Category: authentication

Auto Added by WPeMatico

Capturing Pattern-Lock Authentication

Posted on By infossl
android, authentication, cellphones, phones, Security technology

Interesting research — “Cracking Android Pattern Lock in Five Attempts“: Abstract: Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. In this paper, we demonstrate a novel video-based attack to reconstruct Android lock patterns from video footage filmed u sing a mobile phone camera. Unlike prior attacks on pattern … Read More “Capturing Pattern-Lock Authentication” »

Heartbeat as Biometric Password

Posted on By infossl
authentication, biometrics, identification, Security technology

There’s research in using a heartbeat as a biometric password. No details in the article. My guess is that there isn’t nearly enough entropy in the reproducible biometric, but I might be surprised. The article’s suggestion to use it as a password for health records seems especially problematic. “I’m sorry, but we can’t access the … Read More “Heartbeat as Biometric Password” »

Guessing Credit Card Security Details

Posted on By infossl
academicpapers, authentication, creditcards, fraud, Security technology, securitypolicies

Researchers have found that they can guess various credit-card-number security details by spreading their guesses around multiple websites so as not to trigger any alarms. From a news article: Mohammed Ali, a PhD student at the university’s School of Computing Science, said: “This sort of attack exploits two weaknesses that on their own are not … Read More “Guessing Credit Card Security Details” »

Self-Propagating Smart Light Bulb Worm

Posted on By infossl
academicpapers, aes, authentication, cryptography, encryption, internetofthings, malware, Security technology, sidechannelattacks

This is exactly the sort of Internet-of-Things attack that has me worried: “IoT Goes Nuclear: Creating a ZigBee Chain Reaction” by Eyal Ronen, Colin OFlynn, Adi Shamir and Achi-Or Weingarten. Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat … Read More “Self-Propagating Smart Light Bulb Worm” »

Powerful Bit-Flipping Attack

Posted on By infossl
academicpapers, authentication, forgery, Security technology, ssh

New research: “Flip Feng Shui: Hammering a Needle in the Software Stack,” by Kaveh Razavi, Ben Gras, Erik Bosman Bart Preneel, Cristiano Giuffrida, and Herbert Bos. Abstract: We introduce Flip Feng Shui (FFS), a new exploitation vector which allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS … Read More “Powerful Bit-Flipping Attack” »

NIST is No Longer Recommending Two-Factor Authentication Using SMS

Posted on By infossl
authentication, nist, Security technology, sms, twofactorauthentication

NIST is no longer recommending two-factor authentication systems that use SMS, because of their many insecurities. In the latest draft of its Digital Authentication Guideline, there’s the line: [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance. Powered by WPeMatico