



The EFFs Threat Lab is dedicated to in-depth research examining technology-enforced power imbalances in society. In 2022, we will sharpen our knives, sharpen our skills to defeat the stalkerware industry, target invasive police surveillance, issue security and privacy warnings for daycare apps, and new tools to reverse Android malware. and developed the technology. Joined a coalition to protect the most vulnerable people in our society. Our crack team of technologists and researchers published FOIAs, guided policy makers, fought back against big technology, and analyzed hardware and software to achieve these goals.

Here are some of the achievements that made 2022 an eventful year for Threat Lab.

fight against surveillance

Our Atlas of Surveillance project has passed a major milestone, documenting over 10,000 cases in police technology programs across the United States. It is bittersweet to shed light on these programs, and reminds us that this transparency reveals just how widespread the advanced technology employed by police departments across the country is. To achieve this milestone, a collaboration between EFF and the University of Nevada Renos Reynolds School of Journalism crowdsourced thousands of individual mini-research tasks to students.

Base station simulators are one of the technologies employed by law enforcement agencies. Sometimes called stingrays, these devices use small mobile transceivers to impersonate cell towers, tricking phones into connecting to base stations instead of legitimate ones, enabling location tracking, It is even possible to intercept communications not only from suspicious persons, but from everyone within a given area. of crime. In 2018, dozens of his FOIA requests were issued to the California Police Department, in parallel with Threat Labs efforts to uncover Cell Site Simulator (CSS), revealing the extent of CSS’ use. became. As a result, the EFF learned that San Bernardino County law enforcement officials had indefinitely sealed search warrant records involving the use of CSS. In October, we asked the California Supreme Court to reconsider the case, saying that permanently sealing these records violates the public’s right to access court records and prevents invasiveness by law enforcement. effectively prevented the public from raising important questions about the extent and excesses of the use of public data. technology.

As part of our effort to combat spooky surveillance technology, we analyzed a GPS tracking device covertly attached to one of our backers’ cars. Taking the device apart and getting what information from the device when it was installed by trying to determine if it was put there by a car dealer or as a stalking tool I issued a command to determine if it is possible. Of (literally) fun hacking in the process. In the end, a little old fashioned research query in the form of a phone call gave me the answer I was looking for. The GPS device was installed by a car dealer as part of a contract with an anti-theft company. He found hundreds of thousands of vehicles unknowingly fitted with GPS devices.

Fighting stalkerware

This year, as part of our work with the Coalition Against Stalkerware, we made significant outreach to policy makers and regulators. In April, the Maryland legislature unanimously passed a law requiring law enforcement officers to be trained on what stalkerware looks like. This is a direct result of a conversation Eva Galperin, director of cybersecurity at Threat Labs, had with state officials. The bill was signed into law in her May, making it the first state to crack down on domestic violence and intimate partner abuse electronically. We hope Maryland is just the first of many states to do so, in response to an investigation led by TechCrunch that revealed critical security vulnerabilities opened by a series of stalkerware apps. As such, we have asked the Federal Trade Commission to take action to protect victims of this abuse industry by shutting down stalkerware apps.

Last year, Apple released an Android app called Tracker Detect to address the issue of stalkers using AirTags to track victims. This year, in response to our allegations and numerous testimonies of unwanted tracking, Apple has taken new steps to strengthen our protections against this practice.

App and malware research

Part of our mission is to be the security team for the underrepresented. To that end, we investigated some popular apps that monitor the daily behavior of toddlers in daycare and report them to parents. We have found dangerous security and privacy flaws in the way these apps work and have warned these app makers about the flaws. Unfortunately, very few changes were made to fix these issues, and in some cases there was no response at all. We red flagged his FTC and asked him to investigate the matter and issue a rule on rampant negligence. The letter was then included as part of a public comment period during which the FTC called for information on its industry oversight to be made available to the public. This is the first step in a long process of federal rulemaking to regulate commercial oversight and lax data security practices.

Threat Labs’ malware analysis team turned its attention to the Android ecosystem this year, investigating a multi-stage class of malware called tor-hydra disguised as a banking app. Malware uses many obfuscation techniques to hide its true functionality. Connect to the C2 server via the tor network and launch attacks by adding the device to a botnet controlled by malicious hackers. We also continue to work on the discovery of Dark Caracal, with a new report due out next year.

In addition to examining instances of Android malware, researchers have also been able to perform complex real-world interactions (such as unlocking a car door with an app) without the need for sophisticated multi-device lab setups. etc.) are analyzed. We continued to build our android app (apk) download application apkeep, providing it to more platforms and more app stores for download. One of the stores we currently support is Huawei’s App Gallery, a source of popular apps in China, which we believe will be of particular interest to privacy researchers.

Promoting freedom of information

Finally, Threat Lab worked in support of ESPLERP, an organization of sex workers and erotic service providers, to report a Rose Foundation-funded report on technology used to monitor sex workers in California. is created. We have worked with them on their records request strategy to file records requests statewide, to stand up to rebellious law enforcement agencies, and to interpret the records they collect.

Our work is focused on helping the most vulnerable segments of society with our research and reverse engineering skills and policy advocacy. As we continue to expand our business, we will continue to work toward this goal in the coming years and beyond. We appreciate your support as we continue to make these breakthroughs in advancing privacy and security in an increasingly interconnected world.

This article is part of our Year in Review series. Read more about the fight over digital rights in 2022.

