Apple’s Thumbscan and Your Security

If Apple allows you to add the thumbscan to the access requirement in conjunction with a passphrase then this is moot and I would say go for it. Yes, there’s no doubt that your biometric data may be compromised. If you can live with that possibility then let’s look at another potential problem. If you use an iOS device when it is locked the contents are encrypted to your passphrase (unlock code). If you don’t unlock it any contents downloaded will be encrypted. Currently law enforcement agencies with a warrant can go to Apple and get the contents decrypted. This in itself means the phone is insecure but barring Apple doing it there’s no way for an average criminal or other organization to gain access to your phones data without your passphrase.

Now, if you tell someone your passphrase whether that be a police officer or other government organization conducting an unconstitutional search or some other person then any misuse is your own fault. Barring torture, if you do not tell them then they will not gain access. Now insert the thumbscan access procedure. Police are already forcibly taking blood and DNA. What is to stop them or anyone else from forcibly unlocking your phone with your thumb?

Now, let me be clear my concern is not an officer with a warrant or valid probable cause, it’s a warrantless search or a criminal. Yes, If your not doing anything wrong why should YOU care? If your not doing anything wrong why do THEY care?

So I say, don’t ever hand your cell phone to someone you don’t explicitly trust. …and if your auto insurance company offers you the option of having your insurance card on your phone and you hand that unlocked phone to an officer don’t be surprised if he takes the phone back to his cruiser to download the contents. If this happens to you don’t use your phone until you completely wipe and restore the contents from your backup. You may be carrying out spyware that allows access to the data at anytime.

If Apple offers dual authentication then great otherwise don’t rely on the thumbscan.

Eavesdropping Antennas Can Steal Your Secrets

“At the RSA computer security conference last week, Gary Kenworthy of Cryptography Research held up an iPod Touch on stage and looked over to a TV antenna three meters away. The signal picked up by the antenna, routed through an amplifier and computer software, revealed the secret key being used by an app running on the device to encrypt data. An attacker with access to this key could use it to perfectly impersonate the device he stole it from—to access e-mail on a company server, for example.

The antenna was detecting radio signals “leaking” from the transistors on the chip inside the phone performing the encryption calculations. Transistors leak those signals when they are active, so the pattern of signals from a chip provides an eavesdropper a representation of the work the chip is doing. When Kenworthy tuned his equipment to look in the right place, a clear, regular pattern of peaks and troughs appeared on his computer screen. They could be seen to come in two varieties, large and small, directly corresponding to the string of digital 1s and 0s that make up the encryption key.”

read more

OWS Hackers Reveal Thousands of Cops’ Personal Data

Computer hackers are avenging the Occupy movement by exposing the personal information of police officers who evicted protesters and threatening family-values advocates who led a boycott of an American Muslim television show. In three Internet postings last week, hackers from the loose online coalition called Anonymous published the email and physical addresses, phone numbers and, in some cases, salary details of thousands of law enforcement officers all over the country. The hackers said they were retaliating for police violence during evictions of Occupy protest camps in cities around the country, but law enforcement advocates slammed the disclosures as dangerous. “I hope the individuals behind these cyberattacks understand the consequences of what they are doing,” said John Adler, president of the Federal Law Enforcement Officers Association. “There are very dangerous criminals out there who might seek retribution” against any of these police officers.

read more

10 scariest hacks from Black Hat and Defcon

Hack week in Vegas during the Black Hat and Defcon conferences in Las Vegas last week, researchers wheeled out their best new attacks on everything from browsers to automobiles, demonstrating ingenuity and diligence in circumventing security efforts or in some cases in exploiting systems that were built without security in mind. Here’s a handful of the ones that deserve the most concern.

Read More

China airs documentary proving military university is hacking U.S. targets

For a long time now there has been suspicion that China is a hotbed of hacking activity either endorsed or ignored by the government and targeting foreign individuals, companies, and even governments.
The Chinese government has always denied this, but high-profile pull outs such as that threatened by Google last year, demonstrate there is definitely something going on, and now we have proof hacking tools are being developed and attacks carried out at official institutions in the country.

Read More

How the FBI investigates the hacktivities of Anonymous

On September 19, 2008, hackers from the Anonymous collective attacked the website of Fox News host Bill O’Reilly. The hackers found and immediately posted e-mail addresses, passwords, and physical addresses of 205 O’Reilly site members paying $5 a month to hear Bill’s wisdom. The next day, a distributed denial of service (DDoS) attack hit the site with 5,000 packets per second. That night, another attack flooded two O’Reilly servers with 1.5GB/s of data.

Read More

A Look Into the iPhone FaceTime Glitch Claims

There have been many articles on the web this week suggesting that Apple’s iPhone 4 could be secretly taking pictures of users. I would like to look into these claims and use a little common sense to see if any of this actually makes sense, or if it’s some kind of misunderstanding or joke.

The issue was first reported on Apple’s support forum, where a user says an old picture of her and her boyfriend at work froze on the screen when she tried making a FaceTime call. This could be a believable glitch if the picture was from the last time she used FaceTime, but she says that, although she has used FaceTime at work, her boyfriend has not. So where did this picture come from? Is the iPhone actually taking pictures when we don’t know it? Or is this user just making stuff up?

read more

IE8 on Windows 7 hijacked with 3 vulnerabilities

Using three different vulnerabilities and clever exploitation techniques, Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win this year’s CanSecWest hacker challenge. Fewer (right), a Metasploit developer who specializes in writing Windows exploits, used two different zero-day bugs in IE to get reliable code execution and then chained a third vulnerability to jump out of the IE Protected Mode sandbox. The attack successfully bypassed DEP (data execution prevention) and ASLR (address space layout randomization), two key protection mechanisms built into the newest versions of Windows.

read more