Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Mobile Phones. Show all posts
Technology
Apple security features Face ID security iOS security iPhone iPhone passcode iPhone theft Mobile Phones Stolen Device Protection Technology

Fortifying iPhone Security: Stolen Device Protection & Essential Tips Amid Rising Theft Concerns

 

Numerous iPhones, often regarded as some of the best in the market, are pilfered daily on a global scale. Apple aims to address this issue with the upcoming release of iOS 17.3, introducing a feature called Stolen Device Protection.However, this security measure won't be automatically activated; users will need to manually enable it through the Settings app by accessing Face ID & Passcode.

Once activated, Stolen Device Protection will significantly impede thieves from altering the Apple ID password, disabling Find My, or adding a new face to Face ID. The prevalence of iPhone theft, as highlighted in a recent report by The Wall Street Journal, has prompted Apple's swift action to enhance security measures.

The tactics employed by iPhone thieves, such as Aaron Johnson in the U.S., often involve old-fashioned methods. Johnson, and others like him, observed users entering their passcodes and then proceeded to steal, wipe, and resell the stolen smartphones.

A key takeaway from Johnson's approach emphasizes never handing an unlocked phone to anyone. His strategy targeted unsuspecting individuals, primarily young men in social settings, by creating plausible scenarios to gain access to their phones. Victims, often in compromised states, willingly provided their passcodes, unknowingly enabling theft.

To safeguard against such tactics, it's crucial to avoid handing over an unlocked phone to anyone, regardless of the circumstances. Additionally, relying on facial recognition alone might not suffice; utilizing a strong, complex passcode and being vigilant of surroundings during passcode entry can add an extra layer of security.

Another precautionary measure involves individually locking sensitive apps, a feature less straightforward on iPhones compared to many Android devices. While iOS lacks native app-locking functionalities, utilizing Guided Access under Settings > Accessibility allows users to lock specific apps with a different passcode from the device's unlock code.

The visibility of certain iPhone models, particularly those with distinct features like the three-camera setup on the Pro Max versions, makes them more susceptible to theft. Until the implementation of Stolen Device Protection, users must exercise caution when using their iPhones in public settings to mitigate the risk of becoming targets.

While Apple continues to enhance security measures with each iOS update, staying vigilant and implementing precautionary measures remain vital to safeguard against potential theft.
Read more »
Scanning
Android Brute Force Fingerprint Attack Mobile Phones Scanning

This Brute-force Fingerprint Attack has the Potential to Compromise Your Android Phone

 

Based on a research paper from cybersecurity researchers at Tencent Labs and Zhejiang University, there is a means to "brute-force" fingerprints on Android smartphones, and with physical access to the smartphone and enough time, a hacker would be able to unlock the device. 

According to the report, two zero-day vulnerabilities known as Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL) exist in Android devices (as well as those powered by Apple's iOS and Huawei's HarmonyOS). The researchers were able to accomplish two things by exploiting these flaws: make Android enable an infinite number of fingerprint scanning attempts; and leverage databases obtained in academic datasets, biometric data dumps, and other comparable sources.

The attackers needed a few things to pull off the attacks: physical access to an Android-powered smartphone, enough time, and $15 in hardware.

The attack was dubbed "BrutePrint" by the researchers, who claim that it would take between 2.9 and 13.9 hours to break into an endpoint with only one fingerprint set up. They claimed that devices with numerous fingerprint recordings are substantially easier to break into, with the average time for "brute printing" ranging from 0.66 hours to 2.78 hours.

The experiment was carried out on ten "popular smartphone models" as well as two iOS devices. It's currently unknown which models were affected, however, they claimed to have achieved infinite tries on Android and HarmonyOS devices. 

However, they only managed to gain an extra 10 attempts on iPhone SE and iPhone 7 models, which was insufficient to successfully carry out the attack. As a result, while iOS may be exposed to these weaknesses, the present approach of breaking into the device by brute force will not work. 

