Is the security of iris recognition technology on the Galaxy S8 an "issue"? Probably, although Samsung thinks a hack is difficult to happen in reality.
The telecom is still valuing the deal at nearly $4.5 billion for a user base of about 1 billion. Digital content and ad-feeding prospects outweigh scandals.
You might have thought that Apple would have been working on trying to fix up iOS right after an 18-year-old publicly executed a nasty exploit that could make the host device do supposedly anything from a click of a web link: call 911 repeatedly, send torrents of emails and performing other JavaScript tasks to do so much.
Well, it turns out that after doing a little more digging, one Collin Mulliner has been able to replicate the bug that the Arizona teenager put out. He was able to figure out how iOS apps that use the in-built WebView browser to display external webpages are vulnerable to a bug that traces back to iPhone OS 3. You know, before when the iPad and iPod touch got into the family.
Nowadays, when your iPhone reads the HTML of any page on Safari, it’s supposed to make sure you want to call the number requested through a dialog prompt. It used to simply dial and call the number upon read. Apple did patch this bug, but it has neglected to do so for the WebView browser.
That means that if you click on, say, a Facebook or Twitter link to a page coded in such a way, you are at peril with whatever the HTML code makes your phone do. In Mulliner’s simulated case, it is to call a certain number and lock out any input into the phone through a mix of bogging the phone with too much information at the same time.
Mulliner, who was able to use a bug he had in 2008 to work with an app with WebView in 2016, contacted both Twitter and Apple. The developer also has a bounty cap on his way.
The state-caused splatter of more than 500 million Yahoo account credentials and associated personal information was caught by several of the company’s employees when it happened in 2014. The company only publicly disclosed in September that the breach happened after completing an investigation the previous month to confirm the scope of the attack.
Yahoo disclosed this to the Securities and Exchange Commission today in a quarterly report. It initially tied the discovery of the 2014 breach back to a 2012 breach that exposed 200 million Yahoo account names and passwords.
The initial disclosure of the later hack happened a month after Verizon agreed to purchase Yahoo for $4.8 billion. It’s worth noting that the telco, considering this as a “material event” where it would have been able to negotiate down the asking price for the search company, “may seek to terminate the Stock Purchase Agreement or renegotiate the terms of the Sale transaction on that basis,” Yahoo admits. Verizon declined comment while Yahoo declined further comment beyond the filing.
Israel-based Cellebrite, the company rumored to have sold the FBI a zero-day exploit for the iPhone 5c at the center of a terrorism investigation, is also rumored to be in talks with the Indian government to sell another exploit that may unlock “iPhones and other electronic devices with top-notch encryption,” according to The Economic Times‘s sources from within the Forensic Science Laboratory.
As part of the country’s law enforcement, the FSL may seek to serve as “a global hub for cases where law enforcement is unable to break into phones,” one anonymous official said. The technology could penetrate through the encryption layers of iOS 8 and above as well as Android devices. The FSL has consulted Cellebrite for exploits on a per-case basis, but it could be a month away from obtaining a complete tool to crack the codes.
The FBI reportedly paid millions of dollars to Cellebrite for a decryption tool to access information inside the iPhone of Syed Farook, one of the suspected perpetrators of a mass shooting in San Bernardino that killed 14 and injured dozens last December. The firm has sold products to and worked with multiple governments on investigations where content on a conventionally inaccessible phone is wanted.
One Arizona teenager is in a heap of trouble with the Maricopa County Sheriff’s Department over a link on a Twitter page that ended up nearly incapacitating 911 service for the city of Surprise.18-year-old Meethkumar Hiteshbhai Desai is charged with three counts of felony computer tampering and is alleged to be responsible for hosting a link and, on Tuesday night, distributing it on Twitter. Tapping on it caused “iOS cell phones” to call 911. Over. And over. And over. At least one user ...
If you have a device running Android 7.0 or better and really, really want Google Assistant integrated into your operating system as it is on the new Pixel phones, but don’t have a Pixel and aren’t willing to get one, you’re in luck if you know your way around the file directories of your ...
“It’s not a question of if you’re going to get hacked – it’s when you’re going to get hacked.” With that surprisingly candid statement meant to underplay the “material impact” of the recently uncovered Yahoo cyber-attack on a faltering giant Verizon intends to revive… somehow, Big Red’s CEO effectively rubbished
Yahoo has certainly seen way better days.Last week, it has had its 500 million of its users email account credentials exposed. This week, it was revealed that Yahoo was riling through emails at the classified request of the National Security Agency or FBI, looking for signatures correlated to terrorist communications.Add to that the company’s CEO Marissa Meyer leaving a bad taste of management with many in the ...
Yahoo has announced that “a state-sponsored actor” has gotten hold of a copy of US account details including password hashes, — machine-scrambled passwords that are sent and exclusively accepted by receiving servers — unencrypted and encrypted security questions and answers and vital specs like names, email addresses, phone numbers and dates of birth. The data dates back to late 2014.As of this point, it seems that no unhashed passwords were obtained as well as payment or bank account information. Users are being notified and urged to be vigilant for suspicious ...
The highest-profile battle over privacy and technology has not ended. In fact, it may have only just begun with a lawsuit filed by three news organizations against the FBI.You may recall that the agency wanted Apple to decrypt an iPhone 5c in the possession of Syed Rizwan Farook, one of the perpetrators of a mass shooting in San Bernardino, California, that killed 14 people and wounded 24 others. Farook and co-perpetrator, wife Tashfeen Malik, were killed shortly after their attack. The FBI claimed it ...
Whether or not this all-time thoroughbred can run the darn operating system, though, that’s another question.But we might as we take our victories as they come as HTC’s big Windows Mobile release for 2009, the HD2, has finally had Android 7.0 Nougat hacked onto it. XDA-Developers member macs18max ...
NSO Group is the reason why you should probably install iOS 9.3.5.Apple released the update today to address three previously unknown vulnerabilities that were exploited two weeks ago when spyware from the Israel-based organization targeted Ahmed Mansoor, a human rights activist hailing from the United Arab Emirates.“New secrets about torture of Emiratis in state prisons,” a text read with a URL that may have represented The Emirates Foundation.Mansoor, ...
Shortly after security researcher Salvador Mendoza revealed that Samsung Pay authentication tokens could be intercepted and used by fraudsters to make purchases on their victims’ dime, Samsung has responded with a blog post and several FAQ answers.First of all, the company addressed the three things that get sent to vendors for each Samsung Pay transaction.The token contains unique, ...