Month: July 2019

Enlarge / Top officials have decided monopolies aren't fun and games. (credit: Getty Images | Alex Wong)

The Department of Justice is launching an antitrust probe into some of the world's biggest and most influential tech companies, the agency announced Tuesday.

The department's Antitrust Division, which is responsible for reviewing and enforcing issues relating to mergers, monopolies, competition, and price-fixing, said its review would "consider the widespread concerns that consumers, businesses, and entrepreneurs have expressed about search, social media, and some retail services online."

“Without the discipline of meaningful market-based competition, digital platforms may act in ways that are not responsive to consumer demands,” Makan Delrahim, head of the Antitrust Division, said. “The Department’s antitrust review will explore these important issues.”

Enlarge / The 2019 Porsche Cayenne E-Hybrid (credit: Porsche Cars North America)

"What's the point of Sport mode on this car?"

It's an unusual question to lead with, but Chris Trautmann, Manager Complete Vehicle Product Line SUV, was quick to answer. In essence, he told me, "this is a Porsche and we want to offer drivers a full range of options."

A solid and not-unexpected answer, but my driving partner and I were unconvinced. We had spent the day crisscrossing the Willamette Valley in Oregon, clocking nearly 340 miles (547km) in a new, second-generation Porsche Cayenne E-Hybrid. To understand why the question came up in the first place, you have to consider Porsche's approach to electrification and how it differs from its siblings within the Volkswagen Group.

Enlarge (credit: Big Brother Utopia)

Researchers have discovered some of the most advanced and full-featured mobile surveillanceware ever seen. Dubbed Monokle and used in the wild since at least March 2016, the Android-based application was developed by a Russian defense contractor that was sanctioned in 2016 for helping that country’s Main Intelligence Directorate meddle in the 2016 US presidential election.

Monokle uses several novel tools, including the ability to modify the Android trusted-certificate store and a command-and-control network that can communicate over Internet TCP ports, email, text messages, or phone calls. The result: Monokle provides a host of surveillance capabilities that work even when an Internet connection is unavailable. According to a report published by Lookout, the mobile security provider that found Monokle is able to:

• Retrieve calendar information including name of event, when and where it is taking place, and description
• Perform man-in-the-middle attacks against HTTPS traffic and other types of TLS-protected communications
• Collect account information and retrieve messages for WhatsApp, Instagram, VK, Skype, imo
• Receive out-of-band messages via keywords (control phrases) delivered via SMS or from designated control phones
• Send text messages to an attacker-specified number
• Reset a user’s pincode
• Record environmental audio (and specify high, medium, or low quality)
• Make outgoing calls
• Record calls
• Interact with popular office applications to retrieve document text
• Take photos, videos, and screenshots
• Log passwords, including phone unlock PINs and key presses
• Retrieve cryptographic salts to aid in obtaining PINs and passwords stored on the device
• Accept commands from a set of specified phone numbers
• Retrieve contacts, emails, call histories, browsing histories, accounts and corresponding passwords
• Get device information including make, model, power levels, whether connections are over Wi-Fi or mobile data, and whether screen is on or off
• Execute arbitrary shell commands, as root, if root access is available
• Track device location
• Get nearby cell tower info
• List installed applications
• Get nearby Wi-Fi details
• Delete arbitrary files
• Download attacker-specified files
• Reboot a device
• Uninstall itself and remove all traces from an infected phone

Commands in some of the Monokle samples Lookout researchers analyzed lead them to believe that there may be versions of Monokle developed for devices running Apple’s iOS. Unused in the Android samples, the commands were likely added unintentionally. The commands controlled iOS functions for the keychain, iCloud connections, iWatch accelerometer data, iOS permissions, and other iOS features or services. Lookout researchers didn’t find any iOS samples, but they believe iOS versions may be under development. Monokle gets its name from a malware component a developer titled "monokle-agent."