#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

smartphone hacking | Breaking Cybersecurity News | The Hacker News

7 Things That Happened After WikiLeaks Dumped The CIA Hacking Files

7 Things That Happened After WikiLeaks Dumped The CIA Hacking Files
Mar 10, 2017
This week WikiLeaks published "Vault 7" — a roughly 8,761 documents and files claiming to detail surveillance tools and tactics of the Central Intelligence Agency (CIA). The leak outlined a broad range of flaws in smartphones and other devices that the agency uses to intercept communications and spy on its targets, making even China and Germany worried about the CIA's ability to hack all manner of devices. While WikiLeaks promised the "Vault 7" release is less than one percent of its 'Year Zero' disclosure, and there's more to come, we are here with some new developments on the CIA leak. But, before knowing about the latest developments in the CIA hacking tool leak, I would suggest you read my previous piece to know 10 important things about 'WikiLeaks-CIA Leak .' We believe the US intelligence agencies have access to much bigger technical resources and cyber capabilities than the leak exposed in the leak. The dump so far just

British Intelligence is Legally Allowed to Hack Anyone, Court Says

British Intelligence is Legally Allowed to Hack Anyone, Court Says
Feb 13, 2016
Hacking of computers, smartphones and networks in the United Kingdom or abroad by the Government Communications Headquarters (GCHQ) is LEGAL , the UK's Investigatory Powers Tribunal ( IPT ) ruled. So, the UK is giving clean chit to its intelligence agency to spy on its people as well as people living abroad. Now, How is that okay? The British spying nerve center GCHQ has won a major court case in defense of the agency's persistent hacking programs.  After revelations by NSA whistleblower Edward Snowden about the extent of spying by the US and the UK, Privacy International and seven Internet Service Providers (ISPs) launched a legal challenge against the GCHQ's hacking operations. The case alleged that the British spying agency was breaking European law and violating fundamental warrant protections by its too intrusive and persistent surveillance actions. GCHQ Admitted its Hacking Practices Though GCHQ "neither confirm nor deny" the e

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

New York Police Used Cell Phone Spying Tool Over 1000 Times Without Warrant

New York Police Used Cell Phone Spying Tool Over 1000 Times Without Warrant
Feb 12, 2016
The New York Police Department (NYPD) has admitted that it used controversial cell phone spying tool " Stingrays " more than 1,000 times since 2008 without warrants. In the documents obtained by the New York Civil Liberties Union (NYCLU) , the NYPD acknowledged that the department has used Stingrays to intercept personal communications and track the locations of nearby mobile phone users. What are Stingrays? In my previous article , I have explained the scope of Stingrays along with its working, how it cracks encryption and how the police agencies are using these cell phone spying devices equipped in its military surveillance technology DRTBox  in order to: Track people Intercept thousands of cellphone calls Quietly eavesdrop on conversations Eavesdrop on emails and text messages Stingrays are small cell phone surveillance devices that work by imitating cellphone towers, forcing all nearby phones to connect to them and revealing the owners' locat

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Hijacking WhatsApp Account in Seconds Using This Simple Trick

Hijacking WhatsApp Account in Seconds Using This Simple Trick
Jun 05, 2015
The hugely popular smartphone messaging service WhatsApp, acquired by Facebook for over $20 billion last year, has reportedly been found to be prone to hijacking without unlocking or knowing your device password, making its hundreds of Millions of users vulnerable to, not just hackers, but also non-technical people. This trick lets anyone surrounds you to get effectively control over your WhatsApp account. The attacker needs nothing more than a phone number of the target person and access to the target mobile phone for a few seconds, even if it is locked. Hacking Whatsapp account in such scenario is not hard for your friends and colleagues. This is not actually a loophole or vulnerability in WhatsApp, and rather it is just the way WhatsApp is designed and its account setup mechanism works. NOTE: Moreover, we aren't encouraging users to hack others WhatsApp account , but the purpose of publishing this article is to warn and remind our readers that you should be extr

NSA Wants To Track Smartphone Users Based on How They Type and Swipe

NSA Wants To Track Smartphone Users Based on How They Type and Swipe
May 28, 2015
Just the way you swipe your smartphone screen is enough for your smartphone to identify you. Yes, it's a Fact, not Fiction! The United States National Security Agency (NSA) has a new technology that can identify you from the way your finger swipe strokes and text on a smartphone screen, according to officials with Lockheed Martin who helped design the technology. John Mears , a senior fellow for Lockheed IT and Security Solutions, told NextGov that Lockheed Martin has been working with the agency to create a " secure gesture authentication as a technique for using smartphones, " and " they are actually able to use it. " Mandrake – New Smartphone-Swipe Recognition Technology This new smartphone-swipe recognition technology, dubbed " Mandrake ," remotely analyses the curve, unique speed and acceleration of a person's finger strokes across their device's touchscreen. " Nobody else has the same strokes, " Mears ex

