Bugs found in backend systems of top 5,000 free Android apps
Cybersecurity researchers have identified more than 1,600 vulnerabilities in the support ecosystem behind the top 5,000 free apps available in the Google Play Store.
While the researchers from Georgia Institute of Technology and The Ohio State University studied only applications in the Google Play Store, applications designed for iOS may share the same backend systems.
The vulnerabilities were found in the backend systems that feed content and advertising to smartphone applications through a network of Cloud-based servers.
The vulnerabilities, affecting multiple app categories, could allow hackers to break into databases that include personal information – and perhaps into users’ mobile devices, said the study scheduled to be presented at the 2019 USENIX Security Symposium in the US on Thursday.
“These vulnerabilities affect the servers that are in the cloud, and once an attacker gets on the server, there are many ways they can attack,” said Brendan Saltaformaggio, Assistant Professor in Georgia Tech’s School of Electrical and Computer Engineering.
The researchers were still investigating whether attackers could get into individual mobile devices connected to vulnerable servers.
“It’s a whole new question whether or not they can jump from the server to a user’s device, but our preliminary research on that is very concerning,” Saltaformaggio added.
In their study, the researchers discovered 983 instances of known vulnerabilities and another 655 instances of zero-day vulnerabilities spanning across the software layers – operating systems, software services, communications modules and web apps – of the Cloud-based systems supporting the apps.
To help developers improve the security of their mobile apps, the researchers have created an automated system called SkyWalker to vet the Cloud servers and software library systems. SkyWalker can examine the security of the servers supporting mobile applications, which are often operated by Cloud hosting services rather than individual app developers. (IANS)
Smartphone charging cable can steal your data too
Next time when you borrow a charging cable for your smartphone or iPad, think twice. A hacker has shown that an iPhone charging cable can steal your data.
Dubbed the O.MG cable, the Apple USB lightning cable looks normal from the outside like any other charging cable.
Once plugged into your device, from a nearby device and within Wi-Fi range, a hacker can wirelessly transmit malicious payloads on your computer, reports Motherboard.
“The cable comes with various payloads, or scripts and commands that an attacker can run on the victim’s machine. A hacker can also remotely ‘kill’ the USB implant, hopefully hiding some evidence of its use or existence,” the report said late Monday.
Once plugged in, an attacker can remotely lock a computer screen to collect the user’s password when they log back in.
“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types,” the hacker known as MG was quoted as saying.
“Most people know not to plug in random flash drives these days, but they aren’t expecting a cable to be a threat,” he added. MG made the cables himself, modifying real Apple cables to include the implant.
He now wants to get the cables produced as a legitimate security tool. (IANS)
Canon refreshes its flagship compact G series in India
Canon India on Tuesday expanded its flagship compact G series with the PowerShot G5 X Mark II and the PowerShot G7 X Mark III for Rs 64,995 and Rs 52,995, respectively.
“Our iconic PowerShot G series offers powerful imagery and advanced technology in a premium, yet compact form factor. We are delighted to announce the new entrants to the G series line-up, equipped with new user-friendly functionalities.
“The new cameras offer large sensors, high quality optics that will surely help fuel creative expression and further our endeavour of fostering the photography culture in India,” Kazutada Kobayashi, President and CEO, Canon India, said in a statement.
The PowerShot G5 X Mark II and PowerShot G7 X Mark III come with a 20.1 MP, 1-type stacked CMOS sensor and a wide aperture of f/1.8-f/2.8 with a optical zoom of 5X for the G5 X Mark II and 4.2X for the G7 X Mark III.
Both the cameras are powered by Canon’s DIGIC 8 processor which allows creative expression in stills as well as uncropped 4K videos.
“The PowerShot G5 X Mark II and G7 X Mark III are packed with the latest technology and features, making them an ideal choice for amateur users as well as hobbyists who are looking for a seamless photography and videography device that is both lightweight and easy to use,” Eddie Udagawa, Vice President, Consumer Imaging and Information Centre, Canon India, said.
The cameras let users capture 4K movies without cropping, thus allowing full use of lenses to shoot landscape videos. (IANS)
NASA mission picks 4 sites for asteroid Bennu sample return
After grappling with the rugged reality of asteroid Bennu’s surface, NASA, the US space agency, has finally selected four potential sites for its spacecraft to “tag” its cosmic dance partner.
Since its arrival in December 2018, the OSIRIS-REx spacecraft has mapped the entire asteroid in order to identify the safest and most accessible spots for the spacecraft to collect a sample.
These four sites now will be studied in further detail in order to select the final two sites — a primary and backup — in December, NASA said in a statement on Tuesday.
“We knew that Bennu would surprise us, so we came prepared for whatever we might find,” said Dante Lauretta, OSIRIS-REx principal investigator at the University of Arizona, Tucson.
The four candidate sample sites on Bennu are designated as Nightingale, Kingfisher, Osprey, and Sandpiper — all birds native to Egypt.
Since arriving at near-Earth asteroid Bennu, NASA’s OSIRIS-REx mission has been studying this small world of boulders, rocks, and loose rubble — and looking for a place to touch down.
The goal is to collect a sample of Bennu in mid-2020, and return it to Earth in late 2023.
This fall, OSIRIS-REx will begin detailed analyses of the four candidate sites during the mission’s reconnaissance phase. The second and third stages of reconnaissance will begin in early 2020.
OSIRIS-REx sample collection is scheduled for the latter half of 2020, and the spacecraft will return the asteroid samples to Earth on September 24, 2023. (IANS)