Connect with us

Cybersecurity

Israeli Researchers Turn Speakers/Headphones Into Eavesdropping Microphones

Published

on

In the current age, even the most secure software and the best security practices might not be enough to prevent someone from being spied upon. Researchers continue to find novel and inventive ways to gather more data on everyday computer users, and the latest research from Israel’s Ben Gurion University is exceptional in this regard.

// -- Discuss and ask questions in our community on Workplace.

Using software alone, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici were able to convert a given pair of headphones or speakers into Orwellian microphones beyond the user’s control or ability to patch. Their method [PDF] exploits a flaw in RealTek hardware chips, which are one of the most widely used chips in motherboards around the world. Companies like Dell, HP, and Compaq regularly utilize RealTek’s industry standard audio chips in their products. Beyond that, motherboards sold to consumers wishing to build their own systems often also include the hardware.

A simple patch or firmware upgrade will not fix this flaw, making the exploit particularly delightful to intelligence agencies, profit-motivated hackers (think boardroom conference calls), and others. Basically, anywhere a computer has an audio output, which in the case of laptops is everywhere, audio can now be intercepted and then relayed with roughly the same quality as if a microphone itself had been compromised. The images of people like Mark Zuckerberg covering up their webcam and microphone with electrical tape now seem trivial.

Jack re-tasking – the process of converting an output jack to either an input or a two-way port – has long been a possibility, but few developers make use of it. Most laptops and desktops will have separate ports for each, while smartphones and the like often require hardware that can do both. But the innovation on the part of Ben Gurion’s researchers involves making any regular output hardware capable of doing as much with only software. They write:

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The fact that headphones and earphones are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically from output to input, creates a vulnerability which can be abused by hackers.

The researchers noticed that the design of most audio input and output hardware was basically identical at the metal, drawing the following illustration for clarification:

Source: Ben-Gurion University of the Negev Cyber Security Research Center

Source: Ben-Gurion University of the Negev Cyber Security Research Center

One saving grace is that the audio output device must be “passive,” or unpowered. This means that if your speakers require power to work, they are not currently able to use these to listen to you. However, the vast majority of laptop speakers and earbuds are, by nature and necessity, passive. The researchers note that while they focused on RealTek codec hardware because of their popularity, other manufacturers also have the ability to retask jacks, which is the heart of the exploit.

While this may seem scary at first, it should be noted that, like anything else on your computer, audio input and output are data. They can therefore be encrypted with keys that are local to the machine, and it would seem that this new exploit opens up a new avenue of research for cryptographic researchers to institute audio encryption in the same way that full-disk encryption has become normalized.

Here is a demonstration of the method in action:

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is concidered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...



Feedback or Requests?

Click to comment

You must be logged in to post a comment Login

Leave a Reply

Breaches

The Lessons Of Meltdown And Spectre

Published

on

The discovery of the twin flaws Meltdown and Spectre and the events related to the information leak that followed carry a huge message: we all need to do something to regain control of our digital identity. Blockchain technology is the most compelling option.

// -- Discuss and ask questions in our community on Workplace.

A few days back we wrote about the computer chip flaws named Meltdown and Spectre found largely in Intel and AMD products. The discovery of these flaws leaked into public hands leading to a possible public relations mess if not disaster for the worlds largest chip fabricators as well as Microsoft.

The PR Template

The history of public relations has formulated a strategy that calls for the affected company CEO to issue an apology and offer the promise of a quick and reliable solution.

On Monday January 7 Intel CEO Brian Krzanich announced an update all of Intel’s products within a week covering 90% or more with the balance available by month end. This sounds reassuring until you get a closer look. After that everything quickly breaks down.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Limited Coverage

The updates only cover products introduced in the past five years. What about the rest of the user base? There are uncountable data centers in existence with equipment dating back to 2013 and before. My still totally awesome iMac was build in 2011.Five years is not all that long.

The Meltdown and Sprectre flaws affect every computer, server and mobile devices since the dawn of the digital age. Since there is no known fix for Spectre, we must assume the update only covers Meltdown.

