Tag Archive for: Hardware

Researchers uncover a hardware security vulnerability on Android phones

/in


android phone
Credit: Unsplash/CC0 Public Domain

Could your smartphone be spying on you?

Hopefully not, and if so, not for long, thanks to a team of researchers at the University of Pittsburgh Swanson School of Engineering.

Their recent study found that the Graphics Processing Unit (GPU) in some Android smartphones could be used to eavesdrop on a user’s credentials when the user types these credentials using the smartphone’s on-screen keyboard, making it an effective target for hacking. This hardware security vulnerability exposes a much more serious threat to user’s sensitive personal data, compared to the previous attacks that can only infer the user’s coarse-grained activities, such as the website being visited or the length of the password being typed.

“Our experiments show that our attack can correctly infer a user’s credential inputs, such as their username and password, without requiring any system privilege or causing any noticeable shift in the device’s operations or performance. Users wouldn’t be able to tell when it’s happening,” said Wei Gao, associate professor of electrical and computer engineering, whose lab led the study. “It was important to let manufacturers know that the phone is vulnerable to eavesdropping so that they can make changes to the hardware.” 

A phone’s GPU processes all of the images that appear on the screen, including the pop-up animations when a letter of the on-screen keyboard is pressed. The researchers were able to correctly infer which letters or numbers were pressed more than 80 percent of the time, based only on how the GPU produces the displayed keyboard animations.

“If someone were to take advantage of this weakness, they could build a benign application—like a game or other app—and embed malicious code into it that would run silently in the background after it’s installed,” said Gao. “Our experimental version of this attack could successfully target usernames and passwords being entered in online banking, investment, and credit reporting apps and websites, and we…

Source…

Self-Hosting Security Guide for your HomeLab

/in



This top-rated VPN hardware protects your internet connection 24/7

/in


Every time you roam around on the internet, you leave behind a trail of digital crumbs that contain personal information, whether it be a name, email, phone number, or home address. More often than not, private corporations take hold of these data clusters to customize their ads and get you to buy their stuff. But other times, malicious hackers who like to steal identities can gain access to your information.

As a preventative measure, cybersecurity outfits have time and time again recommended the use of a virtual private network (VPN) to safeguard your information against potential threats. And while there are a plethora of reputable services offering VPN, a safer and more economical option exists: the Deeper Connect Nano Decentralized VPN Cybersecurity Hardware.

An IndieGoGo hit, having garnered nearly $3 million in funding, Deeper Connect Nano functions as a decentralized VPN and firewall solution and works even without a subscription. This means all you have to do is install it, and you’re pretty much set for life.

Serverless and distributed, your data will never be logged, leaked, hacked, or even subpoenaed. While it essentially works like a VPN by encrypting your web traffic via tunnels, it does it over a decentralized private network, resulting in higher security levels. The device serves as both client and server, and your IP address automatically changes based on routing rules.

Deeper Connect Nano also uses a 7-layer firewall that secures your entire home or business network. It’s capable of blocking ads and trackers while monitoring web traffic, as well as filtering NSFW and NSFC on all connected internet devices. You can also use it to bypass any region-restricted content, customize parental control and ensure children won’t come across adult or violent content, and view all online activities happening on the network all at once. 

Browse safely online with the Deeper Connect Nano Decentralized VPN Cybersecurity Hardware, only $299. 

Prices subject to change.

Source…

Tiny Open Hardware Linux SBC Hides In Plain Sight

/in


There was a time, not quite so long ago, when a computer was a beige box that sat on your desk. Before that, computers were big enough to double as desks, and even farther back, they took up a whole room. Today? Well today it’s complicated. Single-board computers (SBCs) like the Raspberry Pi put a full desktop experience in the palm of your hand, for a price that would have been unfathomable before the smartphone revolution increased demand for high-performance ARM chips.

But compared to the tiny open hardware Linux SBC that lives inside the WiFiWart, even the Raspberry Pi looks massive. Developed by [Walker] as a penetration testing tool, the custom computer is housed in an enclosure designed to make it look like a traditional (if a bit large) USB phone charger. In fact, it doesn’t just look like a USB charger, it actually is one. The internal power supply is not only capable of converting AC into the various DC voltages required to run the miniature Linux box, but also features a USB port where you can plug in your phone to charge it.

For the infosec folks in the audience, the applications for the WiFiWart are obvious. Just plug this thing in somewhere inconspicuous, and you’ve got a foot in the door. The dual WiFi interfaces mean you can connect to a target network on one card and use the second to spin up a fake access point or exfiltrate data. Plus with a quad-core Cortex-A7 ARM processor running at 1.2 GHz and a healthy 1 GB of DDR3, you’ll have enough power to run many security tools locally.

But of course, nothing keeps you from using the WiFiWart for non-security purposes. That’s what has us particularly excited, as you can never have enough open hardware Linux boards. Especially ones this tiny. Removed from its wall charger disguise, the brains of the WiFiWart could be used for all kinds of projects. Plus, not only is the final design open source, but [Walker] made sure to only use free and open source tools to create it. Keeping his entire workflow open means it will be easier for the community to utilize and improve upon his initial design, which in the end, is the whole idea behind the open hardware movement and efforts such as the Hackaday…

Source…