Based on name alone, the futuristic iris-scanning feature on the Galaxy S8 sounds like it would be the most secure way to lock your phone. Hacker Jan Krissler, who goes by the name Starbug, shows in a recent video that, despite the impressive technology in unlocking your phone with your eyes, the security system can be beaten with a relatively low-tech hack.
As the video shows, Starbug is able to take a infrared picture of a person’s face using the night mode setting on a regular point and shoot camera. Print it out on an ordinary laser printer and it fools the camera by placing a contact lens over the image to give it the appearance of an actual human eye.Read more
The tech industry has a bad case of four-wheel fever, and it looks like there's no cure in sight. Before too long, it will be impossible to buy a new car without an embedded LTE modem—ostensibly there for our convenience, but with the side effect of creating a new revenue stream from monetized data.
And then there's the self-driving car gold rush. Anyone who's anyone in the tech or automotive worlds is working on an autonomous vehicle, a list that now includes Samsung. The company has been granted permission by the South Korean government to begin testing an autonomous vehicle on public roads.Read more
Tech giants Apple, Samsung and Microsoft have broken their silence on the latest leak from WikiLeaks that revealed the CIA hacked into their products for surveillance purposes. Apple claimed to have previously addressed the vulnerabilities in their operating system, iOS, revealed in Tuesday’s ‘Vault 7’ leak from WikiLeaks.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” the company said in a statement, urging customers to update to the latest version of iOS to ensure they have the most recent security updates.Read more
It's not necessary to break into your computer or smartphone to spy on you. Today all devices in our home are becoming more connected to networks than ever to make our lives easy.
But these connected devices can be turned against us, anytime, due to lack of stringent security measures and insecure encryption mechanisms implemented in these IoT devices. The most recent victim of this issue is the Samsung's range of SmartCam home security cameras. Yes, it's easy to hijack the popular Samsung SmartCam security cameras, as they contain a critical remote code execution vulnerability that could let hackers take full control of these devices.Read more
A security researcher has discovered limitations in Samsung Pay's security, which, if exploited by an attacker, could be used in another phone to allow someone else to fraudulently make payments.
The magnetic-based contactless payment system, which comes standard in many newer Samsung phones, works by translating credit card data into tokens so that a hacker can't grab credit card numbers from the device. But those tokens aren't as secure as one might hope. Expert explained that the tokenization process gets weaker after the app generates the first token from a specific card, meaning that there's a greater chance that future tokens could be predicted.Read more
Got a smart lock connected to the Samsung's SmartThings platform? Click the wrong link or download the wrong app, and hackers could take it over, researchers say.
The claim comes from a report titled "Security Analysis of Emerging Smart Home Applications" published by a team of security researchers from Microsoft Research and the University of Michigan. In it, the team details four potential attacks hackers could use against Samsung's connected home platform. The first is a phishing attack aimed at anyone using a specific, unnamed third-party Android app designed to control SmartThings systems.Read more
Two security researchers, Roberto Paleari and Aristide Fattori, have revealed the technical details of an exploit they've discovered in Samsung Galaxy devices that allows an unauthorized third-party to start calls or send SMS texts from locked devices.
According to a technical write-up published on GitHub two days ago, an attacker that has temporary access or has stolen a Samsung Galaxy device, can connect it via USB to a Linux workstation and send malicious commands that initiate hidden calls and send SMS messages. This trick works without leveraging any software vulnerability, and even if the phone has USB debugging or USB tethering turned off.Read more
Samsung laptop owners are being urged to update their Windows PCs after the discovery of a vulnerability that can allow remote attackers to download files onto a targeted system and gain complete control over the laptop.
The flaw is tied to a feature called “Samsung SW Update Tool 126.96.36.199” designed keep Samsung laptop users’ drivers and software up to date. “This vulnerability could be considered as a medium or low threat to most Samsung laptop users,” said Joaquín Varela, senior security researcher from Core Security CoreLabs Team, who discovered the Samsung vulnerability.Read more
Most of today's top mobile payment apps are not protected enough to handle the amount of scrutiny and effort cyber-criminals are normally willing to put into compromising payment systems.
The company studied ten of the most popular mobile payment apps, ranging from mobile wallet apps to one-click payment merchants, and from peer-to-peer payment apps to regular apps that link themselves to banking accounts. According to Bluebox, three big issues were identified. The first is related to improperly protected communication channels that would allow attackers to redirect payments to an attacker's desired location.Read more
Months before its technology became the centerpiece of Samsung’s new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers.
As early as March, the hackers — alternatively known as the Codoso Group or Sunshock Group by those who track them — had breached the computer network of LoopPay, a start-up in Burlington, Mass., that was acquired by Samsung in February for more than $250 million, according to several people briefed on the still-unfolding investigation, as well as Samsung and LoopPay executives.Read more