Cisco IP Phones Vulnerable To Remote Eavesdropping

Cisco IP Phones Vulnerable To Remote Eavesdropping
Mar 23, 2015
A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned. LISTEN AND MAKE PHONE CALLS REMOTELY The vulnerability ( CVE-2015-0670 ) actually resides in the default configuration of certain Cisco IP phones is due to " improper authentication ", which allows hackers to remotely eavesdrop on the affected devices by sending specially crafted XML request. Moreover, the vulnerability could be exploited by hackers to make phone calls remotely from the vulnerable phones as well as to carry out other attacks by making use of the information gathered through the audio interception activity. AFFECTED DEVICES The devices affects the Cisco's small business SPA300 and SPA500 Internet Protocol (IP) phones running firmware version 7.5.5, however, Cisco alerts that later versions of these

Spy Planes Equipped with Dirtbox Devices Collecting Smartphone Data

Spy Planes Equipped with Dirtbox Devices Collecting Smartphone Data
Nov 15, 2014
The U.S. government is reportedly using spy airplanes equipped with special military-grade snooping equipment to eavesdrop on cell phone information from millions of smartphone users in U.S, according to a new report. This little device, nicknamed " Dirtbox ", is being used to mimic mobile phone tower transmissions from the sky and gather data from millions of mobile phones, helping the US Marshals Service track criminals while recording innocent citizens' information. The purpose of the device is supposedly to track a specific target, but if active, all mobile devices in the particular area will respond to the signal. The Dirtbox causes smartphones to transmit back the users' location, registration information and identity data – uniquely identifying IMEI numbers stored in every mobile device, The Wall Street Journal reported . The name Dirtbox is given after the initials of Digital Receiver Technology, Inc. (DRT) , a Boeing Company subsidiary that allegedly ma

Xiaomi Data Breach — "Exposing Xiaomi" Talk Pulled from Hacking Conference

Xiaomi Data Breach — "Exposing Xiaomi" Talk Pulled from Hacking Conference
Oct 30, 2014
China's number one — and the world's 3rd largest — smartphone manufacturer, Xiaomi , which is trying to make inroads into India's booming mobile phone market, was found secretly sending users' personal data , including IMEI numbers, phone numbers and text messages to the web servers back to Beijing in China. INDIA AND TAIWAN vs XIAOMI This issue raised higher concerns across many countries, proactively in India, Singapore and Taiwan. The Indian Air Force (IAF) — among the largest in the world — warned its employees and their belongings that their private information was being shipped over to servers in China, and asked them to avoid using Xiaomi smartphones due to security risk. Taiwanese Government underlined similar concerns before Xiaomi's launch in India. Xiaomi is facing an investigation in Taiwan for alleged cyber security threat, as a result of which last month the Taiwanese government decided to ban the company due to several privacy controversies. When i

SandroRAT — Android Malware that Disguises itself as "Kaspersky Mobile Security" App

SandroRAT — Android Malware that Disguises itself as "Kaspersky Mobile Security" App
Aug 05, 2014
Researchers have warned users of Android devices to avoid app downloads from particularly unauthorized sources, since a new and sophisticated piece of malware is targeting Android users through phishing emails . The malware, dubbed SandroRAT , is currently being used by cybercriminals to target Android users in Poland via a widely spread email spam campaign that delivers a new variant of an Android remote access tool (RAT). The emails masquerade itself as a bank alert that warns users of the malware infection in their mobile device and offers a fake mobile security solution in order to get rid of the malware infection. The mobile security solution poses as a Kaspersky Mobile Security , but in real, it is a version of SandroRAT, a remote access tool devised for Android devices, whose source code has been put on sale on underground Hack Forums since December last year. A mobile malware researcher at McAfee, Carlos Castillo, detailed the new variant of Android remot

BBC News iOS App Not Hacked, Breaking News Push Messages Sent in Error

BBC News iOS App Not Hacked, Breaking News Push Messages Sent in Error
Jun 25, 2014
If you are one of the users of the BBC News iPhone app , then you might have receive a strange message as a breaking news notification earlier this morning. The message was sent on two separate time durations. First the message reads: " NYPD Twitter campaign 'backfires' after hashtag hijacked," then strangely adds: "Push sucks! Pull blows! " After a while it goes to: " BREAKING NEWS No nudity in latest episode of Game of Thrones!!! MORE BREAKING NEWS IIIIII like testing. " Beneath the message the text seems to get more serious as it adds: " This is a breaking news story and the BBC News app will bring you updates as soon as they are available. " From various media outlets, it was observed that the most popular BBC News smartphone app has been hijacked by the some attackers who compromised its " Breaking News " feature and sent bogus messages to the users of the BBC News iPhone app. But BBC developers were actually

First Android Ransomware that Encrypts SD Card Files

First Android Ransomware that Encrypts SD Card Files
Jun 05, 2014
We have seen cybercriminals targeting PCs with Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it. To deliver the Ransomware malwares to the mobile devices, cyber criminals have already started creating malicious software programs for android devices. Last month, we reported about a new Police Ransomware malware that locks up the devices until the victims pay a ransom to get the keys to unlock the phone. But, the malware just lock the mobile screen and a loophole in the its implementation allowed users to recover their device and data stored on SDcard. Now, in an effort to overcome this, threat actors have adopted encryption in the development of mobile Ransomware malwares. Recently, the security firm ESET has discovered a new Android ransomware, dubbed as Android/Simplocker.A , that has ability to encrypt the files on the device SD card and then demand a ransom from the victim

Samsung Plans to add Eye Scanner to its Upcoming Smartphones

Samsung Plans to add Eye Scanner to its Upcoming Smartphones
May 22, 2014
After introducing the Fingerprint scanner to its new release, Samsung next plans to add IRIS scanning technology to its future smartphones to better improve the security of smartphones and for being more innovative too. According to a report released by The Wall Street Journal, Samsung senior Vice President Rhee In-jong told analysts and investors at a forum in Hong Kong that the company is planning to incorporate biometric sensors such as eye scanners into more of its products as a part of its enterprise security software. " We're looking at various types of biometric mechanisms and one of things that everybody is looking at is iris detection, " Rhee said. The move is no doubt in order to bring an added layer of security to its devices. A Smartphone with an eye-scanning feature would most likely to be used in the front-facing camera to scan the unique patterns of the user's iris and once the pattern get matched with the already stored user's iris image in the phon

Android Bitcoin-Mining Malware found on Google Play Store

Android Bitcoin-Mining Malware found on Google Play Store
Apr 25, 2014
Google always bound to face trouble over the wide and open nature of its app checking policies on Google Play Store, and despite so many security measures, the search engine giant mostly fails to recognize the Android malware that are lurking around its Google Play store in vast numbers. Recently, Google had offered users refund and additional credit of $5 for the bogus antivirus app ' Virus Sheild ' that potentially defrauded more than 10,000 Android users who have downloaded the app from the Google play store. The step taken by Google is really appreciated, as the refunding cost Google around $269,000. Now, it has been found that a number of malicious Android apps on the Google Play store secretly turn users' android devices into small rigs contributing to a large-scale crypto currency mining operation. CRYPTO MINER IN ANDROID APP Security researchers from an anti-malware firm Lookout have identified various malware apps at Google Play Store, which they dub

Warning: Malware Campaign targeting Jailbroken Apple iOS Devices

Warning: Malware Campaign targeting Jailbroken Apple iOS Devices
Apr 19, 2014
A new piece of malicious malware infection targeting jailbroken Apple iOS devices in an attempt to steal users' credentials, has been discovered by Reddit users. The Reddit Jailbreak community discovered the malicious infection dubbed as ' Unflod Baby Panda ', on some jailbroken Apple iOS devices on Thursday while a user noticed an unusual activity that the file was causing apps such as Snapchat and Google Hangouts to crash constantly on his jailbroken iPhone. CHINA WANTS YOUR APPLE ID & PASSWORDS Soon after the jailbroken developer uncovered the mysteries ' Unfold.dylib ' file and found that the infection targets jailbroken iOS handsets to captures Apple IDs and passwords from Internet sessions that use Secure Socket Layer (SSL) to encrypt communications and is believed to be spreading through the Chinese iOS software sites, according to the researchers at German security firm SektionEins . The researchers found that the captured login information is been sent

Samsung Galaxy S5 Fingerprint Scanner Easily Get Hacked

Samsung Galaxy S5 Fingerprint Scanner Easily Get Hacked
Apr 15, 2014
Samsung Galaxy S5 Fingerprint feature promises an extra layer of security for your smartphone, which also lets you make payments through PayPal. But does it really secure? Just three days after the launch of the Galaxy S5, Security researchers have successfully managed to hack Galaxy S5 Fingerprint sensor using a similar method that was used to spoof the Touch ID sensor on the iPhone 5S last year. FOOLING FINGERPRINT SENSOR SRLabs researchers recently uploaded a YouTube video, demonstrated how they were able to bypass the fingerprint authentication mechanism to gain unauthorized access just by using a lifted fingerprint with wood-glue based dummy finger. The S5 fingerprint scanner allows multiple incorrect attempts without requiring a password, so an attacker could potentially keep trying multiple spoofed fingerprints until the correct match. PAYPAL USERS AT RISK Samsung Galaxy S5 users can also transfer money to other PayPal users just by swiping their finger on the sensor, but

HeartBleed Bug Explained - 10 Most Frequently Asked Questions

HeartBleed Bug Explained - 10 Most Frequently Asked Questions
Apr 15, 2014
Heartbleed – I think now it's not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server's memory, potentially revealing users data, that the server did not intend to reveal. After the story broke online, websites around the world flooded with the heartbleed articles, explaining how it works, how to protect, and exactly what it is. Yet many didn't get it right. So based on the queries of Internet users, we answered some frequently asked questions about the bug. 1.) IS HEARTBLEED A VIRUS? Absolutely NO, It's not a virus. As described in our previous article , The Heartbleed bug is a vulnerability resided in TLS heartbeat mechanism built into certain versions of the popular open source encryption standard Open
Cybersecurity Resources