Tag Archive for: discover

Security researchers discover Apple Pay and Visa contactless payment hack

/in


Photo
Photo (c) martin-dm – Getty Images

A team of security researchers has uncovered a new hack that could allow bad actors to make unauthorized charges through victims’ iPhones. 

In a demonstration to the BBC, researchers from the Computer Science departments of Birmingham and Surrey Universities in the U.K. showed how cyber thieves can exploit a feature in Apple Pay that could leverage unauthorized contactless payments. According to the researchers, the problem lies in how Visa cards are set up in “Express Transit” mode in an iPhone’s wallet. 

Express Transit is an Apple Pay feature that enables commuters to make quick contactless payments without having to unlock their phone. It’s similar to how a commuter might pay for a ride on New York City’s MTA, Los Angeles’ TAP, or Chicago’s CTA. 

How it works

In the demo, researchers showed how easy it was for them to make a Visa payment of £1,000 [$13,460 USD] without unlocking the phone or authorizing the payment. 

All a hacker has to do is set up a commercially available piece of radio equipment near where the iPhone might be used to make a payment, such as a retail store. The hacker can then trick the iPhone into thinking it’s dealing with a legitimate point-of-contact. 

The scary thing is that the crook’s phone and the payment terminal that’s being used don’t need to be anywhere near the victim’s iPhone. “It can be on another continent from the iPhone as long as there’s an internet connection,” said Dr. Ioana Boureanu of the University of Surrey.

Apple and Visa aren’t worried…yet

While the researchers may think the incursion is a real possibility, neither Apple nor Visa are sweating it quite yet. According to the BBC, Apple said the matter was “a concern with a Visa system.” Visa said its payments were secure and attacks of this type were impractical outside of a lab.

Visa told the BBC that it took all security threats seriously, but it says this isn’t something that consumers should worry about. 

“Visa cards connected to Apple Pay Express Transit are secure, and cardholders should continue to use them with confidence,” the company said. “Variations of contactless fraud schemes have been studied in laboratory…

Source…

Computer scientists discover new vulnerability affecting computers globally — ScienceDaily

/in


In 2018, industry and academic researchers revealed a potentially devastating hardware flaw that made computers and other devices worldwide vulnerable to attack.

Researchers named the vulnerability Spectre because the flaw was built into modern computer processors that get their speed from a technique called “speculative execution,” in which the processor predicts instructions it might end up executing and preps by following the predicted path to pull the instructions from memory. A Spectre attack tricks the processor into executing instructions along the wrong path. Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way.

Since Spectre was discovered, the world’s most talented computer scientists from industry and academia have worked on software patches and hardware defenses, confident they’ve been able to protect the most vulnerable points in the speculative execution process without slowing down computing speeds too much.

They will have to go back to the drawing board.

A team of University of Virginia School of Engineering computer science researchers has uncovered a line of attack that breaks all Spectre defenses, meaning that billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced. The team reported its discovery to international chip makers in April and will present the new challenge at a worldwide computing architecture conference in June.

The researchers, led by Ashish Venkat, William Wulf Career Enhancement Assistant Professor of Computer Science at UVA Engineering, found a whole new way for hackers to exploit something called a “micro-op cache,” which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process. Micro-op caches have been built into Intel computers manufactured since 2011.

Venkat’s team discovered that hackers can steal data when a processor fetches commands from the micro-op cache.

“Think about a hypothetical airport security scenario where TSA lets you in without checking your…

Source…

Discover why VPNs are so crucial in today’s world – Film Daily

/in


VPNs are becoming increasingly more useful in the internet age. They not only provide access to sites that would otherwise be blocked, but they can ensure you aren’t being tracked by outside sources. VPNs are especially useful if one is browsing the internet from their own home and want to make sure their data is encrypted.

But how does a VPN work? Does it require special tech skills? Does the installation process differ when you purchase a VPN for multiple devices? We’ve decided to answer each of these pressing questions so that readers can use their VPN to its fullest capacity.

VPNs on mobile devices

In years past, the installation of VPNs on mobile devices was a lengthy process. Thankfully, today, it’s much simpler. If a user has an iPhone or an Android and wants to ensure that the data is not being tracked, they can simply download the VPN app of their choosing and install it. Once the installation is complete, the user’s data will automatically become encrypted.

There are several different VPN options, most NordVPN remains one of the most popular due to its flexibility. NordVPN allows up to six installs per account, so users can encrypt all of their tech in addition to those owned by friends and family.  

Free VNPs vs paid VPNs

There’s some confusion about VPNs that are free versus the ones that are paid. Both appear to be beneficial, but the free options are oftentimes a huge risk. Some free VPN options will not encrypt data at all times, and perhaps even worse, they will keep logs of your data in order to sell it to the highest-bidding advertiser. In the case of the latter, the VPN would be putting your personal information at risk instead of protecting it.

We recommend using paid VPN options exclusively. Some of the most popular VNPs include ExpressVPN, Tunnelbear, StrongVPN, and the aforementioned NordVPN.

VPN compatibility with internet provider

A valid concern that some users might have is whether a VPN would mess with their current internet/Wi-fi connection. Fortunately, the answer to both is no. A VPN only affects the virtual end of your internet use, which will make it seem like you are running through a different network when really you are…

Source…

Researchers Discover Rare Form of Malware that Targets VoIP Softswitches – Infosecurity Magazine

/in

Researchers Discover Rare Form of Malware that Targets VoIP Softswitches  Infosecurity Magazine
“malware news” – read more