New York University’s Polytechnic Institute has discovered a Skype security flaw that leaves Skype users’ locations and P2P sharing activity accessible to hackers. The security hole was discovered while NYU scientists monitored 10,000 Skype users and 20 volunteers during a two-week period. “A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud,” professor Keith Ross from computer science NYU-Poly’s computer science program said. Hackers can also keep track of a Skype user’s movements as he or she places calls from various locations. The scientists were able to follow a Skype user during a vacation from New York to Chicago and then all the way home to France, Financial Post explained. “A fairly straightforward and inexpensive fix would prevent hackers from taking the critical first step in this security breach – that of obtaining users’ IP addresses through inconspicuous calling,” the scientists said. Skype chief information officer Adrian Asher said his company will work to improve the security of Skype’s software. 

Read

Apple, HTC, Samsung, Motorola, AT&T, Sprint, T-Mobile and Carrier IQ have been sued in a federal court by what the lawyers involved have deemed a “cell phone tracking software scandal.” Law firms Sianni & Straite LLP, Eichen Crutchlow Zaslow & McElroy LLP, and Keefe Bartels L.L.C. have jointly filed a class action complaint in a Delaware Federal Court related to the “unprecedented breach of the digital privacy rights of 150 million cell phone users.” The complaint suggests that the aforementioned carriers and vendors violated the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act. The suit of course refers to the companies’ use of Carrier IQ, the carrier and vendor-implemented cell phone spyware discovered recently on a number of handsets from multiple manufacturers. Read on for more.

Carrier IQ’s software is intended to be a “Mobile Service Intelligence solutions that have revolutionized the way mobile operators and device vendors gather and manage information from end users” according to the company, but cell phone users are up in arms now that the software’s capabilities have once again been widely covered across the press and on blogs. Carrier IQ software fell under the spotlight to a lesser degree back in September when the software was discovered on Sprint devices. A number of lawsuits have been filed since then, including a complaint flied last week against HTC, Samsung and Carrier IQ.

“This latest revelation of corporate America’s brazen disregard for the digital privacy rights of its customers is yet another example of the escalating erosion of liberty in this country,” David Straite, one of the lawyers leading this crusade, said in a statement. ”We are hopeful that the courts will allow ordinary customers the opportunity to remedy this outrageous breach.” His co-counsel Steve Grygiel added, ”Anyone who cares at all about their personal privacy, or the broader constitutional right to privacy, ought to care and care a great deal about this case.” The firms’ joint press release follows below.

Apple, HTC, Samsung, Motorola, AT&T, Sprint, T-Mobile and Carrier IQ Sued in Delaware Federal Court in Cell Phone Tracking Software Scandal

WILMINGTON, Del., Dec. 2, 2011 – The law firms of Sianni & Straite LLP of Wilmington, DE, Eichen Crutchlow Zaslow & McElroy LLP of Edison, NJ, and Keefe Bartels L.L.C. of Red Bank, NJ, have today filed a class action complaint in Federal Court in Wilmington, Delaware related to the unprecedented breach of the digital privacy rights of 150 million cell phone users.  The complaint asserts that three cell phone providers (T-Mobile, Sprint and AT&T) and four manufacturers of cell phones (HTC, Motorola, Apple and Samsung) violated the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act.

The carriers and manufacturers were caught last month willfully violating customers’ privacy rights in direct violation of federal law.  A technology blogger in Connecticut discovered that software designed and sold by California-based Carrier IQ, Inc. was secretly tracking personal and sensitive information of the cell phone users without the consent or knowledge of the users.  On Nov. 30, 2011, the United StatesSenate Committee on the Judiciary said in a letter to Carrier IQ that “these actions may violate federal privacy laws.”  It added, “this is potentially a very serious matter.”

David Straite, one of the attorneys leading the action, noted “this latest revelation of corporate America’s brazen disregard for the digital privacy rights of its customers is yet another example of the escalating erosion of liberty in this country.  We are hopeful that the courts will allow ordinary customers the opportunity to remedy this outrageous breach.”  Steve Grygiel, co-counsel for the proposed class, agreed: “anyone who cares at all about their personal privacy, or the broader constitutional right to privacy, ought to care and care a great deal about this case.”  Barry Eichen added, “today’s comment from Larry Lenhart, CEO of Carrier IQ, that his software is somehow good for consumers starkly demonstrates what is at stake.”

A copy of the Class Action Complaint in Pacilli v. Carrier IQ, Inc. can be viewed on the Firms’ websites at www.siannistraite.com, www.keefebartels.com, and www.njadvocates.com.

