Security researcher bypasses iPhone’s limit on passcode attempts

Security researcher bypasses iPhone’s limit on passcode attempts

https://ift.tt/2K2U9Ka


Shutterstock / ymgerman

It’s not easy breaking into a locked iPhone. Try too many times and you can get locked out for years, even decades, or lose the device’s data altogether. That’s why law enforcement had to put pressure on Apple to unlock the San Bernardino shooter’s iPhone, and why cops across the country are buying an affordable iPhone cracker called GrayKey. Hacker House cybersecurity firm co-founder Matthew Hickey, however, has discovered a way to bypass the device’s security measures, even if it’s running the latest version of Apple’s mobile platform. Apparently, a hacker will only need “a turned on, locked phone and a Lightning cable.”

Hickey said that when an iPhone is plugged in and a hacker sends it passcode guesses using keyboard input (as opposed to typing on the screen), the action triggers an interrupt request that takes precedence over everything else. That means the iPhone would be too busy to erase the device if the attacker sends it one passcode guess after another. As a result, they can guess as many times as they want instead of being limited to 10 guesses.

Hickey said he already reported the vulnerability to Apple, noting that the bug isn’t difficult to identify and that there are probably other people who’d already found it before he did. Companies like Cellebrite, which unlocked the San Bernardino shooter’s phone for the feds, and GrayKey’s maker might even be using a similar brute force technique and taking advantage of the same bug to break into iPhones.

Cupertino might also be already aware of the vulnerability, which is why iOS 12 will feature a Restricted mode that will cut off an iPhone’s ability to connect to a USB accessory plugged into it after an hour. Since it takes much more than an hour to send a device every passcode combination possible, the new feature could prevent hackers and cracking devices from force unlocking iPhones.

Check out Hickey’s method in action below:

Tech

via Engadget http://www.engadget.com

June 23, 2018 at 01:51PM

Posted in Family | Tagged , | Leave a comment

A Major Privacy Win, a Vault 7 Indictment, and More Security News This Week

A Major Privacy Win, a Vault 7 Indictment, and More Security News This Week

https://ift.tt/2IjeGVc

What’s that? A week with nearly as much good news as bad in the world of privacy and security? It’s true! Especially the privacy part.

On Friday, the Supreme Court issued a hotly anticipated ruling in Carpenter v. United States, establishing that the government will need to get a warrant if it wants to track your location with cell sites. Meanwhile in California, it looks like residents might soon benefit from a privacy law that grants unprecedented power—in the US, anyway—over what data companies collect and what they do with it. And while this isn’t privacy related, strictly speaking, Apple’s new partnership with startup RapidSOS will push iPhone owners’ locations to dispatchers during 911 calls, saving first responders valuable minutes and almost certainly saving lives.

It’s not all sunshine and lollipops, of course. The same hacker group that meddled with the PyeongChang Olympics appears to be back, this time swinging at biochem labs in Europe. The hacking threat from China has escalated in step with trade war rhetoric. Pretty much every streaming device is vulnerable to the same type of DNS rebinding attack. Iran’s ban of encrypted messaging app Telegram has had a serious, layered impact on the country’s citizens. And deep fakes will make the already complicated issue of Twitter mob justice even more so.

But wait, there’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

After a public blow-up around the sharing of location data with third parties—and pressure from senator Ron Wyden—all four major US carriers have pledged to stop the practice. The change won’t happen overnight; all of these companies have long-term contracts to unwind. But it’s a rare bit of good privacy news at a time when that has seemed increasingly hard to come by.

Former CIA employee Joshua Adam Schulte was indicted this week; authorities allege that he was responsible for the devastating Vault 7 leak that revealed many of the agency’s hacking secrets. Schulte had previously been held on child pornography charges. The indictment also alleges that Schulte had surprisingly lax security practices for a CIA vet; he apparently reused a less secure password from his cell phone to protect the encrypted materials on his computer as well. He faces up to 135 years in prison.

In 2012, Google acquired VirusTotal, a site that scans online malware and viruses. This week, it announced a new spinoff product, VirusTotal Monitor, that will help app developers avoid being accidentally flagged as malware. VirusTotal already aggregates what over 70 antivirus vendors consider malware, so devs can how compare their apps against that list for a little peace of mind.

While not exactly offering you higher levels of security, the new Google Account panel on Android—to be followed later on iOS and desktop—does make it easier to see exactly what your settings are, along with a “privacy checkup” and “security setup” that nudge you toward a more locked-down online experience. It also introduces a search function to make it easier to find whatever specific aspect of your account you want to vet.


More Great WIRED Stories

Tech

via Wired Top Stories https://ift.tt/2uc60ci

June 23, 2018 at 08:39AM

Posted in Family | Tagged , | Leave a comment

A Major Privacy Win, a Vault 7 Indictment, and More Security News This Week

A Major Privacy Win, a Vault 7 Indictment, and More Security News This Week

https://ift.tt/2IjeGVc

What’s that? A week with nearly as much good news as bad in the world of privacy and security? It’s true! Especially the privacy part.

On Friday, the Supreme Court issued a hotly anticipated ruling in Carpenter v. United States, establishing that the government will need to get a warrant if it wants to track your location with cell sites. Meanwhile in California, it looks like residents might soon benefit from a privacy law that grants unprecedented power—in the US, anyway—over what data companies collect and what they do with it. And while this isn’t privacy related, strictly speaking, Apple’s new partnership with startup RapidSOS will push iPhone owners’ locations to dispatchers during 911 calls, saving first responders valuable minutes and almost certainly saving lives.

It’s not all sunshine and lollipops, of course. The same hacker group that meddled with the PyeongChang Olympics appears to be back, this time swinging at biochem labs in Europe. The hacking threat from China has escalated in step with trade war rhetoric. Pretty much every streaming device is vulnerable to the same type of DNS rebinding attack. Iran’s ban of encrypted messaging app Telegram has had a serious, layered impact on the country’s citizens. And deep fakes will make the already complicated issue of Twitter mob justice even more so.

But wait, there’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

After a public blow-up around the sharing of location data with third parties—and pressure from senator Ron Wyden—all four major US carriers have pledged to stop the practice. The change won’t happen overnight; all of these companies have long-term contracts to unwind. But it’s a rare bit of good privacy news at a time when that has seemed increasingly hard to come by.

Former CIA employee Joshua Adam Schulte was indicted this week; authorities allege that he was responsible for the devastating Vault 7 leak that revealed many of the agency’s hacking secrets. Schulte had previously been held on child pornography charges. The indictment also alleges that Schulte had surprisingly lax security practices for a CIA vet; he apparently reused a less secure password from his cell phone to protect the encrypted materials on his computer as well. He faces up to 135 years in prison.

In 2012, Google acquired VirusTotal, a site that scans online malware and viruses. This week, it announced a new spinoff product, VirusTotal Monitor, that will help app developers avoid being accidentally flagged as malware. VirusTotal already aggregates what over 70 antivirus vendors consider malware, so devs can how compare their apps against that list for a little peace of mind.

While not exactly offering you higher levels of security, the new Google Account panel on Android—to be followed later on iOS and desktop—does make it easier to see exactly what your settings are, along with a “privacy checkup” and “security setup” that nudge you toward a more locked-down online experience. It also introduces a search function to make it easier to find whatever specific aspect of your account you want to vet.


More Great WIRED Stories

Tech

via Wired Top Stories https://ift.tt/2uc60ci

June 23, 2018 at 08:39AM

Posted in Family | Tagged , | Leave a comment

Ajit Pai Is Apparently a Comedy Vlogger Now

Ajit Pai Is Apparently a Comedy Vlogger Now

https://ift.tt/2MceLfx

Telecom shill and FCC Chairman Ajit Pai is on some sort of Mark Zuckerberg-style tour of America’s heartland, and he’s uploaded his first vlog that he’s labeled as “comedy.”

On Thursday, the man who spearheaded the death of net neutrality uploaded this strange clip of himself hanging out in Twin Falls, Idaho. The 44-second clip is the only video on Pai’s channel. Among the questions it raises is, why is it titled “Twin Falls 2?” We know Pai is a film buff, so maybe he was making a subtle reference to the little-remembered indie flick, Twin Falls, Idaho. Then again, there’s the perplexing fact that it’s labeled in the “comedy” category and the only funny thing about it is Pai’s ever-amusing goon face. It’s possible that Twin Falls 1 was the setup and this is the hilarious punchline. We’d ask Pai what’s going on here, but considering he’s been working hard to abandon efforts to get better access to broadband in rural areas, there’s no telling when he’ll get our message.

In the video, Pai talks about the beautiful scenery and highlights some project that Idahoans are working on to improve their own networks as the government hands more and more power to a few private pseudo-monopolies. I guess the message is supposed to be along the lines of, “See, even though the FCC isn’t helping, taxpayers can do the job for us.” Heh, I guess that is kind of funny.

