PIN-Stealing Android Malware

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN:

The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.

The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.

Continue reading PIN-Stealing Android Malware

Interesting Attack on the EMV Smartcard Payment Standard

It’s complicated, but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able to convince the POS terminal to conduct the transaction without requiring the normally required PIN.

From a news article:

The researchers were able to demonstrate that it is possible to exploit the vulnerability in practice, although it is a fairly complex process. They first developed an Android app and installed it on two NFC-enabled mobile phones. This allowed the two devices to read data from the credit card chip and exchange information with payment terminals. Incidentally, the researchers did not have to bypass any special security features in the Android operating system to install the app…

Continue reading Interesting Attack on the EMV Smartcard Payment Standard

Bank Card "Master Key" Stolen

South Africa’s Postbank experienced a catastrophic security failure. The bank’s master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank’s encrypted master key in plain, unencrypted digital language at the Postbank’s old data centre in the Pretoria city centre. According to a number of internal Postbank… Continue reading Bank Card "Master Key" Stolen

Recovering Smartphone Typing from Microphone Sounds

Yet another side-channel attack on smartphones: "Hearing your touch: A new acoustic side channel on smartphones," by Ilia Shumailov, Laurent Simon, Jeff Yan, and Ross Anderson. Abstract: We present the first acoustic side-channel attack that re… Continue reading Recovering Smartphone Typing from Microphone Sounds

Recovering Smartphone Typing from Microphone Sounds

Yet another side-channel attack on smartphones: "Hearing your touch: A new acoustic side channel on smartphones," by Ilia Shumailov, Laurent Simon, Jeff Yan, and Ross Anderson. Abstract: We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen with a finger, the tap… Continue reading Recovering Smartphone Typing from Microphone Sounds

Test PCBs on a Bed of Nails

While it might be tempting to start soldering a circuit together once the design looks good on paper, experience tells us that it’s still good to test it out on a breadboard first to make sure everything works properly. That might be where the process ends for one-off projects, but for large production runs you’re going to need to test all the PCBs after they’re built, too. While you would use a breadboard for prototyping, the platform you’re going to need for quality control is called a “bed of nails“.

This project comes to us by way of [Thom] who …read more

Continue reading Test PCBs on a Bed of Nails

Smartphones that talk too much

In brief, the idea is that the phone’s ‘acoustic signature’ can be used to determine the device users’ password when they unlock the phone.  
The post Smartphones that talk too much appeared first on Security Boulevard.
Continue reading Smartphones that talk too much

Apple to make life easier for law enforcement

Apple has experienced much friction with law-enforcement regarding information sharing and access to suspects’ devices. Will provision of a formal procedure reduce that friction?
The post Apple to make life easier for law enforcement appeared first on … Continue reading Apple to make life easier for law enforcement