iPhone a Growing Target of Crypto-Mining Attacks

By: Kacy Zurkus

Apple has increasingly been the target of crypto-mining attacks, and according to Check Point, iPhone attacks increased by nearly 400% over the last two weeks in September.

In its most recently published Global Threat Index, Check Point researchers said they are continuing to investigate the reasons behind this sharp increase but reported that crypto-miners continued to be the most common malware in September 2018. Coinhive continued to hold the number-one position, which it has occupied since December 2017.

While Coinhive currently impacts 19% of global organizations, researchers also reported that the information-stealing Trojan Dorkbot held onto second place with a 7% global impact. The report also noted significant increase in Coinhive attacks against PCs. Attackers used the Coinhive mining malware to target iPhones, which aligned with a rise in attacks against users of the Safari browser, the primary browser used by Apple devices.

The mining malware that rivals Coinhive, known as Cryptoloot, ranked third place overall on the Threat Index, making it the second-most prevalent crypto-miner in the index. Differentiating itself from Coinhive, Cryptoloot requests a smaller revenue percentage from websites than its top competitor.

“Crypto-mining continues to be the dominant threat facing organizations globally,” Maya Horowitz, threat intelligence group manager at Check Point, said in a press release. “What is most interesting is the fourfold increase in attacks against iPhones and against devices using the Safari browser during the last two weeks of September. These attacks against Apple devices are not using new functionality, so we are continuing to investigate the possible reasons behind this development.”

More: https://www.infosecurity-magazine.com/news/iphone-a-growing-target-of/

Sikur turned a Sony smartphone into a cryptocurrency vault

By: Stan Schroeder

If you need to carry a substantial amount of cryptocurrency on you at all times, but you just don’t trust the average smartphone, a company called Sikur might have a solution.

On Wednesday, Sikur launched the SIKURPhone, a customized variant of a Sony smartphone, its Android enhanced with the secure, crypto-oriented SikurOS software.

SikurOS comes with a cryptocurrency wallet and numerous security-oriented features, such as the ability to remotely wipe the device, and Sikur’s own Secure App Store (launching later this year) which should host only vetted and thoroughly checked apps. A security-oriented chat app and browser are also on board.

The phone comes in two flavors: One is based on Sony’s XZ1, a 5.2-inch smartphone with a Snapdragon 835 chip, 4GB of RAM, 64GB of storage, a 2,700mAh battery and a 19-megapixel camera on the back paired with a 13-megapixel selfie camera.

The other is based on Sony’s mid-range XA2, which has a Snapdragon 630 chip, 3GB of RAM, 32GB of storage, a 23-megapixel rear camera, and 8-megapixel selfie camera, and a 3,300mAh battery.

Neither of these devices are particularly new — Sony launched two more XZ-series flagships after the XZ1 — but their specs are still good enough to hold their own against most modern phones.

If you’ve followed Sikur over the past couple of years, this launch is probably quite confusing. The company’s original SIKURPhone, launched in February 2018, had both its hardware and software built by Sikur. Now, the company appears to have pivoted to building only software which it will deploy on phones made by other manufacturers.

More: https://www.yahoo.com/news/sikur-turned-sony-smartphone-cryptocurrency-080440484.html

Modifican un Sony Xperia hasta el extremo para que funcione como monedero de criptomonedas

By: Damián García

Seguramente la gran explosión de las criptomonedas y el Blockchain ha pasado ya, pero a pesar de ello muchos usuarios continúan atentos a sus cotizaciones, a su minado o a sus carteras de moneda virtual, lo que continúa atrayendo a algunas compañías que buscan sacar provecho a un mercado poco explorado como este, al menos en cuanto a opciones de smartphones específicamente diseñados para él.

Algún modelo hemos visto con la seguridad por bandera, buenas y no tan buenas ideas para smartphones centrados en las criptomonedas, pero seguramente ninguna tan sencilla como esta de Sikur, una firma de origen brasileño que ha convertido un smartphone Xperia de Sony en una segura cartera para moneda virtual.

Se trata de una solución ingeniosa, que se basa en coger la plataforma solvente como la de un Sony Xperia XZ1 -o un Sony Xperia XA2 según necesidades del cliente-, e instalarle una personalización de software seguro y orientado a la criptografía como SikurOS sobre Android 8.1 Oreo.

 Y así pues, un Sony Xperia XZ1 o un Xperia XA2 se convierten en tu monedero de criptomoneda más seguro, permitiendo que lleves contigo cualquier cantidad de estas criptodivisas sin miedo alguno.

SikurOS transforma el Xperia XZ1 en una cartera de bitcoins súper segura

By: Carlos Martínez

Hace un par de años la compañía Sikurpresentó en la feria Mobile World Congress su solución destinada a los amantes de las criptomonedas. Se llamaba GranitePhone, y no era más que un teléfono con un potente software que lo transformaba en una cartera de monedas virtuales.

La clave se encuentra en el hermetismo de sus desarrolladores, que no permiten la instalación de aplicaciones de terceros que no hayan pasado su criterio, por lo que la seguridad y privacidad del terminal se mantiene intacta, algo que inspira bastante confianza a la hora llevar una cartera virtual en el propio terminal.

La reputación del sistema operativo empezó a crecer, y tal es el respeto que existen en este nicho de seguridad extrema que han conseguido convencer a Sony para que den vida a los nuevos terminales de la marca. El resultado es un Xperia XZ1 modificado por software, ya que mantiene las especificaciones de siempre con el Snapdragon 835, 4 GB de RAM y 64 GB de capacidad, pero en su lugar se incluye SikurOS como sistema operativo.

También existe una versión más económica (aunque por ahora no se han detallado los precios), ya que se basa en el Xperia XA2, de nuevo con las mismas prestaciones que el original, con pantalla de 5,2 pulgadas IPS, Snapdragon 630, 3 GB de RAM y 32 GB de capacidad.

Más: https://www.movilzona.es/2018/10/04/sikuros-xperia-xz1-cartera-bitcoins/

Sikur Launches Sony-Based Secure Android Smartphones, SikurPhone XZ1 & XA2

By: Alexander Maxham


In short: Sikur has announced that its SikurOS is now compatible with all Android smartphones, and it is also launching two highly secure smartphones that are based off of Sony’s more popular devices – the Xperia XZ1 and XA2. In fact these smartphones, even share those names as well. With the SikurPhone XZ1 and SikurPhone XA2. The hardware is the same as when Sony debuted these smartphones back in 2017, the only difference is the fact that it runs on Sikur’s highly secure Android software. Both of these devices have “several layers” of security, and it also has a pretty locked down app store. You cannot install third-party apps using the Unknown Sources feature that you would find on other smartphones. There are very few apps that are compatible with Sikur’s software. Sikur also has a cryptocurrency wallet, so if you are the type that owns some cryptocurrency, the SikurPhone is going to keep it nice and safe and away from hackers.

Japanese Crypto Exchange Hit by $60m Heist

By: Phil Muncaster

Yet another Japanese cryptocurrency exchange has been targeted by hackers: this time Zaifsuffered losses worth 6.7bn yen ($60m) earlier this month.

Virtual currencies including Bitcoin, Monacoin and Bitcoin Cash were stolen from the exchange’s hot wallet, with 4.5bn yen’s worth ($40m) belonging to Zaif customers.

The incident occurred over a two-hour period on September 14, with server issues detected three-days later and the authorities notified shortly after. The firm is withholding precise details of the attack while the authorities investigate.

Parent company Tech Bureau has reportedly already been hit with two business improvement orders this year and was subsequently forced to sign an agreement with investment group Fisco that will see the firm receive 5bn yen to help replace the lost coins, in exchange for majority ownership.

This is just the latest in a long line of cyber-attacks on Japanese crypto firms. Most famously, Tokyo-based Coincheck lost $530m worth of virtual currency earlier this year.

That could explain why the Financial Services Authority has created a new regulatory framework for such companies operating in Japan — the first of its kind to do so.

However, regulation is not a silver bullet, according to Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge.

“Digital coins are extremely attractive for cyber-criminals who can easy launder them and convert into spendable cash, even in spite of some losses due to ‘transactional commissions’,” he said. “Most of these operations remain technically untraceable and undetectable, granting an absolute impunity to the attackers. Thus, cyber-criminals will readily invest into additional efforts to break in, even if security is properly implemented and maintained.”

More: https://www.infosecurity-magazine.com/news/japanese-crypto-exchange-hit-by/

Mobile Fraud Soars 24% Year-on-Year

By: Phil Muncaster

Mobile fraud rates jumped by nearly a quarter (24%) from 1H 2017 to the first half of this year, with a 150 million recorded Mobile Fraud, according to ThreatMetrix.

The firm analyzed 17.6 billion online transactions during the first half of 2018 via its Digital Identity Network, finding that over half (58%) now come via the mobile channel.

This is also reflected in the growing prevalence of fraud — especially in the US, where mobile attacks jumped 44% over the same period.

Mobile fraud now represents one third of all attacks stopped by ThreatMetrix, but the channel still represents a more secure way to transact than via desktop, it claimed.

This is apparently because devices offer more ways to determine a user’s digital identity, including geolocation, device attributes and behavioral analysis.

“Mobile is quickly becoming the predominant way people access online goods and services, and as a result organizations need to anticipate that the barrage of mobile attacks will only increase,” said Alisdair Faulkner, chief identity officer at ThreatMetrix. “The key point of vulnerability is at the app registration and account creation stage. To verify users at this crucial point, organizations need to tap into global intelligence that assesses true digital identity, compiled from the multiple channels that their customers transact on.”

Bot attacks continue to fuel the growth in global fraud, with an “unprecedented” 60% increase in the second quarter of the year: from one billion bot attacks in Q1 to 1.6 billion in Q2.

ThreatMetrix claimed that this automated traffic can account for more than half of all transactions at peak times, as fraudsters try to crack user accounts. Without the right tools in place to spot this traffic, organizations can find order processing slows, the firm warned.

More: https://www.infosecurity-magazine.com/news/mobile-fraud-soars-24-yearonyear/

Dozens of popular iPhone apps caught sending user location data to monetization firms

By: Zack Whittaker

A group of security researchers say dozens of popular iPhone apps are quietly sharing the location data of “tens of millions of mobile devices” with third-party data monetization firms.

Almost all require access to a user’s location data to work properly, like weather and fitness apps, but share that data often as a way to generate revenue for free-to-download apps.

In many cases, the apps send precise locations and other sensitive, identifiable data “at all times, constantly,” and often with “little to no mention” that location data will be shared with third-parties, say security researchers at the GuardianApp project.

“I believe people should be able to use any app they wish on their phone without fear that granting access to sensitive data may mean that this data will be quietly sent off to some entity who they do not know and do not have any desire to do business with,” said Will Strafach, one of the researchers.

Using tools to monitor network traffic, the researchers found 24 popular iPhone apps that were collecting location data — like Bluetooth beacons to Wi-Fi network names — to know where a person is and where they visit. These data monetization firms also collect other device data from the accelerometer, battery charge status and cell network names.

In exchange for data, often these data firms pay app developers to collect data and grow their databases and often to deliver ads based on a person’s location history.

But although many claim they don’t collect personally identifiable information, Strafach said that latitude and longitude coordinates can pin a person to a house or their work.

More: https://techcrunch-com.cdn.ampproject.org/c/s/techcrunch.com/2018/09/07

Smartphone com segurança baseada em software vai somar 1,5 bilhões de usuários em 2023

By: TI Inside Online

Um novo relatório da Juniper Research prevê que a maior mudança na segurança de pagamento móvel será a mudança para métodos baseados em software, que dependem de componentes padrão para smartphones. A pesquisa prevê que os usuários desses métodos aumentarão de 429 milhões em 2018 para mais de 1,5 bilhões em 2023. A Juniper acredita que isso dará no início em que a autenticação de pagamentos móveis utilizará vários dados biométricos com base nos padrões de uso de dispositivos das pessoas.

