Posted on

@Deray’s Twitter Hack Reminds Us Even Two-Factor Isn’t Enough

The Apple ecosystem is well known for very rarely letting any dodgy apps enter it because of the company’s stringent security checks.

 

But recently, nearly two dozen malicious pieces of software managed to get hosted on the App Store, and subsequently downloaded by Chinese users. This is because attackers found an unorthodox route to exploit: they targeted some versions of the software used by developers to makes apps for iOS and OS X in the first place.

 

The malware was first highlighted by Chinese developers on Weibo, and was then analyzed by researchers from Alibaba. Security company Palo Alto Networks then verified the results.

 

The hack all hinges around Xcode, a tool used to create iOS and OS X apps. Typically, Xcode is downloaded directly from Apple for free. However, it is possible to get Xcode from other sources too, such as developer forums. Some versions of Xcode found on Baidu Yunpan, a Chinese file-sharing service, come packaged with extra lines of code. The Alibaba researchers have dubbed these malicious variants “XcodeGhost.”

 

Apps constructed with XcodeGhost code will collect a bunch of information about a customer’s device once the app has been downloaded. The data siphoned includes the current time, the name of the device, and the network type—none of which is anything a hacker could really use against you.

 

The malware in the App Store itself is not concerning, but there’s a broader issue here: the way in which it got past Apple’s screening process in the first place.

 

Read the full article here.

Posted on

Singapore will cut off public servants’ Internet access next year

In what seems like a surprising and drastic move, the Singapore government has decided that all computers used by public servants will have their Internet access blocked from May 2017 onwards.

 

According to The Straits Times, more than 100,000 computers will be cut off, in an effort to minimise security risks.

 

A spokesperson for the Infocomm Development Authority (IDA) said: "The Singapore government regularly reviews our IT measures to make our network more secure."

 

Read the full article here.

Posted on

Visa to help banks break into mobile payments

Visa has introduced the Visa Digital Commerce App, an issuer-branded mobile commerce product that enables financial institutions to offer their own mobile app to customers. Card management features in the app can help an FI to expand and strengthen its Visa credit, debit and prepaid card offerings, according to a company press release.

 

Through the mobile app, issuers can offer services such as real-time account balance information, card controls, alerts that inform accountholders about recent transactions or fraud concerns, and token services that are intended to bring greater security to contactless payments on NFC-enabled Android smartphones. Visa said that as a hosted service, the app is intended to simplify the delivery of a broad array of card management features and provide a roadmap for issuers to rapidly deploy new features and enhancements.

 

Read the full article here.

Posted on

Researchers hack phone vibration motor to act as a microphone

On the list of things that might be eavesdropping on your day-to-day conversations, the tiny motor that makes your phone buzz isn’t necessarily the first one that comes to mind. But that is exactly what happens with the VibraPhone — a proof-of-concept device created by two researchers from the University of Illinois at Urbana-Champaign to show that the motor in your smartphone or fitness tracker can be re-wired to act as a serviceable microphone.

 

The concept is fairly simple: the motor uses electric current to change a magnetic field that makes the vibrating mass move, like a clunky, low-frequency speaker. A microphone does the reverse by translating sound wave vibrations into electrical current with a magnetic diaphragm. In their research, Nirupam Roy and Romit Roy Choudhury of the University of Illinois at Urbana-Champaign show that the vibration motor can be similarly affected by sound wave vibrations in the air.

 

Now, before anybody starts ripping the vibrating motors out of their phones, TechCrunch is quick to point out that this hack currently requires someone physically take apart a phone and rewire the motor to connect it to the phone’s audio system. But, as Roy explained, it may also be possible hack the power controller chip to collect the necessary voltage information to rebuild an audible waveform. And there’s also the possibility of hijacking the feedback motor in other devices like fitness monitors.

 

Read the full article here.

Posted on

Got A Lenovo Laptop? You Need To Uninstall The Accelerator ASAP

Some good news, and some bad news. The good news is that Lenovo computers come with a pre-installed program called Accelerator, which helps to speed up certain Windows applications.

The bad news? There’s a serious security vulnerability in Accelerator, which could allow someone to install a program on your computer by disguising it as an updated version of Accelerator.

Lenovo is therefore recommending that you uninstall Accelerator, if it’s present on your PC or laptop.

Read the full article here.

Posted on

US warns banks on cyber threat after Bangladesh heist

U.S. regulators on Tuesday told banks to review cyber-security protections against fraudulent money transfers in the wake of revelations that a hacking group used such messages to steal $81 million from the Bangladesh central bank. The notice from the Fed and other financial regulators came two weeks after the U.S. Federal Bureau of Investigation privately urged banks to look for signs of possible cyber attacks.

 

Read the full article here.

Posted on

Vysor allows you to mirror multiple Android devices

Google developer, Koush, announced an update to his popular device mirroring app Vysor on Thursday that will enable users to share multiple android screens to a PC, Linux or Mac simultaneously and then grant remote access to the device farm. The new "Share All" feature works just like the original Vysor Share: you plug the Android into the computer via a USB cable, install the visor app and activate it to mirror the Android screen to the computer. However, Share All takes that process a step further by allowing the user to link multiple handsets to a computer and then use it as a shared server which multiple people can remotely access.

 

This could prove a boon for developers. You’d be able to centralize all your various test devices to a single computer and share access to the entire array with the rest of the team.

 

Read the full article here.

Posted on

Ghacks Deals: Ultimate Java Bundle

The Ultimate Java Bundle is a massive eLearning course that spans 14 lectures and a total of 117 hours of content.

 

It takes you from beginner to pro, and while most of the lessons cover Java, the very last touches base on using the knowledge you gained in previous courses to begin with Android development.

 

As far as lectures are concerned, the course includes an introduction to Java programming, as well as courses for JUNIT, SWING, JSP, or JCreator.

 

Course access is granted for life, and a certification of completion is included on top of that.

 

Read the full article here.