h4ck3r _ N3w5

A New York-based online ad network company AppNexus, that provides a platform specializing in real-time online advertising, has again been spotted as the origin of a recent “malvertising” campaign that makes use of the Angler Exploit Kit to redirect visitors to malicious websites hosting the Asprox malware.

AppNexus servers process 16 billion ad buys per day, making it the biggest reach on the open web after Google. Back in May, AppNexus was serving malicious ads targeting Microsoft’s Silverlight platform. The world’s largest Internet Video Subscription service Netflix runs on Silverlight, and because of its popularity, hackers have been loading exploit kits with Silverlight.

As part of this campaign, users of several high-profile websites including Java.com, Deviantart.com, TMZ.com, Photobucket.com, IBTimes.com, eBay.ie, Kapaza.be and TVgids.nl, last week were redirected to websites serving malicious advertisements that infected visitors by installing botnet malware on their computer, said security company Fox-IT.
“These websites have not been compromised themselves, but are the victim of malvertising. This means an advertisement provider, providing its services to a small part of a website, serves malicious advertisement aimed at infecting visitors with malware,” researchers at Fox-IT said in a blog post.

Angler exploit kits are available on the underground black forums and are used in various malicious campaigns to own websites and redirect users off to websites hosting banking malware and other types of malicious code in order to victimize them.

“Please note, a visitor does not need to click on the malicious advertisements in order to get infected. This all happens silently in the background as the ad is loaded by the user’s browser,” researchers warned.

According to the Researchers, Angler first checks whether the victim’s browser supports an outdated versions of Java, Adobe Flash Player or Microsoft Silverlight, and then silently install a variant of the Asprox botnet malware.

Asprox is generally a spam botnet that was involved in multiple high-profile attacks on various websites in order to spread malware. The malware recently has been modified for click-fraud and cyber criminals are using it to spread malware through email attachments with exploit kits. It also has other malicious functionality including scanning websites for vulnerabilities and stealing log-in credentials stored on computers.

“Asprox has gone through many changes and modifications which includes spam modules, website scanning modules and even credential stealing modules,” Fox-IT said. “This history and current events show Asprox is still actively being developed and used.”

Once visited on a site hosting the malicious ad, users are redirected in the background to ads[.]femmotion[.]com, which then redirects to the exploit kit on a number of other domains, the gloriousdead[.]com and taggingapp[.]com.

“All the exploit kit hosts were observed using port 37702. Running exploit kits on high ports at best prevents certain network tools from logging the HTTP connections, as these are typically configured to monitor only HTTP ports,” Fox-IT said. “It does mean this exploit kit is blocked on a lot of corporate networks as they do not allow for browsing outside the normal HTTP ports, port 80 (or proxy ports) and 443 for SSL.”

In order to show targeted advertisements to users, advertisers engage in an automatic, real-time bidding process, which makes malicious advertisements more difficult to track. “In the case of this malvertising campaign the malicious advertisers were the highest bidders,” Fox-IT says.

Hackers used a method called “retargeting”, which is actually used by Digital Advertising agencies to rotate the ads shown to the same visitor when they access a specific page multiple times.

“The way it works is that a user with an interesting set of tracking cookies and other metadata for a certain adprovider is retargetted from the original advertisement content on the website to the modified or personalized data,” Fox-IT researchers said. “We have seen examples where the website that helped with the ad redirect to infect a user had no idea it was helping the delivery of certain content for a certain ad provider.”

via The Hacker News http://ift.tt/1qKBIYU

Microsoft today reissued a security update for Windows to the faulty update that previously caused PCs to suffer Blue Screens of Death (BSoD).

The new security update comes almost two weeks after reports emerged that the dodgy update crippled users’ computers with the infamous “Blue Screens of Death.” The company later advised people to uninstall the update, but now it has fixed the issue.

“This month we had our first roll out with additional non-security updates. A small number of customers experienced problems with a few of the updates,” Tracey Pretorius, director of Microsoft Trustworthy Computing, wrote in a blog post.

“As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these available to download. We then began working on a plan to re-release the affected updates.”

The offending Microsoft patch identified as MS14-045, fixes Windows kernel vulnerabilities in 47 of Microsoft’s systems which the company marked as important, can cause system crashes forcing users to reboot it.

Soon after the initial release of the patch, the issue surfaced on Microsoft’s support forum where customers started posting messages on an eventually-lengthy thread saying that their systems, specially users running Windows 7 PCs with the 64bit version, had been bricked with an error message and ensuing “Blue Screen of Death.”

This update flashed a message on the screen that reads: “Your PC ran into a problem and needs to restart. We’re just collecting some error info and then we’ll restart for you (0% complete).”

The BSoD-triggering patch was really an embarrassment for Microsoft and it quietly told customers to uninstall the MS14-045 update.

Now, after testing the patches against its huge codebase, Microsoft Security Response Center (MSRC) came up with a security fix and the update is available once again for download, but now known as KB2993651.

So, if you have KB2982791 installed, we recommend you to uninstall it and download KB2993651 instead. You don’t necessarily have to uninstall the old update, but it is highly recommended you to do so.

Those who have not enabled automatic updates are advised to visit the Microsoft site and download the patch manually, as soon as possible.

via The Hacker News http://ift.tt/1teaPPs

Hackforums – one of the popular hacking forum in the world – has been hacked and defaced by the famous Egyptian hacker with the online handle Eg-R1z.

HackForums is popular among both whitehats and blackhats. On one end of the spectrum, HackForums helps over 110,000 hacking community members to remove dangerous malware off of their computers, as well as promotes research and learning of various malwares.

But on the other end, it servers as a great platform for hackers and cyber thieves as well, who posts infected material in order to victimize others. The website is hosted in Europe on a server and expected to be earning an estimated $7,316 USD on a daily basis.

Last night, hackforums.net went dark with a defacement message that reads:

“[403 Forbidden Error] – You might be blocked by your IP, Country, or ISP.”
That’s really nasty msg guys , don’t u think so?!
Just sending greets from Egypt
i-Hmx , H3ll C0D3 , Egyptian.H4x0rZ
./Eg-R1z Cr3w

It is still unclear, how hacker managed to get into server and which type of vulnerability or weakness has been exploited. But, it seems that the hacker just exploited some flaw and defaced the website and then hosted the image on hacked server which was displayed on the defaced page.

Reason behind the defacement of the website is still unknown, but with the deface message, one can predict that the hacker is warning the HackForums admin about security.

The forum was unavailable for few hours last night, but at the time of writing, the site was back to its normal form, but site performance is still facing some issues. You can check the defacement mirror of the hack at Zone-h as a Proof of Hack.
It’s not first time HackForums website got hacked. In past, HackForums website was also hacked by various hackers with online handles imLulzPirate, b0x, SYRIAN-HACKER and KTN.

via The Hacker News http://ift.tt/1wGNuIE

Routers manufactured and sold by Chinese security vendor have a hard-coded password that leaves users with a wide-open backdoor that could easily be exploited by attackers to monitor the Internet traffic.

The routers are sold under the brand name Netcore in China, and Netis in other parts of the world, including South Korea, Taiwan, Israel and United States.

According to Trend Micro, the backdoor — a semi-secret way to access the device — allows cybercriminals the possibility to bypass device security and to easily run malicious code on routers and change settings.

Netis routers are known for providing the best wireless transfer speed up to 300Mbps, offering a better performance on online gaming, video streaming, and VoIP phone calling.

The Netcore and Netis routers have an open UDP port listening at port 53413, which can be accessed from the Internet side of the router. The password needed to open up this backdoor is hardcoded into the router’s firmware.

All of the routers – sold under the Netcore brand in China and as Netis outside of the country – appear to have the same password, Tim Yeh, threat researcher at the security firm, says warning that the backdoor cannot be changed or disable, essentially offering a way in to any attacker who knows the “secret” string.

Using the backdoor, hackers could upload or download hostile code and even modify the settings on vulnerable routers in order to to monitor a person’s Internet traffic as part of a so-called man-in-the-middle (MitM) attack.

By attempting MitM attack, a potential attacker could intercept users’ internet communication, steal sensitive information and even hijack sessions.

The researchers scanned the Internet and had indicated that millions of devices worldwide are potentially vulnerable.

“Using ZMap to scan vulnerable routers, we found more than two million IP addresses with the open UDP port,” Yeh wrote in a blog post. “Almost all of these routers are in China, with much smaller numbers in other countries, including but not limited to South Korea, Taiwan, Israel, and the United States.”

Exploiting this flaw is not too difficult, as a simple port scan can reveal the open UDP ports to anyone using such an online tool.

In addition, Trend Micro also found that a configuration file containing a username and password for the web-based administration panel on the router is stored with no encryption protection, allowing an attacker to download it.

“Users have relatively few solutions available to remedy this issue. Support for Netcore routers by open source firmware like dd-wrt and Tomato is essentially limited; only one router appears to have support at all. Aside from that, the only adequate alternative would be to replace these devices,” advises Yeh.

Users can determine whether their router is impacted here.

via The Hacker News http://ift.tt/1C2oR9p

Along with the release of Chrome 37 for Windows, Mac, and Linux, Google today also released a long-awaited 64-bit stable version of its Chrome browser for Windows systems. The company has been working on the 64-bit support for Windows 7 and Windows 8 since June.
Back in June, Google first released Chrome 64-bit only in the browser’s Dev and Canary channels. Then in July, the beta channel received the same update, and now, finally Chrome 64-bit is available in the stable channel.

The new 64-bit version of Chrome offers three main advantages:

Therefore, for those of you on a compatible 64-bit system, this new version will offer faster performance as well as security and stability enhancements in comparison to 32-bit version. But, Chrome 64-bit is still an opt-in process. So, if you want to take advantage of it, you can hit the new “Windows 64-bit” download link over at google.com/chrome.

SPEED ENHANCEMENT

Google claims that certain media and graphics workloads in particular are faster in speed with Chrome 64-bit version. The company gives an example of VP9 video decoding — used for some YouTube high-definition streams — being 15 percent faster compared to 32-bit variant as a result, said Chrome team programmer Will Harris in a blog post.

The 64-bit of Chrome version is faster because it leverages optimizations made to processor and compilers, has a more modern instruction set compared to the 32-bit edition, and a calling convention that allows more function parameters to be passed quickly by registers.

SECURITY ENHANCEMENT

The security of the systems have also been improved in the 64-bit version by having access to a larger pool of memory.

Since, Windows has a built-in security feature called ASLR (Address Space Layout Randomization) which makes bug exploits harder to write by randomizing the location of items such as DLLs in memory. Because the new version have much more memory available, bug exploits are difficult to create, and with more memory to work with, the process becomes even harder.

STABILITY ENHANCEMENT

The Search engine giant also says that with 64-bit version of the browser, stability has also improved, being “twice as stable” as its 32-bit equivalent.

While testing beta versions of Chrome 64-bit, the development team found that the Chrome browser crashes around half as often as the 32-bit version when processing web content.

WHATS WRONG WITH 64-BIT VERSION OF BROWSER?

As every new feature comes with some negative impacts as well. Chrome 64-bit version might has a few possible drawbacks, of which the most significant one being no support for 32-bit NPAPI plugin that was found in the 32-bit browser

This means that some browser plugins, including both Silverlight and Java, will not work in the new version. Google intends to remove 32-bit NPAPI support at some point in the future, so this drawback will not be permanent.

CHROME 37 — WHAT’S NEW?

The Chrome 37 update also marks the stable release for Windows, Mac and Linux, the official change log provided by Google lists the following tweaks:

• DirectWrite support on Windows for improved font rendering.
• A number of new apps/extension APIs.
• Lots of under the hood changes for stability and performance.

The Chrome 37 update will happen automatically for most users, however if you want to get the 64-bit version, you will have to manually download the variant from the browser’s website.

via The Hacker News http://ift.tt/XSbNnM

More than half of South Korea’s 50 million population aged between 15 and 65 have been affected in a massive data breach, compromising their personal information.

The data breach came to light when 16 individual were arrested following the theft of about 220 million stolen records from a number of online game, ringtone storefronts and movie ticket sites that contains personally identifiable information related to 27 million victims.

The stolen records included actual name, account name, password and resident registration number of the victims, According to the English version of a Seoul-based daily newspaper, the Korea Joongang Daily.
Among 16 perpetrators, the South Jeolla Provincial Police Agency arrested a 24-year-old man named ‘Kim’ , for allegedly obtaining and selling all 220 million personal information including names, registration numbers, account names, and passwords, from a Chinese hacker he met through an online game in 2011.

Police estimated the breach caused in secondary damages alone is nearly $2 million. Also, Kim hacked into a total of 6 online video games in South Korea using the stolen information, from which he allegedly stole almost $400,000. Kim reportedly gave $130,000 cut of the money to the Chinese hacker whom he initially acquired the information from.

The stolen information was sold for prices ranging from US$0.001 to US$20 per item depending on whether the buyer is a thief or illegal gaming advertiser, the police said. Authorities claim Kim went on to sell the personal information to mortgage fraudsters and “illegal gambling advertisers” for for 10 to 300 won, or a fraction of a U.S. dollar. Those swindlers and advertisers duped hundreds of South Koreans between September 2012 and November 2013.

Online gaming is wildly popular in South Korea, so the stolen information is of much use for the buyers. They used those credentials to steal in-game currency and other game-related items from online gaming accounts and sold off to other players at a much higher rates.

It is estimated that the hackers have used a hack tool dubbed “extractor” that would log into user accounts and steal the information. Although, the authorities are investigating how the stolen information has been circulating and is in the middle of pursuing seven other suspects, including the Chinese hacker.

The breach was really bad, but it isn’t the first time that Internet users in South Korea are suffering from a massive data breach. The more damaging data breach occurred in 2011, in which 35 million people of the country were exposed after hackers broke into the database South Cyworld, a South Korean social media site and the search engine Nate portal.
Earlier this year, 20 million South Koreans were impacted by a data breach caused by an employee of the Korea Credit Bureau, who copied their PII onto an external drive over a period of 18 months.

via The Hacker News http://ift.tt/1leAyoe

As far sci-fi movies have been entertaining the public, but their ideas have always been a matter of adoption in real life. Just like in any other sci-fi movie, simply touching a laptop can be enough to extract the cryptographic keys used to secure data stored on it.

A team of computer security experts at Tel Aviv University (Israel) has come up with a new potentially much simpler method that lets you steal data from computers — Just Touch it — literally.

WAYS TO ATTACK ENCRYPTION

There are different ways of attacking encryption systems. On one side, there are security vulnerabilities and weakness in the encryption algorithms themselves that make it possible to figure out the cryptographic keys.

On the other side, there are flaws and weaknesses in the people themselves that make it easier than it should be to force them to offer up the keys to decrypt something. But, Flaws and weaknesses in neither of which is necessarily quick or easy to find out, as there are several dependencies.

TOUCH AND VICTIMIZE ANY COMPUTER

According to Eran Tromer, Daniel Genkin, and Itamar Pipman, computer security experts at Tel Aviv University, using a simple electrical trick is enough for sophisticated hackers to gain access to thousands of encrypted keys through solely touching the chassis of the computer.

Access to encrypted keys could be used to make hundreds of digital signatures used all the time by people when creating passwords, signing contracts, or perhaps most importantly, using credit and debit cards online.

In order to victimize any computer, all you need to do is wear a special digitizer wristband and touch the exposed part of the system. The wristband will measure all the tiny changes in the ground electrical potential that can reveal even stronger encryption keys, such as a 4,096-bit RSA key.

In fact, in some cases, you don’t even have to touch the system directly with your bare hands. You can intercept encryption keys from attached network and video cables as well. Researchers called it a side-channel attack.

“Our attacks use novel side channels and are based on the observation that the ‘ground’ electric potential in many computers fluctuates in a computation-dependent way,” the researchers wrote their finding on a paper [PDF]. “An attacker can measure this signal by touching exposed metal on the computer’s chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables.”
The researchers also note that this attack works better in hot weather, due to the lower resistance of sweaty fingers. The team will present their research in a talk titled Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks On PCs, at Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) in Korea, on September 23th.

The actual attack can be performed quickly. According to the research, “despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using medium frequency signals (around 2 MHz), or one hour using low frequency signals (up to 40 kHz).”

The team could retrieve keys from multiple test machines running a popular open source encryption software called GnuPG, which implements the OpenPGP standard. The end results are mind-blowing, as the researchers write:

Using GnuPG as our study case, we can, on some machines:

• distinguish between the spectral signatures of different RSA secret keys (signing or decryption), and
• fully extract decryption keys, by measuring the laptop’s chassis potential during decryption of a chosen ciphertext.

