American Phone-Tracking Firm Demo’d Surveillance Powers By Spying On CIA and NSA

Anomaly Six, a secretive government contractor, claims to monitor the movements of billions of phones around the world and unmask spies with the press of a button. Reader BeerFartMoron shares a report: In the months leading up to Russia’s invasion of Ukraine, two obscure American startups met to discuss a potential surveillance partnership that would merge the ability to track the movements of billions of people via their phones with a constant stream of data purchased directly from Twitter. According to Brendon Clark of Anomaly Six — or “A6” — the combination of its cellphone location-tracking technology with the social media surveillance provided by Zignal Labs would permit the U.S. government to effortlessly spy on Russian forces as they amassed along the Ukrainian border, or similarly track Chinese nuclear submarines. To prove that the technology worked, Clark pointed A6’s powers inward, spying on the National Security Agency and CIA, using their own cellphones against them.

Virginia-based Anomaly Six was founded in 2018 by two ex-military intelligence officers and maintains a public presence that is scant to the point of mysterious, its website disclosing nothing about what the firm actually does. But there’s a good chance that A6 knows an immense amount about you. The company is one of many that purchases vast reams of location data, tracking hundreds of millions of people around the world by exploiting a poorly understood fact: Countless common smartphone apps are constantly harvesting your location and relaying it to advertisers, typically without your knowledge or informed consent, relying on disclosures buried in the legalese of the sprawling terms of service that the companies involved count on you never reading.

Read more of this story at Slashdot.

Ebook Services Are Bringing Unhinged Conspiracy Books into Public Libraries

Librarians say Holocaust deniers, antivaxxers, and other conspiracy theorists are being featured in the catalogs of a popular ebook lending service. From a report: In February, a group of librarians in Massachusetts identified a number of Holocaust denial and anti-Semitic books on Hoopla, including titles like “Debating The Holocaust” and “A New Nobility of Blood and Soil” — the latter referring to the infamous Nazi slogan for nationalist racial purity. After public outcry from library and information professionals, Hoopla removed a handful of titles from its digital collection.

In an email obtained by the Library Freedom Project last month, Hoopla CEO Jeff Jankowski explained that the titles came from the company’s network of more than 18,000 publishers: “[The titles] were added within the most recent twelve months and, unfortunately, they made it through our protocols that include both human and system-driven reviews and screening.” However, quick Hoopla keyword searches for ebooks about “homosexuality” and “abortion” turn up dozens of top results that contain largely self-published religious texts categorized as “nonfiction,” including several titles like “Can Homosexuality Be Healed” which promote conversion therapy and anti-LGBTQ+ rhetoric. This prompted a group of librarians to start asking how these titles are appearing in public library catalogs and why they are ranked so high.

Read more of this story at Slashdot.

Hackers Can Infect Over 100 Lenovo Models With Unremovable Malware

Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be next to impossible to remove or, in some cases, to detect. Ars Technica reports: Three vulnerabilities affecting more than 1 million laptops can give hackers the ability to modify a computer’s UEFI. Short for Unified Extensible Firmware Interface, the UEFI is the software that bridges a computer’s device firmware with its operating system. As the first piece of software to run when virtually any modern machine is turned on, it’s the initial link in the security chain. Because the UEFI resides in a flash chip on the motherboard, infections are difficult to detect and even harder to remove.

Two of the vulnerabilities — tracked as CVE-2021-3971 and CVE-2021-3972 — reside in UEFI firmware drivers intended for use only during the manufacturing process of Lenovo consumer notebooks. Lenovo engineers inadvertently included the drivers in the production BIOS images without being properly deactivated. Hackers can exploit these buggy drivers to disable protections, including UEFI secure boot, BIOS control register bits, and protected range register, which are baked into the serial peripheral interface (SPI) and designed to prevent unauthorized changes to the firmware it runs. After discovering and analyzing the vulnerabilities, researchers from security firm ESET found a third vulnerability, CVE-2021-3970. It allows hackers to run malicious firmware when a machine is put into system management mode, a high-privilege operating mode typically used by hardware manufacturers for low-level system management. “All three of the Lenovo vulnerabilities discovered by ESET require local access, meaning that the attacker must already have control over the vulnerable machine with unfettered privileges,” notes Ars Technica’s Dan Goodin. “The bar for that kind of access is high and would likely require exploiting one or more critical other vulnerabilities elsewhere that would already put a user at considerable risk.”

