Many Apps Using Ultrasonic Signals to Silently Track Android Users

Thnx To THN

Your smartphone may have some apps that are continuously listening inaudible, high-frequency ultrasonic sounds from your surroundings and they know where you go, what you like and dislike — all without your knowledge.

Ultrasonic Cross-Device Tracking is a new technology that some marketers and advertising companies are currently using to track users across multiple devices and have access to more information than ever before for ad targeting.

For example, retail stores you visit, a commercial on TV or an advertisement on a web page can emit a unique "ultrasonic audio beacon" that can be picked up by your device’s mobile application containing a receiver.

This information helps advertisers to create your personalized profile and collect your interests by figuring out that both devices probably belongs to you, allowing them to target you with interest-based advertisements.

More & More Apps Have Started Using Ultrasonic Tracking Technology

In fact, while presenting research last week at the IEEE European Symposium on Security and Privacy, security researchers said they discovered 234 Android applications that ask permission to access your smartphone’s microphone to incorporate a particular type ultrasonic beacon to track consumers.
Moreover, the researchers found that 4 of the 35 retail stores they visited in Germany have ultrasonic beacons installed at the entrance.

According to investigators, SilverPush, Lisnr, and Shopkick are three SDKs that use ultrasonic beacons to send messages to the mobile device. While SilverPush allows developers to track users across multiple devices, Lisnr and Shopkick perform location tracking.

The researchers analyzed millions of Android apps and discovered few that were using the Shopkick and Lisnr SDKs, but there were much more that were using the SilverPush SDK.

Serious Privacy Concerns

Although cross-device user tracking technologies are currently being used for the legitimate purposes, it has already raised some serious privacy concerns.

Since an app requires no mobile data nor Wi-Fi connection, but only microphone access to listen to beacons, tracking works even when you have disconnected your phone from the Internet.

In fact, a team of researchers last year demonstrated that how ultrasonic sounds emitted by ads on a web page accessed through Tor can be used to deanonymize Tor users by making nearby phones or computers send identification information, such as location and IP, back to advertisers.

"The case of SilverPush emphasizes that the step between spying and legitimately tracking is rather small. SilverPush and Lisnr share essential similarities in their communication protocol and signal processing. While the user is aware of Lisnr location tracking, SilverPush does not reveal the application names with the tracking functionality," research paper reads.

In 2014, Snowden revelations disclosed that how spying agencies were tracking of This incident could also be another great example, showcasing how intelligence agency could use this ultrasonic cross-device tracking technology to track your movements across the country.

How can You Protect Yourself?

Since you can not stop ultrasonic beacons from emitting sound frequencies around you, the best way to reduce the chance of your smartphone listening for beacons and feed data to a third party is to simply restrict unnecessary permissions you have granted to the apps installed on your device.

In other words, use your common sense.

For example, Skype wants microphone access? Fair enough, as it is necessary for Skype to work as intended. But what about if an app for beauty or clothing store wants microphone access? No way.

To revoke such unnecessary app permissions, some Android phone manufacturers, like One Plus provide a feature called Privacy Guard that allowed its users to block unnecessary app permissions of certain apps on a smartphone that do not have anything to do with the primary function of the apps.

Navigate to Settings → Personal → Privacy → Privacy Guard. Now select any from the list of apps and edit unnecessary permissions you have granted it.

A similar feature has been included in Android 7. Navigate to Settings → Apps → App Permissions. Now edit the privileges you’ve granted each app.

For iOS 10 users: Go to Settings → Privacy → Microphone to see which apps have requested access to it, and which apps you have granted it to.

Read More

Beware! Don't Click that Google Docs Link You Just Received in Your Mail Otherwise Account Will Be Hacked

Thanx To THN

Did someone just share a random Google Doc with you?

First of all — Do not click on that Google Doc link you might have just received in your email and delete it immediately — even if it's from someone you know.

 people all around the Internet, especially journalists, are receiving a very convincing OAuth phishing email, which says that the person [sender] "has shared a document on Google Docs with you."
Once you clicked the link, you will be redirected to a page which says, "Google Docs would like to read, send and delete emails, as well access to your contacts," asking your permission to "allow" access.

