concertina226 writes: While it may not be a big deal if a cybercriminal hacks your smart fridge to send spam, the potential risks associated with maliciously taking control of a pace maker or a car, are obvious to all.
To combat this problem, computer scientists from the University of California have devised a new way to detect security problems, by testing hardware and how it integrates with software. Using Gate-level Information Flow Tracking, a team of scientists from UC San Diego and UC Santa Barbara have invented a tool that can tag critical parts of a hardware's security system and then monitor how each part affects the system.
Currently, the security industry's focus on analysing software for potential security vulnerabilities is based on the assumption that the chip the software runs on is completely secure — when that is not always the case.
Hardware is made up of many interconnected blocks which share resources and perform complex interactions. At times, the way the hardware is designed can enable encrypted memory to be leaked, so it's crucial to look at how software and hardware interact.
concertina226 writes: Online hacktivist collective Anonymous has announced that it is working on a new tool called Airchat which could allow people to communicate without the need for a phone or an internet connection — using radio waves instead.
Anonymous, the amorphous group best known for attacking high profile targets like Sony and the CIA in recent years, said on the project's Github page: "Airchat is a free communication tool [that] doesn't need internet infrastructure [or] a cell phone network. Instead it relies on any available radio link or device capable of transmitting audio."
Despite the Airchat system being highly involved and too complex for most people in its current form, Anonymous says it has so far used it to play interactive chess games with people at 180 miles away; share pictures and even established encrypted low bandwidth digital voice chats.
In order to get Airchat to work, you will need to have a handheld radio transceiver, a laptop running either Windows, Mac OS X or Linux, and be able to install and run several pieces of complex software.
concertina226 writes: Chinese authorities have detained a total of 1,530 suspects in a crackdown on spam SMS text messages being sent out by illegal telecoms equipment, according to Chinese news agency ECNS.
Over 2,600 fake mobile base stations were seized and 24 sites manufacturing illegal telecoms equipment shut down as part of a massive nationwide operation involving nine central government and Communist Party of China departments.
A report released by Trend Micro this month looked into the telecoms equipment black market in China and found that cybercriminals routinely use either a GSM modem, an internet short message gateway and an SMS server to send out spam messages.
On the underground market, SMS servers come in "all-in-one" packages that include a laptop, a GSM mobile phone, an SMS server, an antenna to send out the fake signal and a USB cable, all for RMB 45,000 (£4,355).
concertina226 writes: Microsoft is pulling support for the old Windows XP operating system from 8 April, in a bid to get consumers to move to newer Windows operating systems, but the decision puts a majority of ATMs at risk of cyber attacks.
Windows XP currently runs on almost 95% of all cash machines around the world as ATMs are designed to last between seven to 15 years. In theory, Windows XP embedded is actually supported by Microsoft until 2016, but other systems connected to the ATMs run regular Windows XP and will thus be susceptible to cyber attacks.
However not everyone wants to pay Microsoft more money and upgrading an ATM to Windows 7 requires additional hardware upgrades, so some financial firms in other parts of the world are considering moving to Linux.
concertina226 writes: Albert Einstein's "spooky" quantum mechanics theory about entangled particles that can stay connected even when separated by large distances could be applied to encrypt communications and improve security over the internet.
The phenomenon is known as the N-partite Einstein-Podolsky-Rosen (EPR) steering and over half a century later in the 1990s, scientists finally succeeded in using it to securely transmit a message from one person to another.
They created a shared quantum key that decoded the message only for the sender and receiver – meaning that the message would be completely secure from interception until it was received. However, until now, the quantum key has only worked for sharing messages between two parties.
concertina226 writes: If you missed Edward Snowden's interview with SXSW 2014 and don't fancy watching the hour-long video, here are most of the best quotes from the live video stream.
SXSW: "A question from Twitter: Is there anything we can do to make sure are data is secure from the NSA?"
ES: "There are a couple of technologies. There's full disc encryption, then there's network encryption and then there's also TOR, a mixed-routing network that's encrypted from the user, through the IP to a network of clouds, so because of this, your ISP can no longer spy on you by default, when you go to any website. In order to spy on TOR, you'd have to try to hack into the TOR cloud or monitor exits from TOR, but that's really difficult for any sort of mass surveillance. You'll be much safer."
concertina226 writes: If you think the crisis in the Ukraine is limited just to being just on the ground, think again. A cyberwar is flaring up between Ukraine and Russia and it looks like just the beginning.
On Friday, communication centres hijacked by unknown men to install wireless equipment to monitor the mobile phones of Ukraine parliament members, and since then, Ukranian hackers have been defacing Russian news websites, while Russia's Roskomnadzor is blocking any IP addresses or groups on social media from showing pro-Ukraine "extremist" content.
concertina226 writes: The malware, which Kaspersky calls "Backdoor.AndroidOS.Torec.a," has the ability to intercept SMS text messages sent on a smartphone and collect other data from the handset including the user's mobile number, the device's unique IMEI serial number and request GPS coordinates to identify where the device is currently located.
Hackers are beginning to target smartphones and tablets over PCs, as these powerful devices increasingly contain a wealth of personal data. Kaspersky Labs says it has so far collected 143,211 samples of mobile malware, and that Android is the target 98% of the time.
concertina226 writes: The patent documents listed on the Federal Communications Commission (FCC) website describe a phone that looks like it came straight out of Q's laboratory in a James Bond film.
The Boeing Black (H8V-BLK1) is a dual-SIM smartphone that supports GSM, WCDMA and LTE frequencies (i.e. 2G, 3G and 4G) using micro SIM cards. The handset also supports Wi-Fi and Bluetooth, and comes with USB and HDMI ports.
concertina226 writes: Jesselyn Radack, a human rights lawyer representing Edward Snowden, has claimed that she was detained and questioned in a "very hostile" manner on Saturday by London Heathrow Airport's Customs staff.
Radack freely disclosed to the border agent that she was going to see members of the Sam Adams Associates group, and when he realised that the meeting would be happening at the Ecuadorian Embassy, he went on to ask her if Julian Assange would be in attendance and to ask her about why she had travelled to Russia twice in three months.
concertina226 writes: The post also includes a short profile on FBI director James Brien Comey Jr, including sensitive information such as his date of birth, his wife's name, the date they got married, his educational history and even the geographical coordinates of his residence.
DavidGilbert99 writes: A new system for identifying criminals will use gait recognition as a way of identifying individual criminals in a crowd of up to 1,000 people with 99% accuracy by measuring how they walk, together with other physical characteristics. The system will look at a person's walking style including hand movements and stride — collectively known as gait recognition — and once it has been identified, the system can see whether the footage from other CCTV cameras offers up a match.
concertina226 writes: It's the attack of the gadgets – a cloud security provider has discovered what could be the first cyber-attack launched using connected smart devices such as routers, smart televisions and even a smart fridge.
For example, a user could be lured to a fake login page and told that their online banking password had "expired", and asked to re-enter their username and password in order to access their account. The hacker could then use those details to take control of the user's online banking account.