Connect with us

Security

Texas detective says the data encryption of modern Android phones is superior to iPhones

Published

on

The US government has been trying to pressure companies like Apple to create a backdoor in its smartphones to help law enforcement agencies access encrypted data when needed. Such a backdoor could help agencies gather crucial information about a detainee, which can then be used as evidence in a court of law. However, critics have argued that giving the government easy access to smartphone data defeats the entire purpose of encrypting it in the first place. Apple, among other companies, has refused to cooperate so far. But a recent report from Vice claims that the government has been doing a decent job of cracking smartphone encryption even without their help when it comes to most iPhones. Android smartphones, however, have been getting increasingly more difficult to crack.

The report cites statements from Detective Rex Kiser, who conducts digital forensic examinations for the Fort Worth Police Department. In his statement, Kiser said, “A year ago we couldn’t get into iPhones, but we could get into all the Androids. Now we can’t get into a lot of the Androids.” The report further reveals that Cellebrite — a company that government agencies hire to crack smartphones — already has a tool that can crack iPhone encryption all the way up to the iPhone X. The tool can successfully get investigators access to data such as GPS records, messages, call logs, contacts, or even data from specific apps like Instagram, Twitter, LinkedIn, and more, which can be used to prosecute criminals.

However, the same Cellebrite tool hasn’t seen much success with Android encryption on a variety of handsets. For instance, the tool wasn’t able to extract any social media, internet browsing, or GPS data from devices like the Google Pixel 2, which features a tamper-resistant hardware security module, and the Samsung Galaxy S9. And in the case of the Huawei P20 Pro, the software didn’t get access to anything at all. To this Kiser told Vice that, “Some of the newer operating systems are harder to get data from than others … I think a lot of these [phone] companies are just trying to make it harder for law enforcement to get data from these phones … under the guise of customer privacy.”

But the aforementioned information doesn’t mean your Android device is uncrackable. Even though Cellebrite’s tool doesn’t work on some Android devices, it doesn’t mean investigators can’t extract the data they need for an investigation. The process is just a bit more labor-intensive and takes more time. According to Vice’s sources, even brand new devices like the iPhone 11 Pro Max can be cracked, but the process isn’t as easy as hooking up the device to a cracking tool to get the job done. Nonetheless, the report still does suggest that some Android phones are more difficult to crack than iPhones, making them a safer alternative if security and privacy are major concerns.

Source:
https://www.xda-developers.com/data-encryption-modern-android-phones-superior-iphones/

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Be vigilant about performing ‘security hygiene’ during coronavirus threat

Published

on

By

Consumers should seek out information based on science and not just personal testimonies.

Many of the news stories discussing the global outbreak of the COVID-19 virus rightly stress the importance of practicing protective measures such as vigorous hand washing and avoiding crowded events. Authorities roundly agree that proper hygiene and adherence to your national health authorities such as the CDC is critical to containing the spread of the deadly virus.

Meanwhile, the coronavirus scare is posing other risks – some directly, others indirectly related to COVID-19. Consumers hell-bent on gathering the latest information about virus-protection techniques are being warned about phishing scams that prey on their fears. Workers holed up in home offices face ongoing threats from hackers looking to poke holes in the patchwork of home and workplace security defenses.

“It’s always important to keep our guards up, to protect ourselves against security threats,” said Martin Hron, senior researcher at Avast. “Just like we need to pay attention to our own hygiene during times like these, we should maintain a high level of security hygiene to ensure we’re keeping our risk levels low.”

Virus-related scams are on the rise. State attorneys general have put out notices to watch for illegitimate investment schemes and websites advertising coronavirus “miracle products” or vaccines. Consumers should seek out information based on science and not just personal testimonies.

Earlier this month, the World Health Organization (WHO) issued a warning about phishing emails being sent by hackers posing as WHO representatives. The agency is getting regular reports of coronavirus-related phishing attempts.

The Secret Service recently issued a warning about phishing scam from people purporting to be from a medical organization offering information regarding the virus. Clicking on a link could infect your computer. The agency called the coronavirus outbreak “a prime opportunity for enterprising  criminals because it plays on the basic human conditions … fear.”

As more regions declare states of emergency in response to the coronavirus, workers that haven’t spent time working remotely suddenly have to reacquaint themselves with VPNs and document-sharing tools. Corporate remote-work rules can – and should – be stringent. Workers should review key practices with IT before embarking on long, and perhaps open-ended, remote periods.

Other corporate security measures could include the following:

  • Arm employees with a list of phone numbers, so they can reach out to a human from their IT team or other responsible person in case they have any IT issues.
  • Inform employees of the hardware, software, and services they can utilize that are not company issued, but could help to connect and share files with colleagues during the special circumstances.
  • Lay ground rules for employees when it comes to using personal hardware while working from home, such as printers.
  • Enforce two-factor authentication wherever possible to add an extra layer of protection to accounts.
  • Make sure employees have limited access rights and can only connect to the services they need for their specific tasks, rather than giving employees access to the entire corporate network.

Other potential risks tie back to actual hygiene itself. Workers operating remotely in regions affected by the coronavirus have been trained to scrub their hands and cover their mouths to stop the spread of disease. But are they paying the same attention to their technology devices themselves? Phones, laptops, tablets and IT remotes can transmit viruses if they’re not properly wiped down.

“We have to be vigilant, to be sure we’re protecting ourselves in every facet of our lives,” Hron said.

Source: https://blog.avast.com/security-hygiene-during-coronavirus-threat-avast

Continue Reading

Security

IOS 13 PRIVACY VIOLATION: APPS READ YOUR COPY-PASTE DATA

Published

on

By

It seems that dozens of hugely popular iOS apps have a bad habit: they read the copy-paste data without your consent, even if you only use them in other applications. It seems little stuff but it is not: the copy-paste in fact could include credit card numbers, passwords and other sensitive data.

A recent security research reveals an unhealthy habit of some pretty popular apps. TikTok, Reuters, The Wall Street Journal, Fruit Ninja, Viber, Hotels.com, Plants vs. Zombies Heroes and many others are reading the contents of the copy-paste (also called “clipboard”) every time they are opened, and even if the content is not intended for them. Indeed, some would not even provide the functionality of paste, but they grab it anyway.

This is a possibility provided by the operating system which allows you to switch information from one app to another; but it would be good to access this information only when the user gives a precise command, otherwise it is a clear violation. It’s as if a secretary secretly reads the notes in his employer’s desk drawer. Technically nothing prevents him, given that he has full access to the office, but still remains a betrayal of mutual trust.

Finally, to underline that, if you have Universal Clipboard activated, these apps can also automatically read the data you copy and paste on your Mac.

Here is the complete list of apps that snoop on the pasteboard every time the app is opened. The apps are listed alphabetically

News

  • ABC News — com.abcnews.ABCNews
  • Al Jazeera English — ajenglishiphone
  • CBC News — ca.cbc.CBCNews
  • CBS News — com.H443NM7F8H.CBSNews
  • CNBC — com.nbcuni.cnbc.cnbcrtipad
  • Fox News — com.foxnews.foxnews
  • News Break — com.particlenews.newsbreak
  • New York Times — com.nytimes.NYTimes
  • NPR — org.npr.nprnews
  • ntv Nachrichten — de.n-tv.n-tvmobil
  • Reuters — com.thomsonreuters.Reuters
  • Russia Today — com.rt.RTNewsEnglish
  • Stern Nachrichten — de.grunerundjahr.sternneu
  • The Economist — com.economist.lamarr
  • The Huffington Post — com.huffingtonpost.HuffingtonPost
  • The Wall Street Journal — com.dowjones.WSJ.ipad
  • Vice News — com.vice.news.VICE-News

Games

  • 8 Ball Pool™ — com.miniclip.8ballpoolmult
  • AMAZE!!! — com.amaze.game
  • Bejeweled — com.ea.ios.bejeweledskies
  • Block Puzzle — Game.BlockPuzzle
  • Classic Bejeweled  com.popcap.ios.Bej3
  • Classic Bejeweled HD — com.popcap.ios.Bej3HD
  • FlipTheGun — com.playgendary.flipgun
  • Fruit Ninja — com.halfbrick.FruitNinjaLite
  • Golfmasters — com.playgendary.sportmasterstwo
  • Letter Soup — com.candywriter.apollo7
  • Love Nikki — com.elex.nikki
  • My Emma — com.crazylabs.myemma
  • Plants vs. Zombies™ Heroes — com.ea.ios.pvzheroes
  • Pooking – Billiards City — com.pool.club.billiards.city
  • PUBG Mobile — com.tencent.ig
  • Tomb of the Mask — com.happymagenta.fromcore
  • Tomb of the Mask: Color — com.happymagenta.totm2
  • Total Party Kill — com.adventureislands.totalpartykill
  • Watermarbling — com.hydro.dipping

Social Networking

  • TikTok — com.zhiliaoapp.musically
  • ToTalk — totalk.gofeiyu.com
  • Tok — com.SimpleDate.Tok
  • Truecaller — com.truesoftware.TrueCallerOther
  • Viber — com.viber
  • Weibo — com.sina.weibo
  • Zoosk — com.zoosk.Zoosk

Other

  • 10% Happier: Meditation —com.changecollective.tenpercenthappier
  • 5-0 Radio Police Scanner — com.smartestapple.50radiofree
  • Accuweather — com.yourcompany.TestWithCustomTabs
  • AliExpress Shopping App — com.alibaba.iAliexpress
  • Bed Bath & Beyond — com.digby.bedbathbeyond
  • Dazn — com.dazn.theApp
  • Hotels.com — com.hotels.HotelsNearMe
  • Hotel Tonight — com.hoteltonight.prod
  • Overstock — com.overstock.app
  • Pigment – Adult Coloring Book — com.pixite.pigment
  • Recolor Coloring Book to Color — com.sumoing.ReColor
  • Sky Ticket — de.sky.skyonline
  • The Weather Network — com.theweathernetwork.weathereyeiphone

Source: https://www.gizchina.com/2020/03/16/ios-13-privacy-violation-apps-read-your-copy-paste-data/

Continue Reading

Security

5 Methods Hackers Use To Hack Your Bank Accounts

Published

on

By

Nothing is really safe in this digital world. Every other day, we read about hacking attempts and security threats. Since our whole life is becoming online, the number of black-hat hackers are also increasing. Hackers are not using different techniques to break into your banking accounts.

There are multiple ways a hacker could hack your banking accounts. So, if you use internet banking services, then you need to follow some security steps to safeguard your banking accounts.Contentsshow

5 Methods Hackers Use To Hack Your Bank Accounts

In this article, we are going to share a few popular methods hackers use to hack your bank accounts. By knowing the techniques, you will be in a better situation to understand how your accounts can get hacked. So, let’s check out the methods hackers use to break into your bank account.

1. Banking Trojans (Smartphones)

Banking Trojans
Banking Trojans

Hackers can use malicious apps to break into their banking accounts. In this method, hackers create a duplicate copy of a legitimate banking app and upload it to third-party app stores. Once downloaded, the app sents the username and password to the creator.

2. App Hijacking

App Hijacking
App Hijacking

In this method, a hacker creates a fake trojan filled banking app. When installed, it sits silently on the background and scans your phone for a banking app. When it detects a banking app, it shows a fake window that looks identical to the legitimate banking app and drives you to the login page.

The process is done so smoothly that a regular user won’t even notice the swap and will end up entering the details on the fake login page.

3. Smishing

Smishing
Smishing

Smishing is an SMS version of Phishing. It’s a scam in which hackers uses SMS instead of email templates to lure recipients into providing credential via text message reply.

Smishing scams might show itself as a request from the bank, a note from the company, lottery prize, etc. Every template will ask you to make a payment by entering the credit/debit card details.

3. Keyloggers

Keyloggers
Keyloggers

Keyloggers are another popular hacking technique used by hackers. Keyloggers are of two types – hardware and software. The software versions need installation. Once installed, it silently records your keystrokes and sends the information back to the hacker.

The hardware keyloggers need to be fitted into the line from a keyboard to a device. Hardware keyloggers need to be installed physically on the device. Once established, it serves as a software keylogger.

4. SIM Swapping

SIM Swapping
SIM Swapping

SIM swapping is one of the rare techniques that hackers can use to break into your bank account. In this method, the hacker contacts your mobile network provider, claiming to be you. They convince network providers to assign the registered phone number to a new card.

If they are successful in doing so, all incoming calls and SMS will be routed to the new SIM card. It might look harmless and unachievable at first glance, but if done correctly, it can cause lots of harm. It can hack almost every accounts linked with the phone number.

5. Man-in-the-middle attack

Man-in-the-middle attack
Man-in-the-middle attack

The man-in-the-middle attack is one of the most dangerous hacking techniques used by hackers. In a Man-in-the-middle attack, the hacker inserts him/herself into a conversation between two parties. In the banking section, the two parties will be the user and the banking application.

However, it’s an advanced technique that requires monitoring an insecure server and analyzing the data that it passes through. The ultimate goal of this attack is to steal sensitive information like banking credentials, credit card details, etc.

So, these are the five methods hackers use to break into your bank account. I hope this article helped you! Share it with your friends also.

Source: https://techviral.net/methods-hackers-use-to-hack-bank-accounts/

Continue Reading
Advertisement

Trending

Copyright © 2020 Inventrium Magazine

%d bloggers like this: