Researchers demonstrated a really clever hack: they hid malware in a replacement smart phone screen. The idea is that you would naively bring your smart phone in for repair, and the repair shop would install this malicious screen without your knowledge. The malware is hidden in touchscreen controller software, which is trusted by the phone. … Read More “Hacking a Phone Through a Replacement Touchscreen” »
Category: phones
Auto Added by WPeMatico
According to court documents, US Immigration and Customs Enforcement is using Stingray cell-site simulators to track illegal immigrants. Powered by WPeMatico
I’ve previously written about the serious vulnerabilities in the SS7 phone routing system. Basically, the system doesn’t authenticate messages. Now, criminals are using it to hack smartphone-based two-factor authentication systems: In short, the issue with SS7 is that the network believes whatever you tell it. SS7 is especially used for data-roaming: when a phone user … Read More “Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems” »
There has been a flurry of research into using the various sensors on your phone to steal data in surprising ways. Here’s another: using the phone’s ambient light sensor to detect what’s on the screen. It’s a proof of concept, but the paper’s general conclusions are correct: There is a lesson here that designing specifications … Read More “Stealing Browsing History Using Your Phone’s Ambient Light Sensor” »
Interesting research — “Cracking Android Pattern Lock in Five Attempts“: Abstract: Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. In this paper, we demonstrate a novel video-based attack to reconstruct Android lock patterns from video footage filmed u sing a mobile phone camera. Unlike prior attacks on pattern … Read More “Capturing Pattern-Lock Authentication” »
This article outlines two different types of international phone fraud. The first can happen when you call an expensive country like Cuba: My phone call never actually made it to Cuba. The fraudsters make money because the last carrier simply pretends that it connected to Cuba when it actually connected me to the audiobook recording. … Read More “International Phone Fraud Tactics” »
An impressive Chinese device that automatically reads marked cards in order to cheat at poker and other card games. Powered by WPeMatico
A year and a half ago, I wrote about hardware bit-flipping attacks, which were then largely theoretical. Now, they can be used to root Android phones: The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control … Read More “Hardware Bit-Flipping Attacks in Practice” »
The Intercept has published the manuals for Harris Corporation’s IMSI catcher: Stingray. It’s an impressive surveillance device. Powered by WPeMatico
Andrew “bunnie” Huang and Edward Snowden have designed a smartphone case that detects unauthorized transmissions by the phone. Paper. Three news articles. Looks like a clever design. Of course, it has to be outside the device; otherwise, it could be compromised along with the device. Note that this is still in the research design stage; … Read More “Detecting When a Smartphone Has Been Compromised” »