While this form of attack may not be appealing to the average hacker, the researchers believe it may be utilized by state-sponsored actors and law enforcement organizations. 

Read more »
Research
Ads Data Safety data security Mobile Phones Research

Research Says, Mobile Phones are Listening to Your Conversations

 

You're not alone if you've felt paranoid after your phone displayed an advertisement for a random item you just discussed. If you've recently been discussing it with a friend, seeing an advertisement for the same product can leave you feeling uncomfortable. 

And, while social media platforms have long denied spying on their users, recent studies indicate that businesses are employing a sneaky type of data monitoring system that takes advantage of the devices' microphone systems. According to NordVPN research, businesses are using ultrasonic cross-device tracking to listen to background noise and serve up personalized ads, while charging the company for the privilege.

As per NordVPN, the cross-device tracking method involves apps using ultrasonic "audio beacons" that cannot be heard by the human ear to "link all the devices you own to track your behavior and location." These high-pitched signals can be concealed in TV commercials or online videos.

When your device's microphone picks them up, advertisers can identify what you've been watching or talking about. Different apps on your phone can hear for these beacons to keep track of what you're doing, which is why some apps request access to your microphone.

According to NordVPN's research, nearly half of Brits (45%) claim to have seen an ad for something show up on their phones shortly after talking about it or watching it on TV, without ever searching for it online. Meanwhile, 62% of consumers said they had no idea how to avoid this, and 1 in 8 said the advertisements 'scared' them.

NordVPN’s Adrianus Warmenhoven said: "While it’s impossible to stop the ultrasonic beacons working, you can reduce the chance of your smartphone listening for them by simply restricting unnecessary permissions you have granted the apps on your device."

According to NordVPN, turning off microphone access for apps that don't require it may help. To change the permissions that apps have, go to the Settings menu on your phone and look for a 'Privacy' option. You should be able to see which apps have access to your microphone here and limit it as needed. You can also use a secure browser, such as Brave, Tor, or DuckDuckGo, or get a VPN, which encrypts all of your online activity.
Read more »
Vulnerability
Apple data security Flaws Government iPhone Mobile Phones Safety User Vulnerability

Government Issues High-risk Warning for iPhone Users

 

Apple iPhones are known for their strength and security features. The Cupertino-based tech behemoth releases security updates for its devices on a regular basis. Although Apple recommends that people install the most recent builds of iOS on their iPhones in order to have a more protected and feature-rich operating system, older iPhone models are incapable to deploy the most recent updates due to hardware limitations. 

Some users prefer to run older versions of iOS for simplicity of use, but it's important to note that older iOS versions are easier to exploit. One such flaw has been discovered in Apple's iOS, and the Indian government has issued a warning to iPhone users.

According to the Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology, a vulnerability in iOS has been disclosed that could permit an attacker to implement arbitrary code on the targeted device. Apple iOS versions prior to 12.5.7 are vulnerable for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

This vulnerability exists in Apple IOS due to a type of confusion flaw in the WebKit component, according to CERT-In. An attacker could utilize this vulnerability by luring the victim to a maliciously crafted website. An attacker who successfully exploits this vulnerability may be able to execute arbitrary code on the targeted system. 

The security flaw is actively being exploited against iOS versions prior to iOS 15.1. To avoid being duped, install the new iOS 12.5.7 patch, which Apple released earlier this week.
Read more »
Technology News
Android Connectivity Mobile Phones Phone Report Satellite Smartphone Technology Technology News

Report States Many Phones To Soon Get Satellite Connectivity

 

A new partnership between satellite phone company Iridium and chip giant Qualcomm will bring satellite connectivity to premium Android smartphones later this year. It implies that handsets can communicate with passing satellites to send and receive messages even in areas with no mobile coverage.

Qualcomm chips are found in many Android-powered smartphones. Apple announced a satellite feature for the iPhone 14 in September 2022. The service is currently only available for sending and receiving basic text messages in an emergency.

