pins – WindowsTechs.com

PIN-Stealing Android Malware

Posted on January 9, 2024 by Bruce Schneier

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN:

The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication.

The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.

… Continue reading PIN-Stealing Android Malware→

Spying on the ESP32’s GPIO

Posted on January 2, 2024 by Bryan Cockfield

The ESP32 has been a go-to microcontroller platform for a while now, thanks to its versatile capabilities, integrated Wi-Fi and Bluetooth connectivity, and low power consumption. It’s ideal for a …read more Continue reading Spying on the ESP32’s GPIO→

Interesting Attack on the EMV Smartcard Payment Standard

Posted on September 14, 2020 by Bruce Schneier

It’s complicated, but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able to convince the POS terminal to conduct the transaction without requiring the normally required PIN.

From a news article:

The researchers were able to demonstrate that it is possible to exploit the vulnerability in practice, although it is a fairly complex process. They first developed an Android app and installed it on two NFC-enabled mobile phones. This allowed the two devices to read data from the credit card chip and exchange information with payment terminals. Incidentally, the researchers did not have to bypass any special security features in the Android operating system to install the app…

Continue reading Interesting Attack on the EMV Smartcard Payment Standard→

Bank Card "Master Key" Stolen

Posted on June 17, 2020 by Bruce Schneier

South Africa’s Postbank experienced a catastrophic security failure. The bank’s master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank’s encrypted master key in plain, unencrypted digital language at the Postbank’s old data centre in the Pretoria city centre. According to a number of internal Postbank… Continue reading Bank Card "Master Key" Stolen→

Banking PINs exposed in Monzo secure storage slip-up

Posted on August 7, 2019 by Danny Bradbury

When is a secure PIN not a secure PIN? When you accidentally store it in your log files. Continue reading Banking PINs exposed in Monzo secure storage slip-up→

Recovering Smartphone Typing from Microphone Sounds

Posted on April 1, 2019 by Bruce Schneier

Recovering Smartphone Typing from Microphone Sounds

Posted on April 1, 2019 by Bruce Schneier

Yet another side-channel attack on smartphones: "Hearing your touch: A new acoustic side channel on smartphones," by Ilia Shumailov, Laurent Simon, Jeff Yan, and Ross Anderson. Abstract: We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen with a finger, the tap… Continue reading Recovering Smartphone Typing from Microphone Sounds→

Test PCBs on a Bed of Nails

Posted on February 9, 2019 by Bryan Cockfield

While it might be tempting to start soldering a circuit together once the design looks good on paper, experience tells us that it’s still good to test it out on a breadboard first to make sure everything works properly. That might be where the process ends for one-off projects, but for large production runs you’re going to need to test all the PCBs after they’re built, too. While you would use a breadboard for prototyping, the platform you’re going to need for quality control is called a “bed of nails“.

This project comes to us by way of [Thom] who …read more

Continue reading Test PCBs on a Bed of Nails→

Smartphones that talk too much

Posted on September 18, 2018 by David Harley

In brief, the idea is that the phone’s ‘acoustic signature’ can be used to determine the device users’ password when they unlock the phone.
The post Smartphones that talk too much appeared first on Security Boulevard.
Continue reading Smartphones that talk too much→

Apple to make life easier for law enforcement

Posted on September 18, 2018 by David Harley

Apple has experienced much friction with law-enforcement regarding information sharing and access to suspects’ devices. Will provision of a formal procedure reduce that friction?
The post Apple to make life easier for law enforcement appeared first on … Continue reading Apple to make life easier for law enforcement→