Archive for April 3, 2017

iOS Update Fixes WiFi Related Security Vulnerability

Posted in Commentary with tags on April 3, 2017 by itnerd

If you’re running iOS 10.3, you should check for updates because iOS 10.3.1 is out and it’s sole purpose is to keep you safe. You see, this update according to the security notes the update seems to only fix a problem where a remote attacker could pwn the iDevice if it was in range of it over WiFi. If there are other fixes in this update, Apple’s not telling as there’s nothing of value in the usual places to look for this info on Apple’s site.

One thing to consider is that iOS 10.3 popped up last Monday. Thus this implies that this issue was found and fixed inside of a week which is pretty impressive.

Advertisements

#Fail: Samsung Galaxy S8 Facial Recognition Can Be Pwned Using A Photo

Posted in Commentary with tags on April 3, 2017 by itnerd

The good news is that I am not writing about a phone that is exploding. The bad news is that Samsung who hyped facial recognition as a security feature when they rolled out the Galaxy S8 last week has found that it isn’t a security feature. That’s because the phone can be pwned via a photo. Here’s the video of the pwnage in action:

Samsung has yet to comment on this issue. But if you’re going to get an S8, you do have a few other security options. Such as the old school passcode, plus IRIS scanning and fingerprint scanning. Thus if this makes you the least bit nervous, maybe you should use one of those options instead.

Wikileaks Dumps More CIA Hacking Info

Posted in Commentary with tags on April 3, 2017 by itnerd

Wikileaks did another dump of CIA hacking info late last week. This time the info relates “Marble” which is part of a secret anti-forensic Marble Framework. In short, it basically is an obfuscator used to hide the true source of CIA malware so that blame for a hack can be shifted to anyone. This was part of source code files that were made public. Now that this is public, people who investigate hacks could in theory would be able to use this to confirm or deny that the CIA was behind a hack that was previously attributed to say the North Koreans, Russians, or Chinese. Wikileaks claims that this was in use as recently as 2016, but no proof has been provided on that front.

I for one will be waiting to see if a forensics company can confirm if this is legit or not. I suspect those answers will come shortly.

Smart TV’s Can Be Pwned Via Broadcast Signals

Posted in Commentary with tags on April 3, 2017 by itnerd

Here’s yet another reason why you don’t ever want to own a smart TV. A hacker has a proof of concept attack that allows one to take control of the TV without having physical access to it. And this attack works on up to 90% of smart TVs out there which makes it an extremely dangerous attack. You can thank Rafael Scheel of cyber security firm Oneconsult for this. He’s posted a video that you should likely watch if you own a smart TV:

Here’s my question: Will this force makers of smart TVs to up their game when it comes to security seeing as it clearly isn’t being taken seriously? We shall have to see. My guess is that this will not be top of mind for any maker of smart TVs until their TVs are subject to widespread pwnage. Then they will care.

Turkish Crime Family Member Arrested

Posted in Commentary with tags on April 3, 2017 by itnerd

British cops have busted a 20 year old who is thought to have been one of the members of the so called Turkish Crime Family who was behind the threat to wipe millions of iPhones. Motherboard has the details:

“National Crime Agency officers arrested a 20 year-old male and searched an address in London, N10 on Tuesday 28 March in relation to suspected Computer Misuse Act and extortion offences,” an NCA spokesperson wrote in an email after being approached by Motherboard with a copy of the warrant.

If these charges can be proven in court, this 20 year old is facing a lot of time in the big house. Extortion convictions in the UK carry double digit years in jail. Thus he might be prepared to spill the beans about his co-conspirators to avoid having someone named “Bubba” becoming his bunkmate.