Sunday, December 28, 2014

Vulnerability: How uncertain are scanners and smartphones – Business Week

At the start of its annual meeting show hackers of the Chaos Computer Club once again how easily they can overcome techniques of everyday life. So that they are compromising companies that advertise security.

hackers of the Chaos Computer Club (CCC) have made public at the beginning of their annual meeting several vulnerabilities in common technology. Fingerprint recognition technology and facial recognition technology can outwit, as the expert in January Krissler proved. He managed to copy a fingerprint of Defence Minister Ursula von der Leyen from a photo.

he had created with the help of software the thumbprint and wished him well publish online, Krissler said on Saturday evening at the Chaos Communication Congress 31C3. For as a copy of a fingerprint satisfy a cell phone photo. . “If the light conditions are right somehow, that’s no problem”

For face recognition submit a photo

What you can do with potentially Krissler showed a different fingerprint: With one out fake latex prepared he was able to overcome a fingerprint sensor. He already cracked the fingerprint sensor of Apple’s iPhone. To bypass a software for face recognition, was enough a printed photo. “Iris recognition is now probably permanently broken,” Krissler. Said

Security researcher Karsten Nohl and mobile expert Tobias Engel showed weaknesses in technology in mobile network UMTS. The gaps allow the interception of calls, unauthorized reading of SMS and the location of people around the world, as the two experts said in their presentations on Saturday night.

The privacy German mobile operator

  • T-Mobile

    privacy: 58 percent (out of a possible 100 percent)

    Source: Security Research Labs

  • Vodafone

    privacy 44 percent (out of a possible 100 percent)

  • E-Plus

    privacy: 33 percent (out of a possible 100 percent)

  • O2

    privacy: 19 percent (out of a possible 100 percent)

The culprit is a protocol called SS7. About communicate SS7 telecommunications companies. This will ensure, inter alia, for a correct forwarding of calls. However, the protocol is insufficiently secured as angel showed. So hackers and spies can query the location at which a mobile user is located at a specific phone number

Ten Tips. As her Smartphone Protect

  • handling Numbers

    Be careful when passing your mobile number. . Write these not on your business card

  • Eavesdropping

    The calls over cellular networks with the GSM standard is not eavesdropping. . Therefore lead conversations with confidential content through the phone

  • Access Protection

    Use Key lock and device lock code and change these passwords at regular intervals.

  • Wireless interfaces

    Disable basically all wireless interfaces such as WLAN or Bluetooth access points when these . are not required

  • Public Hotspots

    Use your public hotspots with increased caution. . Avoid sensitive applications such as online banking in untrusted Hotspots

  • Permanent Control

    Let. your mobile devices never out of sight and do not give your smartphone also Manipulations can be made in a few seconds

  • .
    Good Apps

    Install apps only from trusted sources. Many require far-reaching access to sensitive data and functions. . Check these privileges are really necessary for the benefit of the app

  • Security Updates

    Make sure that there are security updates for your operating system and installed software.

  • SIM card

    Let with mobile phone loss of your SIM . card blocked immediately

  • sale and disposal

    Normal Erase does not destroy all data in the rule. The memory must be overwritten physically before a sale or disposal.

In addition, an attacker a telephone call in Forward background on yourself before sending it to the original destination. “There are reports that that is exploited,” Angel told Deutsche Presse-Agentur. A Ukrainian suppliers have noticed such Forwarders in its network.

Vodafone and German Telekom had previously responded to reports about the weaknesses and they closed on their networks. Also Telefonica O2 and E-Plus took measures against the gap.

On Sunday it should go to secure communication and gaps in major computer programs in lectures. Last year, more than 9,000 people attended the conference, this time even more participants were expected. Until Tuesday to more than 200 speakers talk, plus there are hundreds of hands-on offers.


No comments:

Post a Comment