Tag Archive for: locked

Locked Out of ‘God Mode,’ Runners Are Hacking Their Treadmills

/in


JD Howard just wanted to watch cloud security tutorials. Howard, a construction industry worker on sabbatical, spent $4,000 on a NordicTrack X32i treadmill, lured in by its 32-inch HD screen and the opportunity to exercise body and mind. His plan was to spend his time away from work exercising while watching technical videos from learning platforms such as Pluralsight and Udemy. But his treadmill had other ideas.

Despite having a huge display strapped to it, NordicTrack’s hardware pushes people to subscribe to exercise software operated by iFit, its parent company, and doesn’t let you watch videos from other apps or external sources. iFit’s content includes exercise classes and running routes, which automatically change the incline of the treadmill depending on the terrain on the screen. But Howard, and many other NordicTrack owners, weren’t drawn to the hardware by iFit’s videos. They were drawn in by how easy the fitness machines were to hack.

To get into his X32i, all Howard needed to do was tap the touchscreen 10 times, wait seven seconds, then tap 10 more times. Doing so unlocked the machine—letting Howard into the underlying Android operating system. This privilege mode, a sort of God mode, gave Howard complete control over the treadmill: He could sideload apps and, using a built-in browser, access anything and everything online. “It wasn’t complicated,” Howard says. After accessing privilege mode he installed a third-party browser that allowed him to save passwords and fire up his beloved cloud security videos.

While NordicTrack doesn’t advertise privilege mode as a customer feature, its existence isn’t exactly a secret. Multiple unofficial guides tell people how to get into their machines, and even iFit’s support pages explain how to access it. The whole reason Howard bought the X32i, he says, was because he could access God mode. But the good times didn’t last long.

Since October, NordicTrack has been automatically updating all of its exercise equipment—its bikes, ellipticals, and rowing machines all have big screens attached—to block access to privilege mode. The move has infuriated customers who are now fighting back and finding workarounds that…

Source…

Security Experts Warn of Apple Pay Express Transit Hack That Enables Large Unauthorized Visa Payments From Locked iPhones

/in


Researchers in the U.K. have demonstrated how large unauthorized contactless payments can be made on locked iPhones by exploiting Apple Pay’s Express Transit feature when set up with Visa.

apple pay express transit london
Express Transit is an ‌Apple Pay‌ feature that allows for tap-and-go payment at ticket barriers, eliminating the need to authenticate with Face ID, Touch ID, or a passcode. The device does not need to be wakened or unlocked to use Express Transit.

Computer Science researchers from Birmingham and Surrey Universities demonstrated to the BBC how the attack works by exploiting a weakness in the Visa contactless system through the use of a small piece of commercially available radio equipment, which is placed near the phone and masquerades as a ticket barrier.

An Android phone running an app developed by the researchers is used to relay signals from the iPhone to a contactless payment terminal and modifies the communications to fool the terminal into acting as if the ‌iPhone‌ has been unlocked and a payment authorized.

In demonstrating the attack, researchers made a contactless Visa payment of £1,000 from a locked ‌iPhone‌. The scientists only took money from their own accounts. The researchers said the Android phone and payment terminal used don’t need to be near the victim’s ‌iPhone‌ as long as there’s an internet connection.

Apple told the BBC the matter was an issue with the Visa system.

“We take any threat to users’ security very seriously,” said Apple. “This is a concern with a Visa system but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place. In the unlikely event that an unauthorized payment does occur, Visa has made it clear that their cardholders are protected by Visa’s zero liability policy.”

The researchers said the attack might be easiest to deploy against a stolen ‌iPhone‌, although there’s no evidence that the hack has been used in the wild. Visa said payments were secure and attacks of this type were impractical outside of a lab.

“Visa cards connected to Apple Pay Express Transit are secure, and cardholders should continue to use them with confidence,” said a Visa spokesperson….

Source…

How Can the Government and Police Hack Into Locked iPhones?

/in


There’s no question that the iPhone is one of the most (if not the most) secure smartphones worldwide, but that doesn’t mean it can’t be hacked.

Unfortunately, there are a few ways someone can hack into your iPhone and get your data. The bad news is that many law enforcement agencies and police departments have gotten their hands on these methods so they can retrieve information from basically anyone.

A prime example is the infamous GrayKey device, a small machine capable of cracking the passcode on your iPhone and retrieving all types of information.

For the most part, GrayKey has been a bit of a controversial mystery, but recently we’ve found more information about how it works.

Here’s what you need to know.

What’s GrayKey?

GrayKey is a hacking device developed by Grayshift, a company based in Atlanta that aims to help the government and police.

As Grayshift puts it, GrayKey is “a state-of-the-art forensic access tool that extracts encrypted or inaccessible data from mobile devices.”

What makes GrayKey so popular is that it actually is one of the best tools to hack into iPhones and Apple devices. So much so that it’s been reported to be used by police departments on several occasions.

If you believe this makes Android devices more secure, think again. Earlier this year, Grayshift announced that GrayKey would also work with “leading Android mobile devices,” like the Samsung Galaxy S20 and the Samsung Galaxy S9, although we wouldn’t call the latter a leading Android device anymore.

How Does GrayKey Work?

Until recently, we didn’t have many details on how the police can use GrayKey to hack into locked iPhones. Grayshift had done a pretty good job keeping the process to itself. But a recently leaked document showcases how GrayKey can use a brute force method to access any iPhone.

These documents were allegedly written by the San Diego Police Department.

According to these documents, once you plug GrayKey into an iPhone, it’ll detect the alphanumeric passcode and try to install an agent that will use a text file with over 63 million passwords until it finds the passcode to…

Source…

School District's computers, phones and data locked up by ransomware attack – FOX 29

/in



School District’s computers, phones and data locked up by ransomware attack  FOX 29

Source…