A nova pesquisa, “Mobile Payment Security: Biometric Authentication & Tokenisation 2018-2023” , descobriu que o uso de dados biométricos baseados em software, como o oferecido por reconhecimento de voz ou facial, estimulará o crescimento dos pagamentos móveis do smartphone em todas as faixas de preço. A natureza agnóstica de hardware disso será fundamental para impulsionar a adoção, aumentando as transações autenticadas biometricamente em uma média de 76% ao ano globalmente. Ele prevê que o maior crescimento para isso virá da Ásia, com o uso norte-americano crescendo a apenas 46% ao ano.

“A segurança de pagamento móvel vai se expandir enormemente graças à implementação de soluções de software puras”, observou James Moar, autor do relatório. “A principal batalha agora será convencer os usuários, especialmente os da Europa e da América do Norte, de que esses métodos são tão seguros quanto a segurança tradicional baseada em hardware.”

Impressões digitais

Juniper descobriu que a biometria de impressão digital está se tornando cada vez mais predominante, com 4,5 bilhões de smartphones usando a tecnologia até 2023. No entanto, com o iPhone X e outros smartphones oferecendo identificação facial e ocular, a Juniper acredita que os sensores de impressão digital diminuirão como proporção de biometria de hardware dos smartphones.

Mais: http://tiinside.com.br/tiinside/seguranca/

Why crypto investors might want to think twice about giving out their phone numbers

By: Kate Rooney

It’s a familiar scenario.

You forget a password to a website or log in from a new computer, and get locked out of your account. The website or your bank sends a text to confirm it’s you. Most of the time it is.

But the person receiving that text could be a hacker. Criminals are using a method known as “SIM swapping” to take over phone number accounts by duping wireless carriers, and in some cases stealing millions of dollars worth of cryptocurrency.

“In online banking, if someone gets into your account there’s ways to get the money back,” said Kyle Samani, managing partner at crypto hedge fund Multicoin Capital. “In crypto, if hackers get access to your your private keys, they own your money and you’re screwed.”

This week, a California man sued AT&T for $224 million after hackers used his number to steal $24 million worth of cryptocurrency stored on an online exchange. The plaintiff Michael Terpin accused AT&T of negligence, and likened it to “a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.”

Terpin is hardly the only one to suffer a hack. The total in cryptocurrency lost by individuals hit $1.6 billion at the end of June, according to CoinDesk’s 2018 State of Blockchain Report.

In order to stop the trend, cybersecurity and industry experts say investors should guard their cellphone numbers with the same paranoia with which they guard their social security numbers.

Swapping digits

Wireless store employees can assign your phone number to any device, with the right authorization. To confirm, they ask for pieces of private information like a birthday or a social security number. But those can be easily accessed for a price.

“Data is being bought, sold and traded on the dark web,” said Aaron Higbee, chief technology officer and co-founder of anti-phishing company Cofense. “If your phone number is of a sufficient age, you’re on a database somewhere.”

While one piece of data like a birthday might not be valuable on its own, combined with your phone number or address it can be used to answer those security questions from a wireless store employee.

After a criminal hacks into the person’s email or cryptocurrency account from their own devices, what’s known as “two-factor identification” will send a text code to the phone number as a form of security, and to prevent any sort of unauthorized log in. But because the hacker now controls that phone number, there’s no way of the rightful owner regaining control or stopping the hack.

This happened to a New York-based venture capitalist who invests in early stage tech companies. He asked not to be named for this story because he did not want to be targeted again, and feared he might egg on the hackers.

He was in his office on Monday when he was suddenly logged out of both his personal and business email accounts. When he turned on his AT&T phone, the device had no signal. Because of his experience in cryptocurrency and the tech world, he recognized it as a SIM swap attack. He immediately called his wireless carrier through Skype, and quickly went to the store to regain access to his cell phone but “not quickly enough.”

“This was the perfect storm,” he said. “If I was on vacation or didn’t know what to do immediately, they would have taken everything in my bank account.”

He was able to regain control of his email but not his Coinbase account. Hackers had already moved the cryptocurrency he held to another account, and had attempted to wire money from his CitiBank account, which was refunded by the bank, he said.

The total amount stolen was roughly $5,000 — which he says is no where near the total of his crypto holdings because the rest was stored offline.

More: https://www-cnbc-com.cdn.ampproject.org