Search This Blog

Showing posts with label Spy. Show all posts

By Tempering Apps In Samsung, Hackers can Spy the Users


Hackers can now snoop on users by manipulating the pre-installed Samsung apps. 

Hackers can monitor users and probably control the whole system altogether. Alarmingly, the vulnerabilities appear to be part of a much larger group of exploitable flaws. A security scientist of Samsung summarized the situation to the bug bounty program of the technological giant. 

Samsung works to patch numerous vulnerabilities that impact its smartphones, that can be exploited to spy or control the system in the wild. 

Sergey Toshin — the creator of the Oversecured mobile app security company — uncovered more than a dozen flaws that affect Samsung devices from the beginning of the year. 

The information in three of them is currently light due to the noteworthy risk to users. Toshin said that the less pressing of these problems would allow attackers to obtain SMS messages if they deceived the victim without going into particulars. 

However, the other two are more problematic, as they are more robust. No action by Samsung's device owner is required to exploit them. An attacker might use it to read and/or write high permission arbitrary files. 

It is uncertain when the improvements are presented to the consumers because generally the process takes approximately two months to assure that the patch doesn't cause other complications. 

All three safety vulnerabilities have been reported responsibly by Toshin and are currently awaiting the bounties. 

The hacker has earned about $30,000 from Samsung alone since the beginning of the year, to reveal 14 vulnerabilities. Meanwhile, three more vulnerabilities await a patch. In a blog post Toshin shares technical specifics and proof-of-concept user instructions on seven of these issues that have been patched beforehand, bringing $20,690 in bounties. 

For discovering and acquainting Samsung about the issues (CVE-2021-25393) in the Settings app that arbitrarily allowed hackers to gain access to read/write Toshin won a hefty bounty of $5460. 

To mitigate possible security threats, users should use the latest firmware upgrades from the fabricators. 

Toshin has identified over 550 vulnerabilities through HackerOne's platform and several bug bounty programs over the US $1 million in bug prizes.

The Samsung Group is a global South Korean conglomerate based in Samsung Town, Seoul. It consists of many affiliates and the majority of them are under the mark of Samsung (business conglomerate). Also, it is the most prominent South Korean chaebol. 

Hackers can now spy on your conversations via a simple house bulb

What if hackers can spy and record your conversation without a digital device? What if your conversations could be retrieved by a simple, dumb bygone old-fashioned light bulb? Well, it might so be true.

Researchers from the Ben-Gurion University of the Negev and the Weizmann Institute of Science in Israel have been researching on sound waves as a means for eves dropping by studying the effect of these waves on objects and they successfully discovered a method of retrieving conversations through a simple light bulb from as far as 25 meters.

When we think of a privacy breach, it tends to come from android devices or hacked accounts or in some cases devices like Alexa or Google Home or Siri but these researchers don’t even need to plant a device much than implant a malware. They just need a clear vision of a bulb from less than 25 meters, bizarre isn’t it?

They called this method "Lamphone" – a side-channel attack for eavesdropping sound. But there are some major limitations; first, the need of a clear view of the bulb, if the bulb is even slightly obscured by a curtain or a lampshade- the method won’t work then the light bulb concerned should meet the requirements in the aspect of the thickness of glass or output of light and lastly, the quality of the sounds picked up will depend on the proximity of people to the bulb and loudness of their conversation.

How does it work? 

Even with its drawbacks, there’s no doubt Lamphone is a genius method for spying conversations from afar. The researchers say they analyze the bulb’s frequency reaction to sound via a remote electro-optical sensor. The electro-optical sensor is attached to a telescope that views the bulb. The sensor picks up the vibrations on the surface of the bulb that occurred by changes in air pressure caused by the sound waves, an analog to digital converter converts the electrical signals to digital.
“We analyze a hanging bulb’s response to sound via an electro-optical sensor and learn how to isolate the audio signal from the optical signal. Based on our analysis, we develop an algorithm to recover sound from the optical measurements obtained from the vibrations of a light bulb and captured by the electro-optical sensor”, writes the researchers. 

Lamphone can be used to recover human speech (can be identified by Google Cloud Speech API) and singing (can be identified by Shazam and SoundHound).

1,600 Motel Guests Were Secretly Streamed Live

South Korea has arrested four men accused of online streaming of the “intimate private activities” of 1600 hotel rooms.

The men allegedly installed mini cameras in TVs, hair-dryer holders, and sockets, to record all the private activities which were sold on online platforms for up to $6,200.

If the allegations proved right, then they could face jail up to 10 years and a  30m won ($26,571; £20,175) fine.

The men created a website in November, where they allowed users to pay for full videos or watch 30-second clips for free. They reportedly posted 803 videos and earned money from 97 paying members before the website was taken down.

"The police agency strictly deals with criminals who post and share illegal videos as they severely harm human dignity," a spokesman for the Seoul Metropolitan Police Agency told the local newspaper the Korea Herald.

The recent incident has sparked a nationwide protest against the filming of sex and nudity as the number of such incidences have increased many folds.

"There was a similar case in the past where illegal cameras were (secretly installed) and were consistently and secretly watched, but this is the first time the police caught where videos were broadcast live on the internet," police said.

Goa DGP calls Alexa a spy

Goa Director General of Police (DGP), Muktesh Chander, while speaking at a cybersecurity seminar on Thursday, 21 February, warned people from excessive use of Amazon's artificial intelligence assistant Alexa, saying that these assistants are acting like spies and collecting private information, The Indian Express reported.

“And what Alexa does. All the time it is listening. Everything. Every word you are saying, Alexa is listening and passing it on to Google. (Chander then corrects himself and says Amazon)."

Chander, who is also a cybersecurity expert, was delivering a keynote address at a seminar on ‘Cyber Security for Industry’ in Panaji.

“… PK are Pakistani sites. Why are they giving sounds free of cost?” Chander said, adding that the website promotes a “compromised Chinese-made browser” to glean information from a user’s phone. “Has anybody tried downloading this All of a sudden if you are trying on mobile, one thing is bound to come up… UC browser. Have you heard of that? Because UC browser is… a Chinese browser. It is collecting all the information. So there is a hidden agenda,” Chander said.