Connect with us

Featured

New exploit exposes credit cards on mobile phones

Check Point Security has found that handsets using Qualcomm chipsets that hold credit and debit card credentials are at risk of a new exploit.

Published

on

Now it’s more important than ever to update your phone.
Check Point security has found a vulnerability in mobile devices that run Android, which allows credit card details to be accessed by hackers.

Mobile operating systems like Android offer a Rich Execution Environment (REE), providing a hugely extensive and versatile runtime environment, which allows apps to run on the device. However, while bringing flexibility and capability, REE leaves devices vulnerable to a wide range of security threats. A Trusted Execution Environment (TEE) is designed to reside alongside the REE and provide a safe area on the device to protect assets and to execute trusted code. Qualcomm makes use of a secure virtual processor, which is often referred to as the “secure world”, in comparison to the “non-secure world”, where REE resides. 

But Check Point “fuzzed” a “hole” into this secure world 

In a 4-month research project, Check Point researchers attempted and succeeded to reverse Qualcomm’s “Secure World” operating system. Check Point researchers leveraged a “fuzzing” technique to expose the hole. Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks. It involves inputting massive amounts of random data, called fuzz, to the test subject in an attempt to make it crash.

Check Point implemented a custom-made fuzzing tool, which tested trusted code on Samsung, LG, and Motorola devices. Through fuzzing, Check Point found 4 vulnerabilities in trusted code implemented by Samsung (including S10), 1 in Motorola, 1 in LG, but all code sourced by Qualcomm itself. To address the vulnerability, the runtime of Android needs to be protected from both attackers and users. This is typically achieved by moving the secure storage software to a hardware-supported TEE.

Check Point Research disclosed its findings directly to the companies and gave them time to patch vulnerabilities. Samsung patched three vulnerabilities and LG patched one. Motorola and Qualcomm responded, but have yet to provide a patch, and there is no confirmation of a release date yet.

Check Point Research has urged mobile phone users to stay vigilant and check their credit and debit card providers for any unusual activity. In the meantime, they are working with the vendors mentioned to issue patches.

Featured

DStv Now adds free education to ‘lockdown channels’

In its response to the COVID-19 lockdown in South Africa, DStv is offering 16 free channels on its streaming app

Published

on

Two new channels have been added to a free service being provided on DStv Now, the online version of DStv. 

In response to the unfolding COVID-19 pandemic, DStv owner MultiChoice worked with local and international news channels in mid-March to add 24-hour news coverage to the DStv Now free service.

The company says the intent was to help all South Africans stay up to date with announcements and developments, and the results so far are encouraging. Usage of the service has increased 20% since the lockdown began, and peak usage is up 80% compared to pre-crisis peaks. 

 Now, in another step to help families through the lockdown period, MultiChoice has added additional educational content to the free service with the Mindset PoP channel. This channel features educational programming covering the entire General Education and Training (GET) phase, including Early Childhood Development (ECD), as well as a key focus on the Grade 4 – 9 curriculum. 

The channel aims to prepare children for when schools reopen. Mindset PoP will deliver live lessons daily, with six fresh hours every day. A website is available for parents to download worksheets and information sheets to work through with expert teachers. Lessons are based on the South African Curriculum Assessment Policy Statements (CAPS) and are also aligned to the Cambridge curriculum.

“We’re extremely grateful to all of the channel providers for being so willing to work with us to help all South Africans through this unprecedented lockdown period,” said Niclas Ekdahl, CEO of the Connected Video division of MultiChoice. 

“Thanks to their support we’re able to keep people informed, keep kids’ educations going, and keep people entertained.”

The full list of channels available to non-DStv customers on the DStv Now free service is:

100 – DStv

180 – People’s Weather

238 – SuperSport Play

313 – PBS Kids

317 – Mindset PoP

320 – Channel O

343 – TBN

400 – BBC World News

401 – CNN

402 – Sky News

403 – eNCA

404 – SABC News

405 – Newzroom Afrika

405 – AlJazeera

414 – Euronews Now

417 – africanews

To sign up for the DStv Now free service, go to http://now.dstv.com 

Continue Reading

Featured

FNB Connect cuts data price by 55%, offers 1GB free

Published

on

FNB Connect has reduce its data prices by up to 55%. It is also doubling customers’ data on Lifestyle plans without any price increase.

This weekend, FNB Connect will also give all its customers 1GB of free data during the national lockdown, with a validity period of 30 days. This lockdown data allocation is in addition to the Free Connect allocations that customers with qualifying transactional accounts receive monthly.

“This will enable our customers to save on telco spend, which is a regular feature in household budgets,” says Raj Makanjee, CEO of FNB Retail. “Access to affordable and free data goes a long way in assisting our customers navigate difficult times and is also aligned to our ethos of offering real help when it’s needed the most.”

Shadrack Palmer, FNB Connect product head, says: “In our efforts to provide our customers with more value for their money, we’ve reduced our mobile data prices and doubled the data bundles on most of our Lifestyle plans, to give our customers more reason to connect anywhere and anytime. This is needed now more than even, as South Africans are observing the 21-day national lockdown, with many strapped for cash during these challenging times.”

The new data prices and doubling of the Lifestyle plans are to be repriced as follows:

“Since the launch of our Free Connect offering in July 2019, we’ve tried to remain consistent to see how best we can incentivise our customers when they need it most,” says Palmer.  “As FNB Connect, we understand the pressures customers are facing financially and are committed to providing better value at every opportunity.”

Continue Reading

Trending

Copyright © 2020 World Wide Worx