Plaintiffs are represented by Sianni & Straite LLP, a Delaware-based litigation firm with a branch office in New York, Keefe Bartels LLC, a New Jersey-based plaintiffs’ rights trial law firm, and Eichen Crutchlow Zaslow & McElroy LLP, a leading plaintiffs firm with three offices in New Jersey.

Google has announced a new privacy option that allows users to opt out of having their wireless routers included in the Google Location Server. That’s right, you have to opt out, not in. Here’s how Google Location Server works: when you’re walking around town trying to figure out your location using your smartphone and Google Maps, your phone can either use GPS or a faster, more battery efficient method that determines your location based on local wireless networks. Google maintains a database of local wireless access points but, if you don’t want to be included in it, you can simply change your router SSID (the network name that you broadcast) to include “_nomap” at the end of the access point name. Once you’ve done that, Google will not include your wireless access point in its Google Location Server database. “As we explored different approaches for opting-out access points from the Google Location Server, we found that a method based on wireless network names provides the right balance of simplicity as well as protection against abuse,” Google’s global privacy counsel Peter Felischer said in a blog post. “Specifically, this approach helps protect against others opting out your access point without your permission.”

Read

Verizon Wireless began alerting its customers of changes to its official privacy policy on Friday. The carrier confirmed it will now use information for “private business and marketing reports” and “making mobile ads more relevant.” Verizon Wireless will share the URL of websites you visit, the location of your device, as well as app and device feature usage. It will also share information on data and calling features and your demographic so that it, and outside firms, can create reports and target ads more efficiently. Read on.

Verizon did say, however, that it will not share any information that will identify its customers personally. “Protecting data and safeguarding privacy are high priorities at Verizon,” the company said in a statement to BGR. Instead, the information will be used to generate reports that may, for example, state that 5,000 of its customers visited ESPN during any given month and 89% were men.

“A local restaurant may want to advertise only to people who live within 10 miles, and we might help deliver that ad on a website without sharing information that identifies you personally,” Verizon Wireless explained in the notice.

If you are worried by the changes, you can stop Verizon Wireless from collecting your personal information by visiting http://www.vzw.com/myprivacy. Read on for a full statement on the changes, provided to BGR by Verizon Wireless.

Protecting data and safeguarding privacy are high priorities at Verizon. Verizon Wireless recently introduced a new program that involves the creation of new types of aggregate business and marketing reports.  For the business and marketing reports offered by Verizon Wireless, records about websites visited, cell phone locations and other consumer data will be combined (or aggregated) to compile reports that provide businesses with insights about their customers.   In addition, Verizon Wireless and Verizon Telecom also introduced new ways to advertise to mobile users and wireline broadband customers.

For example, these insights may include the demographics (age ranges, gender, etc.) and interests (such as “pet lovers” or “tennis enthusiasts”) of visitors to a Web site, or commuters who might pass an outdoor billboard.  These aggregate reports could be used by web publishers to help provide content that is more appealing to users, or to help advertisers better select the ads they will display on outdoor billboards or at other venues.

Read

Microsoft has updated its Windows Phone platform to address what is now presumed to have been a bug that caused phones to gather location data before a user opted in to such services. Windows Phone developer Rafael Rivera last week revealed that Microsoft’s mobile platform was exhibiting behavior that directly contradicted earlier claims the company made to the United States government. Microsoft’s new “Mango” update, however, appears to have remedied the matter. Read on for more.

“Microsoft only collects information to help determine a phone’s approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data,” Microsoft said recently in a letter to the U.S. House of Representatives. Meanwhile, Rivera discovered that Windows Phone devices began collecting and transmitting “pin-point accurate positioning information” before users were even given the option to opt into such a service.

This behavior now appears to have been a bug. Rivera analyzed the latest version of Windows Phone currently being pushed out to smartphones around the world, and he found that the new OS no longer collects location data until users opt in.

“I have confirmed that Windows Phone ‘Mango’ no longer sends location data prior to being granted permission to do so,” Rivera wrote in a blog post earlier this week. “The behavior I’m now seeing is perfectly aligned with Microsoft’s letter to the U.S. House of Representatives.”

Pending lawsuits against Microsoft surrounding the collection of location data will no doubt continue, but it appears as though Windows Phone’s collection of positioning data is now completely transparent and in line with descriptions provided in the terms of use.

A developer has revealed evidence that Windows Phone devices collect and transmit user location data before users have given the phones permission to do so. The news follows claims Microsoft made to the United States House of Representatives stating that it does not collect or transmit any location data until a Windows Phone user opts in. Windows Phone devices clearly ask for permission regarding the collection of location data — the user must click “allow” in a pop-up dialog box seeking authorization for the camera app to collect positioning data — but it appears as though the OS doesn’t bother to wait for users to opt in before it begins transmitting location information. Read on for more.

