The Joyous Union of Bitcoin and Mobile Phones

By: Soha Ali

Cryptocurrency and smartphones are married to each other whether we like it or not. One is the first successfully implemented form of digital hard money and the other is a mini-supercomputer in your pocket. It makes sense why two futuristic technologies would eventually join hands.

The seamless integration of crypto into smartphones is exactly what the SIKURPhone (read: Secure Phone) is all about. Although we have told you about crypto-supported smartphones before, none of them have been as innovative as the SIKURPhone (neither have they been so badly named.)

This device is a successor to the 2016 GranitePhone – the supposed world’s most secure smartphone. But this time, there’s a crypto twist in the mix.

The company embraced the blockchain trends and added advanced crypto functionality into the device by integrating a cold storage wallet. So you can keep all your cryptocurrency on the phone and carry it with you wherever you want. With this you can track your current balance, store currencies on SIKUR’s cloud, check the pricing for different cryptocurrencies, or read the crypto-related news in a special newsfeed space.

Now, I know what you’re thinking. Why would anyone want to store sensitive financial data on a smartphone, a device that’s usually so prone to being hacked or misplaced? Well, that brings us to the extensive security that the SIKURPhone has in it:

The Unhackable Phone

The company gave their devices to HackerOne, a company that is famous for testing vulnerabilities in software, to see if they could expose any problems and hack the device. Long story short, they tried for 2 months and failed. That should tell you just how secure your crypto-monies are going to be!

Other than that, the device has advanced remote wipe features so in the event that you lose your SIKURPhone or it gets stolen, you can completely remove any traces of your information from it, thus protecting your cryptocurrency.

More: https://blockpublisher.com/the-joyous-union-of-bitcoin-and-mobile-phones/

Smartphone com segurança baseada em software vai somar 1,5 bilhões de usuários em 2023

By: TI Inside Online

Um novo relatório da Juniper Research prevê que a maior mudança na segurança de pagamento móvel será a mudança para métodos baseados em software, que dependem de componentes padrão para smartphones. A pesquisa prevê que os usuários desses métodos aumentarão de 429 milhões em 2018 para mais de 1,5 bilhões em 2023. A Juniper acredita que isso dará no início em que a autenticação de pagamentos móveis utilizará vários dados biométricos com base nos padrões de uso de dispositivos das pessoas.

A nova pesquisa, “Mobile Payment Security: Biometric Authentication & Tokenisation 2018-2023” , descobriu que o uso de dados biométricos baseados em software, como o oferecido por reconhecimento de voz ou facial, estimulará o crescimento dos pagamentos móveis do smartphone em todas as faixas de preço. A natureza agnóstica de hardware disso será fundamental para impulsionar a adoção, aumentando as transações autenticadas biometricamente em uma média de 76% ao ano globalmente. Ele prevê que o maior crescimento para isso virá da Ásia, com o uso norte-americano crescendo a apenas 46% ao ano.

“A segurança de pagamento móvel vai se expandir enormemente graças à implementação de soluções de software puras”, observou James Moar, autor do relatório. “A principal batalha agora será convencer os usuários, especialmente os da Europa e da América do Norte, de que esses métodos são tão seguros quanto a segurança tradicional baseada em hardware.”

Impressões digitais

Juniper descobriu que a biometria de impressão digital está se tornando cada vez mais predominante, com 4,5 bilhões de smartphones usando a tecnologia até 2023. No entanto, com o iPhone X e outros smartphones oferecendo identificação facial e ocular, a Juniper acredita que os sensores de impressão digital diminuirão como proporção de biometria de hardware dos smartphones.

Mais: http://tiinside.com.br/tiinside/seguranca/

GLitch attack, Rowhammer attack against Android smartphones now leverages GPU.

By: Pierluigi Paganini

A team of experts has devised the GLitch attack technique that leverages graphics processing units (GPUs) to launch a remote Rowhammer attack against Android smartphones.

A team of experts has demonstrated how to leverage graphics processing units (GPUs) to launch a remote Rowhammer attack against Android smartphones.

By exploiting the Rowhammer attackers hackers can obtain higher kernel privileges on the target device. Rowhammer is classified as a problem affecting some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows, this means that theoretically, an attacker can change any value of the bit in the memory.

The issue has been known at least since 2012, the first attack was demonstrated in 2015 by white hat hackers at Google Project Zero team.

In October 2016, a team of researchers in the VUSec Lab at Vrije Universiteit Amsterdam devised a new method of attack based on Rowhammer, dubbed DRAMMER attack, that could be exploited to gain ‘root’ access to millions of Android smartphones and take control of affected devices. The greatest limitation of the Drammer attack was the necessity to have a malicious application being installed on the target device.

Now for the first time ever, the same team of experts has devised a technique dubbed GLitch to conduct the Rowhammer attack against an Android phone remotely.

The GLitch technique leverages embedded graphics processing units (GPUs) to launch the attack

“We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to “accelerate”  microarchitectural attacks (i.e., making them more effective) on commodity platforms.” reads the research paper.

“In particular, we show that an attacker can build all the necessary primitives for performing effective GPU-based microarchitectural attacks and that these primitives are all exposed to the web through standardized browser extensions, allowing side-channel and Rowhammer attacks from JavaScript”

The name GLitch comes from a widely used browser-based graphics code library known as WebGL for rendering graphics to trigger a known glitch in DDR memories.

The experts published a GLitch proof-of-concept attack that can exploit the Rowhammer attack technique by tricking victims into visiting a website hosting a malicious JavaScript code to remotely hack an Android smartphone in just 2 minutes.

The malicious script runs only within the privileges of the web browser, which means that it can the attack could allow to spy on user’s browsing activity or steal users’ credentials.

MORE: https://securityaffairs.co/wordpress/72131/hacking/glitch-attack-amndroid.html