Tag Archives: hackers

How safe are VPNs?

It’s a tough economy out there. Things are looking up, alright. But for some low-life criminals like Joe Crook, ANY work will always be too much work anyway. So what do people like Joe Crook do? They scheme. They’re on the lookout for the latest scam so that they can defraud you of your hard-earnt cash.

How does a vpn work?

Take VPN technology for example. For IT knowledgeable evil-doers, it’s as good a target as anything there is. The technology has been around for decades of course. In the beginning, it was meant for big businesses – and most probably it was never intended for the many purposes that it serves today (nope, it was not created with Netflix in mind!)

The original idea behind this technology was to create a private connection between multiple people and devices across the Internet. In other words, it was the Internet within an Internet: a secure, private and encrypted network keeping hackers, ransomware, prying eyes and anybody that was after your personal data.

In a way, VPN offered a perfect solution to those sharing sensitive data or looking to evade government censorship. VPNs typically allowed only authenticated remote access via tunneling protocols and other encryption techniques to prevent disclosure of private information. In short, no one knew where you surfed, what content you saw, nor where you were even surfing from. Your connection was fully encrypted!

VPN’s risks

But, sensing an opportunity, the Joe Crooks of this world came to realize people like Average Joe might have grown complacent in their use of VPN. For instance, millions connect to public Wi-Fi hotspots without thinking twice about the potential consequences. Fraudsters came to understand the technology’s possible weaknesses. And with over 280 million Internet users in the US alone, roughly 80% of which are using the web every single day, let’s just say there is plenty of fish to go after.

It’s not just traditional VPN that can be targeted

Research conducted just last year revealed that nine in 10 SSL VPNs were using insecure or outdated encryption. The large-scale study randomly scanned over 10,000 live and publicly-accessible SSL VPN servers (SSL refers to Secure Sockets Layer – it’s a form of VPN that can be used with a standard web browser).

Users’privacy

Although VPNs are meant to protect users’ privacy by setting up an encrypted tunnel between the device being used and the VPN provider’s servers, vulnerabilities are known to exist. Hackers like Joe Crook are keen to steal your data mid-transit and unfortunately are getting better at it.

So what more should you do to protect your privacy online?

When making payments online, are you unwillingly allowing hoodlums to help themselves to your credit card details? One thing for sure, our devices are getting more and more connected every day. Having access to a VPN should form part of your set of digital tools – though it isn’t a foolproof sort of firewall by any stretch of the imagination.

And for the highest level of protection look nowhere else but to Panda Security. We have developed a cyber-security platform designed to eradicate threats. Security systems are activated before threats are executed, and advanced protection for endpoints and servers helps destroy the malware before it’s too late. Now, that’s what we call protection!

We’d like to ask you about the VPNs, do you have 2 minutes ?

 

The post How safe are VPNs? appeared first on Panda Security Mediacenter.

NSA and CIA were spying on you! So what?

A few days ago WikiLeaks released information clarifying CIA have developed a whole lot of hacking tools that allow them to spy on everyone somehow connected to the internet.

Unfortunately,it’s not news NSA, and CIA are spying on you, this has been a well-known fact for years. According to NSA and CIA, the primary goal of the global internet monitoring is the fight against terrorism. There is no precise statistics of how many terrorist attacks have been prevented thanks to the patriot act and the hard-working guys at NSA and CIA. However, we are sure they’ve been doing a good job so far – with small exceptions there haven’t been any major incidents here on US soil since 9/11.

Even though no one is euphoric CIA and NSA seem to have access to virtually everything digital in the world, regular folks have accepted it.

So why is all the fuzz around WikiLeaks and their latest Vault 7 leak?

The problem is that according to Julian Assange, the tools CIA and NSA have developed could also be classified as cyber weapons. Briefly, it’s the equivalent of the discovery of the atomic bomb. If these cyber arms end up in the wrong hands, things can go horribly wrong. Imagine if a 16-year-old stoner from FYROM manages to access your router, and record everything connected to it. Imagine if they can do the same thing to a top government official.

Or if a piece of hardware used in airplanes has a backdoor allowing unauthorized access to the equipment located at captain’s cockpit. This is scary, isn’t it? We live in a digital era where adults in the US spend an average of 5 hours a day staring at their cell phones. We monitor our children with baby monitors, and we pay bills and shop online on a daily basis. There is barely any cash seen in the modern world; all our finances are in digital bank accounts. We no longer work for hard cash, we work for ‘doubloons’ in our bank account. Our life is starting to feel as we are in a video game, and as in many video games, villains want to take advantage of the regular people. Everything we do and that matters to us is somehow visible as a digital print.

So let’s get back to what’s scary.

The scary part is that CIA and NSA obviously are having issues keeping all this information secure and it is possible those cyber weapons will end up in the wrong hands. How would you feel if you know Iran, Russia or China have this power too? It would be a chilling fact to realize that a foreign government knows more about you than your own.

It will surely give you the chills to understand that a country with completely different beliefs and culture has access to your personal and professional life. Such hacking scandals also cause a stir around the globe as other nations say the USA needs to stop spying on them.

The good news is…

And if we try to somehow forget about governments fighting each other in cyber wars, such weapons could end up in the hands of groups of hackers who are after the regular people. The good news is that cyber criminals do not have nationality or beliefs; most of the times they are not after you; they are after your money. And using the weapons developed by CIA and described at WikiLeaks, gaining access to your bank account seems like a child’s play if you are not protected.

Julian Assange says the information released a few days ago is only 1% of what it is to come. According to WikiLeaks, the Vault 7 series will be the largest intelligence publication in history. We can surely expect extraordinary findings over the course of the next few months!

The post NSA and CIA were spying on you! So what? appeared first on Panda Security Mediacenter.

Mobile World Congress 2017: Are Future Technologies Safe?

“Technology is very hard to predict.”

So said Reed Hastings, Netflix CEO, during his keynote at this year’s Mobile World Congress when asked what his forecast was for future technologies over the next five to twenty years.

This year’s Mobile World Congress (MWC) was full of tech that gets us excited about the future though. From 5G, which could be up to a thousand times faster than 4G, to new real-world VR applications, the event over the years has become so much more than just a showcase for mobile devices.

We were able to check it out, and have put together a list of some of the technologies that got us most excited, and that we feel will form a big part of our future lives.

As Hervé Lambert, Global Consumer Operations Manager at Panda Security, was quick to point out though, there is a flipside. As he put it, as these new technologies advance, cyber criminals “will become more specialized with each type of attack and will go deeper into the system.” For every new exciting piece of tech, there is of course, the question of cyber security.

How will this tech shape our future and will it be one where we can feel safe in the physical and digital world?

Robots / AI

Driving home the MWC’s futurist appeal, as well as the fact that the event is more than a simple mobile device exhibition, was the amount of robots on display this year. PaPeRo, the human companion robot was demoed by various companies. Its impressive face recognition capabilities can be utilized for public safety, even being able to track lost children in shopping malls.

At the Ubuntu stall, meanwhile, REEM and REEM-C were both on display. REEM-C, which was designed by Barcelona-based PAL Robotics, is a flexible full-size humanoid biped robot that is used for different types of research, including AI.

Being connected to the Internet of Things (IoT) obviously poses potential risks.

REEM-C, for example, weighs 80 kg. In a future where robots are more widely available, a malicious attacker could cause real damage by taking control of such a heavy piece of machinery.

AI and big data analysis is actually being used today to make people safer though. During a keynote speech at the MWC, Takashi Niino, CEO and president of the NEC Corporation, described how real-time analysis with face recognition technology is being used in Tigre, Argentina to reduce crime. The highly accurate face recognition technology can be used to identify criminals, and even to detect suspicious behavior. Since the “urban surveillance system” was implemented, vehicle theft has gone down by 80 per cent in Tigre.

“AI will soon become a reality of most people’s daily lives”

As always, there’s another side to the coin though. Whilst high-speed data analysis allows law enforcement to act more efficiently, it also does the same for cybercriminals. “Cyber crime is increasingly becoming automated and the number of incidents are escalating exponentially”, said Hervé Lambert. “AI will soon become a reality of most people’s daily lives, so it is very important that its development is overseen responsibly by engineers that are specialized in intelligent security.

Virtual Reality (VR) / Augmented Reality (AR)

Virtual reality has been touted for a while as the next big thing in entertainment. We’ll be able to fully immerse ourselves in distant locations and invented realities. Arguably, its close relative, augmented reality (AR), is where the most life-changing innovation is going to take place though.

Several new VR/AR applications were on show at the MWC. Relúmĭno –which was on show at Samsung’s C-Lab VR projects stall– demonstrated an impressive practical application for VR. The Relúmĭno app, designed for Samsung’s Gear VR headset, acts as a smart visual aid for visually impaired people by remapping blindspots. The effect, when using the headset, can be described as seeing the world as a cartoon with edges and surfaces in your surroundings rendered as sharp black lines.

Other separate standalone projects, like Inflight VR, aim to enhance our inflight experience with VR entertainment. Flight notifications will appear at the bottom of the screen as you navigate the hand-tracking controlled system. LiveRoom, on the other hand, will allow people a more immersive retail experience with its AR capabilities, and can also be used to enhance the classroom experience.

What dangers do we face when it comes to VR/AR though?

VR and AR can be compared to social media, but on a whole other level. This means that when it comes to online privacy, the stakes will be much higher. An unfortunate example has already been seen of this in real life. Users have reported sexual harassment on VR, with inappropriate gestures by some gamers towards other players. Much like with social media, some users sadly see the anonymity afforded by their digital avatars as allowing them to act inappropriately in the digital world.

This type of problem could reverberate beyond just VR gaming though. It’s very likely that our digital avatars will become an even more important part of our lives in VR than they are now in the likes of Twitter and Facebook. If hackers can carry out ransomware attacks after retrieving information on social media, it’s possible that this type of attack will be an even bigger danger with VR in the future.

Connected and Autonomous Cars

One of the visions of the future presented at the MWC was one of people sitting back on their commute to work, in their driverless cars, as the vehicle safely takes control of everything.

Whilst this future may still be in the distance, some cars on display at the MWC are certainly taking us in that direction. Roborace showed off its “robocar” at the even, whilst Peugeot revealed its Instinct concept car, a futuristic and stylish vehicle that wouldn’t look out of place in a sci-fi movie. One of the Instinct’s capabilities is that it can change the ambience inside the vehicle, depending on the passenger’s mood. Stressed out after work? It’ll put you into a relaxed seating position and change the lighting to ‘ambient’.

As the car will connect to the IoT using Samsung’s Artik cloud platform, it will be able to seamlessly integrate your vehicle’s operating system with other devices. This could make your car remind you that a drive to the supermarket is in order, for example. Haven’t been keeping up with your fitness regime? Your car could encourage you to stop and jog the rest of your journey.

Potential risks

Of course there are potential risks when it comes to this technology. Though the technology doesn’t exist yet, there were many 5G demonstrations at the MWC. Most of these focused on reduced latency speeds, meaning that we’ll have a future where almost anything can be controlled in real-time. Could hackers take control of a vehicle that’s connected to the IoT and take it off course without the passenger realizing? It’s a scary prospect.

“Online security’s Achilles’ heel is the Internet of Things”

According to Panda Security’s Hervé Lambert, “online security’s Achilles’ heel is the Internet of Things”. It’s important for cyber security experts to keep up with tech innovations, as there’s no doubt that cyber criminals will too.

Lambert says that hackers aren’t the only worry though. It’s a possibility that in the future, “insurance companies could exploit driving data. This could include data about the way people drive and it could be used to increase insurance prices based on new criteria.” Insurers could have access to a huge amount of data, including where people drive and where they park.

Third-party data gathering could be taken to a whole new level. The IoT will massively benefit our lives, but sadly, it could also open a door to hackers and companies that are looking to financially exploit its users.

Honorable Mentions

“Smart cities, smart factories, smart cars, and anything ‘smart’ will also create a necessity for smart security.”

There was so much tech on show at this month’s Mobile World Congress that will undoubtedly shape our futures and improve our lives in many ways.

Just as autonomous cars look to be brining sci-fi predictions to real life, IIT’s grapheme electrode prosthetic is set to change people’s lives in a way that was previously only imaginable on the big screen. Think Luke Skywalker’s robot hand in The Empire Strikes Back. Graphene, a material that is invisible to the naked eye, will allow electrodes to be embedded comfortably into a robot-like prosthetic hand; a big advance in prostheses.

Drones were also a big draw at the MWC. Though they can be used for games as well as to record things from a distance, their most prominently discussed capacity at the MWC was for use in security systems. Whilst the flying machines will allow efficient surveillance, we also face the Orwellian prospect of drone surveillance as a means for law enforcement. Will they keep us safe or be used to control us? Only time will tell.

When pushed to give an answer for his forecast of the future, Reed Hastings said, “[at Netflix] we’re not sure if we’ll be entertaining you or AI.” While such advances in artificial intelligence are still a long way away, the Mobile World Congress has shown this year that technology will increasingly become a seamlessly integrated part of our very existence. Though future predictions are largely positive when it comes to new technologies, there’s a negative side that also merits attention.

As Hervé Lambert puts it, “smart cities, smart factories, smart cars, and anything ‘smart’ will also create a necessity for smart security.

Cyber security is undeniably a big part of the puzzle when it comes to a future of safe, smart, integrated cities.

The post Mobile World Congress 2017: Are Future Technologies Safe? appeared first on Panda Security Mediacenter.

International Women’s Day: 8 empowered woman in the computing world

8 empowered woman in the computing world to celebrate International Women’s Day

Often seen as a male-dominated industry, women have played an important part in driving developments in the computer industry. As we celebrate International Women’s Day, these eight women have blazed a trail in IT, setting an example to us all.

Ada Lovelace

Despite being the daughter of the well-known bohemian hell-raiser George Byron, Ada Lovelace’s own life was incredibly successful, albeit slightly less “colourful”. Encouraged to study maths and logic by her mother, Ada’s studies soon brought her into contact with Charles Babbage, ‘the father of computers’.

As part of her work with Babbage, Ada created what is believed to be the first ever computer program – an algorithm to be run by Babbage’s legendary Analytical Engine.

 

Grace Murray Hopper

As well as being a Rear Admiral in the United States Navy, Grace was one of the first programmers of the Harvard Mark I computer. Her work led to the creation of the first compiler – a tool used to change computer code into a fully-functioning application.

Grace was also instrumental in creating COBOL, one of the first programming languages, and one that is still in use today.

Henrietta Swan Leavitt

During study for a graduate degree, Henrietta began working at the Harvard College Observatory. Her job – as a human computer was to help grade photographs taken through the observatory’s telescope, and to perform complex mathematical calculations.

Henrietta’s work paved the way for the techniques used by astronomers today to calculate the distance between Earth and distant galaxies.

Hedy Lamarr

Best known as a Hollywood actress, Hedy Lamarr was also an accomplished inventor in between roles. During World War II, Hedy helped to create a jam-proof radio guidance system to be used with torpedoes.

Although this signal-hopping technology was deployed by the US Navy until the 1960s (where it proved to be particularly effective), it is still in use today. The same basic principles are also used in modern WiFi and Bluetooth radio technologies – like those that make your smartphone and tablet work wirelessly.

