According to researchers at Ben-Gurion University of the Negev (BGU), there are many malicious programs just waiting to turn computers into personal eavesdropping devices. Researchers explained as well as demonstrated just how easily most PCs and laptops are susceptible to this form of attack.
Programs such as “SPEAKE(a)R: Turn Speakers to Microphones for fun and profit” are able to transform headphones into a pair of microphones, without setting of unease. “‘The fact that headphones, earphones and speakers are physically built like microphones and that an audio port’s role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers,’ says Prof. Yuval Elovici, director of the BGU Cyber Security Research Center (CSRC) and member of BGU’s Department of Information Systems Engineering.”
“‘This is the reason people like Facebook Chairman and Chief Executive Officer Mark Zuckerberg tape up their mic and webcam,’ says Mordechai Guri, lead researcher and head of Research and Development at the CSRC. ‘You might tape the mic, but would be unlikely to tape the headphones or speakers.'”
Malware is able to covertly reconfigure a headphone jack from a line-out jack to a microphone jack, converting the headphones into a hackable recording device that is predicted to have a range of several meters. Even worse, this process is able to continue even while the computer doesn’t have a connected microphone–and was demonstrated by the researchers in the SPEAKE(a)R video.
Countermeasures, however, are possible, such as completely disabling audio hardware or using an HD audio driver to send an alert when microphones are being accessed. Extra precautions can be taken with anti-malware systems, which can monitor and detect unauthorized speaker-to-mic retasking operations and block them.
Hackers. It is true that some of them are the “bad guys,” actively gaining access into people’s documents and accounts and stealing personal and valuable information, however, a conversation on hackers can no longer be one sided. Nowadays, many hackers “fight against government corruption and advocate for our rights,” helping us in ways only they can. Many of these hackers work to expose weaknesses in company algorithms, notifying them in exchange for a bounty rather than using the information for personal gain. They constantly force the internet into evolving and improving, becoming stronger and more resistant to further attacks, “wielding their power to create a better world.” For more insight into the world of hacking, how we can protect ourselves, and what we should be aware of, check out the TED playlist Who are the Hackers?
For as long as people have been writing software there have always been simple coding mistakes which could open doors to hackers; allowing them to access secure information, delete important files, and “carrying out political mischief.” A new program, created by the Columbia University School of Engineering and Applied Science, called Shuffler presents a new method to providing protection against such attacks. To prevent possible attacks, Shuffler allows programs “to continuously scramble their code as they run, effectively closing the window of opportunity for an attack.”
“‘Shuffler makes it nearly impossible to turn a bug into a functioning attack, defending software developers from their mistakes,'” said the study’s lead author, David Williams-King, a graduate student at Columbia Engineering. “‘Attackers are unable to figure out the program’s layout if the code keeps changing.'”
Shuffler has been developed to randomize small blocks of a program’s code every 20 to 50 milliseconds, “imposing a severe deadline on would-be attackers. Until now, shifting around running code as a security measure was thought to be technically impractical because existing solutions require specialized hardware or software.” Running alongside the code it protects, Suffer even randomizes its own program to provide the best possible security.
The Shuffler program, however, is not yet available to the public. Researchers say they want to improve its ability to defend against “exploits that take advantage of server-crashes” as well as makinging it easier to use on untested software. “‘Billions of lines of vulnerable code are out there,'” said the study’s senior author, Junfeng Yang, a computer science professor at Columbia Engineering and member of the Data Science Institute. “‘Rather than finding every bug or rewriting all billions of lines of code in safer languages, Shuffler instantly lets us build a stronger defense.'”
With the election recount coming up in just a matter of days, many people are wondering just how secure the security systems placed to protect the ballets are. Surprisingly, after a recent study, it was found that people have good sense on finding this out for themselves.
Rice University performed a study just a few weeks ago in order to find out just how conscious people are of the level of security on their voting ballot. The study was conducted with 90 voters in a mock election, where the researchers created three levels of a security system; a standard paper ballot (the least secure), a paper ballot that included fake security features, giving an impression of a secure ballot (no more secure than the standard ballot), and a paper ballot with enhanced security mechanisms (one of the most secure methods).
Recent studies have shown that an always present but generally ignored component in almost every vehicle can leave the user vulnerable to hacking attacks.
Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering, along with a few students from George Mason University, conducted what is believed to be the first comprehensive security analysis of its kind. They found that MirrorLink, a system with rules that allow vehicles to connect to smartphones, contained an easily accessible liability.
Researchers have developed a new system that allows secure information, such as passwords, to be sent through a person’s body rather than “easy to hack” Wifi or Bluetooth signal.
“Computer scientist and electrical engineers have found a way to broadcast signals from a fingerprint scanner or touchpad through the body to a receiving device that is also in contact with the user.” This systems allows for a secure means of transporting information that does not require a password.