Mahesh Balan

June 8, 2016June 20, 2016

Researchers hack phone vibration motor to act as a microphone

On the list of things that might be eavesdropping on your day-to-day conversations, the tiny motor that makes your phone buzz isn’t necessarily the first one that comes to mind. But that is exactly what happens with the VibraPhone — a proof-of-concept device created by two researchers from the University of Illinois at Urbana-Champaign to show that the motor in your smartphone or fitness tracker can be re-wired to act as a serviceable microphone.

The concept is fairly simple: the motor uses electric current to change a magnetic field that makes the vibrating mass move, like a clunky, low-frequency speaker. A microphone does the reverse by translating sound wave vibrations into electrical current with a magnetic diaphragm. In their research, Nirupam Roy and Romit Roy Choudhury of the University of Illinois at Urbana-Champaign show that the vibration motor can be similarly affected by sound wave vibrations in the air.

Now, before anybody starts ripping the vibrating motors out of their phones, TechCrunch is quick to point out that this hack currently requires someone physically take apart a phone and rewire the motor to connect it to the phone’s audio system. But, as Roy explained, it may also be possible hack the power controller chip to collect the necessary voltage information to rebuild an audible waveform. And there’s also the possibility of hijacking the feedback motor in other devices like fitness monitors.

Read the full article here.

June 8, 2016June 20, 2016

Got A Lenovo Laptop? You Need To Uninstall The Accelerator ASAP

Some good news, and some bad news. The good news is that Lenovo computers come with a pre-installed program called Accelerator, which helps to speed up certain Windows applications.

The bad news? There’s a serious security vulnerability in Accelerator, which could allow someone to install a program on your computer by disguising it as an updated version of Accelerator.

Lenovo is therefore recommending that you uninstall Accelerator, if it’s present on your PC or laptop.

Read the full article here.

June 8, 2016June 20, 2016

US warns banks on cyber threat after Bangladesh heist

U.S. regulators on Tuesday told banks to review cyber-security protections against fraudulent money transfers in the wake of revelations that a hacking group used such messages to steal $81 million from the Bangladesh central bank. The notice from the Fed and other financial regulators came two weeks after the U.S. Federal Bureau of Investigation privately urged banks to look for signs of possible cyber attacks.

Read the full article here.

June 3, 2016June 20, 2016

Vysor allows you to mirror multiple Android devices

Google developer, Koush, announced an update to his popular device mirroring app Vysor on Thursday that will enable users to share multiple android screens to a PC, Linux or Mac simultaneously and then grant remote access to the device farm. The new "Share All" feature works just like the original Vysor Share: you plug the Android into the computer via a USB cable, install the visor app and activate it to mirror the Android screen to the computer. However, Share All takes that process a step further by allowing the user to link multiple handsets to a computer and then use it as a shared server which multiple people can remotely access.

This could prove a boon for developers. You’d be able to centralize all your various test devices to a single computer and share access to the entire array with the rest of the team.

Read the full article here.

June 1, 2016June 20, 2016

Ghacks Deals: Ultimate Java Bundle

The Ultimate Java Bundle is a massive eLearning course that spans 14 lectures and a total of 117 hours of content.

It takes you from beginner to pro, and while most of the lessons cover Java, the very last touches base on using the knowledge you gained in previous courses to begin with Android development.

As far as lectures are concerned, the course includes an introduction to Java programming, as well as courses for JUNIT, SWING, JSP, or JCreator.

Course access is granted for life, and a certification of completion is included on top of that.

Read the full article here.

May 31, 2016June 20, 2016

RBI pushes Indian banks to meet EMV liability shift deadline

The Reserve Bank of India has issued a bulletin to the nation’s banks, advising them of the need to enable their ATM fleets for EMV chip-and-pin cards before the card networks’ liability shift deadline of Oct. 1, 2017.

Read the full article here.

May 31, 2016June 20, 2016

Time Inc. confirms Myspace has been hacked

Time Inc. only got the keys to Myspace.com a few months ago, but it’s already having to confirm some bad news: the social network has been the target of a hack. In a press release, the company says that just before the Memorial Day weekend (or Spring Bank Holiday in the UK), its technical teams were notified of someone trying to sell Myspace usernames, passwords and email addresses that were registered before June 2013.

Time Inc. doesn’t say how many accounts are affected, but a blog post on LeakedSource suggests that 360 million records may have been stolen in the breach.

Myspace is already in the process of alerting those affected and is working with the authorities to identify who may be responsible. Given that the person (or people) involved shared an alias with LeakedSource, investigators will have at least something to go on.

Read the full article here.

May 30, 2016June 20, 2016

Google Releases Spaces, a Shared Notebook For Your Projects

Google has announced a brand new tool called Spaces that allows multiple users to create a shared workspace for projects. It allows you to grab photos, videos, and links while discussing a topic all in one place.

The service is rolling out right now for Android, iOS, and web users. Google suggests that Spaces would be useful for when you need to have a discussion about a certain topic with a group of people and want to make sure it stays on task. You can also collect stuff from around the web to store in each Space. It seems to be a halfway point between Evernote and a group chat. We’ll know more about how it works once it rolls out to everyone.

Read the full article here.

May 30, 2016June 20, 2016

Payment Application Data Security Standard 3.2 released

The PCI Security Standards Council (PCI SSC) published a new version of its data security standard for payment software, the Payment Application Data Security Standard (PA-DSS) version 3.2. The Payment Application Data Security Standard is used by payment application vendors to ensure their software products will protect payment card data from theft. Merchants and other businesses globally use “PA-DSS Validated” software to ensure they can safely accept payments, both in-store and online.

Read the full article here.

May 30, 2016June 20, 2016

SANS maps SAP cybersecurity to the CIS Critical Security Controls list

The CIS Critical Security Controls are a set of internationally recognized standards outlining the most important cyber hygiene actions that every organization should implement to protect their IT networks. They are highly regarded by the global IT community as they are developed, refined, validated, and updated by experts who pull data from a variety of public and private threat sources; and are transforming security in government agencies and other large enterprises by focusing spending on the key controls that block known attacks and find the ones that get through.

Read the full article here.