Getting past the sensors
Your smartphone sensors could rat you out by revealing your PIN code and password to hackers, claim researchers at Singapore’s Nanyang Technological University. Utilizing machine learning and information gathered from six different smartphone sensors, they were able to unlock Android handsets with 99.5 percent accuracy within three attempts — provided that the PIN was among the 50 most common numbers. Even when this was expanded to 10,000 PIN numbers, the success rate stood at around 83 percent.
The idea of hacking different smartphone sensors is that they can reveal information which may not be immediately apparent to users — such as utilizing the ambient light sensor to discern which button is being pressed, based on how much light is being blocked.
When TVs go from smart to scheming
We don’t necessarily think of televisions as being computers, but in the age of smart TVs, maybe we should.
Recently, security consultant Rafael Scheel of Oneconsult AG demonstrated how it’s possible for hackers to gain control of smart TV sets without having to have physical access to them to do so. Using a cheap transmitter to embed malicious commands into a rogue TV signal, Scheel was able to gain access to televisions in the vicinity of the signal.
Once the TV is compromised, it could be used to attack further devices in the home network, or simply to spy on a home’s inhabitants using the TV’s camera and microphone.
Hacking in the age of 3D printers
At first glance, it might be harder to understand why someone would want to hack a 3D printer rather than, say, a smartphone. However, when you consider the applications of 3D printing for areas like prototyping it’s quite obvious.
In one 3D printer hack demonstration showing how secret designs could be stolen, a team of computer scientists was able to use a smartphone’s built-in sensors to measure the electromagnetic energy and acoustic waves that emanate from a 3D printer. This allowed them to gather enough data to replicate 3D printed objects with accuracy levels of up to 94 percent.
More worryingly, another team of researchers was able to use a phishing attack to gain access to the PC attached to a 3D printer, and alter its 3D model file. The result was a 3D printed drone propellor that was made to malfunction, and caused the drone to crash.
A flying hacker’s laptop
A lot of the high profile large scale hacks have taken place from thousands of miles away — from places like North Korea. However, there is also a rise in proximity-based “over the air” attacks, in which hackers are able to gain access to other people’s devices, which are physically located nearby.
In order to carry out proximity-based attacks on local devices like set-top boxes, smartwatches, smart refrigerators and more, researchers from renowned security firm Bishop Fox have developed a flying drone-based hacking station called Danger Drone.
By using its abilities to hover and fly to get around the problem of physical access, Danger Drone could be used to carry out an attack on multiple smart devices in a victim’s home.
Your fingerprints aren’t safe
Biometric passcode systems like Touch ID are on their way out for smartphones, but fingerprint sensors will likely stick around for years before they die out completely — and that’s exactly what this next James Bond-style hack could be used to exploit.
Demonstrated at the 31st annual Chaos Computer Club convention in Hamburg, Germany, hacker Jan Krissler showed how it was possible to replicate the fingerprint of German Defense Minister Ursula von der Leyen using nothing more than a photo of her hands software called VeriFinger.
With photos taken from several different angle using a standard camera, Krissler created a full fingerprint for Von der Leyen, and then developed a mold good enough to fool a fingerprint sensor.
Using soundwaves to control a phone
Whether it’s your smartphone or your connected car, hackers may be able to access it using soundwaves. Researchers at the University of Michigan have shown that it’s possible to hack into a variety of different gadgets by using soundwaves to trigger micro-electro-mechanical systems (MEMS) accelerometers, a.k.a. the chip used to say whether a device is in motion.
Using just a cheap $5 speaker to blast sound at different frequencies was able to cause devices to perform a range of actions, such as showing a video, starting an app, or even potentially start up a vehicle. While this would only have limited application from short range, it’s pretty disconcerting to imagine a device being hacked using an off-the-shelf speaker.
