Tag: password

iPhone TouchID Falls To Well-Known Hack

Apple’s Touch ID may be the new thing when it comes to signing on to your iPhone. But the underlying finger print scanning technology proved vulnerable to a very old-school attack, according to information posted by the German hacking crew The Chaos Computer Club (CCC). The group announced late Saturday that it was able to successfully bypass TouchID with a fake fingerprint, lifted from a glass surface. “This demonstrates – again – that fingerprint biometrics is unsuitable as access control method (sp) and should be avoided,” the group wrote in blog post announcing the compromise. Apple’s Touch ID biometric sign-on was the major new feature in the just-released iPhone 5S (the feature is not offered for the lower-cost 5C, which was also just announced.) The feature makes use of technology Apple acquired in July 2012 with the firm AuthenTec, and its addition to the iPhone line was no surprise. But […]

Continue Reading

Experts Crowd Source Bounty To Defeat iPhone 5S TouchID

A group of security enthusiasts, including some leading figures in the IT security industry, have pledged their hard-earned cash toward a bounty for the first hacker who can fool Apple’s new iPhone 5s Touch ID fingerprint scanner using a fingerprint lifted without the owner’s consent. A web site, istouchidhackedyet.com, has been set up to coordinate the campaign, with more than $14,000 in pledges committed (via Twitter posts) from a Who’s Who of  the IT security community. The project was the brainchild of Robert David Graham of Errata Security (@ErrataRob) and Nick De Petrillo (@nickdepetrillo) of Crucial Security, who launched the contest and set up the web site to collect donations.  Security luminaries from across the globe chipped in funds to build a bounty, including Travis Goodspeed ($50) and Nick Percoco (@c7five) of the security firm Trustwave ($250). The largest single donation – $10,000 – came by way of Arturas Rosenbacher (@arturas) […]

Continue Reading

iPhone’s Touch ID Gives A Big Boost To Biometrics

Apple Corp. introduced the latest versions of its iPhone mobile phone yesterday to great fanfare, though the fever pitch that was common during the reign of Steve Jobs was noticeably absent. There were a flurry of articles and opinion pieces like this one, wondering whether Apple had lost its mojo, were common. And it goes without saying that if the headline is wondering whether you’ve lost your mojo, then you most certainly have. Still, Apple didn’t disappoint with its iPhone and iOS updates, particularly in the security arena. Indeed, the long-rumored addition of a finger print reader may have been the most prominent new feature in an update where the most prominent changes (a faster, 64-bit processor, higher resolution camera, etc. ) were transparent to the user. So what do you need to know about the new iPhone and its biometric authentication feature? And how will the new iPhone 5S […]

Continue Reading

Report: Crematoriums To Caterpillars Shodan Reveals Internet Of Things

What kind of stuff is lurking out there on the vast (and growing) Internet of Things? A recent story in Forbes makes the point that its a lot more varied than you might think – everything from Caterpillar trucks to public school classrooms to a crematorium. And “yes,” I said “crematorium.” The idea that surveillance cameras can be accessed from the public Internet isn’t really new. Security researchers have been showing off ways to sidestep security features for IP enabled surveillance cameras for years. We wrote last week about the Federal Trade Commission’s case against a California company, TRENDNet, which made a line of balky, in secure home surveillance gear. But Kashmir Hill makes the point in her story that surveillance cameras are just the tip of the iceberg. Hill interviewed security researchers and professional Shodan jockeys, who use that hardware focused search engine to uncover supposedly secure equipment and industrial control […]

Continue Reading

New Mobile Malware Taps Ad Networks To Spread

It was only a couple weeks back that we wrote about new research from the folks at WhiteHat Security that posited a way for mobile ad networks to be gamed and used to distribute malicious code. Now it looks as if the bad guys were one step ahead, as researchers at Palo Alto Networks reveal new type of malicious Android malware that uses mobile ad networks to infect vulnerable devices. Palo Alto described the new, malicious mobile software, dubbed “Dplug,” in a blog post on Monday. The company said the malware authors appear to be leveraging second tier mobile ad networks, mostly in Russia and the former Soviet Republics), to distribute their wares. The Dplug malware takes advantage of the deep integration between mobile applications and mobile advertising networks to gain a foothold on infected devices, then send out messages to premium SMS services to generate money for the fraudsters, according […]

Continue Reading
1 20 21 22 23 24 25