SoylentNews is people
SoylentNews
Surveillance firm pays $1 million fine after 'spy van' scandal:
The Office of the Commissioner for Personal Data Protection in Cyprus has collected a $1 million fine from intelligence company WiSpear for gathering mobile data from various individuals arriving at the airport in Larnaca.
While this is just an administrative fine under the European Union's General Data Protection Regulation (GDPR), it is related to a scandal two years ago widely publicized as the "spy van" case.
In 2019, a Chevrolet van packed with at least $3.5 million worth of equipment that could hack Android smartphones and steal data including WhatsApp and Signal messages, was stationed near the Larnaca airport.
The van had been in the area for months when politicians in Cyprus criticized the government for being passive about the activity of the vehicle after seeing its capabilities in action close to the airport in a video from Forbes.
In a press release today, the data protection watchdog in Cyprus announced that WiSpear paid an administrative fine of 925,000 euros for GDPR violations.
(Score: 3, Insightful) by Anonymous Coward on Tuesday November 16 2021, @02:49AM (6 children)
If the smartphone is hacked, the end-to-end encryption don't do jack.
(Score: 1) by nekomata on Tuesday November 16 2021, @10:59AM (4 children)
The way I read the blurp is sounds like they intercepted traffic (or rather re-routed the smartphones through their own system). This still sucks, but should not make reading WhatsApp and Signal messages possible (SMS on the other hand...).
(Score: 0) by Anonymous Coward on Tuesday November 16 2021, @03:13PM (3 children)
Think again: https://comsec.ethz.ch/research/dram/blacksmith/ [comsec.ethz.ch]
(Score: 2) by PiMuNu on Tuesday November 16 2021, @04:37PM (2 children)
How can this be applied to a passive (listening device)?
(Score: 0) by Anonymous Coward on Tuesday November 16 2021, @05:24PM (1 child)
Because it's probably actually just a stingray or related technology with plenty of capability to MITM wireless traffic?
(Score: 2) by looorg on Tuesday November 16 2021, @09:55PM
This is what I'm thinking, this is a Stingray or Pineapple device of sorts that overpower all other signals and force people to connect to it and from there on end it's just game over as all traffic will be going thru it.
They even more or less state it as their back/cover story that this was a test to provide super fast wifi to all the people waiting at the airport. It would/should be trivial from there on to create a MITM attack on them no matter what.
(Score: 3, Insightful) by nekomata on Tuesday November 16 2021, @11:01AM
Actually upon further investigation, they based the interception on WiFi. And also compromised devices.
> At the time, WiSpear was registered in Limassol, Cyprus. Headed by Dilian, a former career officer in the Israel Defense Forces (IDF), the company specialized in providing end-to-end WiFi interception and security solutions.
>The equipment in the truck, Brewster writes, consisted of surveillance kits and antennas that could trace, compromise, and exfiltrate content from a mobile device, including chats (Facebook, WhatsApp), texts, calls, or contacts.