- UID
- 849027
- 在线时间
- 小时
- 注册时间
- 2013-1-15
- 最后登录
- 1970-1-1
- 主题
- 帖子
- 性别
- 保密
|
楼主 |
发表于 2014-8-11 22:55:35
|
显示全部楼层
Part II: Speed
Black Hat: Google Glass Can Steal Your Passcodes
Footage of people unlocking their phones can be used to steal mobile passcodes even if the typing can’t be seen.
By Tom Simonite on August 7, 2014
Time2
Criticism of Google Glass has often focused on the way its camera makes surreptitious video recording too easy. Now researchers have shown that footage captured by the face-mounted camera could also pose a security threat.
Software developed by the researchers can automatically recover the passcodes of people recorded on video as they type in their credentials, even when the screen itself is not visible to the camera. The attack works by watching the movement of the fingers to work out what keys they are touching. It also works on footage from camcorders, webcams, and smartphones, but Glass offers perhaps the subtlest way to stage it.
The work suggests that “shoulder surfing”—stealing passwords or other data by watching someone at a computer—could become more of a threat as digital cameras and powerful image processing software become more common.
In tests where people stood three meters away from the camera, the software was around 90 percent accurate at capturing four-character-long strings typed on the iPhone’s QWERTY keyboard. The researchers say that the method could theoretically reconstruct a short e-mail or SMS.
“With Glass it’s very sneaky,” says Qinggang Yue, a grad student at the University of Massachusetts, Lowell, who carried out the research with colleagues Xinwen Fu and Zhen Ling.
When Yue met with MIT Technology Review at the Black Hat security conference, where he had presented his findings on Wednesday, he glanced around the busy press room and instantly identified a handful of people pecking away on touch screens that might be vulnerable to such an attack.
Yue has also shown that video footage can be used to recover passcodes at some distance. In one set of experiments, a camcorder held by someone at a first-floor window was used to successfully capture the passcode of someone using an iPad just over 43 meters away. “With a long-focal-length camera it could be much further,” says Yue.[316 words]
Time3
To capture a passcode, the software must identify the position and orientation of a device’s screen as well as the position of a person’s fingertips tapping on it. Yue and colleagues used machine learning to train software to tackle both those problems. The software runs on a PC, so footage captured with Google Glass must be downloaded to extract any passcodes.
The software automatically finds a device captured in a piece of footage. It then identifies the position of its screen’s four corners, and tracks the velocity of a person’s fingertip.
The researchers are currently testing ways to defend against such software-enhanced shoulder surfing. One countermeasure involves randomly swapping the keys on a standard keypad around, so that software can’t correctly translate each tap. Another involves having buttons drift around instead of staying fixed to a standard grid.[138 words]
source:MIT Technology Review
http://www.technologyreview.com/news/529896/black-hat-google-glass-can-steal-your-passcodes/
Car Security Is Likely to Worsen, Researchers Say
In-car applications and wireless connectivity are a boon to hackers who take aim at cars.
By Robert Lemos on August 8, 2014
Time4
As more cars come with wireless connectivity and in-car apps, more of them will be vulnerable to potentially dangerous hacking, two well-known researchers warned at the Black Hat security conference in Las Vegas on Wednesday.
In a study of nearly 20 different vehicles, Charlie Miller, a security engineer with Twitter, and Chris Valasek, director of vehicle security research with security services firm ioActive, concluded that most control systems were not designed with security in mind and could be compromised remotely. The pair created cybersecurity ratings for the vehicles, which will be published in a paper later this week.
When you are looking to buy a car, you can pick up a magazine and it will tell you, ‘Here are the safety features of this car,’” Valasek said. “Why can’t we, as the security industry, start making reports that say, ‘These cars have good cybersecurity and these cars don’t have good cybersecurity’?”
As the automotive industry has added more digital control systems and embedded computers, vehicles have become easier to hack. In 2011, researchers from the University of Washington and the University of California San Diego analyzed a midpriced sedan, discovering that it could be compromised via either a disk inserted in its CD player, the diagnostic equipment used by mechanics, or a cellular connection.[214 words]
Time5
Since then, other research groups have studied car security and demonstrated ways to take control of brakes, acceleration, and other functions. High-end vehicles often have computerized control of the brakes and acceleration, for collision prevention and intelligence cruise control, and automated steering to allow self-parking and the ability to remain centered in a lane.
