Cyber Security News - October 2021
12/10/2021
Study reveals Android phones constantly snoop on their users
A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones.
The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience.
It is important to note that this concerns the collection of data for which there’s no option to opt-out, so Android users are powerless against this type of telemetry.
This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they’re not used by the device owner, and which cannot be uninstalled.
For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks.
06/10/2021
Google to turn on 2-factor authentication by default for 150 million users
Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorised access to accounts and improve security.
The development comes weeks after Microsoft introduced a passwordless mechanism that enables users to access their accounts without a password by just using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email.
Two-factor authentication (2FA) is a specific type of multi-factor authentication (MFA) that strengthens access security by requiring two methods to verify a users identity. These factors can include something you know - like a username and password - plus something you have - like a smartphone app - to approve authentication requests.
2FA protects against phishing, social engineering and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials.
05/10/2021
Windows 11 is out. Is it any good for security?
Windows 11, the latest operating system (OS) from Microsoft, launches today, and organisations have begun asking themselves when and if they should upgrade from Windows 10 or older versions. The requirements and considerations of each organization will be different, and many things will inform the decisions they make about whether to stick or twist. One of those things will be whether or not Windows 11 makes them safer and more secure.
01/10/2021
Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones
Cyber Security researchers have disclosed an unpatched flaw in Apple Pay that attackers could abuse to make an unauthorised Visa payment with a locked iPhone. This is achieved when threat-actors take advantage of the Express Travel mode set up in the targets IOS device's wallet.
"An attacker only needs a stolen, powered on iPhone. The transactions could also be relayed from an iPhone inside someone's bag, without their knowledge," a group of academics from the University of Birmingham and University of Surrey said. "The attacker needs no assistance from the merchant and backend fraud detection checks have not stopped any of our test payments."
The man-in-the-middle (MitM) replay and relay attack, which involves bypassing the lock screen to make a payment to any EMV reader illicitly, is made possible due to a combination of flaws in both Apple Pay and Visa's system, and doesn't impact, say, Mastercard on Apple Pay or Visa cards on Samsung Pay.
Follow Us
Be the first to know
You might also like
