Whispers

Gustaw Fit

Chinese whispers. The game of confusion, sometimes called telephone. Origins date back to the first Commonwealth British Empire and first contacts with China. The ‘Chinese’ bit is coming from the earliest contacts between Europeans and Chinese people in the 17th century, and attribute it to Europeans’ inability to understand China’s culture and worldview.

We seem to be entering the age, where this game, related to ‘what have I overheard’, might be getting a new meaning. A dangerous meaning.

Recently a person was arrested in Poland with the accusation of spying for China. This follows earlier concerns around blue-chip Chinese company called Huawei. This company is currently the biggest base-network communication devices provider in the world. It also has very close ties to the Chinese government. They also offer their products at a very low price compared to the market. Gives creeps to think, that almost every switch, router or mobile base station is equipped by stuff from a Chinese government pet-company.

The danger is coming from the fact, there are no international security standards, that would ensure all of the devices are screened for potential ‘backdoors’. There is also no will to do it, as most of the people in the world, are handling their privacy away to join the likes of Facebook. Huawei is not the only one, as for a fact, Google does the same.

Google products store voice data for further marketing purposes. What is scary, we do not really control, what they are listening to. Well partially. Some of it is available. If you want to dig into this scary place, try this link.

For your smartphone to actually pay attention and record your conversation, there needs to be a trigger, such as when you say “hey Siri” or “okay Google.” In the absence of these triggers, any data you provide is only processed within your own phone. Still very scary!

Some time ago, something strange happened. Me and my wife, were sitting in our living room, our Android phones on the table, discussing our a potential trip to Taiwan. The very next moment, we started a google search, and the first result suggestions, were about Taiwan. It seemed like just a spooky coincidence, but then everyone seems to have a story about their smartphone listening to them.

Right now, the game of telephone are becoming a professional eavesdropping strategy. Everyone listens to everything. The threat goes deeper. Much deeper.

A few months ago, I was speaking to a friend of mine, who is a technology freak. He bought himself a robot dog from Alibaba. As he is a freak, he wanted to connect his dog to internal WiFi network for ‘enhanced commands’. When he started browsing through his router stats, he learned, quite shockingly, the dog had already opened a connection to an unknown internet IP address. There was also a stable, yet very small, close to undetectable data stream going. He blocked it and tried contacting the manufacturer. He never got a response…

This rings a bell to a similar situation in the US, in 2016, where a confirmed secret backdoor, was indeed sending all sms data to Chinese IP’s.

Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.

Another challenging factor here is the ‘Dark Web’. Almost all sites on the so-called Dark Web hide their identity using the Tor encryption tool. You may know Tor for its ability to hide your identity and activity. You can use Tor to spoof your location so it appears you’re in a different country to where you’re really located, making it much like using a VPN service.

Handy for all sorts of undercover activities. Not only criminal.

Do you know what Internet of Things is? Intelligent homes, where your fridge can check what is missing and order it, garage doors detecting your car coming in and opening up, surveillance, heating control, etc, etc? It can also potentially tell your employer how much you drink, or do the same to your insurance company. The possibilities are endless.

There is a volatile spot as well. It seems like the devices used in IoT, are the weakest defence points. End users will also rarely change administration password to their fridge, a toaster or a CCTV camera. The manufacturer passwords are easily obtained from the Dark Web. Do the stories about a guy watching his neighbourhood still sound impossible? Or just plain creepy and scary, but indeed very, very plausible?

Then there is the ‘security factor’. All of us think we are secure, because we are using security certificates in our browser or password, that are not kept in plain text by our service providers. The fact is, all what hackers need to get is a significant set of packets you send over the internet to start decryption. They need large sets of data, to look for similarities and to allow their zombie-supercomputer networks (which your computer might be part of, without you noticing), to de-crypt everything with brute force. They don’t feel pressure for time. This can be taking months or even years, all they need is your private key or an administrator password. They will get the rest by themselves. most of the hacking done in the world, do not hit the flashy news. It is as boring, as being a secretary in some long-forgotten council.

To note, even by encrypting our WiFi, we still allow others to collect this data, as this is purely broadcast and available within sometimes 100 meters from where you live. Using cable connections is much better, but also can’t guarantee safety.

To conclude. We are living in an era, where everything we say is somehow recorded. What we chat on the internet, stays there forever. Hell, today even if we don’t want it on the internet, it may end up there. There are multiple applications of this data and you really never know, when and how it is going to be used. In most end-user agreements you agree to share them though. Yes, very few people read privacy agreements.

We are living in a world, where even slightest of our whispers will get recorded. The confusing part is in the amount of data. This is why I call this the modern Chinese whispers. There is so much data available, until you can really focus on what you want, how to get this data and how to understand it, it will be gibberish.

This is rapidly changing with the development of deep machine learning.

Nevertheless we should start thinking on how the ‘stay always connected’ is impacting our lives, or how it can impact our future.

One step further for the protection of privacy is GDPR.

If after reading all this, you still believe GDPR is a pile of b-s, watch the movie:

My advice – go off the grid more often (this will also help to improve your health through lover EMF exposition). Off the grid, means off the grid – NO DEVICES!

Published by Gustaw Fit

An experienced engineer and manager. Worked in multiple industries in various sized enterprises. A strong believer that software is actually Peopleware. A software developer at heart, and also worked as a QA engineer, test manager, project manager, delivery manager and more. I have managed teams and organizations of up to 40 people and budgets of 5mln dollars. I truly believe in DORA metrics and engineering efficiency. I am an active coder, with some playground projects in: https://github.com/fitg?tab=repositories. More about my managerial style in: https://managerreadme.com/readme/fitgustaw. On the personal side - a fan of magic the gathering, board games, role-playing games, psychology, real evidence-based science, books worth to read, European comics ... aaaand football (I am an active player still and support my home team of Pogon Szczecin). Happily married with a child. Owned by 3 cats and a dog. Currently working at Zoopla.co.uk, re-imagining the property market, aiming to build the best information technology practices and services. This blog has some of my creative thinking, some rambling and some coding.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s