They complain that the body armor and cellphones assigned with panic buttons are inadequate. Some have received death threats, been kidnapped or forced into exile. Recipients said the dangers they face should not be underestimated. "Supreme Court judges, ministers, prosecutors, they don't have this device." "It's a very, very basic protection measure for people whose risks aren't very complex," said Mora. He said activists given the device are at such low risk there would be little interest in eavesdropping on them. Office of National Protection Director Diego Mora called the flaws identified in the AP audit overblown. Obtaining the Colombian device's phone number is not easy, and the government said it alone knows to whom each device is assigned.īut security experts said there are ways a sophisticated adversary could obtain the numbers, including fake cell tower technology that captures numbers and bribes to cell company or government employees. Built-in GPS pinpoints the user's location.īecause the device can be remotely wiped, it can also be reconfigured from afar, said Deral Heiland, the researcher with Rapid7 who performed the audit. Simple text messages can reset it or activate the microphone remotely, turning it into a listening post, the audit found. The most serious vulnerability lets anyone with the device's phone number remotely disable it and surreptitiously take control. The AP tested two devices issued in Colombia, while Rapid7 bought buttons directly from the manufacturer. A button marked "SOS" calls for help when pressed.īut some features could be turned against the user, the security audit done for the AP by the Boston-based security firm Rapid7 found. The device operates on a wireless network, has a built-in microphone and receiver and can be mapped remotely with geo-location software. Its Chinese manufacturer markets it under the name EV-07 for tracking children, pets and the elderly. The panic button, or "boton de apoyo," distributed by Colombia's Office of National Protection is a keychain-style fob. When effective, they can be crucial lifelines against criminal gangs, paramilitary groups or the hostile security forces of repressive regimes. Over the past four years, other "distress alarms" and smartphone apps have been deployed or tested around the world, with mixed results. "This is negligent in the extreme," said Eva Galperin, director of cybersecurity at the nonprofit Electronic Frontier Foundation, calling the finding "a tremendous security failure." There is no evidence the vulnerabilities have been exploited, but security experts are alarmed. But the Associated Press, with an independent security audit, uncovered technical flaws that could let hostile parties disable them, eavesdrop on conversations and track users' movements. It does not store any personal data.The pocket-sized devices are designed to notify authorities in the event of an attack or attempted kidnapping. The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. The cookie is used to store the user consent for the cookies in the category "Performance". This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. The cookies is used to store the user consent for the cookies in the category "Necessary". The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". The cookie is used to store the user consent for the cookies in the category "Analytics". These cookies ensure basic functionalities and security features of the website, anonymously. Necessary cookies are absolutely essential for the website to function properly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |