eavesdropping | Breaking Cybersecurity News | The Hacker News

You might not believe it, but it's possible to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in there—visible from a window—and measuring the amount of light it emits. A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover full sound from a victim's room that contains an overhead hanging bulb. The findings were published in a new paper  by a team of academics—Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici and Boris Zadov—from the Israeli's Ben-Gurion University of the Negev and the Weizmann Institute of Science, which will also be presented at the Black Hat USA 2020 conference later this August. The technique for long-distance eavesdropping, called " Lamphone ," works by capturing minuscule sound waves optically through an electro-optical sensor directed at the bulb and using it t

Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its event at the Brooklyn Academy of Music in New York. Though the new T2 chip is already present in the 2018 MacBook Pro models launched earlier this year, this new feature got unveiled when Apple launched the new Retina MacBook Air and published a full security guide for T2 Chip yesterday. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed," Apple explained in the guide [ PDF ]. The tech giant furt

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Just imagine, you are sitting in front of your laptop and your laptop is listening to your nearby conversations. What if the recorded audio from the system's microphone is being instantly uploaded to a malicious website? Google has created a speech-recognition Application Programming Interface (API) that allows websites to interact with Google Chrome and the computer's microphone allows you to speak instead of typing into any text box, to make hands-free web searches, quick conversions, and audio translator also work with them. In January, a flaw was discovered in Google Chrome that enabled malicious websites with speech recognition software to eavesdrop on users' conversations from background without their knowledge using an outdated Google speech API. CHROME IS LISTENING YOU A new similar vulnerability in Google Chrome has been discovered by Israeli security researcher, Guy Aharonovsky, claimed that the Chrome's speech-recognition API has a vulnerability that allo

The US isn't the only western country with an Digital eye i.e PRISM like  surveillance program , designed to monitor internet and phone communications . French is leading member at European Parliament and they voted to launch an in-depth inquiry against the US's based PRISM surveillance project. The fact that the French DGSE is itself engaged in similar program should make for some awkward proceedings as that inquiry gets underway. France's General Directorate for External Security has a PRISM like system that intercept and processes the metadata for billions and billions of communications, including internet messaging, phone calls , SMS and even faxes. The one difference being that PRISM was used to spy on international targets whereas the DGSE were only keeping a watch on the French. According to French newspaper, Le Monde - program goal is ostensibly to track the behavior of terrorist cells, but the Directorate allegedly shares the anonymized informa

Cui, a fifth year grad student from the Columbia University Intrusion Detection Systems Lab and co-founder of Red Balloon Security, has demonstrated an attack on common Cisco-branded Voice over IP (VoIP) phones that could easily eavesdrop on private conversations remotely. The vulnerability Cui demonstrated was based on work he did over the last year on what he called ' Project Gunman v2 ', where a laser printer firmware update could be compromised to include additional, and potentially malicious, code. The latest vulnerability is based on a lack of input validation at the syscall interface. Cui said, " allows arbitrary modification of kernel memory from userland, as well as arbitrary code execution within the kernel. This, in turn, allows the attacker to become root, gain control over the DSP , buttons, and LEDs on the phone. " While he did not specify the precise vulnerability, Cui said it allowed him to patch the phone's software with arbitrary pieces of code, and that this a

Government eavesdropping and security agency GCHQ is developing new tools to sift through them for nuggets of useful data from Facebook, Twitter, LinkedIn, Google+, Pinterest. All of these are the source of valuable intelligence that the UK's intelligence agencies want to know about. During a visit to Bletchley Park, UK foreign secretary William Hague launched a 'spy drive' to recruit staff for GCHQ and other intelligence agencies, a National Cipher Challenge for schools, and a £480,000 grant to the home of WW2 code-breaking. " The work involves devising algorithms, testing them and general problem solving in the broad field of language and text processing. This pioneering research work is open to specialist in mathematical/statistics, computational linguists (eg speech recognition and/or language processing) and language engineering ." Job Description explains . " Using data-mining techniques, you will help us to find meaningful patterns and relationships in large

An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club. The information was released as part of a move towards financial transparency. The government released figures of expenses incurred by the Federal Ministry of the Interior following a parliamentary inquiry. This raises a whole lot of ethical and privacy questions. It has long been rumored that the German government was interested in developing an application to intercept Skype. Three years ago, documents released by WikiLeaks purported to show a proposal by a Bavarian company, DigiTask, offering to develop such a tool. The Chaos Computer Club obtained several versions of a program that has allegedly been used by German law enforcement in possibly hundreds of investigations to intercept Skype calls, said Frank Rieger, a member of the club. On page 34 and pa