Meet PINLogger, the drive-by exploit that steals smartphone PINs

3 02 2018
Smartphones know an awful lot about us. They know if we’re in a car that’s speeding, and they know when we’re walking, running, or riding in a bus. They know how many calls we make and receive each day and the precise starting and ending time of each one. And of course, they know the personal identification numbers we use to unlock the devices or to log in to sites that are protected by two-factor authentication. Now, researchers have devised an attack that makes it possible for sneaky websites to surreptitiously collect much of that data, often with surprising accuracy.

The demonstrated keylogging attacks are most useful at guessing digits in four-digit PINs, with a 74-percent accuracy the first time it’s entered and a 94-percent chance of success on the third try. The same technique could be used to infer other input, including the lock patterns many Android users rely on to lock their phones, although the accuracy rates would probably be different. The attacks require only that a user open a malicious webpage and enter the characters before closing it. The attack doesn’t require the installation of any malicious apps.

 

more

The content in this post was found at https://arstechnica.com/security/2017/04/meet-pinlogger-the-drive-by-exploit-that-steals-smartphone-pins/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



Tanium CEO admits using real hospital data in sales demos [Updated]

3 02 2018
Following a report by The Wall Street Journal that the security vendor Tanium used a hospital’s live network as a demonstration platform on sales calls and even revealed private hospital data in a publicly posted demonstration video, Tanium CEO Orion Hindawi has admitted that mistakes were made in handling data from El Camino Hospital’s network. Hindawi was vague about whether the company had live access to the network, but in a blog post late yesterday, he said that the data was from “this particular customer’s demo environment” and that Tanium did not—and should not—have remote access to customers’ security data except in a very few cases where customers had granted access.

[Update, 3:30 pm EDT] Ars has learned from a source familiar with the installation that the company did, in fact, use a connection to El Camino Hospital’s on-premises instance of the Tanium web console for demonstrations.The connection would have had to have been provided by El Camino’s information technology staff—though it is not clear how far up in the hospital’s administration that arrangement was approved, and the arrangement was apparently never documented. Since 2015—about the time Tanium lost access to the El Camino Hospital installation—Tanium has required that these sorts of arrangements be codified in writing.

more

The content in this post was found at https://arstechnica.com/security/2017/04/tanium-ceo-tacitly-admits-using-hospital-data-in-demos-sort-of/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



Uber’s ‘fingerprinting’ of iPhones after users delete app has sparked an FTC complaint

1 02 2018

Washington Post

April 27, 2017

The group claims that Uber’s practice of tagging iPhones was “unfair and deceptive.”

more

The content in this post was found at  https://www.washingtonpost.com/news/innovations/wp/2017/04/27/ubers-fingerprinting-of-iphones-after-users-delete-app-has-sparked-an-ftc-complaint/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



HP laptops covertly log user keystrokes, researchers warn

1 02 2018
HP is selling more than two dozen models of laptops and tablets that covertly monitor every keystroke a user makes, security researchers warned Thursday. The devices then store the key presses in an unencrypted file on the hard drive.

The keylogger is included in a device driver developed by Conexant, a manufacturer of audio chips that are included in the vulnerable HP devices. That’s according to an advisory published by modzero, a Switzerland-based security consulting firm. One of the device driver components is MicTray64.exe, an executable file that allows the driver to respond when a user presses special keys. It turns out that the file sends all keystrokes to a debugging interface or writes them to a log file available on the computer’s C drive.

 

more

The content in this post was found at  https://arstechnica.com/security/2017/05/hp-laptops-covert-log-every-keystroke-researchers-warn/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



The latest NSA leak is a reminder that your bosses can see your every move

29 01 2018

The case of Reality Winner, the 25-year-old woman arrested and accused of linking classified information, shows the limits of your privacy at work.

more

The content in this post was found at https://www.washingtonpost.com/news/the-switch/wp/2017/06/07/the-latest-nsa-leak-is-a-reminder-that-your-bosses-can-see-your-every-move/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico