Security

Scientists start hacking minds with cheap EEG gear

Are the deepest secrets of your mind safe? Could thieves trick you into revealing your bank card PIN or computer passwords just by thinking about them?

Theoretically, it could happen.

Ivan Martinovic of the University of Oxford and colleagues at the University of Geneva and University of California at Berkeley describe research into that question in a paper entitled "On the Feasibility of Side-Channel Attacks With Brain-Computer Interfaces" presented earlier this month at the 21st USENIX Security Symposium.

The research was inspired by the growing number of games and other mind apps available for low-cost consumer EEG devices such as Emotiv's EPOC headset, which lets users interact with computers using their thoughts alone. … Read more

iPhone SMS vulnerability not present in other OSes

Earlier this month, news surfaced that iPhones were more susceptible to spoofed SMS messages and phishing attempts via text, and now it seems the vulnerability is more or less exclusive to iOS.

That's according to research from mobile security firm AdaptiveMobile, which says it may be harder to spot spoofed texts and phishing attacks on the iPhone than on other mobile OSes. At issue is the fact that iOS displays the "reply to" number for received texts, which can be modified to make it appear as if a text message originated from a different number than it … Read more

New Kaspersky appeals to your cash sense

A safer way to conduct online transactions and a new exploit blocker are the keystones to Kaspersky Lab's 2013 security suites, the company announced today.

The major new feature that's in both Kaspersky Internet Security 2013 (download exclusively from Download.com today) and Kaspersky Anti-Virus 2013 (download) is the exploit blocking engine called Automatic Exploit Prevention. It's a response to the increase in the number of phishing attacks and includes an anti-phishing engine -- similar to the antivirus and anti-malware engines -- that updates daily.

Roel Schouwenberg, a senior antivirus researcher at Kaspersky and founding member of … Read more

iPhone SMS spoofing tool surfaces

A French hacker is playing "tell and show" with a security flaw in iOS and how the iPhone handles SMS.

Last week, "Pod2g" released details of the vulnerability, which is still present in the latest beta of iOS 6, that could make iPhones a bit more exposed to spoofed texts or phishing scams. The missive included a plea to Apple to fix the security hole before the final release of iOS 6.

Until that happens, however, the same hacker is apparently quite happy to help others exploit the fact that iOS shows the "reply-to" … Read more

Surveillance device uses Wi-Fi to see through walls

Researchers in England have created a prototype surveillance device that can be used to spy on people inside buildings and behind walls by tracking the frequency changes as Wi-Fi signals generated by wireless routers and access points bounce off people as they move around.

The device, which is about the size of a suitcase and has two antennae and a signal processing unit, works as a "passive radar system" that can "see" through walls, according to PopSci.com. It was able to successfully determine the location, speed, and direction of a person behind a one-foot-thick brick wall, but can not detect people standing or sitting still, the article said.

The U.K. Ministry of Defence is looking into whether the device -- designed by Karl Woodbridge and Kevin Chetty of the University of College London -- can be used in "urban warfare" for scanning buildings, PopSci reported.

… Read more

DIY shark intrusion system works in aquariums

The New York Port Authority had egg on its face recently when a stranded jet skier managed to breach JFK International Airport's security perimeter and walk across several runways.

Raytheon, maker of the $100 million Perimeter Intrusion Detection System, has some explaining to do.

But it's not all bad. Inspired by the breach (and Shark Week), Justin Huynh and friends at engineering firm Liquidware have concocted their own intruder alert system for far fewer bucks.

Essentially, it's a simple laser tripwire that sends alerts to Twitter when activated. So far, it works with toy sharks and not hapless jet skiers. … Read more

iPhone SMS vulnerable, according to researcher

Ever received a text from your bank on your iPhone? You may want to take a closer look and make sure it's the real deal.

A hacker who goes by the handle "pod2g" says a security flaw has made receiving texts on an iPhone insecure since the inception of iOS, and that the vulnerability still remains in the latest beta of iOS 6.… Read more

How to set up Google's two-step verification

Did you read Mat Honan's tale of woe last week? The one where his Amazon, Apple, Gmail, and Twitter accounts were hacked and his digital life was eradicated?

If not, I strongly encourage you to read his story. In a nutshell, hackers strung together pieces of information to gain access to several important online accounts. The results were personally devastating for him. But his story is a good lesson for all of us. After learning the details of the attack -- from one of the hackers himself, no less -- Honan says he regrets three things most of all.… Read more

Olympics-related malware goes on a global phishing trip

When the Summer Olympics roll around, you can count on some intense competition in key events like gymnastics. But for 2012, the action isn't just on the mat. It seems that distributing and battling malware and phishing efforts disguised as Olympics apps and info are practically an exhibition sport this summer.

An app called "London Olympics Widget" seems harmless enough, but according to Webroot's security blog, it actually rifles through your contacts, device info, and text messages. … Read more