https://www.civilsphereproject.org/blog daily 0.75 2022-03-07 https://www.civilsphereproject.org/blog/2022/3/8/point-for-help-aid-cards-for-getting-help-breaking-through-language-barriers monthly 0.5 2022-03-08 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/716912d2-f3e7-4f9d-98f0-761db03ab454/point+for+help+small+banner.png Civilsphere Blog - Point For Help: Aid Cards for Getting Help Breaking Through Language Barriers - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/c1eb0663-bd56-493c-9f84-065560417f27/point+for+help+overview.png Civilsphere Blog - Point For Help: Aid Cards for Getting Help Breaking Through Language Barriers - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/aa13bdca-8617-40c7-9bb5-c1cd8652309e/point+for+help+combine.png Civilsphere Blog - Point For Help: Aid Cards for Getting Help Breaking Through Language Barriers - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.civilsphereproject.org/blog/2021/12/3/civilsphere-ai-vpn-v010-beta-release monthly 0.5 2021-12-03 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617193170643-DOFV1EE5M1E4UYGERL3G/AI-VPN-Logo-Idea-4_bl-up_bg-white_1500x1500.jpg Civilsphere Blog - Civilsphere AI VPN: v0.1.0-beta release - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.civilsphereproject.org/blog/2021/9/21/capturing-and-detecting-androidtester-remote-access-trojan-with-the-emergency-vpn monthly 0.5 2021-09-21 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1632235483493-D78FNPEZBEPY4PS8UX0P/Figure+1.png Civilsphere Blog - Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN - Make it stand out Figure 1 - AndroidTester can list the entire content of the phone SD card, including downloads, applications, movies, configurations, and pictures [4]. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1632235487292-7H0JMZUDA7S3FAOH6L6J/Figure+2.png Civilsphere Blog - Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN - Make it stand out Figure 2 - AndroidTester can list the applications installed on the device [5]. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1632235763568-P2TR61X7L7IMVZFP3ZM1/Emergency+VPN+Visuals+-+How+the+Emergency+VPN+Works.jpg Civilsphere Blog - Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN - Make it stand out Figure 3 - The Emergency VPN allows users to safely browse the Internet while providing a security assessment of the network traffic to identify potential threats. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1632235952645-I3NKZLF55ZJB3C4BCRCK/Table+1.png Civilsphere Blog - Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1632236090545-BM7B3HBQ9O72ALGSMO33/Figure+4.png Civilsphere Blog - Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1632236145500-S8HP430XZB0RLOEFOH1K/Figure+5.png Civilsphere Blog - Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.civilsphereproject.org/blog/2021/4/28/civilsphere-ai-vpn-v01-alpha-pre-release monthly 0.5 2021-04-28 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617193170643-DOFV1EE5M1E4UYGERL3G/AI-VPN-Logo-Idea-4_bl-up_bg-white_1500x1500.jpg Civilsphere Blog - Civilsphere AI VPN: v0.1-alpha pre-release https://www.civilsphereproject.org/blog/2021/3/31/introducing-our-new-project-civilsphere-ai-vpn monthly 0.5 2021-03-31 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617193170643-DOFV1EE5M1E4UYGERL3G/AI-VPN-Logo-Idea-4_bl-up_bg-white_1500x1500.jpg Civilsphere Blog - Introducing Our New Project: Civilsphere AI VPN https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617193299464-VJPB8YIVELEQ9U41RA43/High+Level+Workflow-02.jpeg Civilsphere Blog - Introducing Our New Project: Civilsphere AI VPN https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617193791130-TUZ43924BEML98W4UFT2/How+the+AI+VPN+Works-02.jpeg Civilsphere Blog - Introducing Our New Project: Civilsphere AI VPN https://www.civilsphereproject.org/blog/2021/2/26/mobile-insecurity-series-application-myfitnesspal-leaks-your-data monthly 0.5 2021-02-26 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613740939443-4XQOX3PK5LXX5DW9A1I1/mfp-001.png Civilsphere Blog - Mobile (in)Security Series: Application "MyFitnessPal" Data Leaking AppStore: https://apps.apple.com/app/myfitnesspal/id341232718 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613741354547-D6GTC2YCIDW51FFTANLV/mfp-002.png Civilsphere Blog - Mobile (in)Security Series: Application "MyFitnessPal" Data Leaking https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613742420008-UEA6474A2AAETBF9TBH1/wireshark_capture_mfp_001.png Civilsphere Blog - Mobile (in)Security Series: Application "MyFitnessPal" Data Leaking Figure 1. HTTP request performed by 'MyFitnessPal' iOS application. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613744362680-HRUMD9M80HOQ9I2ZOAGQ/ads-nexage-001.png Civilsphere Blog - Mobile (in)Security Series: Application "MyFitnessPal" Data Leaking Figure 2. Unencrypted advertisement requests sent to ads.nexage.com. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613745128326-607D0W853ZO36NNM4P2R/ads-aerserv-001.png Civilsphere Blog - Mobile (in)Security Series: Application "MyFitnessPal" Data Leaking Figure 2. Unencrypted advertisement requests sent to ads.aerserv.com. https://www.civilsphereproject.org/blog/2020/5/4/phantomlance-android-malware-highlights-the-complexity-of-the-mobile-threat monthly 0.5 2020-05-04 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1588596854700-B8TGXIT702MRCB3YOEHS/sl_phantomlance_18.png Civilsphere Blog - PhantomLance Android malware highlights the complexity of the mobile threat Distribution of PhantomLance victims. Source: https://securelist.com/apt-phantomlance/96772/ https://www.civilsphereproject.org/blog/2020/3/24/the-civilsphere-emergency-vpn monthly 0.5 2020-03-24 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1585055163190-0SCMC8V5L73I9AYPQU8Y/image-asset.jpeg Civilsphere Blog - The Civilsphere Emergency VPN https://www.civilsphereproject.org/blog/2020/2/5/should-i-click-a-machine-learning-based-tool-to-analyze-if-a-url-is-safe-to-click monthly 0.5 2020-02-05 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1580849816404-1YG9HIRPJO3BGNER6HGK/Screenshot+2020-02-04+at+21.54.55.png Civilsphere Blog - Should I Click: a Machine Learning Based Tool to Analyze if a URL is Safe to Click Unsafe websites detected per week by Google Safe Browsing, from 2007 to 2020. Source: https://transparencyreport.google.com/safe-browsing/overview https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1580843474926-LFBSNCJADP6JOCL88PN6/Screenshot+2020-02-04+at+11.46.24.png Civilsphere Blog - Should I Click: a Machine Learning Based Tool to Analyze if a URL is Safe to Click Should I Click free online web service is able to analyze a URL and indicate if its safe to click or not and why. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1580851077543-QMB3H2R9AWN1NTDSBJIX/Screenshot+2020-02-04+at+22.15.45.png Civilsphere Blog - Should I Click: a Machine Learning Based Tool to Analyze if a URL is Safe to Click Example of an analysis of Should I Click where the verdict is that the user should click on the link as there were no potential threats detected on the Google Accounts website. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1580851014176-KXGZNGMF7Y3PK18K5K14/Screenshot+2020-02-04+at+22.14.34.png Civilsphere Blog - Should I Click: a Machine Learning Based Tool to Analyze if a URL is Safe to Click Example of an analysis of Should I Click where the verdict is that the user should not click on the link due to the website likely being a fake version of a known news site. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1580850871716-S6F50JGAB6W7HEPQEWV8/image-asset.jpeg Civilsphere Blog - Should I Click: a Machine Learning Based Tool to Analyze if a URL is Safe to Click Example of a real Google identity verification page. We can see that the domain is accounts.google.com with a valid HTTPS certificate. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1580850894196-A6RHUFM1A95M2VL9AINI/image.jpg Civilsphere Blog - Should I Click: a Machine Learning Based Tool to Analyze if a URL is Safe to Click Example of an evil twin website attempting to imitate a Google identity verification page. However we can see that the domain is "minivale.com" and not Google Accounts. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1580851289536-PH50FPNRPD5Y2J2FGD9Y/scam_1.png Civilsphere Blog - Should I Click: a Machine Learning Based Tool to Analyze if a URL is Safe to Click Example of a scam website, offering a free iPhone to the user to steal his personal data. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1580851304822-0276553E4JQZ65ERZ6FO/image-asset.jpeg Civilsphere Blog - Should I Click: a Machine Learning Based Tool to Analyze if a URL is Safe to Click Example of a scam website, offering a Spotify code to get a free premium subscription. https://www.civilsphereproject.org/blog/2019/12/29/36c3-chaos-west-emergency-vpn-analyzing-mobile-network-traffic-to-detect-digital-threats monthly 0.5 2020-01-01 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1577645037837-ESF4AKDT8HZQDYNLZB5B/Screenshot+2019-12-29+at+19.42.55.png Civilsphere Blog - 36c3 Chaos West: Emergency VPN, Analyzing Mobile Network Traffic to Detect Digital Threats Veronica and Sebastian presented the Emergency VPN at the 36c3 Chaos West. https://www.civilsphereproject.org/blog/2019/11/06/use-of-facebook-udp-priming-revealed-in-unencrypted-udp-connection-to-port-33000 monthly 0.5 2019-11-06 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1552571041849-MKIUH26WINMTUSEYWBHA/facebooktoken_fig1.png Civilsphere Blog - Use of Facebook UDP Priming Revealed in Unencrypted UDP Connection to port 33000 Figure 1 - UDP traffic to Facebook IPs using a non-standard port , 33000 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1552572746109-R8RII8FJPEVKOKVTS970/Screenshot+2019-03-14+at+15.11.53.png Civilsphere Blog - Use of Facebook UDP Priming Revealed in Unencrypted UDP Connection to port 33000 https://www.civilsphereproject.org/blog/2019/10/22/que-es-ooni-y-como-usarlo monthly 0.5 2019-10-22 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1571733193159-QX0C9K376RRNFX9JWE98/Screenshot+2019-10-22+at+10.04.53.png Civilsphere Blog - Qué es OONI y Cómo Usarlo - OONI Probe en el Android Play Store https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1571733197524-8913W8I47PIPSFN7TKKS/Screenshot+2019-10-22+at+10.05.17.png Civilsphere Blog - Qué es OONI y Cómo Usarlo - OONI Probe en el Apple Store https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1571733195859-6D0VPQHTBWOC5BHXSO2D/Screenshot+2019-10-22+at+10.05.38.png Civilsphere Blog - Qué es OONI y Cómo Usarlo - OONI Probe en F-Droid https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1571733420897-2F50SZ2VMDYD6QR09GCW/Screenshot+2019-10-22+at+10.09.31.png Civilsphere Blog - Qué es OONI y Cómo Usarlo El dashboard de la aplicación presenta todas las pruebas disponibles para medir la censura en ese momento en la red a la que el dispositivo está conectado. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1571734239612-EEXBEPYCMDSKF2N2KR6F/IMG_D7EAFBD3A008-1.jpeg Civilsphere Blog - Qué es OONI y Cómo Usarlo OONI permite al usuario configurar que información enviar y cómo enviarla. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1571735119401-4OMF59IQ4YRYA9BWFGRB/Screenshot+2019-10-22+at+11.04.14.png Civilsphere Blog - Qué es OONI y Cómo Usarlo La covertura de mediciones en Argentia a traves del proyecto OONI. Fuente: https://explorer.ooni.org/country/AR https://www.civilsphereproject.org/blog/2019/6/6/mobile-insecurity-series-application-czech-public-transport-idos-leaks-your-location-password-and-email-1 monthly 0.5 2019-06-19 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1559829762789-53D7I0R1JHJY2CD418HS/idos_gplay.png Civilsphere Blog - Mobile (in)Security Series: Application "Czech Public Transport IDOS" leaks your location, password & email address Figure 1 - Application “Czech Public Transport IDOS“ in the Google Play store. Source: Google Play Store, Date: 2019-06-06 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1559834690004-2VYX957CO2EKQSLR5EL3/update_check.png Civilsphere Blog - Mobile (in)Security Series: Application "Czech Public Transport IDOS" leaks your location, password & email address Figure 2 - A request that checks for a new update. It contains information about the user and the application. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1559830941334-TNWZIV7MBYB8IK8FY2NZ/update.png Civilsphere Blog - Mobile (in)Security Series: Application "Czech Public Transport IDOS" leaks your location, password & email address Figure 3 - A response to the request in Figure 2. It contains the update. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1559834323930-39FVXW4JMN0SER0ZTKNJ/route_req.png Civilsphere Blog - Mobile (in)Security Series: Application "Czech Public Transport IDOS" leaks your location, password & email address Figure 4 - Details of a request to “main.crws.cz” after the user searches for a route from a current location to Praha hl.n. It reveals the origin and the destination of the user’s travel. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1559831045136-B5M3CU7SP4E1CGB7H7V7/route_res.png Civilsphere Blog - Mobile (in)Security Series: Application "Czech Public Transport IDOS" leaks your location, password & email address Figure 5 - A response to the request shown in Figure 4 revealing the routes suggested to the user https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1559834714721-Z3FTBZJQSMJH3A2PYE93/login1.png Civilsphere Blog - Mobile (in)Security Series: Application "Czech Public Transport IDOS" leaks your location, password & email address Figure 6 - A request with user’s credentials after the user tries to log in. It contains the email, password and other information. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1559834997548-NGWDZIHM4O66WVPQ7HEP/support_req.png Civilsphere Blog - Mobile (in)Security Series: Application "Czech Public Transport IDOS" leaks your location, password & email address Figure 7 - A request revealing user’s name and email after choosing the “Ticket sales support request” in the application. It also reveals language settings among other information about the device. https://www.civilsphereproject.org/blog/2019/4/11/mobile-insecurity-series-application-moovit-leaks-your-location-on-both-android-and-ios monthly 0.5 2019-06-03 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554987899663-1TECPQ87SIRAGP0YOSI6/moovit+-1.png Civilsphere Blog - Mobile (in)Security Series: application "Moovit" leaks your location, username & email address Figure 1 - Application “Moovit” as advertised in the Google Play Store. Source: Google Play Store. Date: 2019-04-11. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554988117042-J08POSRVNIPXY0Y6NX9N/moovit+-+2.png Civilsphere Blog - Mobile (in)Security Series: application "Moovit" leaks your location, username & email address Figure 2 - The application leaks the exact GPS location of the user using unencrypted requests to Open Weather Map. Only in the iOS version of Moovit. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554988196656-DXZJXNPCZ6SDHSIGE3VN/moovit+-+3.png Civilsphere Blog - Mobile (in)Security Series: application "Moovit" leaks your location, username & email address Figure 3 - The information entered in the origin or destination fields is sent in clear text. As the user types in the application, the partial text typed is sent to the server to retrieve possible matching locations. This Figure shows the text “this should not happen” being sent. It also shows that the complete HTTP request is not encrypted and therefore anyone with access to the traffic can see what you type. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554988263283-83ZTV1JO3D45WI7J6G5G/moovit+-+4.png Civilsphere Blog - Mobile (in)Security Series: application "Moovit" leaks your location, username & email address Figure 4 - The partial text typed is sent to the server to retrieve possible matching locations, which are sent back by the server unencrypted. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554988517752-Z0U0K6C8DG2T72SY2V5Z/moovit+-+5 Civilsphere Blog - Mobile (in)Security Series: application "Moovit" leaks your location, username & email address Figure 5 - When the user chooses an origin and destination to see possible routes, these confirmed values (origin and destination) are sent in plain text. Anyone with access to the traffic can know where are you going and which will be your starting point. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554988750354-Q2XAR4QFZ9XUE4D047NP/moovit+-+6.png Civilsphere Blog - Mobile (in)Security Series: application "Moovit" leaks your location, username & email address Figure 6 - As the user of “Moovit” types, the information is sent in clear text over the network and letter by letter. This leaks not only what you search, but it opens the possibility to use keystroke dynamic technics to know who you are. This figure shows the user starting to type the letter ‘a’. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554988762598-B7PQUHWWKBS1QDISRZB9/moovit+-+7.png Civilsphere Blog - Mobile (in)Security Series: application "Moovit" leaks your location, username & email address Figure 7 - This figure shows the user starting to type the letter ‘airp’. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554988777084-0DZ6K1JPVOD01HYQWMT5/moovit+-+8.png Civilsphere Blog - Mobile (in)Security Series: application "Moovit" leaks your location, username & email address Figure 8 - This figure shows the user starting to type the letter ‘airpo’. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554988789396-G34OMT3V73VRJ7ZPRHQY/moovit+-+9.png Civilsphere Blog - Mobile (in)Security Series: application "Moovit" leaks your location, username & email address Figure 9 - This figure shows the user starting to type the letter ‘airport’. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554989613584-UI57MTSGNXCDOT8FJKTM/moovit+-+10.png Civilsphere Blog - Mobile (in)Security Series: application "Moovit" leaks your location, username & email address Figure 10 - If the user registers and logs in in the Moovit application, its username and email address are sent back from the server in plain text over the network. Anyone can use this information to link this traffic to your real persona. https://www.civilsphereproject.org/blog/2019/4/3/aplicacion-ba-como-llego-envia-tu-ubicacion-y-lo-que-tipeas monthly 0.5 2019-06-03 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554235261571-Q4CY0Q68SG7PR020468W/ba-como-llego-1.jpg Civilsphere Blog - la Aplicación celular "BA Cómo Llego" envía tu ubicación y lo que tipeas en texto plano por la red Aplicación "BA Cómo Llego" como se anuncia en Google Play Store. Fuente: Google Play Store. Fecha: 2019-04-02. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554281694137-HXB40NZXKUWG9MP2T5RD/BA-COMO-LLEGO-FIRST-REQ-DETAIL.png Civilsphere Blog - la Aplicación celular "BA Cómo Llego" envía tu ubicación y lo que tipeas en texto plano por la red Figura 1 - Toda la información se envía en texto plano. A medida que el usuario escribe en la aplicación, el texto parcial escrito se envía al servidor para recuperar posibles ubicaciones coincidentes. Esta figura muestra el texto parcial "Thi" que se está enviando. También muestra que la solicitud HTTP completa no está encriptada y, por lo tanto, cualquier persona con acceso al tráfico puede ver lo que escribe. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554281720598-PDAPOG3P2NLDQSMCQWAC/BA-COMO-LLEGO-MULTIPLE-REQ-1.png Civilsphere Blog - la Aplicación celular "BA Cómo Llego" envía tu ubicación y lo que tipeas en texto plano por la red Figura 2 - A medida que el usuario de "BA Cómo Llego" escribe, la información se envía en texto sin cifrar a través de la red y letra por letra. Esto filtra no solo lo que el usuario busca, sino que abre la posibilidad de utilizar las técnicas dinámicas de pulsación de teclas para saber quién es la persona. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554281748730-XASZQMWEYMT5OI5YRST9/BA-COMO-LLEGO-MULTIPLE-REQ-2.png Civilsphere Blog - la Aplicación celular "BA Cómo Llego" envía tu ubicación y lo que tipeas en texto plano por la red Figura 3: Un error en la aplicación hace que genere dos solicitudes con el mismo texto. Esto significa que la aplicación utiliza más del doble del ancho de banda de datos que debería de tu teléfono. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554238926860-TXSQJN0ZBJL5SZO2VKPJ/Screenshot+2019-04-02+at+22.56.06.png Civilsphere Blog - la Aplicación celular "BA Cómo Llego" envía tu ubicación y lo que tipeas en texto plano por la red Figura 4: La aplicación envía la ubicación GPS exacta del usuario mediante solicitudes no cifradas. Incluso cuando el usuario no buscó Desde o Hasta esta ubicación. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554239405776-JXEO9IDGJCF7OOJ1VMHQ/Screenshot+2019-04-02+at+23.08.05.png Civilsphere Blog - la Aplicación celular "BA Cómo Llego" envía tu ubicación y lo que tipeas en texto plano por la red Figure 5 - Response to the Google APIs location request. It shows how Google actually banned the requests. https://www.civilsphereproject.org/blog/2019/4/3/application-ba-como-llego-leaks-data-in-real-time monthly 0.5 2019-06-03 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554235261571-Q4CY0Q68SG7PR020468W/ba-como-llego-1.jpg Civilsphere Blog - Mobile (in)Security Series: application "BA Cómo Llego" leaks your location & everything you type Application “BA Cómo Llego” as advertised in the Google Play Store. Source: Google Play Store. Date: 2019-04-02. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554281694137-HXB40NZXKUWG9MP2T5RD/BA-COMO-LLEGO-FIRST-REQ-DETAIL.png Civilsphere Blog - Mobile (in)Security Series: application "BA Cómo Llego" leaks your location & everything you type Figure 1 - All information is sent in clear text. As the user types in the application, the partial text typed is sent to the server to retrieve possible matching locations. This Figure shows the partial text “Thi” being sent. It also shows that the complete HTTP request is not encrypted and therefore anyone with access to the traffic can see what you type. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554281720598-PDAPOG3P2NLDQSMCQWAC/BA-COMO-LLEGO-MULTIPLE-REQ-1.png Civilsphere Blog - Mobile (in)Security Series: application "BA Cómo Llego" leaks your location & everything you type Figure 2 - As the user of “BA Cómo Llego” types, the information is sent in clear text over the network and letter by letter. This leaks not only what you search, but it opens the possibility to use keystroke dynamic technics to know who you are. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554281748730-XASZQMWEYMT5OI5YRST9/BA-COMO-LLEGO-MULTIPLE-REQ-2.png Civilsphere Blog - Mobile (in)Security Series: application "BA Cómo Llego" leaks your location & everything you type Figure 3 - A bug on the application causes it to generate two requests with the same text to different resource locators. This means that the app uses more than double the data bandwidth of your phone that it should. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554238926860-TXSQJN0ZBJL5SZO2VKPJ/Screenshot+2019-04-02+at+22.56.06.png Civilsphere Blog - Mobile (in)Security Series: application "BA Cómo Llego" leaks your location & everything you type Figure 4 - The application leaks the exact GPS location of the user using unencrypted requests. Even when the user did not search From or To this location. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1554239405776-JXEO9IDGJCF7OOJ1VMHQ/Screenshot+2019-04-02+at+23.08.05.png Civilsphere Blog - Mobile (in)Security Series: application "BA Cómo Llego" leaks your location & everything you type Figure 5 - Response to the Google APIs location request. It shows how Google actually banned the requests. https://www.civilsphereproject.org/blog/2019/11/04/facebook-user-token-leaked-in-suspicious-udp-connections monthly 0.5 2019-11-01 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1552571041849-MKIUH26WINMTUSEYWBHA/facebooktoken_fig1.png Civilsphere Blog - Facebook User Token Leaked in unencrypted UDP Connection Figure 1 - UDP traffic to Facebook IPs using a non-standard port , 33000 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1552572746109-R8RII8FJPEVKOKVTS970/Screenshot+2019-03-14+at+15.11.53.png Civilsphere Blog - Facebook User Token Leaked in unencrypted UDP Connection https://www.civilsphereproject.org/blog/2019/2/22/reversing-my-first-malware-kamila-babayeva monthly 0.5 2019-02-22 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1550855106690-OC4PG731AUIRFWES8WPI/malware-1.png Civilsphere Blog - Reversing my first malware Figure 1 - Original malware code obfuscated. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1550855120867-QJ2EDESZ3M86889UGBSF/malware-2.png Civilsphere Blog - Reversing my first malware Figure 2 - Malware code de-obfuscated after analysis. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1550855306275-INLIJNQ8UHDUOGX9YSYL/malware-3.png Civilsphere Blog - Reversing my first malware Figure 3 - Malware code after removing meaningless statements https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1550855443913-Q3D14G87TLZYEQ145SB1/malware-4.png Civilsphere Blog - Reversing my first malware Figure 4 - Malware code after first renaming of variables https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1550855533269-WYKQEMKE5TDBQ9RVXJFT/malware-5.png Civilsphere Blog - Reversing my first malware Figure 5 - Malware code after the first round of analysis https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1550855668262-GQXW7YGYEPQRM4FJN7VH/malware-6.png Civilsphere Blog - Reversing my first malware Figure 6 - Malware code after the second round of variable renaming https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1550855747590-80NUYHNLPAE3RHLFNFWA/image-asset.png Civilsphere Blog - Reversing my first malware Figure 7 -Final code of the malware with the behavior summarized https://www.civilsphereproject.org/blog/2018/8/30/mobile-insecurity-series-application-leaks-location-over-the-network monthly 0.5 2019-03-15 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1535643011361-J02C4CX6KVI4IRHU7TGV/Screen+Shot+2018-08-30+at+17.29.33.png Civilsphere Blog - Mobile (in)Security Series: location leaked over the network by android application https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1535644832356-FXTT6P30233AK340XKZL/Screen+Shot+2018-08-30+at+18.00.07.png Civilsphere Blog - Mobile (in)Security Series: location leaked over the network by android application Details of the 'Transparent clock & weather' application as it appears in the Google Play Store. Reference: https://play.google.com/store/apps/details?id=com.droid27.transparentclockweather https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1535647043859-30N2II6RN6YU8ZTVO2PF/image-asset.png Civilsphere Blog - Mobile (in)Security Series: location leaked over the network by android application Figure 1. First HTTP request performed by the 'Transparent clock & weather' android application. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1535647453753-SGXUNEI3W6Y76KYQUF5R/image-asset.png Civilsphere Blog - Mobile (in)Security Series: location leaked over the network by android application Figure 2. Second HTTP request performed by the 'Transparent clock & weather' android application. The application sends in plain HTTP over the network coordinates of the location sent by the user. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1535647616671-V1A1DCVKAR4PPZVQLTZN/Screen+Shot+2018-08-30+at+18.46.24.png Civilsphere Blog - Mobile (in)Security Series: location leaked over the network by android application Figure 3. Details of the TCP connection generated by the 'Transparent clock & weather' shows that there is no data retrieved from the server. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1535652483859-VCB5WKYM9KIGO0T1HU2V/Screen+Shot+2018-08-30+at+19.07.00.png Civilsphere Blog - Mobile (in)Security Series: location leaked over the network by android application Figure 4. The 'Transparent clock & weather' application generates periodic requests to their server, sending the user location, and no responses are obtained. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1535652930888-RCAYW5X2XVZ5OCQU420T/Screen+Shot+2018-08-30+at+20.12.30.png Civilsphere Blog - Mobile (in)Security Series: location leaked over the network by android application Figure 5. In a capture from a different user, the server responds sporadically to the requests sent by the user. The ratio of responses is disproportionate. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1535654303993-URLQEOC708OWLCZ8G5EU/Screen+Shot+2018-08-30+at+20.33.37.png Civilsphere Blog - Mobile (in)Security Series: location leaked over the network by android application Figure 6. Using the information leaked by the 'Transparent clock & weather' application, an attacker can map your most common visited places, including where you work and where you live. https://www.civilsphereproject.org/blog/2018/8/6/report-malware-attacks-on-linux-servers-to-run-cryptocurrency-miners-a-real-case-analysis monthly 0.5 2018-08-06 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1533289113465-B5V6SDEDFWAW4T9VXA3H/blog-download.png Civilsphere Blog - Report: Malware attacks on Linux servers to run cryptocurrency miners. A real case analysis. https://www.civilsphereproject.org/blog/2018/7/30/civilsphere-free-malware-detection-for-ngos-journalists-and-people-at-risk monthly 0.5 2018-08-02 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1533222754111-L6E588GFQ0TPW4KE3QYO/humans-world-together.jpg Civilsphere Blog - CivilSphere: free malware detection for NGOs, journalists, and people at risk https://www.civilsphereproject.org/blog/2018/4/11/visit-to-the-ngo-market-2018-the-stories-of-civil-society monthly 0.5 2018-08-03 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1533289892229-V7G61CL8QIY7N2AOYJX2/NGO-Market-2018-1.jpeg Civilsphere Blog - Visit to the NGO Market 2018: The Stories of Civil Society https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1533290227013-MO6OZU4R6JOBOHPJA3UL/IMG_3854.jpeg Civilsphere Blog - Visit to the NGO Market 2018: The Stories of Civil Society NGO Market 2018: The Stories of Civil Society @ Forum Karlín, Prague, Czech Republic https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1533289915868-G63VOJ9TR5JENZXW9DF3/image-asset.jpeg Civilsphere Blog - Visit to the NGO Market 2018: The Stories of Civil Society NGO Market 2018: The Stories of Civil Society @ Forum Karlín, Prague, Czech Republic https://www.civilsphereproject.org/blog/category/Social monthly 0.5 https://www.civilsphereproject.org/blog/category/Events monthly 0.5 https://www.civilsphereproject.org/blog/category/Mobile+Insecurity+Series monthly 0.5 https://www.civilsphereproject.org/blog/category/services monthly 0.5 https://www.civilsphereproject.org/blog/category/Society monthly 0.5 https://www.civilsphereproject.org/blog/category/Mobile+Network+Traffic monthly 0.5 https://www.civilsphereproject.org/blog/category/Civilsphere+AI+VPN monthly 0.5 https://www.civilsphereproject.org/blog/tag/deobfuscation monthly 0.5 https://www.civilsphereproject.org/blog/tag/aivpn monthly 0.5 https://www.civilsphereproject.org/blog/tag/refugees monthly 0.5 https://www.civilsphereproject.org/blog/tag/android monthly 0.5 https://www.civilsphereproject.org/blog/tag/protection monthly 0.5 https://www.civilsphereproject.org/blog/tag/ios monthly 0.5 https://www.civilsphereproject.org/blog/tag/oceanlotus monthly 0.5 https://www.civilsphereproject.org/blog/tag/security monthly 0.5 https://www.civilsphereproject.org/blog/tag/phantomlance monthly 0.5 https://www.civilsphereproject.org/blog/tag/information+leaked monthly 0.5 https://www.civilsphereproject.org/blog/tag/reversing monthly 0.5 