Search This Blog

Showing posts with label Smartphone. Show all posts

Hackers Can Now Clone Your Key Using Just a Smartphone Microphone and a Program

Earlier this year researchers at the National University of Singapore came up and published a paper enumerating how, utilizing just a smartphone microphone and a program designed by them, a hacker can clone your key.

The key, named SpiKey, is the sound made by the lock pins as they move over a typical key's edges. 

The paper written by Soundarya Ramesh, Harini Ramprasad, and Jun Han, says that “When a victim inserts a key into the door lock, an attacker walking by records the sound with a smartphone microphone." 

And with that recording alone, the hacker/thief can utilize the time between the audible clicks to determine the distance between the edges along with the key. 

Utilizing this info, a 'bad actor' could then figure out and afterward come up with a series of likely keys. 

 So now, rather than messing around with lock-picking tools, a thief could basically attempt a few pre-made keys and afterward come directly in through the victim's door. 

However of course there are some shortcomings to carrying out this attack as well like the attacker would need to comprehend what kind of lock the victim has or the speed at which the key is placed into the lock is thought to be constant. 

But the researchers have thought of this as well, and they concocted the clarification that, "This assumption may not always hold in [the] real-world, hence, we plan to explore the possibility of combining information across multiple insertions” 

The study authors further clarified, "We may exploit other approaches of collecting click sounds such as installing malware on a victim’s smartphone or smartwatch, or from door sensors that contain microphones to obtain a recording with the higher signal-to-noise ratio. We may also exploit long-distance microphones to reduce suspicion. Furthermore, we may increase the scalability of SpiKey by installing one microphone in an office corridor and collect recordings for multiple doors." 

Taking the case of the supposed 'smart locks' which despite everything still present their own security issues, the Amazon's Ring security cameras, for example, are hacked constantly, so as it were, as the researchers hypothesize, the hacker could, in principle, utilize the microphone embedded in such a camera to capture the sounds your key makes and afterward utilize the SpiKey procedure to create physical keys to your home.

Samsung and SK Telecom Unveil World's First Quantum Security Tech 5G Smartphone


The two companies have recently revealed the world's first QRNG (Quantum Random Number Generator) 5G smartphone. The smartphone is named Galaxy A Quantum (a newer version of the A71 5G) and gives some excellent smartphone features, but QRNG technology makes it different from the rest, as it makes the apps and services prone to hacks. The Normal Random Generated Numbers are used in multiplatform logins like payment platforms and 2 step authentication, which is easy for hackers to infiltrate.


The QRNG technology, with the world's smallest chipset of dimensions 2.5mm by 2.5mm, on the other hand, uses CMOS image sensors and LED. The LED and CMOS sensors are responsible for emitting image noise and capturing the light, respectively, to create a random number of strings with unpredictable patterns. No technology in the industry is capable of hacking the Galaxy A Quantum, one of the most secure smartphones, says SK Telecom. However, it should be noted that the chip SKT IDQ S2Q000 is only for use with SK services. But, the tighter the challenge, the better the hackers. The Galaxy A Quantum has a 6.7-inch super AMOLED Infinity-O display, an in-display fingerprint reader, and a full HD resolution.

A 64-megapixel main camera, 12-megapixel ultrawide-angle camera, 5-megapixel macro camera, and a 5-megapixel depth sensor, together form the rear quad camera setup. The front camera comes with 32 megapixels. "This is the company's first phone with a dynamic OLED panel -- technology that Samsung's marketing department is referring to as "Infinity O AMOLED." We're looking at an HDR10+ screen that uses "dynamic tone mapping" to improve the contrast, keep details visible even in dark spots and optimize colors when you're saying, watching a movie. Unrelated to that, the screen also reduces blue light by 42 percent to minimize eye strain. That's not a special night mode, mind you, but the default experience," Engadget in its review.

It is not the first time that the two companies have worked together, in September 2019, the companies were working on first 8K TV with 5G connectivity. We hope that this won't be the last.

6 Simple Tricks to Prevent your Smartphone from Hackers


If hackers trespass into your smartphones, they can send fake emails, fake alerts using your camera, and even control user activity. According to Denise DeRosa, founder of Cyber Sensible, if even a minute thing in your smartphone is not secured, it makes the device vulnerable to cyber attackers.

The basic problem is that your smartphones are connected to the central hub, where all the data is managed and regulated. If this is ever exposed, your complete digital information is at risk. Regrettably, your smartphone is not safe from all these potential threats, and it is frightening.


But there's no need to worry, follow these six simple steps to ensure the safety of your smartphone.


1. Create a secure password by using a set of random arrangements from different dictionaries. Hackers have always used algorithms to predict the patterns of your password. Experts recommend having at least a 12 character password with capital letters and unique characters. In this way, hackers can never predict your password.

2. Avoid using the same password for different platforms. 
The hacker can have access to all your accounts if you keep the same passwords. For instance, if you visit a malicious website and supply your login credentials, the hacker can steal it.

3. Update every smart device connected to your smartphone. 
It can be an android tv, Alexa, or other smart devices. Use a password manager to keep track of all your passwords. Password managers are helping to keep all your passwords in one place, especially if you have various accounts, which is hard to remember. 

4. Avoid giving privacy permissions to unnecessary apps. 
Every app asks for access permission to user data, gallery, mic, location, and camera. But they don't need all the agreements. 

5. Always use 2 step verification, wherever possible. 
It gives an additional layer of security as the user would then require both the passwords and verification through text, mail or smartphone. 

6. Inform people having access to your account to follow these security measures too. 
Google recommends to set up a family account where the user doesn't need to share his password with other members.

ATFuzzer: A Threat that Misuses USB Chargers, Headsets, and Bluetooth.


A new security threat has been found which can hit various high-tech android devices by exploiting the Bluetooth and USB accessories to attacks the phone. According to a paper published by researchers from Purdue and Iowa University, the base-band processors of many famous Android phones are modified that enables the hacker to get access. By using specifically modified USB and Bluetooth accessories, the experts could explain how these accessories are misused to give directions such as AT commands that regulate the baseband's working. The research also checked various smartphones such as Samsung, LG, HTC, Google, Motorola, and Huawei that are not very latest but still generally used.

Meanwhile, the experts decoded critical information such as the IMEI number, roaming status, and network settings that can help to locate the targets. The researchers also conducted Denial of Service (DoS) initiatives, interrupt Internet connections and use functions such as Do Not Disturb (DND), call logs, blocking, etc.

Ten smartphone devices from different companies were examined. Fortunately, not all the smartphones fell prey to Bluetooth and USB accessories threat. However, various accessories such as phone chargers, speakers and even headsets can be misused to exploit any device by following the given technique.

"The android devices can't possibly be endangered to the AT command interface in any way," concludes the research team. If interested to read the exploits, it could be found at the Github repository. The research paper would be manifested next month at the 35th Annual Computer Security Applications Conference. The attacked smartphones worked on base-band processors built by Samsung, Qualcomm, and Huawei. The experts informed all the concerned devices and base-band providers and remained 3 months still before announcing to the general public about their conclusions. Meanwhile, Samsung has acted by making security patches for its smartphones.

How to be safe?

The users are suggested not to use accessories that are not known. They are also strictly advised against using public chargers as they can be harmful to smartphones. Using trusted accessories and minimal unknown gadgets are the only solution to the problem.

Android phones vulnerable to Qualcomm bugs

Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required.

Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is that both the attacker and targeted Android device must be active on the same shared Wi-Fi network.

“One of the vulnerabilities allows attackers to compromise the WLAN and modem, over-the-air. The other allows attackers to compromise the Android kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android kernel over-the-air in some circumstances,” wrote researchers.

All three vulnerabilities have been reported to Qualcomm and Google’s Android security team and patches are available for handsets. “We have not found this vulnerability to have a public full exploit code,” according to a brief public disclosure of the flaws by the Tencent Blade Team.

Researchers said their focus was on Google Pixel2 and Pixel3 handsets and that its tests indicated that unpatched phones running on Qualcomm Snapdragon 835 and Snapdragon 845 chips may be vulnerable.

A Qualcomm spokesperson told Threatpost in a statement: “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.”

The first critical bug (CVE-2019-10539) is identified by researchers as a “buffer copy without checking size of input in WLAN.” Qualcomm describes it as a “possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length.”

Hackers may soon able to decode what you are typing on your device






The technology advancement in smartphones may soon enable hackers to intercept what the user is typing on their devices by analyzing the sound of the keypad.

The researchers at Cambridge University and Sweden’s Linkoping University were able to extract passwords by deciphering the sound waves generated by fingers tapping on smartphone’s touch screens.

‘When a user enters text on the device’s touchscreen, the taps generate a sound wave. The device’s microphones can recover the tap and correlate it with the keystroke entered by a victim.’

According to the study, using a spying app, a malicious actor can decode what a person is typing. The study was first reported by the Wall Street Journal. “We showed that the attack can successfully recover PIN codes, individual letters, and whole words,” the researchers wrote.


‘The spying app may have been installed by the victim herself, or by someone else, or perhaps the attacker gave the device to the victim with the app pre-installed – there are several companies offering such services, such as mSpy. We also assume the app has microphone access. Many apps ask for this permission and most of us blindly accept the list of demanded permissions anyway.’

The researchers programmed a machine-learning algorithm that could detect and analyze the soundwave for specific keystrokes. On Smartphone, the researchers were able to correctly replicate the passwords seven times out of 27, within 10 attempts. While on tablets, they achieved better results, replicating for password 19 times out of 27 within 10 attempts.

“We found the device’s microphone(s) can recover this wave and ‘hear’ the finger’s touch, and the wave’s distortions are characteristic of the tap’s location on the screen,” the researchers wrote. “Hence, by recording audio through the built-in microphone(s), a malicious app can infer text as the user enters it on their device.”