Although, the information retrieval was better when used with high-end lab equipment. The researchers also have successfully executed this attack by using a smartphone connected to Ethernet shielding via its headphone port, which they found sufficient in some scenarios.

The good news is that there is nothing to worry about overly grabby strangers stealing your data just yet, because the technique primarily focuses on GnuPG’s encryption software, which already got a patch ready to fix the problem to limit the effects. Attackers also have to monitor the electricity changes during the decryption process, so they get hold of your data, which isn’t quite easy.

via The Hacker News http://ift.tt/1ley0Xf

The United States National Security Agency (NSA) is using a massive information sharing platform that allows multiple law enforcement agencies to infiltrate more than 850 billion communications records detailing e-mails, phone calls, instant messages, and phone geolocation, according to the classified documents disclosed by former intelligence contractor Edward Snowden.
The NSA has built ICREACH, a Google-like search engine that secretly provides data — metadata of both foreigners and citizens on US soil — to nearly two dozen U.S. government agencies, including the DEA, FBI, and CIA, The Intercept reported.
Many of those surveilled data had not been accused of any illegal activity as well. But until now, it is unclear that exact what mechanism was used by the US intelligence agency to share the massive amounts of surveillance data, as well as number of government agencies it was sharing information with.

Although, the classified documents show that the FBI and the Drug Enforcement Administration were the “key participants” in the ICREACH program, but it has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work.

This is not the first time when the ICREACH program has been made public, the Guardian journalist Glenn Greenwald’s book named “No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State” also contained a slide among its myriad documents that highlighted the some of the metadata types that were accessible through ICREACH:

According to The Intercept journalist Ryan Gallagher, ICREACH search engine, masterminded by recently retired NSA Director Gen. Keith Alexander, was launched by the NSA in 2007, but was only made publicly available on Monday this week.

Knowing those 850 billion metadata shared through ICREACH program, one can track people’s movements, map out their networks of associates, predict future actions, and potentially reveal religious affiliations or political beliefs.

The NSA described the ICREACH program as a “one-stop shopping tool” for communications analysis, which generates a portrait of communication patterns associated with a particular piece of information, like a phone number or e-mail address linked to a person.

ICREACH was designed to pull information stored in multiple databases created by programs greenlit under Executive Order 12333 — a President Reagan-issued order vastly expanding the data-collection powers of the American intelligence community from foreign communications networks, though the report claims that the system also contains “millions of records on American citizens who have not been accused of any wrongdoing.”

via The Hacker News http://ift.tt/1qmTvFk

It’s been a bad weekend for Sony Playstation. The entire PlayStation Network was down much of the day after a dedicated distributed denial-of-service (DDoS) attack by online attackers, which left the network inaccessible to users.

It’s possible that EVE Online and Guild Wars 2 have also been hit by the attackers. Developers on the EVE Online forums have announced DDoS issues, and many users on the Guild Wars 2 forums have been reporting login issues.

Sony’s PlayStation Network is an online service that connects PlayStation 3 and PlayStation 4 video game consoles to the Internet and to over-the-top video services such as Netflix.

What’s weird about this attack is that it also includes a security threat against the American Airlines plane in which the President of Sony Online Entertainment, John Smedley, was traveling today. The aircraft along with a full load of passengers was diverted to Phoenix due to a bomb threat.

WHO BRING DOWN SONY PLAYSTATION NETWORK?

Two separate hacker groups, Lizard Squad and Famed God, took to social media, Twitter and YouTube, respectively, to claim responsibility for the DDoS attack on the entertainment company, which, according to Sony, inflicted an “artificially high” amount of traffic on the PlayStation Network and Sony Entertainment Network.

EXPLOSIVES IN AIRPLANE

At 1.30 p.m. ET, the Lizard Squad took group posted on Twitter that an American Airlines plane, with Sony Online Entertainment president John Smedley on board, had explosives, which caused the grounding of American Airlines flight 362 by way of a bomb threat on Twitter. The flight has since been sent safely on its way.
Smedley later confirmed that his flight flying from Dallas to San Francisco was being diverted to Phoenix, Arizona. “Flight diverted to Phoenix for security reasons,” he said. “Something about the security and our cargo. Sitting on Tarmack.”

