police making people disappear, Haven changes the calculus of risk you have to go through," Snowden says. "You have to worry that every possible cell phone might be a witness."

Source: Wired

“The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.” continues the analysis.

Facebook had taken down most of the malware files from the social networking site.

Bitcoin’s plunge extended to more than 25 percent Friday as the frenzy surrounding digital currencies faced one of its biggest tests yet. The world’s largest cryptocurrency approached $10,000 as this week’s selloff entered a fourth day with increasing momentum. It touched a record high $19,511 on Monday. Other cryptocurrencies also tumbled, with bitcoin cash crashing more than 35 percent and ethereum losing more than 23 percent over the past 24 hours, according to coinmarketcap.com.

The losses represent a major test for the cryptocurrency industry and the blockchain technology that underpins it, which have rapidly entered the mainstream in recent weeks. Bears cast doubt on the value of the virtual assets, with UBS Group AG this week calling bitcoin the “biggest speculative bubble in history.” Bulls argue the technology is a game changer for the world of investment and finance. Both will be closely watching the outcome of the current selloff.

“The sharks are beginning to circle here, and the futures markets may give them a venue to strike,” said Ross Norman, chief executive officer of London-based bullion dealer Sharps Pixley Ltd., which offers gold in exchange for bitcoin. “Bitcoin’s been heavily driven by retail investors, but there’ll be some aggressive funds looking for the right opportunity to hammer this thing lower.”

Traders who bought the currency on futures exchanges using collateral may start facing margin calls following the price decline. Two venues launched products in recent weeks that required hefty security, with Cboe needing 44 percent to clear contracts, and the CME 47 percent. Brokers set safety nets even higher.

“There’s no doubt people who got in on margin will face some pressure here,” Norman said by phone from London. “The volumes weren’t huge, so it won’t be a major price driver, but for those caught on the wrong side it will hurt.”

Crypto Mania

Many of the recent news stories and market moves connected to cryptocurrencies appear to carry hallmarks of the mania phase of a bubble. Long Island Iced Tea Corp. shares rose as much as 289 percent after the unprofitable Hicksville, New York-based company rebranded itself Long Blockchain Corp. Bank of Japan Governor Haruhiko Kuroda said on Thursday bitcoin isn’t functioning like a normal means of payment and is being used for speculation.

Still, cryptocurrencies are attracting established players. Goldman Sachs Group Inc. is setting up a trading desk to make markets in digital currencies such as bitcoin, according to people with knowledge of the strategy. The bank aims to get the business running by the end of June, if not earlier, two of the people said.

In this post we will review different types of health technologies, weigh the benefits and risks and discuss how one’s safety and privacy can be affected by exploited vulnerabilities in these technologies.

Health Technology in the Digital Era

With the accelerated development of health technologies over the past decade, both patients and providers have entered an era in which much of our information is stored, processed and transmitted digitally. Whether we like it or not, we have become more dependent on technology to access and receive care, and our providers rely on it to diagnose and deliver care.

This rapid progress has gone beyond the confines of hospitals and clinics and has moved health technology into the patients’ hands and homes. The way we communicate and access health information from the comfort of our living room has turned digital. We can use patient portals to schedule appointments and communicate with our providers or to access and share our health data with guardians and loved ones.

We carry devices on our bodies to monitor and mitigate medical conditions, or we bring our smartphones to track and share our workouts and collect our vital signs as part of our daily routines. There are mobile apps that help us monitor our sleep, manage our stress, calculate our insulin doses and remind us to take our medications.

However, a manufacturer’s rush to market or lack of concern about risks leads to products designed with functionality in mind and security and privacy as an afterthought. To the extent that security is often retrofitted to the products or services that have already been introduced on the market.

Not All Health Data Is Protected Equally

Patients and individuals who use health technologies may be unaware of how their information is collected, used or disclosed to third parties. Data privacy policies associated with these technologies are not all the same, may not be clear to the user or may even inaccurately state how personal information is used and handled. Even if some policies do address these issues, such language may be buried under pages of legal jargon or worded in such a way that makes it difficult for a layperson to understand and assess potential risks. In addition, technology companies may lack adequate controls or not implement them effectively in regard to protecting your information.

What about cybersecurity? Data leakage and hacks are an everyday concern in this day and age. Total security does not exist. Thus, any health technology could conceivably suffer from a vulnerability that could be maliciously exploited — especially if the manufacturer is not required or does not have the capability to respond or proactively address these security flaws.

Weighing the Benefits and Risks

Both medical and consumer health technologies have a promising future in improving the health and overall wellbeing of individuals. But, with the benefits come new risks to the security of these systems and the privacy of the data they hold and transmit. We must remember that we all play important roles in protecting the confidentiality of our digital health footprints, ensuring that technology is used to our benefit and cannot be used against us. The same way we protect our personal and financial information, we must care to protect our health information and the safety of the technologies we use.

Some of the best features in today’s health technologies are ease of use and portability, which in so many cases require the internet and a smartphone to enable them. Not by coincidence, mobile phones and applications have increasingly become some of the favorite targets of hackers. Why? Because a smartphone is a mini-computer with superpowers. It has a microphone that can listen to you, a camera that can see you, a GPS that can locate you and an antenna to connect from anywhere. And it contains so much of your information, including your telephone, address, emails, photos, contacts and access to bank accounts and credit cards. This is a dangerous combination if not secured properly. Essentially, the smartphone is a part of our daily lives and contains a treasure trove of information.

With health and wellness technologies (i.e., those that are not specifically designed to diagnose, cure, treat, mitigate or prevent a disease or medical condition), we as users have a greater responsibility for what we choose to use and where we deposit and share our personal and health information. These technologies may hold and transmit information that, in the wrong hands, could potentially be used to harm us in many other ways.

With different types of health technologies we have different degrees of control over what is stored and how we can protect our information. Keep your eyes peeled for our next and last installment in this series, where we will discuss what we as patients and health technology users can do to protect ourselves and our information.