Connect with us

Featured

Charging phone on public USB can get you hacked

Published

on

Smartphones can be compromised when charged using a standard USB connection connected to a computer, Kaspersky Lab experts have discovered in a proof-of-concept experiment.

Have you ever wondered how safe your smartphone and data are when you connect the device to freely available charging points at airports, cafes, parks and public transport? Do you know what, and how much data your mobile device is exchanging with these points while it’s charging? Kaspersky Lab researchers became curious and conducted research to find the answers to these questions.

As part of this research, the company’s experts tested a number of smartphones running various versions of Android and iOS operating systems in order to understand what data the device transfers externally while connected to a PC or Mac for charging. The test results indicate that the mobiles reveal a whole litany of data to the computer during the ‘handshake’ (a process of introduction between the device and the PC/Mac it is connected to), including: the device name, device manufacturer, device type, serial number, firmware information, operating system information, file system/file list, electronic chip ID. The amount of data sent during the handshake varies depending on the device and the host, but each smartphone transfers the same basic set of information, like device name, manufacturer, serial number etc.

Now that smartphones almost always accompany their owner, the device serves as a unique identifier for any third party who might be interested in collecting such data for some subsequent use. But it wouldn’t be a problem if collecting a few unique identifiers was all that an attacker could do with a device connected to an unknown computer or charging device.

Back in 2014, a concept was presented at Black Hat that a mobile phone could be infected with malware simply by plugging it into a fake charging station. Now, two years after the original announcement, Kaspersky Lab experts have been able to successfully reproduce the result. Using just a regular PC and a standard micro USB cable, armed with a set of special commands (so-called AT-commands), they were able to re-flash a smartphone and silently install a root application on it. This amounts to a total compromise of the smartphone, even though no malware was used.

Although information about actual incidents involving fake charging stations has not been published, the theft of data from mobiles connected to a computer has been observed in the past. For example, this technique was used in 2013 as part of the cyberespionage campaign Red October. And the Hacking Team group also made use of a computer connection to load a mobile device with malware. Both of these threat actors found a way to exploit the supposedly safe initial data exchange between the smartphone and the PC it was connected to. By checking the identification data received from the connected device, the hackers were able to discover what device model the victim was using and to progress their attack with a specifically-chosen exploit. That would not have been as easy to achieve if smartphones did not automatically exchange data with a PC automatically upon connecting to the USB port.

“It is strange to see that nearly two years after the publication of a proof-of-concept demonstrating how a smartphone can be infected though the USB, the concept still works. The security risks here are obvious: if you’re a regular user you can be tracked through your device IDs; your phone could be silently packed with anything from adware to ransomware; and, if you’re a decision-maker in a big company, you could easily become the target of professional hackers,”  warns Alexey Komarov, researcher at Kaspersky Lab. “And you don’t even have to be highly-skilled in order to perform such attacks, all the information you need can easily be found on the Internet,” he concludes.

In order to protect yourself from the risk of possible attack through unknown charging points and untrusted computers, Kaspersky Lab advises the following:

·         Use only trusted USB charging points and computers to charge your device;

·         Protect your mobile phone with a password, or with another method such as fingerprint recognition, and don’t unlock it while charging;

·         Use encryption technologies and secure containers (protected areas on mobile devices used to isolate sensitive information) to protect the data;

·         Protect both your mobile device and your PC/Mac from malware with the help of a proven security solution. This will help to detect malware even if a “charging” vulnerability is used.

Featured

Huawei Mate 20 Pro matches camera benchmark record

A benchmark by DxOMark sees the triple-cam handset tie with the P20 Pro for best smartphone camera on the market.

Published

on

The Huawei Mate 20 Pro has come out top in a camera benchmark test that assesses all aspects of smartphone camera performance.

DxOMark, which conducts rigorous hardware testing and is trusted as an industry standard for image quality measurements, has just released the results of its in-depth analysis of the Huawei Mate 20 Pro smartphone camera. 

