Ars Technica

Syndikovat obsah Risk Assessment – Ars Technica
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Aktualizace: 34 min 37 sek zpět

Lawsuit: Fox News group hacked, surveilled, and stalked ex-host Andrea Tantaros

28 Duben, 2017 - 00:05

Andrea Tantaros claims that she was stalked and harassed by multiple Twitter accounts that were coordinated by Fox News executives after she filed a sexual harassment suit. Her new lawsuit also claims that Fox had her computer hacked for spying purposes. (credit: Twitter)

Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, current and former Fox executives, Peter Snyder and his financial firm Disruptor Inc., and 50 "John Doe" defendants. The suit alleges that collective participated in a hacking and surveillance campaign against her.

Tantaros filed a sexual harassment suit against Roger Ailes and Fox News in August of 2016, after filing internal complaints with the company about harassment dating back to February of 2015. She was fired by the network in April of 2016, as Tantaros continued to press complaints against Fox News' then-Chairman and CEO Roger Ailes, Bill O'Reilly, and others. Tantaros had informed Fox that she would be filing a lawsuit over the alleged sexual harassment.

Tantaros claims that as early as February of 2015, a group run out of a "black room" at Fox News engaged in surveillance and electronic harassment of her, including the use of "sock puppet" social media accounts to electronically stalk her. According to the lawsuit:

Read 7 remaining paragraphs | Comments

Kategorie: Hacking & Security

Russian-controlled telecom hijacks financial services’ Internet traffic

27 Duben, 2017 - 22:20

Enlarge / A map that visualizes network changes being announced by Rostelecom. (credit: BGPmon)

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.

Anomalies in the border gateway protocol—which routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks—are common and usually the result of human error. While it's possible Wednesday's five- to seven-minute hijack of 36 large network blocks may also have been inadvertent, the high concentration of technology and financial services companies affected made the incident "curious" to engineers at network monitoring service BGPmon. What's more, the way some of the affected networks were redirected indicated their underlying prefixes had been manually inserted into BGP tables, most likely by someone at Rostelecom, the Russian government-controlled telecom that improperly announced ownership of the blocks.

"Quite suspicious"

"I would classify this as quite suspicious," Doug Madory, director of Internet analysis at network management firm Dyn, told Ars. "Typically accidental leaks appear more voluminous and indiscriminate. This would appear to be targeted to financial institutions. A typical cause of these errors [is] in some sort of internal traffic engineering, but it would seem strange that someone would limit their traffic engineering to mostly financial networks."

Read 8 remaining paragraphs | Comments

Kategorie: Hacking & Security

A vigilante is putting a huge amount of work into infecting IoT devices

27 Duben, 2017 - 01:03

Enlarge (credit: Gammew)

Last week, Ars introduced readers to Hajime, the vigilante botnet that infects IoT devices before blackhats can hijack them. A technical analysis published Wednesday reveals for the first time just how much technical acumen went into designing and building the renegade network, which just may be the Internet's most advanced IoT botnet.

As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems."

Not your father's IoT botnet

But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that's largely unparalleled in the IoT landscape. Wednesday's technical analysis, which was written by Pascal Geenens, a researcher at security firm Radware, makes clear that the unknown person or people behind Hajime invested plenty of time and talent.

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Picture this: Senate staffers’ ID cards have photo of smart chip, no security

26 Duben, 2017 - 21:11

Enlarge / Sen. Ron Wyden of Oregon has pointed out a particular problem with Senate IT security: Senate staffers' ID cards are essentially fake smartcards, useless for two-factor authentication. (credit: Getty Images/Justin Sullivan)

When Congress held hearings following the breach of the systems of the Office of Personnel Management (OPM) in 2015, one of the issues that caused great consternation among lawmakers was that the OPM had failed to implement two-factor authentication for employees, particularly when using virtual private networks. Federal information security standards in place at the time called for strong user authentication for any federal information system, but the OPM hadn't figured out how to implement two-factor authentication principles—something users know (a password), plus something they have (which, in government, is typically a "smartcard" ID with digital authentication keys programmed onto a chip).

The OPM wasn't alone. While the Department of Defense began issuing Common Access Cards in 2008 to be used for two-factor authentication on DOD systems and to control physical access to DOD facilities, most of the civilian agencies of the US federal government still hadn't implemented their own smartcard (Personal Identity Verification, or PIV) systems at the time of the OPM breach.

What a real smartcard ID looks like: the DOD's Common Access Card. (credit: Department of Defense)

The Government Accountability Office repeatedly warned of gaps in federal information security, including the lack of two-factor authentication on critical federal systems like those at OPM. And during President Barack Obama's "cyber-sprint," many more agencies did roll out smartcards for authentication.

Read 2 remaining paragraphs | Comments

Kategorie: Hacking & Security

NSA backdoor detected on >55,000 Windows boxes can now be remotely removed

25 Duben, 2017 - 22:26

Enlarge (credit: Countercept)

After Microsoft officials dismissed evidence that more than 10,000 Windows machines on the Internet were infected by a highly advanced National Security Agency backdoor, private researchers are stepping in to fill the void. The latest example of this open source self-help came on Tuesday with the release of a tool that can remotely uninstall the DoublePulsar implant.

On late Friday afternoon, Microsoft officials issued a one-sentence statement saying that they doubted the accuracy of multiple Internet-wide scans that found anywhere from 30,000 to slightly more than 100,000 infected machines. The statement didn't provide any factual basis for the doubt, and officials have yet to respond on the record to requests on Tuesday for an update. Over the weekend, Below0day released the results of a scan that detected 56,586 infected Windows boxes, an 85-percent jump in the 30,626 infections the security firm found three days earlier.

Both numbers are in the conservative end of widely ranging results from scans independently carried out by other researchers over the past week. On Monday, Rendition Infosec published a blog post saying DoublePulsar infections were on the rise and that company researchers are confident the scan results accurately reflect real-world conditions. Rendition founder Jake Williams told Ars that the number of infected machines is "well over 120k, but that number is a floor."

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

AV provider Webroot melts down as update nukes hundreds of legit files

25 Duben, 2017 - 01:50

Enlarge (credit: Enesse Bhé)

Update 4/25/2017 7:07 AM California time:Webroot officials issued the following statement: "On April 24, Webroot experienced a technical issue affecting some business and consumer customers. We are in the process of creating a fix, but in the meantime, small business customers can follow instructions posted in the Webroot Community to address the issue."

Antivirus provider Webroot is causing a world of trouble for customers. A signature update just nuked hundreds of benign files needed to run Microsoft Windows, as well as apps that run on top of the operating system.

Social media sites ignited on late Monday afternoon with customers reporting that servers and computers alike stopped working as a result of the mishap. The admin and security pundit who goes by the Twitter handle SwiftOnSecurity told Ars that, at the company he or she worked for, the false positive quarantined "several hundred" files used by Windows Insider Preview. Hundreds of "line of business" apps, such as those that track patient appointments or manage office equipment, suffered the same fate. Webroot was also flagging Facebook as a phishing site.

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

BrickerBot, the permanent denial-of-service botnet, is back with a vengeance

24 Duben, 2017 - 22:43

Enlarge (credit: BoatingWithTR.com)

BrickerBot, the botnet that permanently incapacitates poorly secured Internet of Things devices before they can be conscripted into Internet-crippling denial-of-service armies, is back with a new squadron of foot soldiers armed with a meaner arsenal of weapons.

Pascal Geenens, the researcher who first documented what he calls the permanent denial-of-service botnet, has dubbed the fiercest new instance BrickerBot.3. It appeared out of nowhere on April 20, exactly one month after BrickerBot.1 first surfaced. Not only did BrickerBot.3 mount a much quicker number of attacks—with 1,295 attacks coming in just 15 hours—it used a modified attack script that added several commands designed to more completely shock and awe its targets. BrickerBot.1, by comparison, fired 1,895 volleys during the four days it was active, and the still-active BrickerBot.2 has spit out close to 12 attacks per day.

"Just like BrickerBot.1, this attack was a short but intense burst," Geenens told Ars. "Shorter than the four days BrickerBot.1 lasted, but even more intense. The attacks from BrickerBot.3 came in on a different honeypot than the one that recorded BrickerBot.1. There is, however, no correlation between the devices used in the previous attack versus the ones in this attack."

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Russian man gets longest-ever US hacking sentence, 27 years in prison

22 Duben, 2017 - 02:19

Images of Seleznev with stacks of cash were found on his laptop following his 2014 arrest in the Maldives. (credit: Department of Justice)

Russian hacker Roman Seleznev was sentenced to 27 years in prison today. He was convicted of causing more than $169 million in damage by hacking into point-of-sale computers.

Seleznev, aka "Track2," would hack into computers belonging to both small businesses and large financial institutions, according to prosecutors. He was arrested in the Maldives in 2014 with a laptop that had more than 1.7 million credit card numbers. After an August 2016 trial, Seleznev was convicted on 38 counts, including wire fraud, intentional damage to a protected computer, and aggravated identity theft.

The sentence is quite close to the 30 years that the government asked for. Prosecutors said Seleznev deserved the harsh sentence because he was "a pioneer" who helped grow the market for stolen credit card data and because he "became one of the most revered point-of-sale hackers in the criminal underworld."

Read 6 remaining paragraphs | Comments

Kategorie: Hacking & Security

>10,000 Windows computers may be infected by advanced NSA backdoor

21 Duben, 2017 - 22:12

Enlarge / A script scanning the Internet for computers infected by DoublePulsar. On the left, a list of IPs Shodan detected having the backdoor installed. On the right are pings used to manually check if a machine is infected. (credit: Dan Tentler)

Security experts believe that tens of thousands of Windows computers may have been infected by a highly advanced National Security Agency backdoor. The NSA backdoor was included in last week's leak by the mysterious group known as Shadow Brokers.

DoublePulsar, as the NSA implant is code-named, was detected on more than 107,000 computers in one Internet scan. That scan was performed over the past few days by researchers from Binary Edge, a security firm headquartered in Switzerland. Binary Edge has more here. Separate mass scans, one done by Errata Security CEO Rob Graham and another by researchers from Below0day, detected roughly 41,000 and 30,000 infected machines, respectively. To remain stealthy, DoublePulsar doesn't write any files to the computers it infects. This design prevents it from persisting after an infected machine is rebooted. The lack of persistence may be one explanation for the widely differing results.

Below0day

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Researchers claim China trying to hack South Korea missile defense efforts

21 Duben, 2017 - 17:33

Enlarge / South Korea is deploying Lockheed Martin's THAAD missile defense system, and that's sparked the ire of the Chinese government, as well as military and "hacktivist" hacking groups, according to FireEye. (credit: US Army)

Chinese government officials have been very vocal in their opposition to the deployment of the Terminal High-Altitude Air Defense (THAAD) system in South Korea, raising concerns that the anti-ballistic missile system's sensitive radar sensors could be used for espionage. And according to researchers at the information security firm FireEye, Chinese hackers have transformed objection to action by targeting South Korean military, government, and defense industry networks with an increasing number of cyberattacks. Those attacks included a denial of service attack against the website of South Korea's Ministry of Foreign Affairs, which the South Korean government says originated from China.

FireEye's director of cyber-espionage analysis John Hultquist told the Wall Street Journal that FireEye had detected a surge in attacks against South Korean targets from China since February, when South Korea announced it would deploy THAAD in response to North Korean missile tests. The espionage attempts have focused on organizations associated with the THAAD deployment. They have included "spear-phishing" e-mails carrying attachments loaded with malware along with "watering hole" attacks that put exploit code to download malware onto websites frequented by military, government, and defense industry officials.

FireEye claims to have found evidence that the attacks were staged by two groups connected to the Chinese military. One, dubbed Tonto Team by FireEye, operates from the same region of China as previous North Korean hacking operations. The other is known among threat researchers as APT10, or "Stone Panda"—the same group believed to be behind recent espionage efforts against US companies lobbying the Trump administration on global trade. These groups have also been joined in attacks by two "patriotic hacking" groups not directly tied to the Chinese government, Hultquist told the Journal—including one calling itself "Denounce Lotte Group" targeting the South Korean conglomerate Lotte. Lotte made the THAAD deployment possible through a land swap with the South Korean government.

Read on Ars Technica | Comments

Kategorie: Hacking & Security

Man sues Confide: I wouldn’t have spent $7/month if I’d known it was flawed

21 Duben, 2017 - 11:00

Enlarge (credit: Confide)

A man in Michigan has sued Confide, a secure messaging app that is reportedly used by Republicans in the Trump White House, over allegations that the app isn’t nearly as secure when run on a desktop computer, as opposed to a mobile device.

While the app does prevent screenshots on mobile devices, the new lawsuit, which was filed in federal court in New York on Thursday, notes that the app fails to block screenshots on Windows. Similarly, the mac OS and Windows versions both allow for entire messages to be read all at once rather than line-by-line, as the mobile app does. The two desktop platforms also lack a key feature—notification of a screenshot.

"By failing to offer the protections it advertised, Confide not only fails to maintain the confidentiality of messages sent or received by desktop App users, but its entire user base," lawyers for the plaintiff, Jeremy Auman, wrote in their civil complaint.

Read 9 remaining paragraphs | Comments

Kategorie: Hacking & Security

Chrome, Firefox, and Opera users beware: This isn’t the apple.com you want

20 Duben, 2017 - 20:34

Enlarge / This is how a Chrome 57 displays https://www.xn--80ak6aa92e.com/. Note the https://www.apple.com in the address bar.

If you're using Chrome, Firefox, or Opera to view websites, you should be aware of a weakness that can trick even savvy people into trusting malicious impostor sites that want you to download software or enter your password or credit card data.

The weakness involves the way these browsers display certain characters in the address bar. Until Google released version 58 in the past 24 hours, for instance, Chrome displayed https://www.xn--80ak6aa92e.com/ as https://www.apple.com. The latest versions of Firefox and Opera by default continue to present the same misleading address. As the screenshot above demonstrates, the corresponding website has nothing to do with Apple. Had a malicious attacker registered the underlying xn--80ak6aa92e.com domain, she could have used it to push backdoored software or to trick visitors into divulging passwords or other sensitive information.

Xudong Zheng, a Web application developer who developed the apple.com look-alike site to demonstrate the threat, explained here how the attack works.

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Tanium CEO admits using real hospital data in sales demos [Updated]

20 Duben, 2017 - 17:44

Enlarge / Orion Hindawi, co-founder and chief technology officer of Tanium Inc. (credit: Getty Images/Bloomberg)

Following a report by The Wall Street Journal that the security vendor Tanium used a hospital's live network as a demonstration platform on sales calls and even revealed private hospital data in a publicly posted demonstration video, Tanium CEO Orion Hindawi has admitted that mistakes were made in handling data from El Camino Hospital's network. Hindawi was vague about whether the company had live access to the network, but in a blog post late yesterday, he said that the data was from "this particular customer's demo environment" and that Tanium did not—and should not—have remote access to customers' security data except in a very few cases where customers had granted access.

[Update, 3:30 pm EDT] Ars has learned from a source familiar with the installation that the company did, in fact, use a connection to El Camino Hospital's on-premises instance of the Tanium web console for demonstrations.The connection would have had to have been provided by El Camino's information technology staff—though it is not clear how far up in the hospital's administration that arrangement was approved, and the arrangement was apparently never documented. Since 2015—about the time Tanium lost access to the El Camino Hospital installation—Tanium has required that these sorts of arrangements be codified in writing.

"We do have a few customers who have agreed for us to use their environments for external demos and have provided that access to us," Hindawi wrote. "Since 2015, we’ve insisted that before a customer is willing to let us demo from their environment, regardless of the access they offer us, we document that in writing and agree on what data we can show to ensure there isn’t any confusion. Other than the few customers who have signed those documents and provided us remote access to their Tanium platforms, we do not—and in fact cannot—demonstrate customer environments with Tanium."

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Windows bug used to spread Stuxnet remains world’s most exploited

20 Duben, 2017 - 11:01

Enlarge (credit: Saurabh R. Patil)

One of the Microsoft Windows vulnerabilities used to spread the Stuxnet worm that targeted Iran remained the most widely exploited software bug in 2015 and 2016 even though the bug was patched years earlier, according to a report published by antivirus provider Kaspersky Lab.

The most widespread exploits of 2015. (credit: Kaspersky Lab)

The most widespread exploits of 2016. (credit: Kaspersky Lab)

In 2015, 27 percent of Kaspersky users who encountered any sort of exploit were exposed to attacks targeting the critical Windows flaw indexed as CVE-2010-2568. In 2016, the figure dipped to 24.7 percent but still ranked the highest. The code-execution vulnerability is triggered by plugging a booby-trapped USB drive into a vulnerable computer. The second most widespread exploit was designed to gain root access rights to Android phones, with 11 percent in 2015 and 15.6 percent last year.

