Tag Archives: Hackers

Combating Unwarranted Phone Surveillance with Biometrics and Voice Control

1 Mar

Amidst the introduction of a new mobile tracking bill, targeting the existence of warrants— there has been a sudden rise in the number of frightened consumers. Most handset owners are dealing with skepticism, concerning lack of mobile security and other malicious activities.

In this post, we will be talking about the possible security loopholes in the existing arena in addition to certain methodologies or rather technologies for combating the same. Before we move any further into this post, it is fitting enough to understand how phone surveillance works, regardless of the legalities associated with the same.

Decoding Mobile Tracking

Phone Surveillance

In simpler terms, mobile tracking is an undesirable act of sabotaging someone’s privacy. While many government organizations have already resorted to these methods for averting security threats, more often than not phone surveillance is an unwarranted and unauthorized affair— leading to catastrophic outcomes.

Existent of Consumer Spyware

When it comes to malware targeting mobile tracking, consumer spyware is the latest fad. This is one of the most effective techniques— used by fraudulent organizations for getting inside the handset of any user. Usually, this form of malware comes as a mobile application or a separate, downloadable entity. Once allowed access, the spyware easy takes control of images, data, phone log and everything that’s inside the device.

The worst part about consumer spyware is that it can be installed within a few seconds and starts working in the background. While physical access to the handset is required, a skilled hacker can easily install the bug without the owner even noticing the instantaneous sabotage. That said, malicious applications can also embed the spyware with minimal hassles.

Lastly, consumer spyware can even access the phone audio and microphone, allowing hackers gain complete access to every word spoken.

This form of malware is mostly used by firms with nefarious intentions who look to sell over the acquired details to other parties for financial perks.

‘Stingrays’

stingrays and Phone Surveillance

While malicious applications and malware can be detected by being vigilant, there are certain newly devised techniques which are nearly impossible to identify. Stingrays are the newest techniques used by hackers for getting unwarranted access to any mobile. These entities sit on the mobile towers or act as authorized establishments— luring users into addressing them as legit ones. Mobile users, unknowingly, send data via these towers and allow malicious sources right into the device.

Safeguarding Handsets with Biometrics

Biometrics are some of the more desirable techniques, targeting mobile safety and privacy. While the existing solutions are great, we are expecting a more granular approach towards secured devices. The concept of biometric protection has already been taken seriously by several authorities— across the globe— integrated with global bank statements and other confidential documents. Some of the developing nations have also identified the importance of biometric solutions— integrating the likes of national cards and associated details with the respective handsets.

However, the amalgamation of identity card biometrics with mobile solutions need to be country-specific as different nations have different rules regarding their ID segregations. We have country-specific biometric-spruced ID proofs for the developed and even developing nations— biding the likes of retina scans, fingerprints and even digital signage with the smartphones.

biometrics and Phone Surveillance

This is a more granular approach towards biometric solutions and is expected to curb the inadvertent growth of unwarranted phone surveillance.

Certain AI empowered smartphones are also being considered for amalgamating biometrics with voice and other kinds of authentication schemes.

Combating Fraud with Voice Control

Although getting access to the phone mic isn’t as hard as it seems, consumer spyware can still be kept at bay via authorized voice control. While accessing any electronic device via voice seems to be a far-fetched idea, it seems scientists have already established certain measures leading to the same.

Quite recently, scientists have developed a low-cost chip which could change the way we handle our electronic gadgets— especially the mobiles.

Closing in on the chip, it is a great tool for automatic voice recognition— featuring a low-power console, courtesy the adaptable form factor. If used in a cellphone, the existing chip requires a mere 1W to get activated. Moreover, the usage pattern actually determines the amount of power needed to keep the chip activated.

When it comes to safety, the existing chip can sit on any given cellphone and prevent unauthorized access. This feature is one aspect of looking at Internet of Things for mobiles— instrumental in safeguarding the same from unwarranted surveillance.

The reason why we are upbeat for voice recognition as a pillar of safety is that speech input, in years to come, is expected to be a natural interface for more intelligent devices— making hacking a less-visited arena.

In the upcoming years, voice recognition chips are expected to make use of neural architecture and other aspects of human intelligence— making safety an obvious concept and not a selective one. However, power consumption remains to be one of the major limitations. At present one chip works on a single neural node of a given network— passing 32 increments of 10-milliseconds each.

Bottom-Line

Unethical tracking isn’t going to stop with the introduction of voice recognition techniques and biometrics. However, perfect application of the same seems to have lowered down the instances and we can just be hopeful of a more transparent future. There has been a lot of work going on in the field of speech recognition for every smartphone and we might soon see a pathbreaking innovation in the concerned field.

That said, biometrics have found their way into our lives, documents and even smartphones and their usage has also skyrocketed. There were times when users hardly made use of a fingerprint scanner but the current scenario suggests that iPhone’s Touch ID is used at least 84 times a day— on an average. This shows users are slowly adopting technology as their weapon towards safety and privacy.

Source: http://fundesco.net/combating-unwarranted-phone-surveillance-with-biometrics-and-voice-control/

Advertisements

Is someone watching you online? The security risks of the Internet of Things

21 Mar

The range and number of “things” connected to the internet is truly astounding, including security cameras, ovens, alarm systems, baby monitors and cars. They’re are all going online, so they can be remotely monitored and controlled over the internet.

Internet of Things (IoT) devices typically incorporate sensors, switches and logging capabilities that collect and transmit data across the internet.

Some devices may be used for monitoring, using the internet to provide real-time status updates. Devices like air conditioners or door locks allow you to interact and control them remotely.

Most people have a limited understanding of the security and privacy implications of IoT devices. Manufacturers who are first-to-market are rewarded for developing cheap devices and new features with little regard for security or privacy.

At the heart of all IoT devices is the embedded firmware. This is the operating system that provides the controls and functions to the device.

Our previous research on internet device firmware demonstrated that even the largest manufacturers of broadband routers frequently used insecure and vulnerable firmware components.

IoT risks are compounded by their highly connected and accessible nature. So, in addition to suffering from similar concerns as broadband routers, IoT devices need to be protected against a wider range of active and passive threats.

Active IoT threats

Poorly secured smart devices are a serious threat to the security of your network, whether that’s at home or at work. Because IoT devices are often connected to your network, they are situated where they can access and monitor other network equipment.

This connectivity could allow attackers to use a compromised IoT device to bypass your network security settings and launch attacks against other network equipment as if it was “from the inside”.

Many network-connected devices employ default passwords and have limited security controls, so anyone who can find an insecure device online can access it. Recently, security researchers even managed to hack a car, which relied on readily accessible (and predictable) Vehicle Identification Numbers (VINs) as its only security.

There are many security threats to the Internet of Things.
Author provided

Hackers have exploited insecure default configurations for decades. Ten years ago, when internet-connected (IP) security cameras became common, attackers used Google to scan for keywords contained in the camera’s management interface.

Sadly, device security hasn’t improved much in ten years. There are search engines that can allow people to easily locate (and possibly exploit) a wide range of internet-connected devices.

Many IoT devices are already easily compromised.

Passive threats

In contrast to active threats, passive threats emerge from manufacturers collecting and storing private user data. Because IoT devices are merely glorified network sensors, they rely on manufacturer servers to do processing and analysis.

So end users may freely share everything from credit information to intimate personal details. Your IoT devices may end up knowing more about your personal life than you do.

Devices like the Fitbit may even collect data to be used to assess insurance claims.

With manufacturers collecting so much data, we all need to understand the long-term risks and threats. Indefinite data storage by third parties is a significant concern. The extent of the issues associated with data collection is only just coming to light.

Concentrated private user data on network servers also presents an attractive target for cyber criminals. By compromising just a single manufacturer’s devices, a hacker could gain access to millions of people’s details in one attack.

What can you do?

Sadly, we are at the mercy of manufacturers. History shows that their interests are not always aligned with ours. Their task is to get new and exciting equipment to market as cheaply and quickly as possible.

IoT devices often lack transparency. Most devices can be used only with the manufacturer’s own software. However, little information is provided about what data is collected or how it is stored and secured.

But, if you must have the latest gadgets with new and shiny features, here’s some homework to do first:

  • Ask yourself whether the benefits outweigh the privacy and security risks.
  • Find out who makes the device. Are they well known and do they provide good support?
  • Do they have an easy-to-understand privacy statement? And how do they use or protect your data?
  • Where possible, look for a device with an open platform, which doesn’t lock you in to only one service. Being able to upload data to a server of your choice gives you flexibility.
  • If you’ve already bought an IoT device, search Google for “is [your device name] secure?” to find out what security researchers and users have already experienced.

All of us need to understand the nature of the data we are sharing. While IoT devices promise benefits, they introduce risks with respect to our privacy and security.

Source: http://3583bytesready.net/tag/internet-of-things/

4G LTE could spur DDoS, mobile data theft

3 Oct

Hackers can leverage high speed and data capacity of LTE networks to perpetrate distributed denial-of-service attacks on networks, and also target data on mobile devices.

The rise of 4G LTE networks can bring about security incidents such as distributed denial-of-service (DDoS) attacks on corporate and home networks, and data theft on mobile devices, industry watchers say.

According to Michela Menting, cybersecurity senior analyst at ABI Research, hackers can leverage the high speed and increased data capacity of LTE networks, and fast processing capabilities of smartphones to perpetuate DDoS attacks.

Most nations are susceptible to this as they increasingly wire up with LTE networks and smartphone adoption is increasing rapidly worldwide, she observed.

Elaborating, she noted LTE networks use Internet Protocol (IP) based communication in their transport network and base stations. Their core network point of entrance being through femtocells, a base station which acts as a wireless access point for a home or business, she pointed out.

While femtocells are popular among operators because they are a less expensive alternative to upgrade, they also require the exposure of public IP addresses of security gateways to enable communication between the end-user device and the core network, she noted. An increase in femtocell deployment could lead to more exposure to IP-based threats such as denial-of-service attacks, she said.

“Consequently, increasingly aggressive network attacks against subscriber identity management, routing and roaming, can be expected,” she added.

Mobile devices, data potentially more vulnerable Another observer Patrick Lum, senior consultant at Verizon’s risk group, noted hackers can design malware which create botnets, or centrally controlled networks of compromised systems, and they can be used for the purposes of sending spam or participating in DDoS attacks.

With LTE operating as an IP network and providing higher bandwidth, mobile phones will be a “lucrative” target for hackers looking to expand their existing botnets, Lum explained.

This will also result in a significant increase in new IPs, which could lead to hackers to create phishing attacks which can lead to data theft and loss since many users tend to store sensitive data on their mobile phones, he said.

Femtocells will be deployed wherever people and businesses need them, such as inside homes, shopping centers, airports and hospitals, Menting warned. This means it will be much easier for hackers to “wreak havoc” in specifically targeted areas, she said.

Those that provide online services such as e-commerce and Internet banking are more at risk compared to those with just a Web page, because any disruption in the online service will inevitably lead to a loss in revenue or fines from authorities, he said.

Partner telcos, ISPs, have internal DDoS plan Telcos and internet service providers (ISPs) will have to limit and mitigate threats as they happen, and continuously work to patch vulnerabilities once they are exposed, Menting suggested.

Companies can also have agreements and with the hosting provider or the ISPs providing the network service, Lim added.

“These external parties often have the ability to filter or block DDoS attacks within their own network environment before the attack reaches the victim’s networks,” he said.

Internally, companies must devise a DDoS response plan with key processes and procedures for IT personnel to follow in case of a potential attack, he said. Adequate preparation will enable companies to anticipate DDOS attacks or identifying risk, which will go a long way in preventing significant data or revenue loss for a company, he said.

Source: http://www.zdnet.com/4g-lte-could-spur-ddos-mobile-data-theft-7000005106/

%d bloggers like this: