Viber support page hacked by Syrian Electronic Army, most user info remains safe

Viber apps

The Syrian Electronic Army isn’t happy with VoIP app developers as of late — following an attack against Tango last week, the politically motivated hacking group has compromised Viber’s support page. The SEA claims to have downloaded database backups from Viber that include phone numbers, device IDs and push notification tokens. However, the company believes that the attack was largely harmless for regular customers; SEA’s team got access to top-level support systems, but not the all-important user databases. They’re kept in a system that can’t be reached by attacks like these, according to Viber. While that news is reassuring, we’d advise playing it safe by watching for any suspicious account activity.

Filed under:

Comments

Via: TechCrunch

Source: AppleSpot (translated)

Apple Developer portal breach credited to security researcher

If you’ve been wondering why Apple’s Developer portal was down for a few days, blame it on a security breach. Apple announced yesterday that their dev center was hacked into, but no personal information was accessed, thankfully. So who’s behind the intrusion? A security researcher is taking the credit.

slafadevelopers

Independent security researcher Ibrahim Balic claims that his effort to breach into the developer portal was not intended to be malicious at all, and he ended up reporting all of the vulnerabilities that he found to Apple. Balic found 13 bugs in total, and was even able to access user details, but he only accessed 73 Apple employees just to prove to the company about the vulnerability.

Balic claims he comes in peace and even contacted Apple to make sure he wasn’t putting them through any difficulty. He says that he hasn’t published or used any of the information that he was able to access, but some users have reported getting password reset notifications after a possible breach to their accounts.

Apple’s Developer portal has been down for four days now, and it’s still showing that it’s down right now. There’s no word on when we might expect it to come back to full throttle, but most likely in the next day or two. While this is certainly an inconvenience for developers, this could pose an even greater problem for beta software versions.

We could see a delay on beta releases for both iOS 7 and OS X Mavericks. It seems Apple is focusing on getting their Developer portal back up and running before anything else, which means it may take longer for beta versions to release. However, we still have plenty of time before Apple’s proposed fall release of iOS 7.

SOURCE: Ibrahim Balic (TechCrunch)


Apple Developer portal breach credited to security researcher is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

DIY Arduino cellphone made of off-the-shelf parts

If you’ve ever wanted to make a cellphone for yourself out of parts from the likes of hack-friendly Aduino, now is the time. Though you’re not going to be winning any beauty contests with this machine’s aesthetic, you’ll certainly be able to feel proud of your construction skills by the end of it all. Say hello to the first home-made smartphone – if you can call it that.

hacking

Through Hack-A-Day comes news of this massive lump of an accomplishment, with Instructables making it clear for the public what they’ve got to do to make it all happen for themselves. The most powerful bit of this whole project is the idea that you’ll not need to be an engineering genius to get it all running – it’s relatively simple!

Once you’ve made this oddity, gestures and single-taps to the device’s touchscreen will bring up abilities like texting and simple phone calls. Right-swipes bring you phone calls, double right-swipes bring you back to your home screen. At the moment you’ll be working with a display of the time and date as well as access to text messaging and voice phone calls – but that’s all you need, right?

OLYMPUS DIGITAL CAMERA

This system does not yet work with full Arduino Phone Apps access quite yet, but it very well could in the near future. At the moment you’ll also need to have access to a 3D printer to make the case, otherwise the parts should be relatively easy to access through a variety of DIY-parts sources. Have at it!

F8A1BOWHJ602SZ2.LARGE


DIY Arduino cellphone made of off-the-shelf parts is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

SIM card hack possible with a couple of text messages

Almost every phone in existence uses a SIM card, especially GSM-based devices. It turns out, that while SIM cards are encrypted, they can easily be breached with just a couple of text messages, and it apparently takes only a couple of minutes. The hack allows someone to listen in on calls and steal mobile data from a phone.

HT4192-micro_sim-001-en-580x386

The hack consists of cloaking a text message so that it looks like it was sent from the carrier, and about a quarter of the time, an error message is sent back containing information about the SIM card that can be used to break into it. After that, another text can be sent that officially finishes the job, allowing hackers into your phone.

Security researcher Karsten Nohl of Security Research Labs discovered the exploit and says that up to 750 million handsets could be vulnerable to the hack. However, he notes that only SIM cards using older data encryption methods are at risk, while SIM cards using the newer Triple DES encryption are safe.

Out of all the mobile phones littering the world, about half of them use SIM cards that still use the older DES encryption. However, the exploit probably won’t last for long, since Nohl reported the vulnerability to the GSM Association, and they plan to speak with all carriers about fixing the exploit.

Nohl also plans to reveal his findings during the upcoming Black Hat conference. Don’t worry too much, though, as Nohl believes cyber criminals haven’t figured out the hack, and it would most likely take around six months for someone to figure it out. By then, carriers are hoping to have already patched the vulnerability.

VIA: New York Times


SIM card hack possible with a couple of text messages is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

The World’s Biggest Data Breaches, Visualized

The World's Biggest Data Breaches, Visualized

It sometimes feels like there’s a big data breach in the news every week—but some are far worse than others. This data visulization shows the world’s biggest data breaches to date, and how they compare over time.

Read more…

    

Apple’s Developer Center Hacked by Security Researcher, Data Unharmed

Apple revealed late yesterday that its Developer Center had been forced out of action by "an intruder"—but a researcher has provided evidence to confirm that the downtime was a result of his identification of a security vulnerability.

Read more…

    

Kid Sentenced to One Year in Jail for Hacking School Election

Kid Sentenced to One Year in Jail for Hacking School Election

Unfortunately for one ambitious, young new resident of the California State Prison System, it seems there actually might be some justice in politics—at least for a 22 year-old caught stuffing a college election ballot box, that is.

Read more…

    

Oculus Rift hack puts user inside Black Armor Drone with first-person view

The Oculus Rift virtual reality headset was originally developed with only gaming in mind, but since the company has been sending out units to game developers, the headset has been used for all sorts of neat things. Most recently, the Oculus Rift has given users a first-person view of RC drones thanks to a little hack.

Screen Shot 2013-07-16 at 1.44.03 PM

Co-founder of Intuitive Aerial Erik Torkel Danielsson took his company’s Black Armor Drone and paired it with the Oculus Rift. Since the VR headset essentially uses two displays, two cameras were mounted on top of the drone to stream video simultaneously. The drone also has a laptop on board that encodes the video as it’s being received.

From there, the video is then sent to the computer on the ground, from which it is then transmitted to the Oculus Rift. You’re probably thinking this creates a lot of lag, and you’re almost correct, as Danielsson noticed a latency of about 120 milliseconds, which isn’t bad, but it’s ultimately not ideal.

Danielsson and company are working to make the system better, though, including using newer hardware and cutting down the weight of the electrics on board the drone, as well as upgrade the cameras and increase the range of the transmitters.

If you’re wondering what the company will do with this technology, they haven’t mentioned whether or not they plan to sell these kits to the public at some point in the future, but Oculus Rift and drone owners would undoubtedly love to get their hands on this type of technology, and frankly, it’s possible for anyone to do this with a little know-how.

VIA: Hackaday


Oculus Rift hack puts user inside Black Armor Drone with first-person view is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

Google Glass augmented reality demo birthed in open-source library OpenGlass

A developer by the name of Brandyn White has created for Google Glass an augmented reality user interface that will one day be integrated as easy as any other Glassware. This means that while some so-called augmented reality apps created for Glass are still working outside Google’s preferred Glass-friendly software environment, pushing forward with basic Android APKs, this solution aims for a real-deal Mirror API build. Mirror API is a software developer environment unveiled by Google earlier this year made for developers to easily create apps without Google’s supported bounds.

rectify

As with Android, Google will be supporting Glass software that falls within a set of specifications. At the moment, to stay within this set – to stay within Google’s Mirror API, that is – White has had to turn this app into a sort of photograph-then-display app as such. In the future it may be possible to display information in an augmented reality landscape in real-time.

At the moment you’ll find Glass taking a photo first, then having it analyzed (as you would if you did a sort of Google Image Search), then having it sent back to the user with data embedded so they can compare to the original vision. It’s hoped that in the future this will all be able to be done in near-real-time without the need for photographs and several-step processing.

guide

The guide image above shows White’s use of Picarus software for this process, too. This is an analysis system created by White and his colleague Andrew Miller who together create the group Dapper Vision, Inc. This system is made for large-scale visual analysis and both Computer Vision and Machine Learning web services. Picarus is used here to annotate the images fed back to the user once a photo is snapped.

The software included in this augmented reality precursor is included in what White and his colleagues have dubbed “OpenGlass”. This software library known as OpenGlass is, of course, open-source, and can be accessed by any intrepid developer or Glass user hoping to get in on this futuristic build early.

VIA: SelfScreens


Google Glass augmented reality demo birthed in open-source library OpenGlass is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

Femtocell Verizon hack allows exposure of phone conversations, text messages

Hacking into mobile phones isn’t anything new, but a recently-discovered hacking trick has gone undetected for years, and it has opened doors for hackers to expose phone conversations, text messages, and even web browser activity. Research has revealed that low-cost low-power cell base stations called femtocells have been able to hack into mobile phones for years.

lock

Femtocells are devices that bring wireless service to low-coverage zones and hard-to-reach spots that a regular cell tower couldn’t reach to. You may not have had a need for one if you’ve been living in the a city for most of your life, but analysts predict that 50 million of them may possibly be in use by the time next year rolls around.

Security consultant for iSEC Partners Tom Ritter was able to hack into NPR host Laura Sydell’s phone to find out her phone number and when she called someone, with the ability to record and playback the entire conversation with ease. Ritter says he was able to do it all with some free software and a $250 femtocell that you can buy at Best Buy.

Ritter points out that he’s able to “see everything that your phone would send to a cell phone tower,” and this includes phone calls, text messages, picture messages, and mobile web surfing. Ritter was using a Verizon femtocell at the time, and the wireless carrier says that they have patched all of their femtocells since then, but other carriers’ models could still be left open.

How easy is it to hack into someone’s phone using a femtocell? iSEC doesn’t provide details, but Ritter notes that “you do need some level of technical skills, but people are learning those skills in college.” However, “breaking into one of these devices, or a device like this, is within the realm of people working at home.” Ritter will be presenting his femtocell findings later in August at this year’s DefCon hacking conference.

VIA: CNN Money


Femtocell Verizon hack allows exposure of phone conversations, text messages is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.