Still, it’s worth looking to see if you have an affected model and, if so, patch your computer as soon as possible.

Read more of this story at Slashdot.

Volla Phone 22 Runs Ubuntu Touch Or a Privacy-Focused Android Fork Or Both

The Volla Phone 22, a new smartphone available for preorder via a Kickstarter campaign, is unlike any other smartphone on the market today in that it ships with a choice of the Android-based Volla OS or the Ubuntu Touch mobile Linux distribution. “It also supports multi-boot functionality, allowing you to install more than one operating system and choose which to run at startup,” writes Liliputing’s Brad Linder. Some of the hardware specs include a 6.3-inch FHD+ display, a MediaTek Helio G85 processor, 4GB of RAM, 128GB storage, 3.5mm audio jack and a microSD card reader. There’s also a 48-megapixel main camera sensor and replaceable 4,500mAh battery. From the report: While Volla works with the folks at UBPorts to ensure its phones are compatible with Ubuntu Touch, the company develops the Android-based Volla OS in-house. It’s based on Google’s Android Open Source Project code, but includes a custom launcher, user interface, and set of apps with an emphasis on privacy. The Google Play Store is not included, as this is a phone aimed at folks who want to minimize tracking from big tech companies. Other Google apps and services like the Chrome web browser, Google Maps, Google Drive, and Gmail are also omitted. The upshot is that no user data is collected or stored by Volla, Google, or other companies unless you decide to install apps that track your data. Of course, that could make using the phone a little less convenient if you’ve come to rely on those apps, so the Volla Phone might not be the best choice for everyone.

Volla OS also has a built-in user-customizable firewall, an App Locker feature for disabling and hiding apps, and optional support for using the Hide.me VPN for anonymous internet usage. The source code for Volla OS is also available for anyone that wants to inspect the code. The operating system also has a custom user interface including a Springboard that allows you to quickly launch frequently-used apps by pressing a red dot for a list, or by starting to type in a search box for automatic suggestions such as placing a phone call, sending a text message, or opening a web page. You can also create notes or calendar events from the Springboard or send an encrypted message with Signal. The phone is expected to ship in June at an early bird price of about $408.

Read more of this story at Slashdot.

Rolls-Royce Expects UK Approval For Small Nuclear Reactors By Mid-2024

Rolls-Royce is to start building parts for its small modular nuclear reactors in anticipation of receiving regulatory approval from the British government by 2024, one of its directors has said. The Guardian reports: Paul Stein, the chairman of Rolls-Royce SMR, a subsidiary of the FTSE 100 engineering company, said he hoped to be providing power to the UK’s national grid by 2029. Speaking to Reuters in an interview conducted virtually, Stein said the regulatory “process has been kicked off, and will likely be complete in the middle of 2024. We are trying to work with the UK government, and others to get going now placing orders, so we can get power on grid by 2029.”

Small modular reactors (SMRs) are seen by their proponents as a way to build nuclear power plants in factories, a method that could be cheaper and quicker than traditional designs. The technology, based on the reactors used in nuclear submarines, is seen by Rolls-Royce as a potential earner far beyond any previous business such as jet engines or diesel motors. The government under Boris Johnson put nuclear power at the centre of its energy strategy announced earlier this month, in response to climate concerns and a desire to ditch Russian gas. SMRs are expected to play an important role in an expansion of nuclear to supply a quarter of the UK’s energy needs. Lower costs would be crucial in justifying the nuclear push, given that onshore wind is seen as much cheaper and quicker to install.

Read more of this story at Slashdot.