Monday, April 3, 2017

Over 85% Of Smart TVs Can Be Hacked Remotely Using Broadcasting Signals





The Internet-connected devices are growing at an exponential rate, and so are threats to them.


Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks.

We have seen IoT botnets like Mirai – possibly the biggest IoT-based malware threat that emerged late last year and caused vast internet outage by launching massive DDoS attacks against DynDNS provider – which proves how easy it is to hack these connected devices.



Now, a security researcher is warning of another IoT threat involving Smart TVs that could allow hackers to take complete control of a wide range of Smart TVs at once without having any physical access to any of them.


Researcher Shows Live Hacking Demonstration
The proof-of-concept exploit for the attack, developed by Rafael Scheel of cyber security firm Oneconsult, uses a low-cost transmitter for embedding malicious commands into a rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals.

Those rogue signals are then broadcast to nearby devices, allowing attackers to gain root access on the Smart TVs, and using those devices for nasty actions, such as launching DDoS attacks and spying on end users.

Scheel provided a live hacking demonstration of the attack during a presentation at the European Broadcasting Union (EBU) Media Cyber Security Seminar, saying about 90 percent of the Smart TVs sold in the last years are potential victims of similar attacks.



Scheel's exploit relies on a transmitter based on DVB-T — a transmission standard that's built into TVs that are connected to the Internet.

The attack exploits two known privilege escalation vulnerabilities in the web browsers running in the background and once compromised, attackers could remotely connect to the TV over the Internet using interfaces, allowing them to take complete control of the device.

Once compromised, the TV would be infected in a way that neither device reboots nor factory resets would help the victims get rid of the infection.

Scheel's exploit is unique and much more dangerous than any smart TV hack we have seen so far.

Previous Smart TV hacks, including Weeping Angel (described in the CIA leaked documents), required physical access to the targeted device or relied on social engineering, which exposes hackers to the risk of being caught as well as limits the number of devices that can be hacked.

However, Scheel's exploit eliminates the need for hackers to gain physical control of the device and can work against a vast majority of TV sets at once.

The hack once again underlines the risks of "Internet of Things" devices. Since the IoT devices are rapidly growing and changing the way we use technology, it drastically expands the attack surface, and when viewed from the vantage point of information security, IoT can be frightening.



Swati Khandelwal
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Google has started the rollout of Android 7.1.2 for Nexus and Pixel devices

Google has started the rollout of Android 7.1.2 for Nexus and Pixel devices

Google is now rolling out a new version of Android to Nexus and Pixel devices in the market. The new version of Android is not Android O as you may think but Android Nougat 7.1.2. The company initially released a beta version for Android 7.1.2 back in January along with the second beta back in March.
The new update is nothing significant and does not add any additional functionality to the operating system except the fingerprint scanner gesture.
The fingerprint scanner gesture is coming to Nexus 6P and 5X along with Pixel launcher for Pixel C tablet. The update also added the option to choose where you want to set the live wallpapers along with a new battery usage list as detailed by Android Police.
The option to choose where you want to set the live wallpapers gives you the option to choose if you want to only apply the current live wallpaper to the homescreen or the lockscreen also. The new battery usage list presents a ‘Usage alerts’ list where Android can list that apps that are draining more battery than usual.
The new update seems more focused on fixing bugs and issues in the operating system rather than introducing any ground breaking features that will improve the functionality the the Android O update. The update is rolling out gradually to all the devices. Nexus Player and Google Pixel C users have started receiving the update.
Publish date: April 3, 2017 1:48 pm| Modified date: April 3, 2017 1:48 pm

DDR5: Jedec is defining a new standard for RAM that’s twice as fast as its predecessor

DDR5: Jedec is defining a new standard for RAM that’s twice as fast as its predecessor

Progress in the personal computing (PC) space can never be halted. The latest developments in the world of the PC indicate the arrival of DDR5 RAM, which will offer twice the bandwidth and consume less power than the DDR4 RAM it replaces.
RAM or Random Access Memory is an ultra-high speed storage unit on your PC. RAM is used to store frequently accessed data and to provide it to any process that needs it. The same data can be accessed from your hard drive, but RAM is orders of magnitude faster.
The current RAM standard is DDR4, which is already extremely fast. Data read and write speeds are in the range of 60 GB/s or higher. A regular hard disk might manage 120 MB/s and a really good SSD might pull of speeds in excess of 500 MB/s.
The downside to RAM is that is that it can’t be used to store data for extended periods. RAM is volatile memory, which means that unlike a hard disk, data stored in RAM is completely erased in the event of a power failure.
It might seem silly to say this, but even this much bandwidth is not enough for certain applications. Massive databases and machine learning algorithms require massive amounts of bandwidth and, as PC World points out, some programmers have started harnessing the power of RAM for in-memory processing of databases.
New forms of RAM were expected to replace DDR4, the primary challenger being Intel and its Optane memory. Optane memory is still not ready for large-scale consumer use, but it promises read and write speeds rivalling that of RAM. The full details of Optane still aren’t readily available, but if true, you may not need RAM again, if you’re not a demanding user that is.
AMD’s upcoming graphics architecture is also being designed to take advantage of high-speed databases.
DDR5 will be very welcome in some circles, but it will not matter to the average consumer. Jedec (Joint Electron Device Engineering Council) is a standards organisation that’s working on finalising the standards for DDR5.
The initial parameters describe a standard that’s twice as fast as DDR4, offers double the data density (How much RAM is enough?) and consumes less power while doing so.
This process of defining the standard itself might take a year or more, and even after that, server-makers are likely to be the first ones to benefit from it.
PC World reports that Jedec is also working on a new standard of hybrid memory storage called NVDIMM-P. This will combine flash storage and RAM and reside in a DIMM slot traditionally used by RAM.

Internet providers in US say that they are not going to sell their consumers’ internet browsing history

Internet providers in US say that they are not going to sell their consumers’ internet browsing history

Representational Image : Reuters
Comcast Corp, Verizon Communications Inc and AT&T Inc said Friday they would not sell customers’ individual internet browsing information, days after the US Congress approved legislation reversing Obama administration era internet privacy rules.
The bill would repeal regulations adopted in October by the Federal Communications Commission under former President Barack Obama requiring internet service providers to do more to protect customers’ privacy than websites like Alphabet Inc’s Google or Facebook Inc . The easing of restrictions has sparked growing anger on social media sites.
“We do not sell our broadband customers’ individual web browsing history. We did not do it before the FCC’s rules were adopted, and we have no plans to do so,” said Gerard Lewis, Comcast’s chief privacy officer. He added Comcast is revising its privacy policy to make more clear that “we do not sell our customers’ individual web browsing information to third parties.”
Verizon does not sell personal web browsing histories and has no plans to do so in the future, said spokesman Richard Young. Verizon privacy officer Karen Zacharia said in a blog post Friday the company has two programs that use customer browsing data. One allows marketers to access “de-identified information to determine which customers fit into groups that advertisers are trying to reach” while the other “provides aggregate insights that might be useful for advertisers and other businesses.”
Republicans in Congress Tuesday narrowly passed the repeal of the rules with no Democratic support and over the objections of privacy advocates. The vote was a win for internet providers such as AT&T Inc, Comcast and Verizon. Websites are governed by a less restrictive set of privacy rules. The White House said Wednesday that President Donald Trump plans to sign the repeal of the rules, which had not taken effect.
Under the rules, internet providers would have needed to obtain consumer consent before using precise geolocation, financial information, health information, children’s information and web browsing history for advertising and marketing. Websites do not need the same affirmative consent. Some in Congress suggested providers would begin selling personal data to the highest bidder, while others vowed to raise money to buy browsing histories of Republicans.
AT&T says in its privacy statement it “will not sell your personal information to anyone, for any purpose. Period.” In a blog post Friday, AT&T said it would not change those policies after Trump signs the repeal. Websites and internet service providers do use and sell aggregated customer data to advertisers. Republicans say the rules unfairly would give websites the ability to harvest more data than internet providers.
Trade group USTelecom CEO Jonathan Spalter said in an op-ed Friday for website Axios that individual “browser history is already being aggregated and sold to advertising networks – by virtually every site you visit on the internet.” This week, 46 Senate Democrats urged Trump not to sign the bill, arguing most Americans “believe that their private information should be just that.”
Reuters
Publish date: April 3, 2017 12:54 pm| Modified date: April 3, 2017 12:55 pm

HTC U flagship smartphone leaked in press-renders, reveals a button-free design

HTC U flagship smartphone leaked in press-renders, reveals a button-free design

HTC was rumoured to be working on a new flagship smartphone code-named HTC Ocean, which would be unlike any other handset that we have seen. Today, we have a leaked press-render of an HTC smartphone which seems to match the rumours.
According the leak, the smartphone is HTC U. It will be a full metal smartphone and have slim bezels. As you can see there are no physical buttons, only a USB Type-C port at the bottom with a pair of speakers. This matches the previous rumours we have heard about the HTC Ocean, where it was speculated to have touch sensitive sensors on the edges for certain functionalities like volume control and power button. There is no fingerprint scanner either so it could very well be embedded under the display and it seems to lack a 3.5mm audio jack as well.
There is also a leaked set of specifications for the handset which suggest a 5.5-inch display with quad HD resolution of 2,560 x 1,440 pixels, a Snapdragon 835 chipset and two storage variants of 64GB and 128GB. While there is no confirmation of the RAM, it is speculated to be 4GB. The rear camera could feature a 12MP sensor while on the front we could see a 16MP selfie shooter. It is expected to run on Android 7.0 Nougat OS with HTC Sense 9 UI. The handset is rumoured to be unveiled this month with a launch date in May.
If the speculations are true, this will be the third handset under HTC’s new U-series, the first two being the HTC U Ultra and U Play which were announced in January.
Publish date: April 3, 2017 12:46 pm| Modified date: April 3, 2017 12:46 pm

Nokia 9 may come with QHD OLED display, Iris scanner, Android Nougat 7.1.2 and more

Nokia 9 may come with QHD OLED display, Iris scanner, Android Nougat 7.1.2 and more

Representational Image
HMD Global, the company that is making Nokia smartphones is planning to launch the flagship, Nokia 9 in coming months. According to a new tip reported by Nokia Power User. the company may be planning to include Iris scanner to the upcoming flagship smartphone.
The report hinted at an entire list of specifications that are rumoured to come with Nokia 9. This is in contrast to the lack of any official statements from HMD Global regarding the release of the smartphone.
Nokia 9 is expected to sport a 5.5-inch QHD OLED display panel while running on Qualcomm Snapdragon 835 with Adreno 540 GPU. The quality German glass made by Carl-Zeiss used by original Nokia is expected to make a comeback with Nokia 9 where 22MP Dual-lens camera module will be equipped with Carl-Zeiss optics and a 12MP front camera. Nokia 9 will come with 6GB RAM and two storage variants of 64GB and 128GB internal storage. The smartphone will sport a 3,800 mAh battery along with Qualcomm Quick-Charge 4 support.
HMD Global will also include an Iris scanner like the Samsung Galaxy S8 and S8+ in addition to the usual fingerprint scanner.
Nokia 9 is also expected to come with IP68 certification along with Nokia OZO audio enhancements. One thing to note here is that there is nothing official about this tip like the previous tips reported so we can’t confirm about how many things will actually make the cut or if Nokia 9 will actually launch.
Publish date: April 3, 2017 12:14 pm| Modified date: April 3, 2017 12:14 pm

US man gets electrocuted after sleeping with extension cord in bed, to charge his iPhone

US man gets electrocuted after sleeping with extension cord in bed, to charge his iPhone

A 32 year old man from Huntsville, Alabama in the US got electrocuted after going to sleep with an extension cord in his bed. The cord was used to power up his iPhone, and it was a habit for him to go to sleep while the smartphone was charging.
A dog-tag that he wore around his neck came into touch with the exposed prongs of the charger, that had come loose. The man felt a sudden jolt of electricity that threw him out of the bed, according to a report in the Washington Post.
“It was the eeriest, darkest, most demonic thing you could ever experience,” the man told the paper. The man went numb, felt pressure around his neck, his vision began to fade, and his heartbeat thundered in his ear. He managed to pluck out the necklace, but suffered burn marks on his neck, with skin and flesh missing, and the pattern of the dog-tag were burnt into his hand. There was smoke coming out of the extension cord.
The man was hospitalised, and the doctors noted that he had suffered from second and third degree burns on his neck and hands. The shock could have potentially killed the man, if he had not managed to remove the necklace.
The man now charges his phone in the kitchen, far away from his bed. The incident highlights the dangers of charging a phone on a bed while sleeping.
Publish date: April 3, 2017 12:01 pm| Modified date: April 3, 2017 12:01 pm

Xiaomi Mi 6: New leaks reveal box, front panel and hands-on images

Xiaomi Mi 6: New leaks reveal box, front panel and hands-on images

Xiaomi Mi 6 render. Image: Android Headlines
As the launch for Xiaomi’s next flagship draws closer, we are seeing more leaks emerging. In the past we had heard that it will feature the new Snapdragon 835 chipset, a dual camera setup and more. Today we have a more scoop around the device including some alleged hands-on pictures. Let’s go through them one by one.
Firstly there is the official box for the handset. Two different Weibo accounts have leaked two different coloured boxes of the handset. Both the boxes also have different specifications.
The specifications include a 5.15-inch display, Snapdragon 835 processor clocked at 2.45GHz, 6GB of RAM and 128GB of storage. For the cameras there is a 30MP sensor with optical image stabilisation at the back and an 8MP camera on the front. The box also mentions a 4,000mAh battery, dual SIM slots, and a USB Type-C port.
Xiaomi-Mi-6-Box-Black
The second box which is the white one, mentions a 5.15-inch display with a 2.5D glass, a Snapdragon 835 processor with no mention of the clock speed. RAM on this version is 3GB while storage is 64GB. Even the camera is different, as the box mentions a 12MP rear shooter and a 4MP ultra pixel sensor on the front just like the Mi 5. Even the battery is smaller rating at 3,200mAh.
Xiaomi-Mi-6-Box-White
Rumours suggest the white box is probably the base variant while the black box is the higher ‘Pro’ variant.
xiaomi-mi-6-panel-2
Then we have an image of white and black front glass panels of the device. We can see that handset will have narrow bezels although the area on top and bottom are going to be fairly large. There are a bunch of openings above the display which are of course for the camera, earpiece and light sensors. It is being speculated that there is a third hole which could be for an iris scanner, but we have our doubts about that. Below the display is the opening for the front home button which has an oval shape. It is quite large and rumours suggest that the Mi 6 will feature an underglass ultrasonic fingerprint scanner used on the Mi 5S but with a fast sensor.
xiaomi-mi-6-panel
Finally there are a couple of leaked images of the handset itself, but this one is apparently the Mi 6 Plus. The leaked highly-glossy black coloured variant shows the front panel of Mi 6 Plus with narrow bezels. The physical home button placed below the display will also house the fingerprint scanner. At the back we can see a dual-camera setup with dual a LED flash arrangement. These to cameras are said to be a pair of 12 MP Sony IMX362 sensors.
Xiaomi-Mi-6-Plus-Leak
Rumoured specifications of the Mi 6 Plus include a 5.7-inch full HD display, a Snapdragon 835 SoC with 4 GB of RAM while some also suggest 6 GB and 8 GB RAM variants. Other rumoured features include 64GB and 128GB storage options, going all the way up to 256 GB, and 8MP front camera, Android 7.0 Nougat with the latest edition of MIUI and a 4,500 mAh capacity battery. Pricing is said to start at 2,599 Yuan (Rs 26,000 approx) going all the way up to 3,499 Yuan (Rs 35,000 approx).
Publish date: April 3, 2017 11:57 am| Modified date: April 3, 2017 12:07 pm

CloudFlare and LimeStone Networks have been securing terror group Jaish-e-Mohammad’s websites

CloudFlare and LimeStone Networks have been securing terror group Jaish-e-Mohammad’s websites

Two technology firms based out of San Francisco and Texas have been securing Pakistan-based terror outfit Jaish-e-Mohammad’s website while boosting its reach online, enabling easy access to its users.
CloudFlare works like a shield between the user and original host of the website and the internet. In this case, alqalamonline.com and rangonoor.com are the offending websites and they’re hosted by SiteGround, a web hosting company based out of Bulgaria. CloudFlare protects the sites from DDoS (Distributed Denial of Service) attacks and other such hacking attempts.
According to a detailed report by DNA, Jaish-e-Mohammad (JeM) has enrolled both the websites for protection against DDoS and other malicious, script-based attacks via CloudFlare since March 2014.
The report indicates that the websites in question are hosted on 104.18.56.73 and 104.27.132.179 IP addresses. Both these IP addresses are linked to CloudFlare, which is based-out of California. CloudFlare also caches the website so that it can load faster, as detailed by Mumbai-based cyber security researcher, Dinesh Bareja.
Vanessa Royale, a representative for CloudFlare told DNA that the company is not hosting the websites. She added that “IP addresses may appear in a DNS (Domain Name System) query since we are a reverse proxy.”
Royale refused to comment on CloudFlare’s customers or the company’s plans. She tried to slip the issue of CloudFlare protection by stating that CloudFlare is not responsible for hosting any terrorist websites and that terminating a customer will only result in a slower site that’s a little easier to hack.
Royale is essentially stating that CloudFlare is protecting the terrorist websites but that it isn’t hosting them so it isn’t such a big deal. It’s quite likely that CloudFlare isn’t even aware that the site it’s protecting is a terrorist website and it’s unlikely to deliberately provide safe harbour to terrorists. However, the company’s response is rather tame.
The report confirmed that both websites were running on 77.104.156.63, an IP address managed by SiteGround. The websites are managed by  a web administrator called Muhammad Tariq Siddique from Karachi, reveals the report.
One thing to note is that American companies are barred from performing financial transactions with designated terror organisations and JeM has been denounced by the UN and the USA since 2001 for its activities. JeM is the same group responsible Parliament attack in 2001, Pathankot air force base attack and the Nagrota camp attack.
The terror outfit has also enrolled help from LimeStone Networks for hosting other domains like musalmanbachay.comfathulijawaad.com and sadaemujahid.com, as part of its online propaganda in the form of videos of terrorists hailed as martyrs, quranic verses, poetry on war and propaganda articles.
These domains provide soft propaganda and introduce young children and teenagers to the thought-process of JeM ideology. Both these companies have been painted as favourites for the Islamic State, al-Qaeda, Hezbollah and other extremist groups.
Despite all this, law enforcement authorities in the United States have not taken any action against CloudFlare and Pakistani authorities only briefly shut down JeM’s online publications after the Pathankot attack.
Publish date: April 3, 2017 10:15 am| Modified date: April 3, 2017 10:13 am

Snapchat introduces ‘Search’ option to lets users search content they’ve posted on the app

Snapchat introduces ‘Search’ option to lets users search content they’ve posted on the app

A woman wears Snapchat Spectacles on the floor of the New York Stock Exchange. Image: Reuters/Brendan McDermid.
Few days after Facebook got a Snapchat-like “Stories” update that lets users add effects to their photos and videos, Snap Inc has introduced a “Search” option that would give users power to search through the content they posted on its app.
Snapchat will enable users to search for photos and videos known as “Snaps” posted to the “Our Story” option on the app, by creating new “Stories” using machine learning technology, the company said in a blog post on Friday.
For instance, users can use the search feature to find “Snaps” related to events such as local basketball games and topics such as puppies.
The search feature, which was rolled out in some cities on Friday, is an addition to curated “Stories,” where public “Snaps” about major events like Wimbledon or the Coachella music festival already appear.
First introduced by Snapchat, “Our Story” feature is a slideshow of user content that disappears after 24 hours.
Earlier this week, social media giant Facebook gave its users access to the new Facebook Camera feature in its app that lets them add effects to their photos and videos.
Facebook-owned Instagram and WhatsApp already got “Stories” update before Facebook rolled it out to its users.
After this update, the Facebook users could now share their content to a Snapchat clone called ‘Facebook Stories’ that appears above News Feed on mobile and works similar to Instagram’s 24-hour slideshows.
Publish date: April 2, 2017 10:41 am| Modified date: April 2, 2017 10:41 am

Related Posts Plugin for WordPress, Blogger...