You can watch the clip below and make sure to leave a comment on his YouTube page.

[Motherboard, Chris Welch]

Tech

via Gizmodo http://gizmodo.com

June 21, 2018 at 04:57PM

Posted in Family | Tagged , | Leave a comment

AI and Carbon Nanotubes Are Now Being Used to Improve the World’s… Keyboards?

AI and Carbon Nanotubes Are Now Being Used to Improve the World’s… Keyboards?

https://ift.tt/2ltkEcW

Photo: American Chemical Society

When it comes to groundbreaking research, there are two fields that seem to occupy the newscycle: carbon nanotubes and artificial intelligence. The potential combination of those two fields of study seems like it could radically change the word as we know it, or, as South Korean scientists have discovered, at least change how we type.

The carbon atom, one of the building blocks of life, gains radical new abilities when assembled into long, thin chains, known as carbon nanotubes. Think ultra-flexible films that are better at stopping bullets than kevlar vests, or bio-engineered plants that can detect land mines and explosives. And AI, trained using deep learning techniques, is soon going to make it almost impossible to discern fake videos from real ones.

But researchers from South Korea’s Sejong University, Chung-Ang University, and Kyungpook National University are instead merging those burgeoning technologies to create an ultra-thin portable keyboard that can be crumpled up like paper without breaking it. A sheet of soft silicone rubber was embedded with conductive carbon nanotubes that create electrical resistance where a finger is pressed against the material.

The individual keys were simply drawn on to the keyboard using a marker—that was the easy part. To allow apps to determine where finger presses were actually happening on the material, and what keys a user was typing on, an artificial neural network was trained to pinpoint where the interactions were happening, and with how much pressure. based on the changes in electrical resistance. It sounds like a shortcut, but in this case it’s not cutting corners, it’s simply using a new tool to quickly, and cheaply, improve an existing process. Why do all that testing and coding by hand when you don’t have to?

The researchers claim the flexible keyboard they’ve created is far more durable than any other keyboard on the market, and because mass production could bring the per unit price down to as little as a dollar, even if something did happen, tossing it away and buying a replacement is a cheap option. They don’t address the fact that typing on a soft blob of silicone without defined keys makes touch typing incredibly difficult. But this approach to the hardware could be combined with existing ones, resulting in cheaper and more durable keyboards that still provide a satisfying experience for your fingertips.

[EurekaAlert! via New Atlas]

Tech

via Gizmodo http://gizmodo.com

June 22, 2018 at 09:27AM

Posted in Family | Tagged , | Leave a comment

Get It Out Of Here: A Robotic Flying Snake

Get It Out Of Here: A Robotic Flying Snake

https://ift.tt/2trMry8

This is a video demonstration of the University Of Tokyo’s relatively terrifying DRAGON (‘Dual-rotor embedded multilink Robot with the Ability of multi-deGree-of-freedom aerial transformatiON’ — that was a stretch) aerial robot, a snake-like robot made of interconnected sections that can fly thanks to a pair of ducted motors attached to each segment. It was designed to be able to change shape to squeeze through narrow passages, and will be able to manipulate objects thanks to finger-like pincers on each end. Now just imagine this thing a hundred times larger and weaving its way between skyscrapers. Scary, right? Now imagine it a hundred times smaller and trying to fly its way into your anus. Neither one sounds fun, does it? “I say the butt one is a maybe.” Ugh, I knoooow, but we hate robots, remember?

Keep going for the video.

Thanks to Trent BEE, who informed me if they made one large enough to saddle, he would ride it.

blog comments powered by Disqus

Tech

via Geekologie – Gadgets, Gizmos, and Awesome http://geekologie.com/

June 22, 2018 at 12:40PM

Posted in Family | Tagged , | Leave a comment

Google’s AR “Measure” app comes to all ARCore Android phones

Google’s AR “Measure” app comes to all ARCore Android phones

https://ift.tt/2tlzl6l

Back when I tested Google’s first augmented reality product, Project Tango, one of my favorite use cases was the Google Measure app. This would turn Tango’s bevy of extra sensors into a virtual tape measure, allowing you to roughly pick any two points in the world and get the distance between them. When Project Tango died, I figured the Measure app was done for too, but Google has resurrected the app for ARCore, its new, post-Tango augmented reality framework that works on many high-end Android phones.

Tech

via Ars Technica https://arstechnica.com

June 22, 2018 at 11:22AM

Posted in Family | Tagged , | Leave a comment