Tag Archive for: stuff

‘Nasty stuff’: Research into Russian push-button cellphones uncovers legion of privacy and security issues

/in


Itel, DEXP, Irbis, and F+ mobile devices put under the microscope

Researchers discover numerous security and privacy issues after analysing Russian cellphones

Many push-button phones on sale in Russia contain backdoors or trojans, a security researcher claims.

According to Russian researcher ‘ValdikSS’, some cellphones are automatically sending SMS messages or transmitting online the fact that the device has been purchased and used, among other issues.

Get the message

As outlined in a technical blog post (Russian language), some models were found to contain a built-in trojan that sends paid SMS messages to short numbers, transmitting text that is downloaded from the server. Others were said to have a backdoor that forwards incoming SMS messages to an unknown server.

ValdikSS says he discovered the issue while considering swapping the USB modems he used to receive SMS messages for phones, as these were cheaper and are capable of taking up to four SIM cards each.

“The research begun due to unexpected behavior of the phone – it sent SMS by itself,” he tells The Daily Swig.

Russian push-button phonesOf the five Russian push-button phones tested, only one was said to be ‘clean’

He then tested a number of push-button models, including the Inoi 101, DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3.

And, he found, some of the phones were not only transmitting IMEI and IMSI numbers for the purposes of tracking sales, but also contained a trojan that sends SMS messages to paid short numbers, after downloading the text and number from a server via the internet.

Finally, a backdoor was found that intercepts incoming SMS messages and forwards them to the server, potentially allowing an attacker to use the phone’s number to register for services that require confirmation via SMS.

Read more of the latest mobile security news

“I was very confused when [a] DEXP SD2160 phone tried to send premium SMS to the number and with the body loaded from its server on the internet,” he says.

“The device, initially manufactured in 2019, was being sold by one of the largest electronic stores in June 2021, with lots of negative reviews in the same store’s website, and they didn’t recall it from sales.

“I’ve watched it to do all the nasty stuff in real time on my GSM…

Source…

Apple AirTags vs. Tile: The Best Tool for Finding Your Lost Stuff

/in


“Come on. I’m right here, inside your unnecessarily puffy coat. No, not that pocket—the one with the stale muffin crumbs and crumpled CVS receipt.”

My often-misplaced work ID card can’t tell me how it really feels, thankfully, but it does now communicate with me via the $29 Apple AirTag tracker I’ve attached to it. Right now, it says it’s 7 feet to the left, and likely on another floor, which would put it in my guest-room closet.

Lost-item trackers, the high-tech savior of the forgetful, aren’t new. Attach these small Bluetooth-powered doodads to the items you fear you might lose—keys, wallet, bag, pet—and they communicate their whereabouts to your phone. Tile, one of the pioneers in the space, sells four different flavors for iPhone and Android, ranging from the $25 Tile Mate to the $35 Pro.

Samsung’s

got its $30 SmartTag for Galaxy phones. Now Apple’s bottle-cap-size AirTag for iPhone owners has arrived, and it topples the others in the world-wide game of hide-and-seek.

After two weeks of “losing” items with those trackers attached, the AirTags, in concert with my iPhone’s Find My companion app, proved to be the best. Whether it was a remote control squished between couch cushions or Wasabi, my on-loan drug-detection dog at the park (see video for that story), two unique Apple technologies led me right to them.

Yet Apple’s smallest gadget also further enables two big threats in today’s tech world: a giant company’s ever-expanding control and consolidation, and a vast, powerful network that could easily be abused by bad actors. Allow me to help you find your way.

Finding Nearby

These trackers work best when you’ve misplaced your stuff nearby, which was the case for me well before our long year of pandemic house arrest. (Yes, of course the glasses I’ve been looking for are on my head!)

AirTags and other lost-item trackers use low-powered Bluetooth to stay connected to your phone, potentially up to several hundred feet away. The strength and range depend on lots of factors, including obstacles that might come between…

Source…

Password education should be age-appropriate: here’s how » Stuff

/in


Children are increasingly being exposed to, and using, technology from a very young age. This has never been more true than in 2020 when the vast majority of children worldwide have used online resources to access educational resources and communicate with family and friends during the COVID-19 pandemic.

Many of the resources and websites used, along with the devices they are accessed on, require the use of a password to authenticate the user. However, young children don’t necessarily have the skills and knowledge required to use and maintain these passwords appropriately. They are likely to use weak, predictable passwords and tell other children their passwords.

Children come from a variety of different backgrounds and their parents will have a wide range of cyber-related skills. They might pick up some password related knowledge but there is no guarantee that they will learn the correct principles.

This situation led us to wonder what principles children should learn, and when they should learn them. To answer this question, we carried out research to:

  1. Determine what current best practice is with respect to password management, gathering the information from international standards bodies. We wanted to gather a set of password “best practice” principles.
  2. Gauge the best age at which to introduce each “best practice” principle by consulting the child development literature.
  3. Develop three sets of age-appropriate password “best practice” principles, to ensure that children learn the correct principles as and when they are ready for them.

Teaching children about cyber security.

 

Organisations have tended to advise that passwords should be at least eight alphanumeric characters long, contain digits or punctuation characters as well as letters, and both upper and lower case characters.

This essentially imposes complexity requirements on passwords. But in 2017, the National Institute for Standards and Technology, the UK’s National Cyber Security Centre and the Centre for Protection of National Infrastructure published revised password guidelines. One important change is that length, not complexity, characterises strong passwords. Other…

Source…

‘It’s Scary Stuff’: Cyber-Security Expert Says Recording-Device Investigation At Hyatt Hotel Is Not Uncommon – WCCO | CBS Minnesota

/in

‘It’s Scary Stuff’: Cyber-Security Expert Says Recording-Device Investigation At Hyatt Hotel Is Not Uncommon  WCCO | CBS Minnesota
“computer security news” – read more