Windows Phone developer Rafael Rivera had been skeptical about claims that Microsoft was collecting location data without permission, and he took it upon himself to investigate. Using a retail device that had been restored to factory settings, Rivera went through the setup process while monitoring data sent to and from the phone. The developer was surprised by his findings.

“According to Kamkar, launching the Camera application was enough to see the culprit behavior, so I tried it,” the developer wrote on his blog, referring to a report written by security researcher Samy Kamkar that Rivera had previously contradicted. ”After launching the app., Fiddler captured location data being sent to and from Microsoft servers, just as Kamkar’s report suggested. Uh oh!”

Rivera reports that “pin-point accurate positioning information” was collected by his Windows Phone before he gave it permission to gather such data. The culprit, it seems, is the Camera application, though the developer notes that the cause it largely irrelevant — this behavior is a direct contradiction to statements Microsoft made in a letter to the U.S. House of Representatives (emphasis added by Rivera):

[1. User Choice and Control.] Microsoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information. Users that have allowed an application to access location data always have the option to access to location at an application level or they can disable location collection altogether for all applications by disabling the location service feature on their phone.

[2. Observing Location Only When the User Needs It.] Microsoft only collects information to help determine a phone’s approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data. If an application does not request location, Microsoft will not collect location data.

Microsoft declined to comment on Rivera’s findings. Instead a company spokesperson provided BGR with the following statement via email:

Microsoft is investigating the claims raised in the complaint. We take consumer privacy issues very seriously. Our objective was — and remains — to provide consumers with control over whether and how data used to determine the location of their devices are used, and we designed the Windows Phone operating system with this in mind.

Because we do not store unique identifiers with any data transmitted to our location service database by the Windows Phone camera or any other application, the data captured and stored on our location database cannot be correlated to a specific device or user. Any transmission of location data by the Windows Phone camera would not enable Microsoft to identify an individual or “track” his or her movements.

Apple has repeatedly accused Samsung of “copying” its products, but it looks like Microsoft is now the one following Apple’s lead. A class action lawsuit filed in Seattle on Wednesday accuses Microsoft of unlawfully tracking users of smartphones that run the company’s emerging Windows Phone 7 operating system. According to the complaint, the camera application in Microsoft’s Windows Phone software continues to track users’ locations and transmit that data to Microsoft even if users opt-out of Windows Phone’s tracking and feedback functions. The class action suit seeks an injunction as well as punitive damages. Earlier this year, Apple was caught tracking iPhone and iPad users’ locations and storing them in a hidden file on the devices. Apple would go on to state that the issue was caused by a bug, and the Cupertino-based company quickly issued a software update to remedy the problem. Numerous complaints were filed as a result of the scandal however, and while damages have been minimal so far, several cases are still outstanding.

Read

Microsoft’s Bing team took the wraps off of a new location-sharing application for Windows Phone on Thursday called “We’re in.” The application is similar to foursquare and Latitude in some respects, and yet still very different. The idea is simple: you can create an invitation that will allow your friends to share their location for a specified amount of time. Say, for example, you want to share your location and see where four of your friends are, for one hour, while you all head towards a local restaurant. You can create a quick event with “We’re in” and then send it to those friends. Once they accept, their pictures and locations will appear on Bing Maps. If you hit traffic or the train is late, you and your friends can update your status as you make your way to the restaurant. Unlike Latitude, which some people avoid for fear of location privacy issues, you can always leave the party. Better yet, when the allotted time is up, your location is automatically turned off. The application is available in the Zune Marketplace now and Microsoft says it plans on delivering it to other platforms soon, too.

Read

27,000 people have filed a class-action lawsuit against Apple in South Korea over concerns Apple collected private location data, Bloomberg reported on Wednesday. The group is seeking 1 million won per person in damages, or about $930 each and just over $25 million total. In early August, the Korean Communications Commission fined Apple 3 million won ($2,829) following the “Locationgate” scandal that occurred earlier this year. Apple has stood by its claims that the location-tracking was the result of a bug that was fixed in a software update. The iPhone maker was also sued in the United States by two consumers in Florida and by one man in Puerto Rico. Apple paid South Korean lawyer Kim Hyung-suk $945 this past May after he filed a lawsuit against the company, and that is the only other recorded pay-out at this point regarding the iOS location tracking bug.

Read

Facebook announced on Tuesday that it has released a new application called “Messenger” for Android and the iPhone. Messenger allows users to quickly chat with friends, create group chats, share their location or photos and more. It doesn’t appear that Facebook will tie it in with its Facebook Chat application just yet, but you can access your Facebook inbox from the new app. Unfortunately, it does not offer the same delivered/read alerts that competing services such as BBM, iMessage and WhatsApp offer. The free application is available in both the Android Market and the iTunes App Store now. Facebook acquired a messaging platform called Beluga in March and this is likely the preliminary fruit of that purchase.

Read

Apple has been fined by South Korea’s telecommunications regulator following the “Locationgate” scandal that caused public outrage earlier this year, Dow Jones reports. This marks the second time Apple has had to pay penalties resulting from the iOS location-tracking snafu. A South Korean lawyer sued Apple and was awarded $1 million won, or approximately $945 at the time, by a court this past June. It was discovered in April that the iPhone and some iPad models were secretly tracking users and storing their locations in a local file. Apple determined that a software bug was responsible for the collection of location data, and it promptly issued a fix. The damage had already been done, however, and lawsuits were filed. Apple’s prompt attention to the matter likely limited the damage, and Wednesday’s fine levied by the Korea Communications Commission is the first penalty we’ve seen issued by a regulatory body. So what’s the damage this time around? $3 million won, or approximately $2,829.

Read

Google — noting that 40% of its Google Maps users are on mobile devices — updated its Google Maps Web app for iOS and Android today. We’ve been pretty satisfied with the native applications on Android and iOS, but the website allows you to access many of the options that are available from a desktop browser, too. That includes the ability to view your location, search nearby areas with suggestions and auto-complete, get directions for driving, transit, biking, or walking, view different lays, view Place pages, and access your starred locations. We’re particularly excited about the option for accessing our starred locations, a feature that’s not available in the native iOS application. You can access the revamped interface by visiting maps.google.com from your iOS or Android device.

Read

Wirefly this month unveiled a new service option for its popular mobile backup service. Mobile Backup PRO, which is compatible with the Android, iOS, BlackBerry and Windows Mobile 6.5 devices, affords subscribers a host of functionality not available with the standard free service. For starters, PRO subscribers get either 10GB or unlimited storage for music, photos, videos, and any other data backed up using the service, depending on the subscription option they choose. Free subscribers only get 2GB of storage. For added value, PRO subscribers can also use the service to locate their phone remotely using the device’s GPS, lock and unlock their phone remotely, display a message on the phone’s display, sound an alarm on the phone, and completely erase the phone’s memory remotely. Wirefly’s full-featured backup and remote security solution costs $2.99 per month or $30 annually for one phone and one computer with up to 10GB of storage. $5.99 or $60 annually grants users unlimited storage for up to five phones and one computer. Both plans feature a free 30-day trial for users who enter the code “WMBPRO.”

Read

A new series of emails were made public on Monday as a result of Skyhook Wireless’ lawsuit claiming Google interfered with a contract the LBS company had in place with cell phone maker Motorola Mobility. The emails, which were sent to and from numerous top executives at Google including CEO Larry Page and SVP of Mobile Andy Rubin, detail the company’s shock at losing out to Skyhook. The internal emails also reveal Google’s admission that Skyhook’s location product is better and more accurate than its solutions, and scratch the tip of the iceberg regarding how Google seemingly used its muscle to squash Motorola’s deal with Skyhook. Hit the break for screen shots of a few of the emails, and hit read link for a collection of what may be the most interesting emails of the bunch.

Read

The city of New York has teamed up with the FCC and wireless carriers to unveil a new emergency alert system called PLAN. PLAN can notify mobile users in a specific geographic location of a hazardous or potentially life threatening situations. The new system was announced a few days ago at an event at the still-under-construction World Trade Center site, and New York City Mayor Michael Bloomberg commented:

One of the many lessons that were reinforced on 9/11 is the importance of getting clear and accurate information to the public–that’s why we’ve made improving our emergency public communications a top priority. As part of this effort, we’re harnessing tech in innovative new ways, which is something I found to be effective in both business and government for improving service delivery.

The system taps into the existing Emergency Alert System that notifies the public of an emergency by radio or TV, though PLAN (Personalized Localized Alerting Network), takes emergency alerts into the modern age with a pretty smart system. With a compatible phone, your mobile device will be able to receive an emergency alert based on your geographical location. For instance, if there was an alert about an imminent threat to public safety for New Jersey (nobody likes New Jersey) and you were not in New Jersey at the time, you would not get the alert. PLAN consists of three alerts: those issues by the President, alerts warning of imminent threats, and Amber Alerts. The last two can be blocked by an individual but not an alert from the President. The system will be available in New York and Washington, D.C. by the end of the year, and will roll out nationally by April of 2012.

Read [PDF]