The Windows vulnerability was first publicly disclosed in July 2010, a few days before security reporter Brian Krebs was the first to report on the Stuxnet outbreak. The bug resided in functions that process so-called .LNK files that Windows uses to display icons when a USB stick is connected to a PC. By hiding malicious code inside the .LNK files, a booby-trapped stick could automatically infect the connected computer even when its autorun feature was turned off. The self-replication and lack of any dependence on a network connection made the vulnerability ideal for infecting air-gapped machines. Microsoft patched the vulnerability in August, 2010.

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Tanium exposed hospital’s IT while using its network in sales demos

19 Duben, 2017 - 23:11

Enlarge / Orion Hindawi, co-founder and chief technology officer of Tanium Inc. (credit: Getty Images/Bloomberg)

Information security company Tanium is a relatively well-established "next-generation" cybersecurity vendor that was founded 10 years ago—far ahead of the wave of the venture capital-funded newcomers, like Cylance, who have changed the security software space. (Tanium has reached a market valuation of more than $3 billion, though there are no indications of when it will make an initial public offering.)

Starting in 2012, Tanium apparently had a secret weapon to help it compete with the wave of newcomers, which the company's executives used in sales demonstrations: a live customer network they could tap into for product demonstrations. There was just one problem: the customer didn't know that Tanium was using its network. And since the customer was a hospital, the Tanium demos—which numbered in the hundreds between 2012 and 2015, according to a Wall Street Journal report—exposed live, sensitive information about the hospital's IT systems. Until recently, some of that data was shown in publicly posted videos.

In 2010, Tanium's software was installed at Allscripts Healthcare Solutions' El Camino Hospital (which markets itself as "the hospital of Silicon Valley") in Santa Clara County, California. The hospital no longer has a relationship with Tanium. While Tanium did not have access to patient data, the demos showed desktop and server management details that were not anonymized.

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

Microsoft turns two-factor authentication into one-factor by ditching password

19 Duben, 2017 - 18:03

(credit: Microsoft)

Microsoft Authenticator is a pleasant enough two-factor authentication app. You can use it to generate numeric authentication codes for accounts on Google, Facebook, Twitter, and indeed, any other service that uses a standard one-time password. The login process is straightforward: first you sign in to each site with your username and regular, fixed password, then you use the code generated by the app.

But for Microsoft accounts, Redmond is offering something new: getting rid of that first password and using just the phone to authenticate. With phone-based authentication enabled, after entering your Microsoft Account e-mail address, you'll receive an alert on your phone. From that alert, you can either approve or reject the authentication attempt—no password necessary.

This same approve-or-reject choice on the phone has been offered previously to Microsoft Accounts, but in the past, it still required the use of the fixed password.

Read 2 remaining paragraphs | Comments

Kategorie: Hacking & Security

Scammers mine online recruiter for patsies in package reship scheme

19 Duben, 2017 - 15:29

Enlarge / That sketchy speedy delivery gig you were offered by that company that you applied to work for? It's probably a scam.

If you're using a Web-based third-party recruiter site to look for and apply for jobs, you may want to keep a close eye on the e-mails you get in response. As Steve Ragan of CSO reports, scammers are harvesting information from recruiter sites to offer "flexible" jobs that are in fact criminal undertakings—often posing as executives from the companies where applicants have applied for jobs.

One woman who applied for a job at the paint manufacturer Sherwin-Williams through the site of ZipRecruiter received an e-mail shortly afterward from someone posing as the CEO of the company. The person claimed that the position she had applied for was filled but offered another job as a "personal assistant" for the CEO himself for $500 a week.

"If you accept my offer, I will need you to take charge of my mails pick up and drop off as well as errand running during your spare time outside of work," the e-mail read. "The job is flexible so you can do it wherever you are as long as there is a post office in the area. I will pay for the first week in advance to run errands, and will also have my mails/packages forwarded to a nearby post office where you can pick them from at your convenience."

Read 6 remaining paragraphs | Comments

Kategorie: Hacking & Security

Vigilante botnet infects IoT devices before blackhats can hijack them

19 Duben, 2017 - 03:41

Enlarge / Vigilante Man (Illustration by Projectvillain photographed by Seth Anderson) (credit: projectvilliain/Seth Anderson)

Mirai, the botnet that threatened the Internet as we knew it last year with record-setting denial-of-service attacks, is facing an existential threat of its own: A competing botnet known as Hajime has infected at least 10,000 home routers, network-connected cameras, and other so-called Internet of Things devices.

Hajime uses a decentralized peer-to-peer network to issue commands and updates to infected devices. This design makes it more resistant to takedowns by ISPs and Internet backbone providers. Hajime uses the same list of user name and password combinations Mirai uses, with the addition of two more. It also takes steps to conceal its running processes and files, a feature that makes detecting infected systems more difficult. Most interesting of all: Hajime appears to be the brainchild of a grayhat hacker, as evidenced by a cryptographically signed message it displays every 10 minutes or so on terminals. The message reads:

Just a white hat, securing some systems.

Important messages will be signed like this!

Hajime Author.

Contact CLOSED

Stay sharp!

Another sign Hajime is a vigilante-style project intended to disrupt Mirai and similar IoT botnets: It blocks access to four ports known to be vectors used to attack many IoT devices. Hajime also lacks distributed denial-of-service capabilities or any other attacking code except for the propagation code that allows one infected device to seek out and infect other vulnerable devices.

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

Two members of ATM skimming ring plead guilty to bank fraud

18 Duben, 2017 - 23:32

Enlarge (credit: Piotrus)

Joel Abel Garcia, a 35-year-old from the Bronx, New York, became the third member of an alleged ring of automated teller machine "skimmers" to plead guilty today in the US District of New Jersey to the charge of conspiracy to commit bank fraud. Another member of the group—Victor Hanganu, a Romanian citizen living in Bayside, New York—pleaded guilty to the same charge on April 10. Eleven others have been charged in the conspiracy, which targeted PNC and Bank of America ATMs in New Jersey from March 2015 until June of 2016. Another Romanian, Radu Marin, pleaded guilty on March 29.

"According to admissions made in connection with the pleas, Garcia, Hanganu, and others sought to defraud financial institutions and their customers by illegally obtaining customer account information, including account numbers and personal identification numbers," a Department of Justice spokesperson said in a statement made on behalf of federal prosecutors in New Jersey. Garcia was found to be personally responsible for $132,805 in withdrawals using forged ATM cards out of a total of $428,581 over the 15-month period.

Garcia admitted as part of the plea that "he installed 'skimming' devices on the ATMs" belonging to PNC and Bank of America at multiple locations in New Jersey, "including pinhole cameras that recorded password entries and card-reading devices capable of recording customer information encoded on magnetic strips," according to the statement.

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

Meet PINLogger, the drive-by exploit that steals smartphone PINs

18 Duben, 2017 - 19:20

Enlarge (credit: Harrison Weber)

Smartphones know an awful lot about us. They know if we're in a car that's speeding, and they know when we're walking, running, or riding in a bus. They know how many calls we make and receive each day and the precise starting and ending time of each one. And of course, they know the personal identification numbers we use to unlock the devices or to log in to sites that are protected by two-factor authentication. Now, researchers have devised an attack that makes it possible for sneaky websites to surreptitiously collect much of that data, often with surprising accuracy.

The demonstrated keylogging attacks are most useful at guessing digits in four-digit PINs, with a 74-percent accuracy the first time it's entered and a 94-percent chance of success on the third try. The same technique could be used to infer other input, including the lock patterns many Android users rely on to lock their phones, although the accuracy rates would probably be different. The attacks require only that a user open a malicious webpage and enter the characters before closing it. The attack doesn't require the installation of any malicious apps.

Malicious webpages—or depending on the browser, legitimate sites serving malicious ads or malicious content through HTML-based iframe tags—can mount the attack by using standard JavaScript code that accesses motion and orientation sensors built into virtually all iOS and Android devices. To demonstrate how the attack would work, researchers from Newcastle University in the UK wrote attack code dubbed PINLogger.js. Without any warning or outward sign of what was happening, the JavaScript was able to accurately infer characters being entered into the devices.

Read 12 remaining paragraphs | Comments

Kategorie: Hacking & Security