Tag Archive for: Prevent

Turn off 2 Pixel and Samsung Galaxy settings to prevent hackers from owning your phone

/in


Google has a Project Zero team that analyzes software and hardware, looking for exploits allowing malicious attackers to get into various gadgets. Project Zero just found one such severe vulnerability, a 0-day issue that would allow hackers to remotely control phones like the Pixel 7 and 6 series, and Samsung Galaxy phones like the Galaxy S22.

The issue resides in the Exynos modems inside those devices. Until manufacturers, Google included, patch them, users should turn off two phone features to eliminate the risk of hacks. These are VoLTE and Wi-Fi calling and shouldn’t impact your overall phone experience.

With VoLTE turned on, you’ll be placing your calls over 4G, and the feature should improve the overall quality of phone calls. Wi-Fi calling, meanwhile, helps you make calls in areas with spotty cellular reception. They’re not must-have features that you immediately think of when buying a new phone. Rather, you take them for granted, if you’re even aware of them.

Whatever the case, you can easily turn these features off from the phone’s Settings app. Once the Exynos patches start rolling in via security updates, you can reenable them.

You might not consider yourself a target for hackers, but that doesn’t mean you’re safe.

Project Zero found 18 vulnerabilities in Exynos modems from late 2022 and early 2023. Four of them are critical, including issues that would allow an attacker to control phones remotely:

The four most severe of these eighteen vulnerabilities (CVE-2023-24033 and three other vulnerabilities that have yet to be assigned CVE-IDs) allowed for Internet-to-baseband remote code execution. Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.

These vulnerabilities are serious enough that they convinced Project Zero to delay the disclosure of the…

Source…

Boulder County buys phone-hacking tech using money meant to treat, prevent drug addiction

/in


Last month, Boulder County spent the first of what it hopes will be millions of dollars for the treatment and prevention of drug addiction, courtesy of lawsuits against the drug manufacturers, distributors and pharmacies that helped fuel America’s opioid epidemic.

Among the spending was money for controversial yet widely used technology to gain access to locked cell phones and computers. Law enforcement officials argue such products are necessary to find and prosecute drug dealers, whose illegal enterprises have produced an ever-mounting body count.

Yet the increasing usage of such products has occurred largely without public knowledge and debate, or corresponding evolution of regulation to protect against potential abuse — a chief concern of privacy experts and human rights groups who warn the tools are an unprecedented, unchecked expansion of police power.

“There’s this really remarkable power that police have that can be used quietly and silently,” said John Davisson, senior counsel for Washington, D.C.-based Electronic Privacy Information Center. “It’s really putting a lot of power into the hands of law enforcement.”

Crucial tool for catching drug dealers

Spending on mobile device forensics tools, or MDFTs, as they’re known, represents just a sliver of Boulder County’s opioid settlement spending so far: $81,250 — 4.5% of an $1.8 million total first funding round — went to purchase products from Cellebrite and GrayKey, which unlock Android and Apple/iOS products, respectively, and Nighthawk and Magnet Forensics, which assembles extracted data into a readable format and “puts it all together in a pattern,” according to Boulder County Sheriff’s Office Sergeant Jeff Pelletier, who presented on the purchases at a December meeting of Boulder County’s Regional Opioids Council.

The equipment will go to Longmont Police Department’s Special Investigations Unit, which handles narcotics investigations and Boulder County’s Drug Task Force, which serves the same function for most of the county, excluding Longmont and Louisville. A third Cellebrite device will go to Boulder County’s Digital Forensics Lab, which aids…

Source…

On Your Side: Prevent hack attacks on your ‘smart home’ devices

/in


On Your Side: Prevent ‘smart home’ hack attacks


On Your Side: Prevent ‘smart home’ hack attacks

02:11

“Smart homes” sure can make life easier, but they also open you up to hackers. One recent study found that smart homes can experience up to 12,000 hack attempts per week. And most people don’t even know it’s happening.

From smart TVs to baby monitors, even smart appliances and lightbulbs, anything in your house that connects to wi-fi is prone to hacks.

So what if someone hacks my stove? Well, they could turn it on and start a house fire. Or if you have a baby monitor, they could be watching your child, or watch you to study your habits to see when you come and go.

“These devices also can be an entrance point into other devices on your home network,” said Harald Remmert, chief technology officer, Digi International. “So your stove could be the entry point into your router and then eventually into your work laptop.”

So what can you do to hack-proof these smart devices?

  • You need a strong and unique password. Never use the default password or username. And make sure you don’t share passwords across devices.
  • Make sure your device has upgraded software. If you have an old smart device and you haven’t had a software update in quite some time, it may be time to get a new one.
  • A quality router with a good firewall that can detect and prevent attacks is worth the money.
  • And it’s very important to have security software on your computer to let you know if there is unusual activity.

Kristine Lazar


kristine-lazaar-1200x800-2018.jpg

Kristine Lazar is an Emmy Award-winning investigative reporter for CBS2 and KCAL9 News. Kristine graduated Phi Beta Kappa from UC Berkeley, after growing up by the beach in San Diego.

Source…

5 Security Experts Share Best Practices to Prevent Zero-Day Attacks

/in


Imagine you accidentally leave a rarely-used window open in your home.

You don’t think anything of it until you notice things going missing. Thieves have been sneaking in and out of your house for days, availing themselves of your stuff using that neglected window. 

Read more