Researchers at Princeton University have released IoT Inspector, a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They’ve already used the tool to study a bunch of different IoT devices. From their blog post: Finding #3: Many IoT Devices Contact a Large and Diverse … Read More “IoT Inspector Tool from Princeton” »
Category: authentication
Auto Added by WPeMatico
Princeton’s Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access — delete your insecure account, open a new one, change your password. This advice is such standard protocol for personal security that it’s almost … Read More “Intimate Partner Threat” »
It only took a week: On Friday, Vietnamese security firm Bkav released a blog post and video showing that — by all appearances — they’d cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. The article points out that the … Read More “Apple FaceID Hacked” »
This is a good interview with Apple’s SVP of Software Engineering about FaceID. Honestly, I don’t know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can’t be hacked with fake faces. I dislike the fact that the police can point the phone at someone … Read More “Apple’s FaceID” »
“Traffic shaping” — the practice of tricking data to flow through a particular route on the Internet so it can be more easily surveiled — is an NSA technique that has gotten much less attention than it deserves. It’s a powerful technique that allows an eavesdropper to get access to communications channels it would otherwise … Read More “More on the NSA’s Use of Traffic Shaping” »
LyreBird is a system that can accurately reproduce the voice of someone, given a large amount of sample inputs. It’s pretty good — listen to the demo here — and will only get better over time. The applications for recorded-voice forgeries are obvious, but I think the larger security risk will be real-time forgery. Imagine … Read More “Forging Voice” »
ProofMode is an app for your smartphone that adds data to the photos you take to prove that they are real and unaltered: On the technical front, what the app is doing is automatically generating an OpenPGP key for this installed instance of the app itself, and using that to automatically sign all photos and … Read More ““Proof Mode” for your Smartphone Camera” »
Mike Specter has an interesting idea on how to make biometric access-control systems more secure: add a duress code. For example, you might configure your iPhone so that either thumb or forefinger unlocks the device, but your left middle finger disables the fingerprint mechanism (useful in the US where being compelled to divulge your password … Read More “Duress Codes for Fingerprint Access Control” »
Interesting research — “Cracking Android Pattern Lock in Five Attempts“: Abstract: Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. In this paper, we demonstrate a novel video-based attack to reconstruct Android lock patterns from video footage filmed u sing a mobile phone camera. Unlike prior attacks on pattern … Read More “Capturing Pattern-Lock Authentication” »
There’s research in using a heartbeat as a biometric password. No details in the article. My guess is that there isn’t nearly enough entropy in the reproducible biometric, but I might be surprised. The article’s suggestion to use it as a password for health records seems especially problematic. “I’m sorry, but we can’t access the … Read More “Heartbeat as Biometric Password” »