They Stormed the Capitol. Their Apps Tracked Them!

/in /by

Fri. Feb. 5, 2021 |By Charlie Warzel and Stuart A. Thompson – Opinion |

In 2019, a source came to us with a digital file containing the precise locations of more than 12 million individual smartphones for several months in 2016 and 2017. The data is supposed to be anonymous, but it isn’t. We found celebrities, Pentagon officials and average Americans.

It became clear that this data — collected by smartphone apps and then fed into a dizzyingly complex digital advertising ecosystem — was a liability to national security, to free assembly and to citizens living mundane lives. It provided an intimate record of people whether they were visiting drug treatment centers, strip clubs, casinos, abortion clinics or places of worship.

Surrendering our privacy to the government would be foolish enough. But what is more insidious is the Faustian bargain made with the marketing industry, which turns every location ping into currency as it is bought and sold in the marketplace of surveillance advertising…

Read the full story here.

Cell phone data tracks missing Texas State student Jason Landry’s route before his disappearance

/in /by

Fri. Jan. 29, 2021 |By Jaclyn Ramkissoon – KXAN News |

LULING, Texas (KXAN) — More details have been released in the ongoing search for missing Texas State University student Jason Landry, including cell phone data tracking his travel before his car crashed.

Landry, 21, disappeared in mid December on his way home to Missouri City, Texas, after he crashed his car off Salt Flat Road near Luling. The car was found abandoned and so were some personal belongings including clothing, his cell phone, wallet and a backpack.

Cell phone data tracks Landry’s route

Investigators said Landry left his San Marcos apartment at 10:55 p.m. on Dec. 13 for his journey home. Here’s a timeline of where his cell phone data tracked him, as released by the Caldwell County Sheriff’s Office.

  • 11:05 p.m. – Landry drives his car on Highway 80, passes under I-35 in San Marcos, continues south
  • 11:07 p.m. – Enters Caldwell County
  • 11:11 p.m. – Landry drives through Martindale, Texas, continues south on Highway 80
  • 11:15 p.m. – Passes over State Highway 130 on Highway 80
  • 11:17 p.m. – Travels through Fentress, Texas, enters Prairie Lea, Texas, two minutes later
  • 11:21 p.m. – Enters Stairtown, Texas
  • 11:24 p.m. – Enters the City of Luling on Highway 80, goes through the intersection of Hackberry Street (Highway 80 becomes Austin Street here)

Landry then stops using the Waze app and opens Snapchat. He continued on Austin Street to the intersection with U.S. Highway 183 or Magnolia Avenue, CCSO said. It’s believed he went through the intersection and continued on East Austin Street. It’s at this intersection that Landry’s digital footprint stops…

Read the full story here.

SCOTUSblog: Compelling iPhone Passcodes

/in /by

Fri. Jan. 29, 2021 |By Andrew Hamm – SCOTUSblog |

This week the SCOTUS Blog highlights cert petitions that ask the Supreme Court to consider, among other things, whether law enforcement can compel testimony in the form of a phone passcode.  A law enforcement officer became the subject of an investigation for allegedly passing information about a narcotics investigation to a suspect.  Investigators seized his phones, but they were unable to unlock the phones to access the data. Officials sought a discovery order to compel the officer to disclose his passcodes, which the officer argued would violate his Fifth Amendment right against self-incrimination. The New Jersey Supreme Court ruled that a passcode, comprising a series of characters, was of “minimal testimonial value” for which the state could — and had here — overcome the constitutional protection by proving the phones belonged to the officer. Claiming state and federal courts are divided on this question, the petition in Andrews v. New Jersey asks the justices to weigh in.

Andrews v. New Jersey
20-937
Issue: Whether the self-incrimination clause of the Fifth Amendment protects an individual from being compelled to recall and truthfully disclose a memorized passcode, when communicating the passcode may lead to the discovery of incriminating evidence to be used against him in a criminal prosecution.

Read the full story here.

