Tech researchers from the U.K. are calling for a product recall of a famous white-labeled GPS tracking device they found out to be risky in terms of protecting its users’ security and privacy.
The said GPS tracker is commonly used as a panic alarm system for elderly patients, to monitor kids, and track vehicles. Tech researchers found out that there are problematic security flaws in the system’s configuration and said that these security flaws are so “severe” that they are calling for a full recall of the said product.
According to the cybersecurity research firm Fidus Information Security based in the United Kingdom, the said product is white-labeled by location tracker companies, rebranded and sold by more than a dozen companies. The companies include Pebbell by HoIP Telecom, OwnFone Footprint, and SureSafeGo.
The GPS tracker uses a SIM card to connect to the 2G/GPRS cell network and while the system does not require an internet connection to function which means that the data cannot be found on exposed device database sites like Shodan, the researchers said that other people could remotely access data and control the device through SMS.
The research company noted that the device could be tricked into sending anyone the real-time location just by sending a text message to the device’s phone number with a keyword. The phone number in the device can also be called for other people to activate its built-in microphone and listen to the sounds, including conversations, within the vicinity. Worse, the activation of the built-in microphone does not alert anyone, and the device user can never know that someone can hear whatever is heard within the area.
The results of the study have also revealed that a specific command can also disable and kill the cell signal altogether, making the device useless.
“This device is marketed at keeping the most vulnerable safe and yet anybody can locate and listen into thousands of people’s lives without their knowledge,” said Fidus’ Andrew Mabbitt, who wrote up the team’s findings. “This day and age, everything is connected one way or another, and we seem to be leaving security behind; this isn’t going to end well.”
Even though the device can be protected with a PIN, the PIN is not enabled by default, and the user has to set it up proactively. And even if someone has set up a PIN for the device, the researchers have also found out that a command can also be used to reset it without needing a 2-factor authentication PIN virtually.
Mabbit said in an interview with tech media that an attacker only needs to know the device’s mobile number to carry out his plan to render the device useless, track the user’s real-time location, or listen to their conversations.
Furthermore, the team working on the exposure of the vulnerabilities in the said GPS tracking system found out that the phone numbers can be easily extrapolated based on other working numbers and attack can be serial this way.
We made the assumption that these numbers were purchased in a batch,” noted by the researchers.
During a test conducted by a popular technology-based publication, they found out that upon sending a specific phone number a keyword, the device was able to reply with the exact coordinates of the device with an accuracy level of a few meters. The device, within a few seconds, also sent the researchers a list of other information such as IMEI number and the battery level of the device.
“Fixing this broken security would be trivial,” said the team. “All they needed to do was print a unique code on each pendant and require that to be used to change configurations. The location and call functions could be locked down to calls and texts only from those numbers previously programmed in as emergency contacts.”
The severity of the security vulnerability of the device’s system prompted the team to call it a “glorified wiretap.”
Exposing the vulnerabilities of the said system comes a few months after the U.K. have announced a proposed new cybersecurity law that would require device makers to sell a connected device with a unique password and not a default password, unlike the conventional default password system.
Are Hackers Friends Of Crypto Industry Or Are They Enemies?
The unregulated universe of cryptocurrencies have found its unlikely allies among hackers in solving systemic problems and fixing bugs, a report reveals.
Crypto companies including crypto exchanges have paid a lump sum of at least $32,150 to different white-hat hackers by fixing the security flaws in popular crypto and blockchain platforms such as TRON, Brave, EOS, and Coinbase.
The data revealed that 15 blockchain and crypto-related firms had made hefty payments as rewards to security researchers between March 28 and May 16. The said rewards were made concerning 30 publicly-released bug reports during the entire duration.
Among all the companies who had the security threats, Omise, the software firm behind cryptocurrency OmiseGo, need the most fixes with six disclosed bugs and security issues. Blockchain-powered prediction market Augur disclosed three reports, as did Brave Software, makers of the Brave browser, which features its own native token.
Crypto and blockchain technology has since been criticized by different financial institutions for being volatile and vulnerable to technology and cyber crimes, making the technology not conducive to become a working technology. It only makes sense that in time when they need help the most, white-hat hackers and security researchers are there to help them – for a price.
According to the study, he payment varies depending on the severity of the bug. They adjust their HackerOne rewards depending on how easy or difficult it is for the white-hat hacker to reolve a security issue. For instance, majority of Omise’s disclosed security flaws were only worth around $100 each, there are other payments that amounted to a lot more, the study suggests.
Both Block.one, the company that owns the EOS “blockchain,” and budding network Aeternity paid one hacker with more than $10,000 for a single issue that the hacker paid. TRON also paid $3,100 to the researcher who realized the network was susceptible to being flooded with malicious smart contracts, something thatcould jeopardize the future of the company.
Most of cryptocurrency companies and blockchain firms, just like other tech-based companies, have set up a reward or bounty system that would pay anyone that can point out any form of security issue in their systems; a bigger reward is also provided to those who can fix them.
While hackers who decided to use their skills to improve the technology stratosphere are increasing in number steadily, they could at any time decide to use their skills to exploit the vulnerabilities they have discovered for bigger take home money.
Just like how last week, cryptocurrency exchange Binance announced that hackers had successfully stolen 7,000 BT (then $40 million, now $55 million) from its own wallets.
Similarly crypto exchange company Cryptopia announced last week that the company is going into liquidation following the attack that lost the company millions of dollars worth of crypto money in January.
According to a blockchain data analytics firm, their investigation allowed them to estimate the loss caused by the cyber attack to be as much as $16 million in ether and ERC-20 tokens. While the company has restarted their trading services in March, no one is still certain of the actual damages that the cyber attacked caused the company. Until now, the company is still recovering from the aftermath of the breach and still having banking issues.
According to the liquidation firm, Grant Thornton, since the damages caused by the hacking was too “severe” and has impacted the company massively in terms of trade, and amidst the effort of its management to regain composure by reducing costs and returning the business to profitability, they have decided that liquidation is the best option for the company and all stakeholders moving forward.
It is still unclear whether or not Cryptopia is running its own bounty program but coincidentally, Binance has a bounty reward of $100,000 for anyone who can solve the mystery of their stolen crypto money, but until now, the perpetrator is still at large and unidentified.
“At Binance, the security of our users is our number one priority. As such, we strive to provide the most secure platform possible. We will evaluate reported security issues based on the security impact to our users and the Binance ecosystem.”
In the end, the question still remains: Are hackers friends of the crypto industry or are they the enemy?
Cloud Computing Drives Taiwan & HK Organizations To Encrypt Data As “Employee Mistakes” Are The #1 Data Security Threat
Erring employees are the most prolific cause of data breaches and not cyber attacks by hackers in Hong Kong and Taiwan, according to businesses, an independent cybersecurity study reveals.
According to a study conducted by nCipher Security, a B2B applications provider, nearly half of the organization in Hong Kong and Taiwan cite “employee mistakes” as their biggest data security threat. 48% of the organization from the study said that their employees’ mistakes are more likely the case when a data breach happens; only 22% cite external hackers and 17% cite malicious hackers.
The data was revealed by 2019 Hong Kong and Taiwan Encryption Trends study from the Ponemon Institute. The annual review is conducted to capture how organizations, businesses, and institutions around the world are dealing with “compliance, increased threats, and the implementation of encryption to protect their business-critical information and applications.”
With the acknowledgment that human error is most likely to cause a data breach, nCipher says, and the prevalence of data breaches and data security issues around the world, organizations in both Hong Kong and Taiwan have started to realize the value of protecting themselves from data security breaches through data encryption.
“With corporate data breaches making headlines globally, encryption is vital in protecting data by making it unreadable to anyone other than those holding the corresponding encryption key,” reads a press release by nCipher.
A hopeful future awaits most of the organizations globally, with 45% of the respondents to the said study said that their organizations have a comprehensive and holistic encryption plan applied throughout their entire business. The trend was also observed to be continuously rising. However, the study notes that only 39% of organizations in both Hong Kong and Taiwan already have an encryption plan already in place; this is of direct contrast to Germany, which at 67% has the highest number of organization with encryption strategy being implemented.
“Organizations are under relentless pressure to protect their business-critical information and applications, but the proliferation of data, concerns around data discovery and policy enforcement, together with lack of cybersecurity skills makes this a challenging environment,” notes Michael Tai, head of sales, Greater China at nCipher Security.
But it is still not late for Hong Kong and Taiwan to catch up with implementing encryption policies throughout their industries as an overwhelming number of organizations have recognized the importance of protecting customer information and their intellectual property. Seventy-four percent of respondents see protecting customer personal information a priority – highest among all the regions surveyed and is 20% higher than the global average.
The most common type of data encrypted by organizations in Hong Kong and Taiwan is employee or human resources data (63%) and intellectual property (53%). The least common type of data to be encrypted is healthcare information (17%), which is 7% below the global average.
Furthermore, Hong Kong and Thailand leads the world in cloud adaptation with 80% of respondents either currently using cloud computing services or planning to do so within the year. This is another reason, nCipher says, that organizations in both Asian countries are driven to have a robust data security policy and to implement a sound encryption strategy.
“Enterprises are increasingly turning to cloud environments to help them save time and money. While these technologies are digitally transforming businesses, there are potential security risks associated with them,” says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.
“Consequently the use of encryption to protect cloud data in Hong Kong and Taiwan is high just as it is elsewhere around the globe. Encryption usage is a clear indicator of a strong security posture. Organizations that deploy encryption are more aware of threats to sensitive and confidential information and making a greater investment in IT security.”
However, amidst the recognition of the need for encryption plans, organization cite data discovery as the most common factor that stops them from setting up encryption systems. Other factors cited by the respondents include classifying which data to encrypt and the ease of time with deploying encryption technologies.
“nCipher empowers customers by providing a high assurance security foundation that ensures the integrity and trustworthiness of their data, applications and intellectual property,” added Tai, encouraging organizations to treat data security as a priority and set up their data encryption systems.
Hackers-For-Hire Are Ineffective And Expensive, Google Study Says
Researchers from Google have yet again found a new and compelling reason why people should not hire hackers online, even if their offers are enticing enough for some people to fall for. New research published last week by Google, and researchers from the University of California, San Diego reveals that hackers-for-hire services available online are scams and ineffective.
The research methodology includes contracting 27 hacking services, and as expected, a considerable chunk of them did not respond to the inquiries made by the researchers, while 12 of them responded but never actually attempted to launch an attack. The researchers noted that only five service providers ended up launching assaults against the test Gmail accounts.
“Using unique online buyer personas, we engaged directly with 27 such account hacking service providers and asked them with compromising victim accounts of our choosing,” researchers said.
“These victims, in turn, were ‘honey pot’ Gmail accounts, operated in coordination with Google, and allowed us to record key interactions with the victim as well as with other fabricated aspects of their online persona that we created (e.g., business web servers, email addresses of friends or partner).”
Additionally, out of the 12 who responded to the inquiries of the researchers, nine of them have said that they are no longer working in the hacking business and it turned out that the rest are straight up scams.
The services offered online was said to be charged between $100 and $500 and interestingly, none of the service providers used automated tools for the attacks that they promise their clients.
The attacks are instead involving social engineer, with the hackers using spear-phishing techniques to target attacks for each intended victim. Researchers highlighted that while some of the hackers have asked them for information about the intended victims of the supposed attacks, others didn’t even bother and chose to employ a “re-usable email phishing templates.”
Interestingly, one of the five hackers who ended up launching an attack to the test Gmail account tried to infect the victim with malware rather than straightforwardly phish for account credentials. Once the malware infected email was opened and the malware installed in the victim’s system, the hacker will have virtual remote control of the entire system and would have been able to recover passwords and authentication cookies from local browsers.
Another hacker was able to bypass two-factor authentication ((2FA), the safety mechanism that requires the account holder to use another verification process independent from password authentication such as through a code sent to the connected SMS number in the account. Researchers reveal that the hacker was able to direct the decoy victim to a spoofed Google login page and successfully scraped for both passwords as well as SMS coded while effectively checking the validity of both in real time.
The hacker, says the researchers, who know that he needs to bypass a 2FA actually (and usually) double his prices citing the complexity of the task. An increase in the prices for hacking Gmail accounts have been observed to grow throughout the years with $125 per account in 2017 to $400 today. Researchers posit that the improved security protocol causes the price hike by Google.
“As a whole, however, we find that the commercialized account hijacking ecosystem is far from mature,” the research team said. “We frequently encountered poor customer service, slow responses, and inaccurate advertisements for pricing.
“Further, the current techniques for bypassing 2FA can be mitigated with the adoption of U2F security keys,” they added.
In the end, the researchers concluded that while there are capable hackers, most of those who offer hacking services are either ineffective or just plain frauds. As a consequence, they said that ignoring scam sites, they didn’t view hacker-for-hire services as an actual danger for user accounts. The researchers cited high prices for hacking each account and the low quality of services the service providers provide as reasons.
“However, despite the ability to successfully deliver account access, the market exhibited low volume, poor customer service, and had multiple scammers. As such, we surmise that retail email hijacking has yet to mature to the level of other criminal market segment,” the researchers wrote in their study’s abstract.
- #CancelMyDebt Trends On Twitter As Debtors Urge Student Loan Default
- Are Hackers Friends Of Crypto Industry Or Are They Enemies?
- Cloud Computing Drives Taiwan & HK Organizations To Encrypt Data As “Employee Mistakes” Are The #1 Data Security Threat
- Recent Study Discovered CBD Helps Fight Against Heroin Addiction
- Coordinated Anti-Trump “Memetic Warfare” Emerged On Instagram
- USPS Is Testing Self-driving Trucks
- The Fastest MacBook Is Here
Privacy-Centered Web Browsers, A Marketing Strategy?
[bctt tweet="Privacy is a great thing to invest in, but the moment it becomes a selling point rather than an...
How Tech Companies Affect Communities In Places They Call ‘Home’
Tech companies are today’s driving forces in the economic world, mostly because of the introduction of the Internet. It allows...
RingCentral VoIP Review
VoIP has had a significant shift from a technology exclusively used by the early adopters or hobbyist to a widely...
April Fools Jokes Aren’t Just “Jokes”
April Fools is undoubtedly a fun day, exceptionally if you have crafted the most elaborate prank on your friends and...
Facebook Should Do Better At Processing Community Standard Violations, And They Should Do It Fast
A few months ago, I saw a photo of myself used by another Facebook account with a “R.I.P. (Rest in...
Supporting Problematic Artists And Their Arts, An Opinion
As the world becomes swarmed by reports of famous artists – musicians, comedians, actors, painters – being alleged or in...
Ethical Regulation Of ‘Facial Recognition’ Is A Shared Responsibility
There is an ongoing discussion both in online and offline spaces regarding the growth of facial recognition technology and its...
Data Breach Epidemic: Solving The Problem In SMBs Will Solve The Problem For All
In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has...
We Agree To PM Ardern Of Keeping Christchurch Murderer Nameless, And The Media Should Listen
In the wake of Christchurch mosques shooting in New Zealand that killed 50 people at two mosques, the shooter is...
Apple vs. Police Authorities; A Cold War Against iPhone’s Anti-Snooping Patent
To protect its customers from hackers and illegal surveillance, Apple is developing an anti-snooping technology that would impede police and...
An Epidemic: Measles Or Misinformation?
2018 was the year when people started asking the question: ‘should I get my child vaccinated?’ Most people answered yes,...
Take A Look At The Predicted Future Of The VoIP Industry
For the past 20 years, VoIP has become an integral part of the lives of millions of people around the...
Choose The Right Call Center And The Best Contact Center Solutions of 2019
The Ins And Outs Of Business Communication Management For your business to exist in today’s world, you must know how...
How Instagram Corrupts Famous Locations In The World
Is Instagram corrupting the beauty of breathtakingly beautiful locations and sucking all the joy out of traveling? With the era...
Ways To Earn Cryptocurrency
Cryptocurrency is one of the growing medium for exchange in most countries as it offers a more convenient and safer...
Can We End Payday Loans?
We can’t neglect the fact that debt is one of the pressing problems in the country, especially in today’s economy....
Jumping From 4G To 5G: Here’s What 5G Can Do For You
One of the most awaited advancements in technology is the cellular industry. With its monthly updates on software, model and...
What are the cost factors of VoIP?
In the next few years, we might be saying goodbye to traditional telephone systems in exchange for Voice over Internet...
Manufacturing Firms are Investing More on Technology
Based on the recent research on how manufacturing companies are coming up in the market industry, they have been increasing...
Technology innovation in companies—for the better or the worse?
Technology has significantly impacted both homes and workplaces in the last years. As much as we want to keep our...
Arts & Entertainment6 days ago
The CW And Netflix Break Up Means No More Riverdale?
Google2 weeks ago
Pixel 3A And 3A XL Is Coming And Its Better Than We Thought
Cybersecurity1 week ago
Apple, Google, And Microsoft Started Protecting You From ZombieLoad Threat
Google2 weeks ago
Smarter And More Practical ‘Google AI’ Techs?
Cybersecurity7 days ago
Ransomware Are Plaguing American Cities And Experts Warn That It Will Get Worse
Facebook2 weeks ago
New Feature Updates That Are Coming To Facebook Messenger And Instagram In The Near Future
Politics2 weeks ago
Michael Cohen: President Trump’s Loyal Lawyer and ‘Fixer’ to Serve a Three-year Sentence at the Federal Correctional Institution in Otisville, New York.
Cryptocurreny7 days ago
Hacked Crypto Exchange ‘Cryptopia’ Is Selling Their Assets