Attacks on automotive control systems involve three steps, according to Valasek and Miller. An attacker must first find a way to exploit a vehicle system, then use that vulnerability to send a command to the electronic control unit (ECU), and finally get the ECU to execute the command.
Because of the proliferation of wireless access in vehicles, especially Bluetooth and cellular connectivity, remote execution is increasingly possible. The feasibility of sending commands to the electronic control units that manage different vehicle functions depends on the design of the car.
Car companies need to design their systems to detect exploitation attempts and prevent security from being compromised, Miller said: “You want to make each of these three steps harder for the attacker.”
But with car manufacturers competing on features, the addition of in-car applications from navigation to streaming music could leave more vehicles vulnerable, Miller added. “In-car apps and desktop-like features pose huge upcoming threats,” he said.
Designing security into vehicles is especially important because applying software patches is problematic. Updating the software in a car means bringing the vehicle to a dealer for service, a step that most owners will not take.
When you get [recall] notices in mail, you ignore them,” Valasek said. “It is going to be really hard, if a real live exploit comes out, to patch the problem.”
[276 words]
source:
http://www.technologyreview.com/news/529681/black-hat-car-security-is-likely-to-worsen-researchers-say/
Most Smartphones Come with a Poorly Secured Back Door
A system designed to let carriers remotely install software on phones, or change their settings without a user noticing, is open to abuse.
By Tom Simonite on August 7, 2014
Time6
A powerful remote-control system installed on most smartphones could be used by hackers to secretly take control of many devices, allowing theft of data or eavesdropping on communications.
Wireless carriers install the mechanism, known as ODM, in phones, tablets, and even cars as a way to distribute software updates and make configuration changes. Researchers with the computer security company Accuvant uncovered a series of flaws with ODM that could be exploited to gain the same remote-control powers.
In their tests, the Accuvant researchers could take over devices made by Apple and other major manufacturers. They gained the power to install any software on the devices, which would allow them to steal sensitive data. “An attacker can take full control,” said Mathew Solnik, a research scientist at Accuvant who presented the research at the Black Hat computer security conference Wednesday with colleague Marc Blanchou.
The attacks could also be used to reconfigure settings on a device—for example, to cause all data to flow via a server designed to collect communications. Many such settings are installed into a devices “baseband” and are more or less impossible to erase. “Even if you ‘factory reset,’ you still can’t get rid of it,” says Solnik.
An estimated two billion cellular devices around the world have the ODM protocol installed, according to the researchers. Somewhere between 70 and 90 percent of those devices have been equipped with the same software package, made by Red Bend Software of Waltham, Massachusetts, to handle the remote-control functionality.
Despite its crucial role, that package hasn’t been updated substantially since 2004, said Solnik. He and Blanchou performed their proof-of-principle attacks using a suite of flaws found in that software, as well as in the design of the ODM protocol itself.
An attack requires either using a carrier’s infrastructure to communicate with phones or using a base station of your own. That’s easier than it might sound. Accuvant’s researchers were able to use off-the-shelf hardware and an open-source software package to create a system that would connect to phones within a 30-foot radius at relatively low cost (see “Build Your Own Cellular Network”). “With a single silent message, someone who is not your carrier can access the full functionality of your device,” said Solnik.
Android devices were found to be most vulnerable. The researchers could take over Apple devices only on Sprint’s network. Fully unlocked devices bought directly from a phone manufacturer were the most secure, because most didn’t have ODM software installed.
Accuvant disclosed its findings 90 days ago to Red Bend, the device manufacturers, and the wireless carriers affected. Several, including Red Bend, have already released patches to fix the problems, although it is unknown how widely they have been distributed.
Solnik believes attacks via ODM will remain possible even after those patches are applied. Flaws discovered in the way the ODM protocol connects to a device can’t be fixed until the industry agrees on a new design, he says.
The problems uncovered by Accuvant could also be of interest to law enforcement and surveillance agencies, which increasingly use malware to collect data. In the United States, it has become common for them to use mobile base stations to intercept text messages, phone calls, and data sent by nearby phones. Solnik told MIT Technology Review the same technology could be used as a platform for attacks like those he developed. For example, it could silently push malware onto phones. “It would be a similar type of device,” he said. [580 words]
source:
http://www.technologyreview.com/news/529676/black-hat-most-smartphones-come-with-a-poorly-secured-back-door/
|
|