Dame Stephanie “Steve” Shirley

After leaving school, Stephanie went to work for the Post Office Research Station where she helped build computers from scratch. She also learned to program machine code – the very low level language used by computer parts to work properly.

In 1962, Stephanie founded Freelance Programmers, a software company with the intention of helping women get into IT – just 1% of her programmers were male. The team worked on a broad range of projects, including the black box recorder for the supersonic jetliner, Concorde.

Jude Milhon

Having taught herself to program computers, Jude’s first job was in the IT department of a US food manufacturer. She also helped to create the Berkley Software Distribution (BSD) operating system which is still in use today.

Jude was also a committed social activist and hacker, going by the name of “St Jude”. Coining the term “cypherpunks”, St Jude helped to promote the idea of using cryptography to protect personal information as a route to social and political change.

Mary Allen Wilkes

Despite majoring in philosophy and theology, Mary became a computer programmer at the Massachusetts University of Technology. Initially she was programming IBM systems as part of a speech recognition project.

Later Mary was moved to a team working on LINC, widely believed to be the world’s first “personal computer”. As far back as 1964, Mary was using the LINC computer at home to refine the system’s design.

Lynn Conway

After a very successful period at university, Lynn was recruited by IBM to work on a project designing an advanced supercomputer. Known as the Advanced Computing Systems (ACS) project, the resulting computer is believed to have been an example of the first superscalar design.

Later Lynn worked for major organisations including DARPA and Xerox, and MIT as an associate professor.

Examples to us all

Although these women may serve as examples to women considering a career in IT, their experiences and achievements are actually a lesson for all young people – regardless of gender.

The post International Women’s Day: 8 empowered woman in the computing world appeared first on Panda Security Mediacenter.

Androidwear 2: is your smartwatch protected?

http://www.pandasecurity.com/mediacenter/src/uploads/2017/03/pandasecurity-smartwatch-antivirus-300×225.jpg

Once upon a time… many, years ago, telephones were meant to call people up, and watches were made to tell the time. Life was simple then. Well, kind of. That all changed when things got smaller, and once they got smaller they got smarter: the phones got smarter, and so did the wristwatches. Don’t get me wrong, the benefits of miniaturization are immense. But “smart” comes at a price. Increased capabilities and connectivity are leaving our latest gadgets and devices exposed to baddies. That begs the question: is your smartwatch protected?

How can a digital watch win the battle against hackers?

The idea of anyone hacking into your old Timex does sound ludicrous. However, newer smartwatches present severe challenges to developers: how can a digital watch win the battle against hackers? Remember, we’re talking about a device that goes far beyond telling the time. It can be used to monitor health conditions, or make payments by linking up with your bank. Nobody sensible fancies sharing their medical files around… or bank details for that matter!

A brand new area of cybercrime

Many manufacturers of smartwatches, from Asus, Huawei, and LG to Samsung, Moto and Tag Heuer, have chosen Google’s Android Wear 2.0 operating system for their products. Android Wear integrates Google Now and provides the ability to download applications from Google Play Store, amongst other benefits. In the coming years, the smartwatch market will develop further with device shipments expected to keep growing through the year 2021 to reach 70 million units. That presents criminals with a brand new area where to operate. Don’t let them short-change you.

Security risks are growing exponentially

Analysts expect Apple devices to continue leading a big portion of the smartwatch market. But Android Wear devices will quickly catch up as the technology gets adopted increasingly in emerging markets. Functionalities are growing exponentially driven by technological advances and so does the risks to security. It’s no wonder consumers are looking for better protection for their wearable products.

Smart devices collect an awful lot of data these days, so if this data isn’t properly stored and managed, it can lead to security breaches of monumental proportions. All it takes is a malicious and unscrupulous commercial entity acquiring this data to make your life a misery. Increasingly, consumers across the country realize the need to protect themselves. Anti-virus software from companies like Panda Security has got the answer, covering many operating systems all at once. What’s best, it’s even possible to try out this protection for a month free of charge.