https://www.civilsphereproject.org/blog/tag/emergency+vpn monthly 0.5 https://www.civilsphereproject.org/blog/tag/obfuscation monthly 0.5 https://www.civilsphereproject.org/blog/tag/events monthly 0.5 https://www.civilsphereproject.org/blog/tag/point+for+help monthly 0.5 https://www.civilsphereproject.org/blog/tag/get+help monthly 0.5 https://www.civilsphereproject.org/blog/tag/phishing monthly 0.5 https://www.civilsphereproject.org/blog/tag/python monthly 0.5 https://www.civilsphereproject.org/blog/tag/malware monthly 0.5 https://www.civilsphereproject.org/blog/tag/rat monthly 0.5 https://www.civilsphereproject.org/blog/tag/remote+access+trojan monthly 0.5 https://www.civilsphereproject.org/blog/tag/certificate+validation monthly 0.5 https://www.civilsphereproject.org/blog/tag/network+traffic+analysis monthly 0.5 https://www.civilsphereproject.org/blog/tag/facebook monthly 0.5 https://www.civilsphereproject.org/blog/tag/shouldiclick monthly 0.5 https://www.civilsphereproject.org/blog/tag/mobile monthly 0.5 https://www.civilsphereproject.org/blog/tag/google+play monthly 0.5 https://www.civilsphereproject.org/blog/tag/vietnam monthly 0.5 https://www.civilsphereproject.org/blog/tag/digital+threats monthly 0.5 https://www.civilsphereproject.org/blog/tag/civil+society monthly 0.5 https://www.civilsphereproject.org/blog/tag/services monthly 0.5 https://www.civilsphereproject.org/blog/tag/windows monthly 0.5 https://www.civilsphereproject.org/blog/tag/MITM monthly 0.5 https://www.civilsphereproject.org/blog/tag/application monthly 0.5 https://www.civilsphereproject.org/blog/tag/ukraine monthly 0.5 https://www.civilsphereproject.org/blog/tag/kaspersky monthly 0.5 https://www.civilsphereproject.org/blog/tag/aid monthly 0.5 https://www.civilsphereproject.org/home daily 1.0 2021-06-16 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613421017806-K3EQ6DI7IVRDKXT6AMY4/image-asset.jpeg Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613422130661-TCNN0PK9V6IMJ98VVJLP/image-asset.jpeg Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613423056578-U6980H0CRB8ZRQKKQHXU/image-asset.jpeg Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613423586346-MSATZ3S4CNY4R85AF4SK/image-asset.jpeg Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613423742249-G9SM9DS3I8H9W6510X0B/NLNet%2BFoundation.png Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613423911884-3S2V6BABK803QC7DLAYT/Vertical_Logo_AIC_Holo.png Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1557668924748-5K49K1D4IHC35W9TKGQR/logo_CVUT.jpg Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1557668922933-3IPEKZZNJ3UT864D6IOP/avast-foundation-0.png Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1557668923521-3GPGN0BXSU84BIBRRBFH/logo-derechos-digitales.png Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1557668924752-PXP1A2M8AFEVXN0WY72Q/logo-opu.png Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613423997543-G4MFTM33LVZNGSA6P6CN/logo-pin.jpg Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1557668925639-VPLRAQTSVFE18FFKGAOD/logo-ricta.png Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1557668924404-PQWGRK9J3KR4CAL7YE3M/logo-fpu.png Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1620817331575-BD7N42F318GMWGA4CKO6/meta.png Home https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1623830495040-AYWLS2GY91JQFR96OIKX/finalista_banner.png Home - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://www.civilsphereproject.org/civilsphere-ai-vpn daily 0.75 2021-02-28 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614442275512-6Q7FW6V5Z0WKOXM77BQ3/image-asset.jpeg Civilsphere AI VPN https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614443515492-HIJIA6X49SI0VGYAON3P/image-asset.jpeg Civilsphere AI VPN https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614442200720-ZAX0Q4GNIKIYESQ9TBUR/AI-VPN-Logo-Idea-4_bl-up_bg-transparent-black-letters_1500x1500.jpg Civilsphere AI VPN https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614442970120-SHS3P5XBUSUPHUFDRKAC/civilsphere-aivpn-yellow.png.png Civilsphere AI VPN https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614443070940-0DM6H84YEAWBBIU4IF4Y/AI-VPN-Logo-Idea-4_bl-up_bg-black_1500x1500.png Civilsphere AI VPN https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614442978584-5HWQW9UL8OJRLMWR7KDY/civilsphere-aivpn-light-blue.png.png Civilsphere AI VPN https://www.civilsphereproject.org/cloud-based-malware-detection daily 0.75 2021-02-16 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1533197288626-52V9S6GEW1Z3YH8BA3HF/Screen+Shot+2018-07-31+at+14.51.49.png Cloud-based Malware Detection https://www.civilsphereproject.org/emergency-vpn daily 0.75 2021-02-16 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613492229201-9MLA0U9IROC15X7NBMK7/Emergency+VPN+Visual.jpg Emergency VPN https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613492720685-ATF6HSQHSVENWDPDIMPO/howtheevpnworks.png Emergency VPN https://www.civilsphereproject.org/check-suspicious-emails daily 0.75 2021-02-16 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1533140588657-WW4LC6YZ486061MZ8ATR/image-asset.jpeg Check Suspicious Emails https://www.civilsphereproject.org/get-started daily 0.75 2022-03-08 https://www.civilsphereproject.org/research/machete daily 0.75 2021-02-24 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613465026036-3SYI9G0HST59EBTAQ8O0/image.jpg A Study of Machete Cyber Espionage Operations in Latin America https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613465978841-OF2HDIL4UGD1VDMAHQIA/image.jpg A Study of Machete Cyber Espionage Operations in Latin America https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613466374290-NP4G6ZKQBQ4TJGVG5AWV/Figure+1.jpg A Study of Machete Cyber Espionage Operations in Latin America Figure 1: Machete has a nested structure. The parent is what the victim receives (1). This file contains a first executable file (2). The first executable file contains the payload and the decoy document (3). The payload consists of six to eight modules (4), which can be further reverse engineered to obtain their source code (6). https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613466458090-WPRCHDFE4SKMZ29A6PNO/Figure+2.jpg A Study of Machete Cyber Espionage Operations in Latin America Figure 2: Machete operations are structured in five phases: delivery, installation, action on objectives, lateral movement and exfiltration. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613466734863-G1SNE0KJAXCP6OW63IJK/Figure+3.png A Study of Machete Cyber Espionage Operations in Latin America Figure 3: Gathering system information using the platform library. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613466798712-GGHAFGVXMSFZT68P0KPA/Figure+4.png A Study of Machete Cyber Espionage Operations in Latin America Figure 4: Gathering geolocation information. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613467414435-FP91FTKR3NZYHJHMZZHL/Screen+Shot+2021-02-16+at+10.23.19.png A Study of Machete Cyber Espionage Operations in Latin America Table 1: Attacker infrastructure summary. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613467447754-2MAAQ2PFI59V13ACPTRI/Screen+Shot+2021-02-16+at+10.23.28.png A Study of Machete Cyber Espionage Operations in Latin America Table 1: Attacker infrastructure summary (contd.). https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613467610173-VWXPV6VGMS7I894F99EY/subplot.jpg A Study of Machete Cyber Espionage Operations in Latin America - (a) FTP servers https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613467652817-42VALSLAJK7DT5XU6TRZ/subplot.jpg A Study of Machete Cyber Espionage Operations in Latin America - (b) FTP users https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613467676277-UG6NJ6W73SNHX3UP81TB/Figure%2B5.jpg A Study of Machete Cyber Espionage Operations in Latin America - (c) malware versions https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613467692189-4JAXEWV6COIGOBARB1UJ/Figure%2B5.jpg A Study of Machete Cyber Espionage Operations in Latin America - (d) FTP routes https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613468047122-OP7RZ2HSUZMO1710IET7/Figure+6.png A Study of Machete Cyber Espionage Operations in Latin America Figure 6: Breakdown of decoy documents used by Machete. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613468109045-5C57SCBQJHIU2QTBE9GX/Figure+7.png A Study of Machete Cyber Espionage Operations in Latin America Figure 7: Number of decoys per country used by Machete. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613468159259-W3IQA0I8IAPSHTKCPBNE/Figure+8.png A Study of Machete Cyber Espionage Operations in Latin America Figure 8: The content of the decoy documents show countries targeted by Machete. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613468187993-PMUP9JDCZ39PBZD8YU6Y/Figure+9.png A Study of Machete Cyber Espionage Operations in Latin America Figure 9: Breakdown of topics used by Machete in decoy documents. https://www.civilsphereproject.org/should-i-click daily 0.75 2022-01-18 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1580815978708-18Q3MOM52YP1YVH3YE26/image.jpg Should I Click Scam websites are one of the phishing attacks that Should I Click can help you discover. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1580815957268-7YSJQL1D0VBN3KSHFNAT/evil_twin_example.png Should I Click Evil twin websites are a second type of the phishing attacks, heavily used in targeted attacks, that Should I Click can help you identify. https://www.civilsphereproject.org/get-started-emergency-vpn daily 0.75 2022-02-24 https://www.civilsphereproject.org/aivpn daily 0.75 2021-02-16 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613461258469-3KD3BPA9HEUYV3LKBNJX/sebastian.jpg Civilsphere AI-VPN Assistant Professor Sebastian Garcia, PhD Sebastian Garcia is a malware researcher and security teacher with experience in applied machine learning on network traffic. He founded the Stratosphere Lab, aiming to do impactful security research to help others using machine learning. As Assistant Professor and researcher, he believes that free software and machine learning tools can help better protect users from abuse of our digital rights. He researches on machine learning for security, honeypots, malware traffic detection, social networks security detection, distributed scanning (dnmap), keystroke dynamics, fake news, Bluetooth analysis, privacy protection, intruder detection, and microphone detection with SDR (Salamandra). He taught in several Universities and worked on penetration testing for both corporations and governments. He talked in conferences such as BlackHat, Defcon Villages, Ekoparty, DeepSec, Hackitivy, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCon, Free Software Foundation Europe, VirusBulletin, BSides Vienna, HITB Singapore, CACIC, AAMAS, etc. He co-founded the MatesLab hackspace in Argentina and co-founded the Independent Fund for Women in Tech. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613461345710-RKCFM6ZRQCXAP4GQRWFS/veronica%252Bvaleros.jpg Civilsphere AI-VPN Veronica Valeros, Ing. Veronica Valeros is a senior researcher and project leader at the Stratosphere Research Laboratory in the Czech Technical University in Prague. She has more than 9 years of experience in cyber security. Veronica's research strongly focuses on helping people. She currently specializes in threat intelligence, malware traffic analysis, and data analysis. She has made her career in both industry and academia. In her current position as a project leader, Veronica helps driving forward the research and development projects, improves processes, and drives the community engagement of the groups she works with. As a senior researcher, Veronica's is responsible for the research, development, and customer support at the Civilsphere project, dedicated to protecting civil society organizations and individuals at risk from targeted digital threats. Veronica has presented her research at international conferences such as Black Hat, EkoParty, Botconf, Virus Bulletin, Deepsec, and others. She is the co-founder of the MatesLab hackerspace based in Argentina and co-founder of the Independent Fund for Women in Tech. https://www.civilsphereproject.org/research/post-modern-computational-propaganda daily 0.75 2021-02-16 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613472523297-LWZY9DWNCES4X0GJROH0/computational-propaganda-blog.jpg Post-Modern Computational Propaganda https://www.civilsphereproject.org/about-us daily 0.75 2025-07-09 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1557670425657-P0TXZMYGMG3OJU0XN2W0/image-asset.jpeg About us https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1582647141360-WA1TIQEK5SW0PFMUNFKY/image-asset.jpeg About us https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1650877376215-M92PK19Q6X84KNCA2P8E/Mohammad-Amr-Khan-1x1.jpeg About us - Mohammad Amr Khan (analyst) https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613424579301-BSSLDJN1JIAJUL7PXLK2/bryan.jpg About us - Bryan Campbell (Consultant) https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613424579459-3VOCUB4FUQVNTI7QZJ6Z/martijn.jpeg About us - Martijn Grooten (Fellow) https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613424580078-7AF57T19J1R7VWO9XAB8/nino.jpeg About us - Gaetano Pellegrino (Consultant) https://www.civilsphereproject.org/research/a-study-of-remote-access-trojans daily 0.75 2021-02-16 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613477938429-9HW4YQ1Y9D9TTHR21H7X/image.jpg A Study of Remote Access Trojans https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613474328744-NRD48YBVMV2M5N6YOI1E/Figure+1+-+Timeline.jpg A Study of Remote Access Trojans Figure 1: Timeline of 337 well-known remote access trojan families during 1996-2018. They are ordered by the year in which they were first seen or reported by the community. The last decade clearly shows a significant growth compared with the previous 16 years. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613474396173-35D14G24VMTTOYBY4GSF/Figure+2+-+Growth+per+Decade.jpg A Study of Remote Access Trojans Figure 2: Number of RAT families per decade since 1990. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613474573457-L9QBRILJF2SZUELE7AE6/Screen+Shot+2021-02-16+at+12.22.38.png A Study of Remote Access Trojans Table 1: Technical overview of 11 of the most common RATs during 2019-2020. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613474651891-A2432WPD1V392WVGA0UK/Screen+Shot+2021-02-16+at+12.24.00.png A Study of Remote Access Trojans Table 2: Prices of commercialized RATs in online marketplaces. https://www.civilsphereproject.org/research/mobile-applications-we-helped-improve daily 0.75 2021-02-19 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613747064078-FD9WTO13UGEC97KZ9G05/image.jpg Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748663825-V067NUD3DVD1FY3CPXRC/911+CDMX.