AT&T-FirstNet launches Band 14 HPUE, z-axis location

/in /by

Thurs. Jan. 28, 2021 |By Kelly Hill – RCR Wireless News |

AT&T-FirstNet is now offering first responders vertical location capabilities in more than 100 markets, ahead of an April 2021 FCC deadline for having the technology in place to support 911 callers on mobile devices.

The z-axis location information is one of several new technology offerings for public safety that AT&T-FirstNet announced this week. The others are high-power user equipment in Band 14, which it has dubbed “FirstNet MegaRange”, and a new compact deployable that can be purchased by departments and used to connect to FirstNet when other coverage is not available.

The carrier says that z-axis information is available in more than 105 U.S. markets, including Chicago, Dallas, Detroit, Los Angeles, Philadelphia, and San Francisco and that markets are being added weekly to give public safety “a new level of indoor spatial awareness not previously available using traditional GPS-based location methods.” The first app that integrates the information from AT&T-FirstNet is from Intrepid Networks, which offers a situational awareness platform, Response for FirstNet, that includes services like mapping, information sharing and push-to-talk voice.

In addition to the z-axis capability, AT&T-FirstNet said that its standards-based mission-critical push-to-talk (MCPTT) now supports Land Mobile Radio-to-LTE interoperability, so that responders using LMR can talk with others using FirstNet’s MCPTT. The capability is enabled through a Radio Over IP (RoIP) gateway and “seamlessly integrates with almost any LMR system,” according to an AT&T blog post about the interoperability. “Our intention is to ensure FirstNet capabilities are designed to interoperate with the thousands of LMR networks currently in use so that the promise of integrated voice, data and video capabilities for public safety group communications is realized,” the company said. AT&T-FirstNet noted that it now has 11 devices approved for FirstNet PTT.

The public-safety network partnership also added new options for high-power user equipment (HPUE), initially in the form of two modems, which operate at higher power levels in Band 14 to improve cell-edge coverage or better in-building penetration. In addition, public safety agencies can now purchase their own deployable network assets that connect to the FirstNet network, including compact cells-on-wheels (COWs) which link to the cellular network via satellite and can be activated by one person within minutes.

“These innovative mission-driven solutions are equipping first responders with better situational awareness – whether conducting a search and rescue mission in a remote area or on the upper floors of a burning building – all while helping to ensure a seamless, interoperable connection,” said Jason Porter, SVP of the FirstNet program at AT&T.

Read the full story here.

TikTok has User Cell Phone Numbers? Interesting…

/in /by

Wed. Jan. 26, 2021 |By Zak Doffman – Forbes |

A new warning today for the hundreds of millions of users with TikTok’s app on their phones. If you have your phone number linked to your profile, you should remove it—but, beware, that’s very difficult to do. And while your number is still there, TikTok will use it to track you online. So, here’s what you do now.

If you have TikTok on your phone, there’s a good chance it has your number—it’s the easiest way to sign up for an account and then login. But now security researchers at Check Point suggest you change that. “I see significant privacy risks in users giving TikTok their phone number as an account identifier,” Check Point’s Ekram Ahmed warns. “Phone numbers can be a very powerful data source for tracking location.”

Check Point has issued this warning “given TikTok’s past issues with data security,” according to Ahmed. The security firm has just released a report into the latest such threat. The firm says that a server-side security vulnerability would have enabled an outside actor to query TikTok’s database, pulling private information, linking phone numbers to profiles. This could then have been used to harvest private contact details for celebrities or to build a database of users that could have been targeted at scale. Put simply, throwing lists of random numbers at TikTok returned matching profiles.

Check Point’s Oded Vanunu tells me that the accessible details “included phone numbers, nicknames, profile and avatar pictures, unique user IDs, as well as certain profile settings, such as whether a user is a follower or if a user’s profile is hidden.”

Linking phone numbers to social media profiles is not new—there’s another news story doing the rounds this week about a Telegram bot querying leaked Facebook data to do the same. But anything TikTok related carries extra spice given the U.S. campaign last year—this alleged links between the platform’s parent, ByteDance, and the Chinese state and that users risked their data being spirited back to China…

Read the full story here.