Panda Security won’t let you down

It’s worth looking into. You wouldn’t let your wallet on a table, or share credit card details around, would you…? Of course not! Now, you’re carrying your financial details around your wrist, and this requires careful consideration. Isn’t it time you protect your assets? Check out today what Panda Security can do for you.

The post Androidwear 2: is your smartwatch protected? appeared first on Panda Security Mediacenter.

Tips to find online love safely

Online dating fraud victims at record high

The rise of online dating has been phenomenal. In fact, a research paper published by the Association for Psychological Research found that online dating services are now the second most popular way for people to find love.

For those hoping to begin a romantic relationship this is great news – there’s a huge number of people available who are also looking for love.
For those hoping to begin a romantic relationship this is great news – there’s a huge number of people available who are also looking for love.

But just like every other online activity, you need to be smart.

So how can you protect yourself?

1. Don’t share too much information

Many people run into problems because they share too much information up front. Including your email address or personally identifiable information in your profile picture gives away details that cybercriminals can later exploit.

Instead, use the communications tools provided by the dating service to share information once you are sure your date is trustworthy.

2. Don’t download attachments

We all love to receive Valentines cards, and criminals will use this against us. Never download ecards from dubious websites because they may contain malware that will infect your computer, stealing personal data.

You can help protect yourself against dodgy ecards with robust antivirus software. Scan all your incoming email attachments to avoid becoming a victim.

Download a free trial of Panda Security now to ensure you are protected.

3. Don’t share bank details

Dating sites are a great way to meet people and find love across the world. But beware of anyone asking you to pay for them to visit you – they may be using a phishing scam to steal more than your heart.

Never give your bank details to anyone online, no matter how hard you have fallen for them. Some unscrupulous scammers will take that information and use it to empty your bank account.

Be sensible

It’s always hard to remain objective when you are falling in love, and that’s why criminals target dating sites. But to stay safe, you must follow these three simple rules, or risk becoming another statistic.

The good news is that by keeping personal information private, avoiding suspicious email attachments, and not sharing your bank details, you have everything in place for when you do find “the one”.

Good luck, and happy Valentine’s Day!

The post Tips to find online love safely appeared first on Panda Security Mediacenter.

Pirate Party: the Future of Politics?

Could Iceland’s Hacker-founded Pirate Party be the Future of Politics?

So, Donald Trump is president of the leading world power. Yes, that really happened. While the jury is still out on the reasons behind the new president’s rise to power, many believe it’s down to a sense of apathy towards left wing politicians, in this case Hillary Clinton and the Democrats, who would otherwise be the traditional harbingers of progress and change.

One political movement however, is trying to do away with this apathy by embracing something that we’re all about here at Panda Security: online privacy and security on the web!

Introducing Iceland’s wing of the Pirate Party.

Okay, you’ve most likely heard of them already as 2016 is looking to have been a watershed year for them, having tripled their seats in Iceland’s parliament during October’s elections.

This party have really caught our attention though, and that of many others worldwide, with the way they are embracing technology and highlighting how it can play a much much larger role in the future of democracy.

The Pirate Party can be considered a worldwide movement, with branches cropping up all over, including in the UK, Australia and the US.

The first iteration of the party was founded in Sweden by Rick Falkvinge in 2006 after the Pirate Bay torrent website was raided by police. The fact that visitors to the website more than doubled due to media exposure following the raid, was enough of a signal that legislation was out of touch with public opinion when it came to online distribution and surveillance laws. And so was named, Sweden’s Pirate Party.

How did Iceland’s Pirate Party become so popular?

Iceland’s Pirate Party is based on the Swedish party’s model, however, it has its own ideas about issues like data protection as well as how Iceland should be run as a country. Their propositions seem to be appealing to an Iceland that is increasingly looking to break from the status quo.