Bullitt, a British smartphone maker, was the first to launch its own satellite service, beating Apple to the punch. It is also intended for emergency use and will initially be available in select areas.

Iridium was the first satellite phone system, launching its first satellite into orbit in 1997. In 2019, it completed a refresh of its 75-spacecraft network.

The satellites cover the entire globe and fly in low orbit, approximately 485 miles (780 kilometres) above the Earth, and groups of them can communicate with one another, passing data between them.

Qualcomm stated that the new feature, dubbed Snapdragon Satellite, will initially be included only in its premium chips and is unlikely to appear in low-cost devices.

However, it will ultimately be rolled out to tablets, laptops, and even vehicles, and will also become a service that is not limited to emergency communication - though there will most probably be a fee for this.

Satellite connectivity is widely regarded as the next frontier for mobile phones because it addresses the issue of "not-spots," or areas with no existing coverage. These are more common in rural or remote areas.

It has already been used to provide broadband coverage by services like Elon Musk's Starlink. Satellite broadband is faster and more reliable than cable or fiber connections but is more expensive.

But since countries such as India and China prohibit the use of satellite phones, the use of the feature will be subject to local government regulations.
Read more »
WhatsApp
Android Apps Data Fake Apps Mobile Phones Mobile Security Safety Scam Security SMS Access WhatsApp

This Unofficial WhatsApp Android App Caught Stealing Users’ Accounts

 

Kaspersky researchers discovered 'YoWhatsApp,' an unofficial WhatsApp Android app that steals access keys for users' accounts. Mod apps are promoted as unofficial versions of genuine apps that include features that the official version does not. 

YoWhatsApp is a fully functional messenger that supports extra features such as customising the interface and blocking access to specific chats. The tainted WhatsApp app requests the same permissions as the original messenger app, such as SMS access.

“To use the WhatsApp mod, users need to log in to their account of the legitimate app. However, along with all the new features, users also receive the Triada Trojan. Having infected the victim, attackers download and run malicious payloads on their device, as well as get hold of the keys to their account on the official WhatsApp app.” reported Kaspersky. 

“Along with the permissions needed for WhatsApp to work properly, this gives them the ability to steal accounts and get money from victims by signing them up for paid subscriptions that they are unaware of.”

This mod instals the Triada Trojan, which is capable of delivering other malicious payloads, issuing paid subscriptions, and even stealing WhatsApp accounts. More than 3,600 users have been targeted in the last two months, according to Kaspersky. The official Snaptube app promoted the YoWhatsApp Android app.

The malicious app was also discovered in the popular Vidmate mobile app, which is designed to save and watch YouTube videos. Unlike Snaptube, the malicious build was uploaded to Vidmate's internal store. YoWhatsApp v2.22.11.75 steals WhatsApp keys, enabling threat actors to take over users' accounts, according to Kaspersky researchers.

In 2021, Kaspersky discovered another modified version of WhatsApp for Android that offered additional features but was used to deliver the Triada Trojan. FMWhatsApp 16.80.0 is the modified version.

The experts also discovered the advertisement for a software development kit (SDK), which included a malicious payload downloader. The FMWhatsapp was created to collect unique device identifiers (Device IDs, Subscriber IDs, MAC addresses) as well as the name of the app package in which they are deployed.

To be protected, the researchers advise:
  • Only install applications from official stores and reliable resources
  • Remembering to check which permissions you give installed applications – some of them can be very dangerous
  • Installing a reliable mobile antivirus on your smartphone, such as Kaspersky Internet Security for Android. It will detect and prevent possible threats.
Kaspersky concluded, “Cybercriminals are increasingly using the power of legitimate software to distribute malicious apps. This means that users who choose popular apps and official installation sources may still fall victim to them. In particular, malware like Triada can steal an IM account, and for example, use it to send unsolicited messages, including malicious spam. The user’s money is also at risk, as the malware can easily set up paid subscriptions for the victim.”


Read more »
Subscribe to: Posts (Atom)