Got a smart lock connected to the Samsung's SmartThings platform? Click the wrong link or download the wrong app, and hackers could take it over, researchers say.
The claim comes from a report titled "Security Analysis of Emerging Smart Home Applications" published by a team of security researchers from Microsoft Research and the University of Michigan. In it, the team details four potential attacks hackers could use against Samsung's connected home platform. The first is a phishing attack aimed at anyone using a specific, unnamed third-party Android app designed to control SmartThings systems.Read more
Two security researchers, Roberto Paleari and Aristide Fattori, have revealed the technical details of an exploit they've discovered in Samsung Galaxy devices that allows an unauthorized third-party to start calls or send SMS texts from locked devices.
According to a technical write-up published on GitHub two days ago, an attacker that has temporary access or has stolen a Samsung Galaxy device, can connect it via USB to a Linux workstation and send malicious commands that initiate hidden calls and send SMS messages. This trick works without leveraging any software vulnerability, and even if the phone has USB debugging or USB tethering turned off.Read more
Samsung is exploring a smart contact lens concept that puts an embedded display and camera right in front of users' eyeballs. A patent filing from the South Korean company spotted by SamMobile details how such a device could be used to provide an augmented reality view of the world.
It would be powered by a wireless connection to a user's smartphone, and come with an embedded motion sensor to allow blink controls. The patent references Google Glass, but says that such external displays offer poor viewing angles and image quality. These problems could be solved.Read more
Samsung laptop owners are being urged to update their Windows PCs after the discovery of a vulnerability that can allow remote attackers to download files onto a targeted system and gain complete control over the laptop.
The flaw is tied to a feature called “Samsung SW Update Tool 126.96.36.199” designed keep Samsung laptop users’ drivers and software up to date. “This vulnerability could be considered as a medium or low threat to most Samsung laptop users,” said Joaquín Varela, senior security researcher from Core Security CoreLabs Team, who discovered the Samsung vulnerability.Read more
Most of today's top mobile payment apps are not protected enough to handle the amount of scrutiny and effort cyber-criminals are normally willing to put into compromising payment systems.
The company studied ten of the most popular mobile payment apps, ranging from mobile wallet apps to one-click payment merchants, and from peer-to-peer payment apps to regular apps that link themselves to banking accounts. According to Bluebox, three big issues were identified. The first is related to improperly protected communication channels that would allow attackers to redirect payments to an attacker's desired location.Read more
Don't hang up on your call just yet but some Samsung Galaxy Phones have a demonstrated vulnerability that connects them to fake cellular base stations.
Own a Samsung Galaxy S6, S6 Edge or Note 4? A hacker could intercept your voice calls to listen in or even record conversations. A pair of researchers demonstrated exactly that scenario at the Mobile Pwn2Own competition in Tokyo. The issue appears to be with Samsung's baseband chip in the handsets, which allow for this type of exploit. Don't hang up just yet on your phone calls if you have one these Galaxy devices though; it's not likely that anyone is tuned in and Samsung has been made aware of the issue.Read more
Months before its technology became the centerpiece of Samsung’s new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers.
As early as March, the hackers — alternatively known as the Codoso Group or Sunshock Group by those who track them — had breached the computer network of LoopPay, a start-up in Burlington, Mass., that was acquired by Samsung in February for more than $250 million, according to several people briefed on the still-unfolding investigation, as well as Samsung and LoopPay executives.Read more
Security researchers have discovered a potential way to steal users Gmail credentials from a Samsung smart fridge. Pen Test Partners discovered the MiTM vulnerability that facilitated the exploit during an IoT hacking challenge at the recent hacking conference.
The hack was pulled off against the smart fridge, part of Samsung’s line-up of Smart Home appliances which can be controlled via their Smart Home app. While the fridge implements SSL, it fails to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. The internet-connected device is designed to download Gmail Calendar information to an on-screen display.Read more
Google’s Project Loon has brought the concept of beaming wireless Internet from the sky into industry discourse, and now Samsung considers using thousands of satellites to connect the two-thirds of humanity without access.
Samung’s president of research and development laid out the premise in a research paper. The low-Earth orbit satellites could provide mobile data capacity equivalent to 200 gigabytes per month for 5 billion users around the globe; each satellite would be capable of providing terabit per second data rates “with signal latencies better than or equal to ground based systems.” So where does all that capacity come from?Read more
As many as 600 million Samsung phones may be vulnerable to attacks that allow hackers to surreptitiously monitor the camera and microphone, read incoming and outgoing text messages, and install malicious apps.
When downloading updates, the Samsung devices don't encrypt the executable file, making it possible for attackers in a position to modify upstream traffic — such as those on the same Wi-Fi network — to replace the legitimate file with a malicious payload. The exploit was demonstrated at the Blackhat security conference in London by Ryan Welton, a researcher with security firm NowSecure.Read more