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748664019-WSFFI0VOJPOL3YFXTBJE/Android+360+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748664630-42CFEBKRKCJ9RDYKKWVQ/Android+Avast+AntiVirus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748664723-YZXJWE91I6XYHDWO3O47/Android+AVG+AntiVirus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748665247-09ILLX72JTFSM26WIP52/Android+Avira+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748665609-4W0BNKJJGP4M2CYRMHV2/Android+BitDefender+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748666174-G3TV088BB9FRTJHR2UDM/Android+Clean+Master+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748666236-CXMAM0T8JB6R6LC6US56/Android+Comodo+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748666860-VYIFYMQJESID1YSCJHDH/Android+dfndr+security+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748666941-ME3C25N7D3J4YFF8VNM9/Android+Dr.Web+Light+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748667403-PFROLR9UIYO8C8A9UQK7/Android+ESET+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748667892-42Z7UHS2EKOM17BHWL5R/Android+FSecure+SAFE+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748668020-QILUQVCYAQ473TYTFUXX/Android+GData+Light+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748668622-OKBJOR1XU0VHOCP3ZOWK/Android+Kaspersky+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748668932-PGUS3DI5N9VK660YIT14/Android+LINE+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748669202-M77L7WV84Y15724337B2/Android+Lookout+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748669666-LX7PPKWBRZYVR4CPU57U/Android+MalwareBytes+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748669790-8GSNMT5U3BQBA2GW7OPB/Android+McAfee+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748670354-H7OTKOSYC6JBCLEJGBAV/Android+Norton+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748670345-MAESO4565O3XUMLGDO13/Android+Panda+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748671019-HJYOM5TY17HXP9ZFGYI0/Android+Power+Clean+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748671162-1OLD1H3KBWK2V4KCAUTU/Android+Security+Master+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748671628-S9I0PQTDXAKNFFJHREFL/Android+Sophos+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748672064-59S2FS57EMYF42BLGM2M/Android+Super+Cleaner+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748672361-3A67S8KOSUO5S55PSFC4/Android+TrendMicro+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748672638-N3I7KBMVUFH55VCR7WML/Android+V3Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748672929-V05BY2MV7GWKKC1K0FX9/Android+VIPRE+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748673396-BNBE1KDAD5EBTR2EJBG5/Android+Virus+Cleaner+Anti+Virus.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748673988-LASIAFRTO6K8F1EO627C/CAIXA.jpeg Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748674258-W7MSTU2OK0Y91I0KOS72/Chile+Metro.jpg Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748674852-2H6J96DDUKK4EMMYBP9W/CJEcuador.jpg Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748674918-QABQ1HF76D1LXQUODRSM/Consulta+Escolar+Jalisco.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748675381-WT27B6WQLH1907QHYD6U/EsSalud+Mobile.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748675603-H6ZWL1OZ372G8KKJYAYK/FNA+Movil+Agil.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748675921-LHWS69E95ZN54SMWPL8P/idos.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748676055-9WIPOXJM3B3WARZ71K2E/IMSS+Digital.jpeg Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748676489-9848V5K49OEY1527XP0Y/iTaxi+Ro.jpg Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748676545-UPU71VJDHBQX3LHVIPIC/Meu+INSS+%E2%80%93+Central+de+Servic%CC%A7os.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748677070-F67FS3B8RHKQUIC2TMCB/MiConsulmex.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748677153-A8ZPCST5Y5JC40N5OC5O/MyFitnessPal_Logo.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748677683-T3H75HQU8YHX65ZSXTZQ/Sinesp+Cidada%CC%83o.jpeg Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748677734-8DX28SA62Q9NA1OE4SNW/SUNAT.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613748678716-258H812927371AWI0K23/Transparent+clock+%26+weather.png Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613749913874-A8LO29LLNGDSMC1O4V1M/Billipool-Ball+Shooting.jpeg Mobile Applications We Helped Improve https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1613750216461-08WVWAT95FL1KPUQNOPY/VeSyncFit.png Mobile Applications We Helped Improve https://www.civilsphereproject.org/research/a-modern-study-of-microphone-bugs-operation-and-detection daily 0.75 2021-02-24 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614173125104-46SUM17JDQ3E9BKANI0Y/Figure1.png A Modern Study of Microphone Bugs Operation and Detection Fig. 1. Bangkok Post (6 Oct 2015 at 00:41) - Dissident Chinese artist AiWeiwei has posted photos on his Instagram account that suggest listening devices were planted in his Beijing studio.[4] https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614175377411-42BHCJK2RABZMA8KNIDL/the_great_seal_bug.png A Modern Study of Microphone Bugs Operation and Detection Fig. 2. The Great Seal Bug, also known as The Thing, was a passive listening device invented by the Soviet Union at the end of the Second World War. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614176332255-OOG6PORPZ3FSYHEXLW4J/kgbbug.jpg A Modern Study of Microphone Bugs Operation and Detection Fig. 3. The KGB Bug, one of the first Soviet transistor-based bugs, created circa 1964. Size 75mm x 23mm x 10mm. Adjustable frequency. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614176393219-XHD5GG5HJEW6D5IIT4XN/czechoslovakBug.jpg A Modern Study of Microphone Bugs Operation and Detection Fig. 4. The Czechoslovak TI-574A was a modular FM transmitter, could be combined to achieve different functions, such being as transceiver, remote control unit, remote control bug and homing beacon. Size 150mm x 20mm x 15 mm. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614177093118-1XJ0TXPLG9WLUK7O71SB/czechoslovakBug2.png A Modern Study of Microphone Bugs Operation and Detection Fig. 5. The Czechoslovak TI-574A was widely used for domestic surveillance, used in common places such as tables. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614177376004-PYDCT2Z7EEW5EIB1VDUM/opecbug.jpg A Modern Study of Microphone Bugs Operation and Detection Fig. 6. The OPEC Bug, discovered in the late 1970s, was powered by electromagnetic induction. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614177478044-YL2ZPCHZLHJ9OXA038J4/Figure7.png A Modern Study of Microphone Bugs Operation and Detection Fig. 7. Microphone Bug 01 - MicroSpy FM transmitter. Size 35mm x 10mm, 3-12v. Adjustable frequency. Advertised range up-to 500m in open field. One week of life on battery. Price: 1 ̃5 USD. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614177581560-U59ALCD5TUUX64DV7825/Figure8.png A Modern Study of Microphone Bugs Operation and Detection Fig. 8. Microphone Bug 02 - F-908 FM transmitter. Size 78.8mm 50.0mm 16.5mm, 9v. Not adjustable frequency. Advertised range up-to 500m in open field. Price: 3 ̃3 USD. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614177612176-9DQPUSKUY9XKQSK4KQDZ/Figure9.png A Modern Study of Microphone Bugs Operation and Detection Fig. 9. Microphone Bug 03 - EAR-1 FM transmitter. Powered by 9v battery. Adjustable frequency. Advertised range up-to 500m in open field. Advertised 100 hours of continuous use. Price: 1 ̃8 USD https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614177665929-6ZYMS5J23FXTM9KHM3G9/Figure10.jpeg A Modern Study of Microphone Bugs Operation and Detection Fig. 10. The Beurer BY 04 is an audio monitoring device designed to monitor babies that operates in the 864 MHz. Size 6cm x 4cm x 11cm. Anyone with a receiver in that frequency can listen to its transmission. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614177852648-OZ10UYJF1OY4YQORJHEO/Table1.png A Modern Study of Microphone Bugs Operation and Detection Table I: This research is focused primarily on four FM microphone bugs and one GSM microphone bug. This table summarizes their characteristics, including device type, frequency, range, battery and price. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614178025853-K9S03AD2HI6J1RTRON59/Figure11.png A Modern Study of Microphone Bugs Operation and Detection Fig. 11. Microphone Bug 04 - MiniA8 GSM Transmitter. Size 4.2cm x 3cm x 1.2cm, 3.7V 500mAh Li-ion battery. Advertised 2 hours of continuous use and 2 days on standby. Price: 1 ̃3 USD. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614178223852-GSS0CAF343XWD2J2HYBJ/Figure12.png A Modern Study of Microphone Bugs Operation and Detection Fig. 12. Normal FM radio transmissions. The pattern of frequencies is clear and precise. There are no overlaps and the noise is minimum. This is in part because of the radio stations being far away. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614178238880-96OI6Y3N9Q9JXFHFLMIV/Figure13.png A Modern Study of Microphone Bugs Operation and Detection Fig. 13. Radio transmission of microphone F-908. The proximity to the mic makes the spikes more accentuated, the overlap with other frequencies larger and there is a small drift in the frequencies. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614178702745-SLHFPYRQF3TCZI2UAJVZ/Figure14.jpg A Modern Study of Microphone Bugs Operation and Detection Fig. 14. The USB device used in our experiments, a DVB-T+DAB+FM device, with the Realtek, RTL2838UHIDIR, chipset. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614178786335-FDBR9SOTDKHJJMJTITPS/Figure+15.jpg A Modern Study of Microphone Bugs Operation and Detection Fig. 15. The Ghost hardware microphone and camera detector. It was used to compare Salamandra against a known working bug detector. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614179192241-20K6XRG3B7J80ME0OW8X/Screen+Shot+2021-02-24+at+16.05.59.png A Modern Study of Microphone Bugs Operation and Detection Table II - Summary of the experiments to train the thresholds of Salamandra. The results come from more than 85 experiments in different locations and using all the microphones. Salamandra was compared with the Ghost commercial hardware detector. The best threshold for Salamandra in a general way are threshold1=15.3 and threshold2 = 2. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614179383473-801APCNOLW2Y7SVDN48X/Figure16.png A Modern Study of Microphone Bugs Operation and Detection Fig. 16. Location function of Salamandra. It prints a histogram of the power levels received from the microphones. It can be seen as an estimation of the distance to the microphone and therefore used as a location feature. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614179458293-BNM7ULJKCX0G6IA7EI7J/Figure17.png A Modern Study of Microphone Bugs Operation and Detection Fig. 17. Example of using verbosity >= 1 in Salamandra location mode. It can print the individual frequencies that trigger the detections. This is very important to find out if the detection is coming from a microphone, or radio station, or is an interference. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614180233945-LP8IQY98WXM3BU6AHB4C/Figure18.jpeg A Modern Study of Microphone Bugs Operation and Detection Fig. 18. Place where the mic F-908 was hidden during Experiment 3. The mic bug was tapped in one inner side of the table, making it hard to find. For experts performing physical searches, carefully trained for this activity, this place would not be a good choice, as the mic was visible in plain sight. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614180318041-LM28640YXSRB3PQ1U1ZE/Figure19.jpeg A Modern Study of Microphone Bugs Operation and Detection Fig. 19. Place where the mic F-908 was hidden during Experiment 5. The mic can not be seen in this picture, to show what people normally sees on the whiteboard. It is an example of a very good place to hide the mic, that even when it was detected it took a long time to find. The whiteboard was a good choice since interesting conversations take place around it. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614180389956-MZCI8XOGI3GZS9V6IAOP/Figure20.jpeg A Modern Study of Microphone Bugs Operation and Detection Fig. 20. Place where the mic F-908 was hidden during Experiment 5. The lid of the whiteboard is open to see the mic. During Experiment 4 the Seeker took 20min to find the mic. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614180569175-TUGRD84CPQAPNDU3PCQE/TableIII.png A Modern Study of Microphone Bugs Operation and Detection Table III - Comparative of real life experiments of hiding a mic and finding it using the Salamandra detection tool. Detection are compared with the hardware detector Ghost. (TTD=Time to Detect, TTF = Time to Find). https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614180733792-329HNNUWU46J9WS8HNXX/Figure21.png A Modern Study of Microphone Bugs Operation and Detection Fig. 21. Example of Mic Bug location and Receiver location in one of the field experiments using a F-908 device. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614180923061-8ZOU7T0ULQ4T5VBT6CC2/Screen+Shot+2021-02-24+at+16.35.14.png A Modern Study of Microphone Bugs Operation and Detection Table IV: Performance experiment with the F-908 Mic bug, non stationary. The receiver was partially stationary. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614181040382-AZ9KXG66UQBOLUM0M2PP/Screen+Shot+2021-02-24+at+16.37.02.png A Modern Study of Microphone Bugs Operation and Detection Table V: Performance experiment with F-908 mic bug, stationary. The receiver was moving, getting closer to the target. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1614181093424-FNYIRIBCJNF8GV4QJ9MJ/Screen+Shot+2021-02-24+at+16.37.08.png A Modern Study of Microphone Bugs Operation and Detection Table VI: Performance experiment with F-908 mic bug, stationary, inside. A residential open space. The receiver was moving closer to the target but located in the same building than the target. https://www.civilsphereproject.org/research/execution-analysis-and-detection-of-android-rats-traffic daily 0.75 2021-06-26 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617112905398-YQE9J6WVOTP7F9CTWVVR/Screen%2BShot%2B2021-03-30%2Bat%2B15.59.09.jpg Execution, Analysis and Detection of Android RATs traffic https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617114888030-QZ8XU8X88PX9OQZM07NO/image5.png Execution, Analysis and Detection of Android RATs traffic Rendered background image sent from the phone to the controller. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617115164714-838Y3K0XAST3Y1L9T3WD/image5.png Execution, Analysis and Detection of Android RATs traffic Network periodicity observed in the network traffic https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1624708196091-5MU2REDNNYH2RKOMY2CL/image6.png Execution, Analysis and Detection of Android RATs traffic - Make it stand out The interface of the HawkShaw C&C software. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617115512180-TVTD76V760AX38JI9ZG8/image5.png Execution, Analysis and Detection of Android RATs traffic The command ‘File Voyager’ in DroidJack v4.4 C&C software. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617176164050-PO588T4BLOYU45L76SVA/image5.jpeg Execution, Analysis and Detection of Android RATs traffic Packet sent from the phone as an answer to the C&C command ‘get Preferences’. The packet data and its structure is shown. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1624708467206-PGAO7KK5L04FNPHWIPEM/image18.png Execution, Analysis and Detection of Android RATs traffic - Make it stand out The interface of the Saefko C&C software. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1624708578018-D45FMXDCBQC9WOPQESV5/image10.png Execution, Analysis and Detection of Android RATs traffic - Make it stand out The interface of the AhMyth C&C software. https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1624708722648-JOGAXI6MPLPCNR04RMYY/image4.png Execution, Analysis and Detection of Android RATs traffic - Make it stand out The interface of the Command-line C&C software. https://www.civilsphereproject.org/research/should-i-click-on-a-link-machine-learning-to-protect-from-cyber-attacks-on-the-web daily 0.75 2021-03-31 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1617195619588-ZHJ27A856N0AJ3PLOOEG/image5.jpg Should I click on a link? Machine Learning to Protect from Cyber Attacks on the Web https://www.civilsphereproject.org/doileakdata daily 0.75 2021-11-17 https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1631741593921-V6EEZZPMXZKH60M4XMJQ/PastedGraphic-1.png Do I Leak Data? Device Privacy Check https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1631741833694-6VPFZCMFQYDQBVBOXQP0/AIC-logo-blue-horizontal.png Do I Leak Data? Device Privacy Check https://images.squarespace-cdn.com/content/v1/5b588ac24eddeca055a9e40e/1632249061673-OUPDZGRVB840UCSWKZJ9/Stratosphere+Project.jpg Do I Leak Data? Device Privacy Check