Birgitta Jónsdóttir, a former Wikileaks volunteer, co-founded Iceland’s Pirate Party in 2012 along with other prominent activists and hackers. According to Jónsdóttir, Iceland’s Pirate Party can sense the winds of change and they see a future of technology-centered upheaval. In a recent interview she said, “we have to be innovative to fight against political apathy”.

But what does she mean by this? Well, the Pirate Party are very much working within the political system to advocate a peaceful political revolution based on greater political transparency, and a grass roots approach to politics. Think Mr.Robot gone mainstream.

The Pirate Party want to increase public participation in common-decision making by giving them direct access to the process via the Internet. Under their system, the public would be able to propose and veto legislation using the party’s online voting system.

Jónsdóttir has also gone on record saying the Pirates would implement propositions such as the United Nations’ proposed resolution, ‘The right to privacy in the digital age’. The resolution, aimed largely at addressing and curbing world governments’ illegal surveillance methods has, for all intents and purposes, been largely ignored by world governments.

The party’s success and recent popularity also comes after the backlash the traditional parties in Iceland have suffered following the 2008 financial crisis and, most recently, the stepping down of the country’s prime minister, Sigmundur Davíð Gunnlaugsson, following his implication in the Panama Papers scandal. Many Icelanders feel it’s time for change and that the Pirate Party are

But they’re hackers!

In a recent interview, Jónsdóttir said “we do not define ourselves as left or right but rather as a party that focuses on [reforming] the systems. In other words, we consider ourselves hackers.”

But what questions does this bring up? Hackers are bad right?

Well, yes and no. A hacker can be defined in various ways; it could be someone who breaks down firewalls and retrieves information, often illegally, or someone who finds simple solutions –a hack- to everyday problems. The Pirate Party propose themselves as the latter, a party that will introduce simple hacks to problems they feel the current system refuses to deal with.

Many questions still arise as to how their vision of Iceland’s future would function in the real world. Increasing democratic reach through the use of the Internet seems like a logical step in this technological age, but what are the dangers? In this future world, could a DDOS attack bring government to a halt? Could a malicious hacker bypass encryption and twist legislation by altering online poll results in their favor? Would transferring the democratic process onto the web empower hackers in new unconceivable ways?

In a recent interview, Ben de Biel, a spokesperson for Berlin’s Pirate Party claimed, “the established parties browse the Internet but we work with it.” Whilst any Pirate Party coming to power would lead to unprecedented change, Iceland’s is the closest to getting there. Their plans, if put into action, could lead to very positive change in digital privacy laws, however, they would also bring to light an increasing necessity for cyber security in an age that is becoming more and more technology reliant.

The post Pirate Party: the Future of Politics? appeared first on Panda Security Mediacenter.

Now Hackers Can Spy On Us Using Our Headphones

Hackers can access your data through your headphones

Mark Zuckerberg has a revealing routine he carries out on a regular basis which says as much about him as it does our current era of cyber-uncertainty. Every day when he’s finished talking to friends and business associates, he covers up his laptop’s webcam and microphone jack with a small piece of tape.

Is this simply the paranoia of a man who over the last two decades has had to deal with increasingly sensitive information as well as diminishing privacy in his personal life?

All we know is that many people are utilizing the simple hardware hack, in much the same way, as a cyber security precaution. Whilst those who promote the use of tape no doubt favor the method for its brilliant simplicity, we have worrying news for anyone that thinks this method has all bases covered.

Now even your headphones can spy on you

Your headphones, it has now emerged, can be repurposed from afar, turning them into a microphone capable of recording audio, all of this unbeknownst to the device’s user. A group of Israeli researchers has recently created a piece of malware in order to show how determined hackers could hijack your device and reconfigure it into sending them audio links.

The headphone technology

The researchers, based at Ben Gurion University, created a code aimed at testing their fears about headphone technology. The proof-of-concept code, titled “Speake(a)r,” proved that the very commonly used RealTek audio codec chips contain a vulnerability that allows them to be used to silently repurpose a computers output channel as an input channel.

As Wired magazine have noted, turning a pair of headphones into microphones is a fairly simple task. A quick search on Youtube reveals an abundance of simple hack videos demonstrating how to switch your music listening device into an audio recorder. So it’s the RealTek vulnerability that is the real worry. As the Israeli research team have found, the issue would allow a hacker to record audio if you’re using a mic-less pair of headphones, and even if your laptop or device’s microphone setting is disabled.

Privacy vulnerability

Mordechai Guri, part of Ben Gurion’s cyber security research team, spoke to Wired about the vulnerability they had discovered. “People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.” He added that, “almost every computer today [is] vulnerable to this type of attack.”

The researchers tested their malware hack using Sennheiser headphones. “It’s very effective,” Guri said. “Your headphones do make a good quality microphone.” The team also detailed the extent of the malware’s capability, saying that a hacked pair of headphones could record audio as far as 20 feet away. The recorded file can even be compressed so it can easily be sent over the Internet.

As Guri says, the problem is not one that can receive a simple patch and the vulnerable audio chip may need to be redesigned and replaced in future computers. The full extent of the problem is also not known, as the Ben Gurion research team has so far focused only on RealTek audio chips. They are set to expand their research to determine which other codec chips and smart phones may be vulnerable.

So, if like an increasing amount of people in this era of cyber security, you feel vulnerable to eavesdropping, don’t only reach for the tape. Make sure those headphones are unplugged so as not to be the victim of a stealthy new form of malware.

The post Now Hackers Can Spy On Us Using Our Headphones appeared first on Panda Security Mediacenter.

Your Tinder Account could be hacked.

Security researchers have discovered that two of the world’s most popular mobile dating apps can be hacked, exposing sensitive user data in the process. The team from the University of South Australia ran a series of tests, proving that a number of personal details could be extracted from the apps relatively easily.

Capturing network traffic reveals all

The two apps in question, Tinder and Grindr, claim to keep personal details private until users select a match, someone they want to make.

The two apps in question, Tinder and Grindr, claim to keep personal details private until users select a match, someone they want to make contact with. It is only at this point email addresses or usernames are shared, allowing people to connect directly.

The team of experts found that a determined hacker could capture information as it passed between the user’s phone and the Internet. Flaws in the apps themselves could also be exploited to reveal even more information directly on the Android smartphone.

Using the same techniques demonstrated by the university team on the Tinder app, hackers are able to recover all the profile images viewed by the user, along with details of each “match”. Further probing reveals the user’s unique Facebook token – a string of numbers and letters that could be used to personally identify the app user.

Security tests suggest that Grindr is even less secure. Among the information recovered were the details of profiles the user had viewed, along with their own email address. Even more worrying was the discovery that messages from private chats could also be accessed by hackers.

Why does it matter?

Romantic relationships are built on trust by sharing private thoughts and feelings with another person. We make ourselves vulnerable by discussing things we wouldn’t share anywhere else.

This kind of deeply personal information is extremely attractive to hackers who can use it to blackmail the user, or to build a personal profile for advanced social engineering attacks. The secrets revealed in private conversations can often be used to guess passwords, or “trick” people into handing over valuable information like bank account numbers.

How to protect Tinder against hacking

Tinder and Grindr were both criticized by the University of South Australia for failing to properly protect users’ data. In the conclusion of their report, users were urged to be extra careful about the apps they install on their Android phones.

Ultimately the responsibility for these problems lie with the app developers who need to improve their security provisions. In the meantime, Android users can enhance their own protection using Panda Mobile Security to prevent personal data from being accessed without permission – as was the case here.

Panda Mobile Security prevents malicious apps from stealing data, and can be configured to limit data sharing between legitimate apps, helping to keep your sensitive personal information away from hackers. Which means you can focus on finding love without someone accessing your private chats.

The post Your Tinder Account could be hacked. appeared first on Panda Security Mediacenter.