PINDROP BLOG

Category: Device Security

November 22, 2016
Remotely Recording Conversations Through Headphones
As if attackers didn’t have enough methods for observing users’ actions, researchers have now developed a technique that allows them to use speakers or headphones plugged in to a PC as microphones to record victims’ discussions. The attack involves a technique called re-tasking in which the researchers changed the functionality of the audio jacks on a…
Read More →
November 16, 2016
Lawmakers Ponder Regulatory Remedy for IoT Security
The recent DDoS attacks by the Mirai botnet against various targets, including DNS provider Dyn, have drawn the attention of congressional leaders, who say there may be a need for regulation of IoT device security in order to address the problem of vulnerable embedded devices. In a joint hearing on Wednesday, the House Subcommittee on Communications and…
Read More →
November 16, 2016
PoisonTap: The Tiny Internet-Hijacking, Cookie-Stealing, Backdoor-on-a-Board
A renowned hardware hacker has released a cheap USB device that, when plugged in to any computer–even password-protected or locked ones–can hijack all of the Internet traffic from the PC, steal web cookies, and install a persistent backdoor that survives after device is removed. Known as PoisonTap, the device is the work of Samy Kamkar,…
Read More →
November 15, 2016
Google, Facebook, Twitter Ask Trump to Protect Strong Crypto
A group of powerful technology vendors and Internet firms, including Google, Twitter, Uber, Amazon, and Facebook, have sent a letter to Donald Trump’s transition team asking the president-elect to protect the use of strong encryption and consider reforms of the mass surveillance laws. The letter, written by the Internet Association, includes several pages of policy…
Read More →
November 10, 2016
House Lawmakers to Look at Mirai Botnet DDoS Attacks
A pair of House subcommittees are planning to hold a joint hearing to look at the role that IoT devices have played in a number of recent DDoS attacks. Much of the high-profile DDoS activity that’s taken place lately has been attributed to the Mirai botnet, a series of networks made up of compromised embedded devices.…
Read More →
November 9, 2016
WebView Bug Can Force iPhones to Make Calls
A bug in the way that iOS WebView handles some kinds of links can be used to force a victim’s iPhone to call a number controlled by an attacker, such as a premium-rate number, a security researcher has found. The vulnerability lies in the way that WebView treats some links, specific phone number links in apps.…
Read More →
November 8, 2016
Audit of Signal Protocol Finds it Secure and Trustworthy
A group of academic security researchers has reviewed the security of the Signal protocol, which is used in the Signal encrypted messaging app as well as in many third-party apps, and found that it is both secure and resistant to attack. The review, conducted by researchers from universities in the U.K., Canada, and Australia, looked at…
Read More →
November 8, 2016
Google Fixes Dozens of Bugs in November Android Patch
Google’s November update for Android includes patches for more than a dozen critical vulnerabilities, several of which are in the kernel. The monthly update also includes fixes for a number of remote code execution flaws. One of the critical vulnerabilities is an issue with the Qualcomm cryptographic driver that could lead to code execution. “A…
Read More →
November 7, 2016
Android Patch Released to Stop Ultrasonic Tracking
The researchers who exposed the ways in which ultrasonic signals can be used to track users across devices have released a patch for Android that helps users protect themselves against the silent tracking. The patch is designed to give users more control of which apps on their devices have access to the ultrasonic spectrum, which…
Read More →
November 4, 2016
Mirai Botnet Attacks on Liberia Drop Off
The attacks from the Mirai botnet against targets in the country of Liberia that have been ongoing for several days have now stopped, at least for the time being. For more than a week, attackers have been throwing short, but highly potent DDoS floods of various types against a number of sites in the small…
Read More →