Samsung, the most popular smartphone maker in the world, left millions of customers vulnerable to hackers after it let expire a domain that was used to control a stock app installed on older devices, security researchers say.
If you own an older Samsung smartphone, chances are you have a stock app designed to recommend other popular apps named S Suggest installed on it. The company says it discontinued S Suggest in 2014, and it recently let one of the domains used to control the app — ssuggest.com — expire. By letting the domain expire, Samsung effectively gave anyone willing to register it a foothold inside millions of smartphones, and the power to push malicious apps on them.Read more
Based on name alone, the futuristic iris-scanning feature on the Galaxy S8 sounds like it would be the most secure way to lock your phone. Hacker Jan Krissler, who goes by the name Starbug, shows in a recent video that, despite the impressive technology in unlocking your phone with your eyes, the security system can be beaten with a relatively low-tech hack.
As the video shows, Starbug is able to take a infrared picture of a person’s face using the night mode setting on a regular point and shoot camera. Print it out on an ordinary laser printer and it fools the camera by placing a contact lens over the image to give it the appearance of an actual human eye.Read more
The tech industry has a bad case of four-wheel fever, and it looks like there's no cure in sight. Before too long, it will be impossible to buy a new car without an embedded LTE modem—ostensibly there for our convenience, but with the side effect of creating a new revenue stream from monetized data.
And then there's the self-driving car gold rush. Anyone who's anyone in the tech or automotive worlds is working on an autonomous vehicle, a list that now includes Samsung. The company has been granted permission by the South Korean government to begin testing an autonomous vehicle on public roads.Read more
Samsung just recently took the wraps off its latest flagship, the Galaxy S8. In addition to the super-slim bezels, tall screen, and speedy new Snapdragon 835 (or Exynos 9) processor, the device is also coming with a ton of biometric authentication options. You get a fingerprint reader, iris recognition, and face recognition.
With the public's first exposure to the Galaxy S8 happening a few days ago, it was only a matter of time until one of these biometric solutions had some holes poked in it. One of those holes is that Galaxy S8's face recognition can be tricked with a photo. At least this is what a video from Spanish Periscope user Marcianophone purports.Read more
Tech giants Apple, Samsung and Microsoft have broken their silence on the latest leak from WikiLeaks that revealed the CIA hacked into their products for surveillance purposes. Apple claimed to have previously addressed the vulnerabilities in their operating system, iOS, revealed in Tuesday’s ‘Vault 7’ leak from WikiLeaks.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” the company said in a statement, urging customers to update to the latest version of iOS to ensure they have the most recent security updates.Read more
Mr. Krebs has some great images of a credit card skimmer found in the wild. This model uses Samsung phone parts and lays right over the Ingenico card scanners you’ve probably seen in stores.
The interesting thing is that these scanners also support chip and PIN technology but, as evidenced by the photo, it looks like the retailer disabled it essentially sending the scanner back into the 1970s and allowed the skimmer unfettered access. Chip and PIN scanners are ostensibly safer and therefore card skimmers have to work harder to get the goods. The particular model is quite realistic and automatically dumps data to a nearby Bluetooth device.Read more
Someone send Samsung's pr people some biscuits or something, they could do with a break.
Not only have the poor bastards had to endure the news that the company that they work for released a phone that can catch fire, but now a security firm called Context says that its Galaxy phones are vulnerable to an SMS attack that can be triggered remotely and turn users' devices into the sort of thing that young people in pyjamas are supposed to rescue from the floor of swimming pools. A brick. Context starts by telling us that Android phones are vulnerable to these SMS attacks and that the victim will be subjected to ransomware shakedowns.Read more
It's not necessary to break into your computer or smartphone to spy on you. Today all devices in our home are becoming more connected to networks than ever to make our lives easy.
But these connected devices can be turned against us, anytime, due to lack of stringent security measures and insecure encryption mechanisms implemented in these IoT devices. The most recent victim of this issue is the Samsung's range of SmartCam home security cameras. Yes, it's easy to hijack the popular Samsung SmartCam security cameras, as they contain a critical remote code execution vulnerability that could let hackers take full control of these devices.Read more
Security experts have disclosed three vulnerabilities in the system the company created to "enhance security" of the Android operating system. Researchers exposed the flaws in Samsung's Knox system, which they say "allowed full control" of a Samsung Galaxy S6 and the Galaxy Note 5 used for testing back in June.
The vulnerabilities, which require an existing flaw to operate, were reported to Samsung earlier this year. The company says it fixed them in a recent security update. In a white paper provided and later published online the researchers detail how hackers could get around the protections that are intended to protect data stored on a phone.Read more
A security researcher has discovered limitations in Samsung Pay's security, which, if exploited by an attacker, could be used in another phone to allow someone else to fraudulently make payments.
The magnetic-based contactless payment system, which comes standard in many newer Samsung phones, works by translating credit card data into tokens so that a hacker can't grab credit card numbers from the device. But those tokens aren't as secure as one might hope. Expert explained that the tokenization process gets weaker after the app generates the first token from a specific card, meaning that there's a greater chance that future tokens could be predicted.Read more