The Huawei Mate 20 Pro is the Chinese manufacturer’s latest top-end device. Building on the P20 Pro’s camera technology, the Mate 20 Pro comes with a Leica-branded triple-camera setup, but swaps its stable-mate’s monochrome camera for a super-wide-angle module, offering a 35mm-equivalent focal length range from 16 to 80mm—the widest of all current smartphone cameras.

The handset is in direct competition with the Apple iPhone XS Max, the Google Pixel 3 XL, the Samsung Galaxy Note 9, among other. How does it fare?

“With a total photo score of 114, the Huawei Mate 20 Pro ties the record-setting score of its cousin, the P20 Pro,” says DxOMark. “The overall Photo score is calculated from sub-scores in tests that examine different aspects of its performance under different lighting conditions.”

The Huawei Mate 20 Pro achieves a photo score of 114 points. In stills mode, the Mate 20 Pro’s triple camera captures images with good target exposure and a wide dynamic range, recording both good highlight and shadow detail even in difficult high-contrast situations. Noise levels are well under control down to low light levels, and the camera’s white balance system and colour rendering settings produce a pleasant colour response in almost all circumstances.

At 97 points, the Mate 20 Pro is very close to the best for video as well, thanks to a fast and smooth autofocus system with good tracking performance, accurate white balance as well as pleasant colour rendering, and low levels of noise, especially in bright shooting conditions. Our testers also liked the exposure system’s ability to adapt quickly and smoothly to changes in illumination.

It was not all good news. DxOMark also had some criticism for the device.

Click here to read about the drawbacks of the Mate 20 Pro camera, and other positives.

Previous Page1 of 2

Continue Reading

Featured

SA car wins
Dakar Rally

Published

on

The final stage of Dakar 2019 drew to a close at the bivouac in Pisco, Peru, and saw Toyota Gazoo Racing South Africa’s Nasser Al Attiyah and Mathieu Baumel bring home their South African-built Toyota Hilux for an historic victory. Not only was it a first win for Toyota, but it was also the first petrol-powered car to win the Dakar in the South-American era.

The Qatari driver ensured his French navigator, who turned 43 years old on Thursday, 17 January, received a great birthday present, when the pair arrived at the final time control of Dakar 2019 with teammates Giniel de Villiers and Dirk von Zitzewitz in close formation. The two Toyota Hilux crews completed the entire stage together, as De Villiers / Von Zitzewitz waited nearly 55 minutes for the leaders to start the stage, in order to shadow them to the finish.

The emotions bubbled over for Team Principal Glyn Hall, who found himself without words as his two crews drove into the media area after the time control. “This victory was long overdue,” he finally managed, before being swamped in a sea of well-wishers.

The winning driver, however, was much more vocal: “We are so happy to win the Dakar – not only for ourselves, but also for Toyota and the entire Toyota Gazoo Racing SA team. Everyone has worked so hard for so long, and really deserve this. Thank you for letting us drive this car.”

Toyota Gazoo Racing SA led Dakar 2019 from the first to the last stage, with Al Attiyah/Baumel drawing first blood, before handing the mantle to De Villiers / Von Zitzewitz during stage 2. But then a disastrous Stage 3 saw the Qatari retake the lead – a lead he didn’t relinquish despite some of the toughest stages yet seen on any South-American Dakar.

“When we first heard that the rally was going to take place only in one country, we were skeptical,” said Hall after regaining composure. “But the organisers made sure that this year’s race will long be remembered as one of the toughest tests in the last decade.”

Al Attiyah / Baumel’s victory at Dakar 2019 means that Toyota Gazoo Racing has now won both of the world’s toughest automotive races – the 24 Hours of Le Mans, and the DakarRally.

Click here to read Glyn Hall’s comment on winning the Dakar Rally, as well as the rankings.

Previous Page1 of 3

Continue Reading

Trending

Copyright © 2018 World Wide Worx