If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password.

Beware! New GoogleDocs Phishing Email Scam Spreading Across the World — Here's Everything You Need to Know

CLICK TO TWEET

But How? The "Google Docs" app that requests permissions to access your account is fake and malicious, which is created and controlled by the attacker.

You should know that the real Google Docs invitation links do not require your permission to access your Gmail account.

Anything Linked to Compromised Gmail Accounts is at Risk

Once the app controlled by the attacker receives permissions to manage your email, it automatically sends same Google Docs phishing email to everyone on your contact list on your behalf.

Since your personal and business email accounts are commonly being used as the recovery email for many online accounts, there are possibilities that hackers could potentially get control over those online accounts, including Apple, Facebook, and Twitter.

In short, anything linked to a compromised Gmail account is potentially at risk and even if you enabled two factor authentication, it would not prevent hackers to access your data.

Meanwhile, Google has also started blacklisting malicious apps being used in the active phishing campaign.

"We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail," Google tweeted.

This Google Docs phishing scheme is spreading incredibly quickly, hitting employees at multiple organizations and media outlets that use Google for email, as well as thousands of individual Gmail users who are reporting the same scam at the same time.

If by anyhow you have clicked on the phishing link and granted permissions, you can remove permissions for the fraudulent "Google Docs" app from your Google account. Here’s how you can remove permissions:

1. Go to your Gmail accounts permissions settings at https://myaccount.google.com and Sign-in.
2. Go to Security and Connected Apps.
3. Search for "Google Docs" from the list of connected apps and Remove it. It's not the real Google Docs.

Stay tuned to our Facebook Page for more updates ! Stay Safe!

Update: Google Docs Phishing Scam Hits Nearly One Million Users

Google said that the last night's Google Docs phishing campaign affected "fewer than 0.1%" of Gmail users, which means nearly one million people were affected by it, handing over their email access to attackers.

Read More

Now Hacking Is Easy / Android Me 200kb Ka Linux ? App Overview "Turmex" Size Only 200kb

Hello Guys , Welcome To Hax4Us

Hax4Us 

Dosto Aaj Hum Baat Karenge Ek Esi App Ke Baare Me Jo Aapko Ek Linux Environment Provide Karati Hai Aapke Android Mobile.

Esa Kya Special Hai Isme ?

Yes ,Dosto I know ki Linux ko android me install karne ke liye play store me kayi popular apps hai jese LINUX INSTALLER , DEPLOY etc but Dosto ye apps Linux to install kardeti hai but uske liye minimum 1.5 GB se 2 GB aapko expense karna padta hai and install hone ke baad 4 GB tak space spare leta hai....

But dosto ye app TERMUX only 200kb ki hai and ye koi additional data ni maangti ....

How To Install ?

Dosto Simply ise play store ya niche given link se download kare and meri video deke.

Video Me Kya Hai ?

Dosto Video mene complete overview diya hai , kese install kare and ek hacking tool bhi install kar ke dikhaya hai ....

So Watch And Enjoy Linux In Android Size Only 200kb.

Agar Post Me Video Play Nahi Ho Rhi Hai To Aap Niche Link Pe Click Karke YouTube Par Video Dekh Sakte Hai .

Click Here To Watch Video 

Post Achi Lagi To Comment Jarur Kare .

Read More

Hacker leaks Unreleased TV Series Of Netflix Because They Refuse To Pay Ransom

Thnx To THN

After releasing 10 back-to-back episodes of the Season 5 premiere of Netflix's "Orange Is the New Black," a hacking group calling itself The Dark Overlord is threatening to leak a trove of other unreleased TV shows and movies.

The Dark Overlord (TDO) posted links to the first 10 episodes of the upcoming season of "Orange Is the New Black" show to a piracy website after Larson Studios and Netflix failed to fulfill the group's ransom demand.

According to Netflix's website, the season 5 of "Orange Is the New Black" show is scheduled to debut June 9 and supposed to run 13 episodes. But TDO claimed that only the first 10 episodes were available at the time the group gained access to the show.

On Saturday, the group headed on to Twitter and posted links to a Pastebin page, GitHub profile, and the Pirate Bay torrent site sharing Episode 1 of "Orange Is The New Black" season 5 show.

At the time of writing, the Pastebin (web archive) and GitHub links went down, but the Pirate Bay torrent file remained up, and users have downloaded and shared its content.

10 out of 13 "Orange Is The New Black" Season 5 Episodes Leaked Online

Following the release of Episode 1, TDO posted links to Pastebin and a second torrent file, hosted on The Pirate Bay, which includes episodes 2 through 10 of the season 5 of "Orange Is The New Black."

According to the Pastebin post, the group released 10 episodes of the show because Netflix didn't pay a ransom demand.

Here's what the TDO's statement posted on Pastebin (web archive) stated:

"It didn't have to be this way, Netflix. You're going to lose a lot more money in all of this than what our modest offer was. We're quite ashamed to breathe the same air as you. We figured a pragmatic business such as yourselves would see and understand the benefits of cooperating with a reasonable and merciful entity like ourselves. And to the others: there's still time to save yourselves. Our offer(s) are still on the table - for now."

In an interview with the DataBreaches.net, the hacking group revealed it managed to steal "hundreds of GBs [gigabytes] of unreleased and non-public media" from the servers of Larson Studios, an ADR (additional dialogue recorded) studio based in Hollywood in late 2016.

The Dark Overlord Demanded 50 BTC

While the group did not reveal its attack method nor how much ransom it demanded, according to a copy of a contract allegedly signed between TDO and Larson, the hacking group asked for 50 BTC ($70,422) by January 31.
But after the studio stopped responding to the group's email requests in January, TDO turned to Netflix, which also did not pay the ransom either, eventually forcing the group to release the first 10 episodes of season 5 of "Orange Is The New Black" after two months.

Netflix said in a statement that it was "aware of the situation. A production vendor used by several major TV studios had its security compromised, and the appropriate law enforcement authorities are involved."

The Dark Overlord Threatens to Leak More Shows to the Internet

After releasing all the 10 episode of the unreleased show, TDO threatened to leak other unreleased shows and movies from several other studios in its possession.

The Dark Overlord tweeted: "Who is next on the list? FOX, IFC, NAT GEO, and ABC. Oh, what fun we're all going to have. We're not playing games anymore."

The hacking group provided a list of unreleased shows and movies (some are released on their scheduled date) it stole from different studios, which includes:

• A Midsummers Nightmare – TV Movie
• Bill Nye Saves The World – TV Series
• Breakthrough – TV Series
• Brockmire – TV Series
• Bunkd – TV Series
• Celebrity Apprentice (The Apprentice) – TV Series
• Food Fact or Fiction – TV Series
• Hopefuls – TV Series
• Hum – Short
• It's Always Sunny in Philadelphia – TV Series
• Jason Alexander Project – TV Series
• Liza Koshy Special – YoutubeRed
• Lucha Underground – TV Series
• Lucky Roll – TV Series
• Making History ) – TV Series
• Man Seeking Woman – TV Series
• Max and Shred – TV Series
• Mega Park – TV Series
• NCIS Los Angeles – TV Series
• New Girl – TV Series
• Orange Is The New Black – TV Series
• Portlandia – TV Series
• Steve Harveys Funderdome – TV Series
• Story of God with Morgan Freeman – TV Series
• Superhuman – TV Series
• The Arrangement – TV Series
• The Catch – TV Series
• The Middle – TV Series
• The Stanley Dynamic – TV Series
• The Thundermans – TV Series
• Undeniable with Joe Buck – TV Series
• X Company – TV Series
• Above Suspicion – Film
• Handsome – Film
• Rebel In The Rye – Film
• Win It All – Film
• XXX Return of Xander Cage – Film

The Dark Overlord is a known hacking group that was responsible for cyber attacks on Gorilla Glue and Little Red Door, an Indiana Cancer Services agency. The group also put 655,000 healthcare records lifted from 3 separate data breaches up for sale on the dark web.

Read More