According to the company, no personal information had been leaked in the attack, but the rolling outage persists in various places, some ten hours or more after the attack began.

“Like other major networks around the world, the PlayStation Network and Sony Entertainment Network have been impacted by an attempt to overwhelm our network with artificially high traffic,” Sid Shuman wrote on Sony’s official blog.

“Although this has impacted your ability to access our network and enjoy our services, no personal information has been accessed. We will continue to work towards fixing this issue and hope to have our services up and running as soon as possible. We regret any inconvenience this may have caused.“

The Federal Bureau of Investigation is investigating the flight incident, Kotaku reported. At the time of writing, the reasons for the attack are still unclear and also there has been no confirmation that the two incidents are connected, but a final tweet by Smedley indicates that he believes it was not a coincidence.

via The Hacker News http://ift.tt/1p7VkXw

A group of security researchers has successfully discovered a method to hack into nine six out of seven popular Smartphone apps, including Gmail across all the three platforms – Android, Windows, and iOS operating systems – with shockingly high success rate of up to 92 percent.

Computer scientists the University of California Riverside Bourns College of Engineering and the University of Michigan have identified a new weakness they believe to exist in Android, Windows, and iOS platforms that could allow possibly be used by hackers to obtain users’ personal information using malicious apps.

The team of researchers – Zhiyun Qian, of the University of California, Riverside, and Z. Morley Mao and Qi Alfred Chen from the University of Michigan – will present its paper, “Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks” (PDF), at the USENIX Security Symposium in San Diego on August 23.

The paper detailed a new type of hack method, which they call a UI [user interface] state interference attack – running the malicious app in the background without users’ knowledge. You can watch some short videos of the attacks in action below.

Although, the researchers demonstrated the hack using an Android device, but they believe that the same method could be used across all three operating system platforms because when a users download multiple number of apps to their smartphone devices, the apps are all running on the same shared platform, or operating system.

“The assumption has always been that these apps can’t interfere with each other easily,” said Zhiyun Qian, an associate professor at UC Riverside. “We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user.“

Therefore users leave themselves open to such attacks as an Android phone allows itself to be hijacked or pre-empted. According to the team, the method could allow a hacker to steal a user’s password, social security number, peek at a photo of a check on a banking app, or swipe credit card numbers and other sensitive data. The team tested and found some of apps including WebMD, Chase and Gmail vulnerable.

Demonstrating the method of attack on an Android device, an unsigned app such as a wallpaper changer carrying malicious code is first installed on the user’s phone. Once installed, an attacker can use it to access an entry point that the researchers call a “shared-memory side channel” – exists in nearly all popular Graphical User Interface (GUI) systems – of any process, which doesn’t require any special privileges.

The researchers then monitor the changes in this shared memory and were able to determine specific “activity transition events” like a user logging into Gmail, H&R Block or taking a picture of a cheque to deposit it online via Chase Bank.

In all the team tried to access seven apps, out of which six were easily hacked. Gmail and H&R Block were easiest to the hack with a success rate of 92 percent. On the other hand, Amazon was by far the hardest with just a 48 percent success rate.

“The Amazon app case indicates that our inference method may not work well if certain features are not sufficiently distinct, especially the major contributors such as the transition model and the network event feature,” the researchers write in the paper.

Using a few other side channels, the team was able to accurately detect what a user was doing in real-time on app. Because this security hole is not unique just to Android, so the hack could presumably be used in iOS and Windows as well, the researchers say.

A successful attack requires two things:

• First, the attack needs to take place at the exact moment that the user is performing the action.
• Second, the attack needs to be conducted in such a way that the user is unaware of it.

The team managed to pull this off by carefully timing the attacks.

“We know the user is in the banking app, and when he or she is about to log in, we inject an identical login screen,” said electrical engineering doctoral student Qi Alfred Chen from the University of Michigan. “It’s seamless because we have this timing.“

At USENIX Security Symposium, the researchers would recommend methods to try and eliminate the side channel, and would suggest more secure system designs, the team said in the paper. But even if you’re want to keep yourself safe from an attack like this, it’s always a good practice to be very careful about the apps you download onto your phone — especially apps from unofficial sources.

via The Hacker News http://ift.tt/1v95f1x