Opening The Door

Krzanich stuck to the company line that the updates would not drastically affect computer performance for the average user. The operative word here is “average user”. But even this claim contradicts Microsoft CEO Satya Nadella who warned their Meltdown fix would result in processing speeds 20%-30% slower than normal.

Before updates and security fixes are in place, bad actors have some valuable time to do their deeds. The Intel release insures that every hacker will have his or her very own guide to both Meltdown and Spectre.

Intel even attached the security researchers released documentation of critical vulnerabilities of Meltdown and Spectre. Only GPS could have been better.

Protecting Your Digital Identity

Just for fun, I opened the Apple Store and into the search window I typed “Passwords”. Immediately I was presented with 10 different categories so I picked “Password Manager”. There were no fewer than 75 apps to hide your passwords.

In addition there is Apples own Keychain and Google Passwords so we are getting closer to 80 in total. Conclusion: if anyone was all that good there would hardly be a need for this many.

Can All 80 Apps Be Wrong?

It didn’t take long to realize the “raison d’ etre” for so many password managers offered nothing to do with superior performance. They just created another layer of usernames and passwords. These days when we forget a password it sets in motion a whole chain reaction that includes changing and manually resetting everything in the password manager.

We have all been through this massively frustrating process that never seems to change. Is our personal data safer with almost 80 password managers to choose from? Obviously not just look at the data breech at Equifax or Target Corp.

The answer as to why nothing has basically changed since the days of the dialup Internet is that the possession and control has shifted from over 315 million Americans and billions more elsewhere to a handful of corporate controllers.

Frequent and well-publicized breeches prove that the controllers of our identity never really protected our privacy. They simply did a good job convincing us they had our backs.

Guarded By The Phantom

This phantom layer of security was breaking down long ago when data storage companies began popping up across the country. But in many cases they kept data spread over several different locations.

This is until the birth of cloud storage when two things changed. The entirety of corporate data could be centralized making it rich bounty for hackers. Then for server efficiency multiple corporate client data was loaded onto a single server. Yum, this is like a Thanksgiving feast.

Weaknesses from centralization of data go beyond cloud storage. Look no further than the security vulnerabilities in Meltdown and Spectre.

Regaining Control

If ever there was a good reason for government to protect its citizens, this is one of them. Unfortunately the problem is too big for a mere regulation or two to do the full job.

Using blockchain technology for digital identity holds the power to regain ownership of our data. It has the power to create a new model of online data management. The fact that it frees companies from the liability of data ownership should make for a receptive audience. And of course the cost savings is an added bonus.

The Benefits of Ownership

When the ownership of our digital identity returns to the hands of individuals, you will have the power to decide who has access, under what conditions and for how long. Proponents of this idea believe it creates an incorruptible digital record and can be used for virtually any peer-to-peer transfer of any asset.

Pronouncing anything incorruptible or totally secure is foolish especially given overwhelming evidence to the contrary. Security has always and will always be a comparative state. There are no absolutes. It is true however that the decentralized architecture of blockchains make for much less interesting prey for hackers compared to those big cloud storage facilities.

Featured image courtesy of Shutterstock. 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is concidered a failure either way.
6 votes, average: 4.00 out of 56 votes, average: 4.00 out of 56 votes, average: 4.00 out of 56 votes, average: 4.00 out of 56 votes, average: 4.00 out of 5 (6 votes, average: 4.00 out of 5)
You need to be a registered member to rate this.
Loading...



Feedback or Requests?

Continue Reading

Cryptocurrencies

Spectre And Meltdown Madness: What It Means For Ethereum

Published

on

To anyone who talks in terms of a cryptocurrency bubble, consider the following fun facts. In the short period of a few days following the bombshell announcement of Meltdown and Spectre, crypto prices responded in the following manner:

// -- Discuss and ask questions in our community on Workplace.

Bitcoin +18%

ETH +41%

Litecoin +30%

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

In my view, this is clear evidence of a market that is responding rationally to information coming from responsible sources. To appreciate what all the noise is about you must appreciate what Meltdown and Spectre are and why they present a danger to the big companies providing cloud storage for the corporate world.

Once this is clear, then you will better appreciate why Ether’s 41%+ short-term price spike left the others in the dust. But first lets dig into the Meltdown and Spectre situation.

The Secret Got Out

 On January 3 the secret about a new class of security vulnerabilities leaked out to the public. Not only was this seriously bad news but the leak also gave hackers advanced notice before anyone could begin to fix the twin problems.

The degree of seriousness is in the fact that almost all major microprocessor chips are vulnerable. This opens the door to hackers stealing information from personal as well as cloud services.

Researchers claim that Meltdown can be fixed with a patch. Shortly thereafter about every major player announced their patch. But there are two issues here. Will the patches fully solve they problem?

Casting A Cloud Over The Cloud

When a corporation becomes a cloud customer, even the largest share machines with other customers. This is the basic flaw in the centralized structure of cloud storage. Contrast this with the decentralized structure of blockchain technology and you begin to appreciate the force behind the sudden price spike in cryptocurrencies that we highlighted above.

Even though security tools and protocols are designed to separate customers date, the recently discovered Meltdown and Spectre flaws still leave serious vulnerabilities.

Meltdown, hackers could rent space on a cloud service, just like any other business customer. Once they were on the service, the flaw would allow them to grab information like passwords from other customers.

Secondly, reports on cloud services like Amazon, Google and Microsoft claim that it creates as much as 30% slower computation speeds. That clearly won’t make for happy customers.

Jerky NetFlix

Virtually everyone reviewing the situation believes individual computer users are the least vulnerable. That may be true. Hackers are in the hunt for the biggest prize and that would be the big three cloud companies. But how do you think families are going to react if their Netflix stalls and buffers every few minutes?

In the final analysis, the Meltdown flaw affects virtually every computer chip fabricated by Intel in use today. You are talking about 90% of the Internet and business world. But Meltdown is just one flaw.

Spectre is the other flaw and this one is the more insidious of the two. There is no known fix. Intel, AMD and others have claimed how complex a project it would be for hackers to breech the Spectre vulnerability. That is pretty hollow comfort. After all, hasn’t the FBI security been breeched. Those guys were supposed to be airtight.

Boom Days For Blockchain

In so many ways, last year marked a tipping point in the spread and acceptance of blockchain technology. The uses for Bitcoin are probably best gauged by its record $20,000 price in December. For Ethereum, it may have been marked by the formation of the Enterprise Ethereum Alliance (EEA) in February and rise to over 300 members at year-end.

No sooner has 2018 begun that the Meltdown and Spectre flaws created unexpected excitement for investors in cryptocurrencies. If I were a software salesman out of work, I would be sending my resume to every crypto company offering to peddle their blockchain. It could be the easiest job since selling web design services in 1995.

The Ethereum platform with its smart contracts is not the only crypto capable of addressing this newly uncovered opportunity created by Meltdown and Spectre. You can safely bet this will attract many players and for good reason, today’s blockchain technology is a long way from fast enough for mass adoption. Blockchain security may be a step or two better in it present form than cloud storage, but it has its security issues as well.

Building the Ethereum Moat

 EEA founder Jeremy Millar is clearly a brand ambassador for Ethereum. He believes that CEOs hear the chatter about blockchain and are pre sold not having a clear picture what can be accomplished or the money saved using this technology. The important thing is for IT departments to have a respected brand to attach to their recommendations.

The EEA seeks to connect and inform and through this pioneering process spread the gospel of Ethereum. So far this is beginning to build a brand franchise for Ethereum.

The EEA is the largest blockchain body and is committed to using open-source Ethereum technology for enterprise blockchain solutions. EEA expects to see great advances in these areas in 2018 with Ethereum technologies.

It also helps when Wall Street banks uncover the potential for billions in savings on the trading desks through the applications of the Ethereum platform.

So, if you though the last year held plenty of excitement, the Meltdown and Spectre flaws promise to make this year every bit as much fun.

Featured image courtesy of Shutterstock.

 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is concidered a failure either way.
14 votes, average: 4.14 out of 514 votes, average: 4.14 out of 514 votes, average: 4.14 out of 514 votes, average: 4.14 out of 514 votes, average: 4.14 out of 5 (14 votes, average: 4.14 out of 5)
You need to be a registered member to rate this.
Loading...



Feedback or Requests?

Continue Reading

Cybersecurity

Criminal Underground Disavowing Bitcoin for Other Cryptocurrencies

Published

on

The criminal underworld is disavowing bitcoin in favor of a new breed of cryptocurrencies that can better conceal illicit activity, a phenomenon that can partly explain the rapid rise of altcoins over the past three months.

// -- Discuss and ask questions in our community on Workplace.

The Rise of Privacy Coins

So-called ‘privacy coins’ like Monero, which are designed to avoid tracking, have quickly climbed the cryptocurrency market’s ranks. According to Bloomberg, these crypto alternatives have gained prominence at a time when law enforcement is increasing its surveillance of bitcoin users. Analytics firms are also getting better at spotting illicit behavior and alerting crypto exchanges before funds are exchanged into fiat money.

Europol has flagged several privacy coins as being more conducive for the criminal black market. In a recently published report, the European Union’s law enforcement agency said “other cryptocurrencies such as Monero, Ethereum and Zcash are gaining popularity within the digital underground.”

An analyst interviewed by Bloomberg said Monero is one of the most popular coins for ransomware attacks. Monero’s popularity among cyber criminals stems from its advanced encryption techniques, which generate fake addresses to hide the real sender’s identity. This technique also obscures the transaction amount issued. Bitcoin, on the other hand, records all addresses and transactions on an immutable digital ledger.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Experts say Zcash offers even better privacy protection because it obscures the actual address of the sender rather than generate fake addresses. This method makes it impossible for surveillance technology to draw correlations in addresses used in multiple transactions.

Monero and Zcash have both grown to become multi-billion-dollar cryptocurrencies. By market cap alone, Monero is ranked 12th, with an overall value of $6.3 billion. Zcash is down at 29th with an overall market cap of $1.7 billion. Both cryptocurrencies have daily turnover well into the hundreds of millions.

The developers behind Monero said they specifically designed the cryptocurrency to safeguard privacy. Naturally, this would be of benefit to criminals looking to evade detection.

“As a community, we certainly don’t advocate for Monero’s use by criminals,” core developer Riccardo Spagni told Bloomberg. “At the same time if you have a decentralized currency, it’s not like you can prevent someone from using it. I imagine that Monero provides massive advantages for criminals over bitcoin, so they would use Monero.”

Governments Make a U-Turn on Cryptos

Although bitcoin catapulted into the mainstream last year as one of the world’s fastest-growing alternative assets, its history is tainted with criminal activity tied to money laundering and the dark web. This partly explains why so many governments were eager to disavow the cryptocurrency. Many policymakers quickly realized that prohibition is not the answer given the inherent benefits of blockchain technology.

Russia is one of the more notable examples of a government that quickly changed its tune on bitcoin. It was not even two years ago that Russia’s Finance Ministry was proposing seven-year jail sentences for bitcoin users and adopters. Last week, the government said it would take decisive steps to developing a national cryptocurrency backed by fiat money.

Today, the cryptocurrency market enjoys favorable conditions in many parts of the world, including Japan, South Korea and Switzerland. Buying and selling crypto assets is also supported across many Western nations. However, the evolving nature of the market has put authorities on high alert, with South Korea recently announcing it would take decisive steps to rein in speculation.

2018 is expected to be a pivotal year for crypto regulation, as legislators attempt to define the burgeoning market. Cryptocurrency exchanges, initial coin offerings and mining could all be subject to federal oversight in the near future.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock. 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is concidered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...



Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending