check

now browsing by tag

 
 

#cybersecurity | #infosec | About the “easy to hack” EU Exit: ID Document Check app

Source: National Cyber Security – Produced By Gregory Evans

About the "easy to hack" EU Exit: ID Document Check app

Today the Financial Times has published a news story about how the British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”

It certainly caught my attention. Just yesterday I used the EU Exit: ID Document Check app on my cleaning lady’s Android phone to help her apply for residency. And – to be honest – it was pretty easy to use, once I’d worked out how to change the language of her phone from Romanian to English.

Applicants scan their passport, take a selfie, and use their phone’s NFC feature to read the biometric chip embedded in their passport.

But, according to the FT, Norwegian cybersecurity researchers have discovered flaws in the Android version of the app (they didn’t test the iPhone version):

Promon, a Norwegian cybersecurity company, found major loopholes that allowed them to take control of the app and access any information that was entered into it, including the facial scans and images of passport pages.

They were also able to see information being typed into the app, such as usernames, passwords and other details, and were able to alter information being entered.

“The tools we used are typically very easily accessible and require very little technical skill to use. It means any type of bad actor could perform this attack, without sophisticated technical knowledge,” said Tom Lysemose Hansen, chief technology officer at Promon, who added that they had “experienced no resistance”.

Ok… so it sounds scary that information could be surreptitiously stolen as it is entered into the app… but how would a hacker do this?

Mr Lysemose Hansen said Promon’s researchers had focused on copying and stealing or manipulating data while it was being actively entered into, or processed by, the app. But he added that it was possible to add malicious code to the app while it was inactive that would then help steal personal information when it was subsequently being used.

Oh.

So what the researchers are saying is that if a hacker manages to compromise your smartphone or the app then it could do something malicious…

Err, isn’t that pretty much the case with all programs and computers? If a hacker already has control of the device or has already compromised the app then all bets are off…

Now, if the researchers had described a way in which an attacker might be able to remotely compromise the app or meddle with the phone then that would have been interesting. Or if it had been found that the app was sending sensitive data insecurely which could be intercepted then that would have certainly raised an eyebrow.

And yes, an app could always integrity check itself to see if it had been tampered with, but if someone is replacing your legitimate version of the app with a bogus compromised version there’s no reason why they couldn’t also tamper with the code which checks if it has been tampered with!

So, this doesn’t seem like a big deal to me.

The final word goes to the Financial Times again:

The app was tested for several months before being launched in March and there have been no reports of any security breaches. The app’s page on the Google Play Store states that it is “safe and secure” and that: “None of your personal identity information will be stored in the app or on the phone when you finish using it.”

Source link

The post #cybersecurity | #infosec | About the “easy to hack” EU Exit: ID Document Check app appeared first on National Cyber Security.

View full post on National Cyber Security

After burglary, customers using Applebee’s Entree Express in March and April should check credit for identity theft

Source: National Cyber Security – Produced By Gregory Evans

On June 20, 2017, at about 6:00 am, Applebee’s restaurant located on Hilltop Dr. had a storage area broken into. Two boxes of receipts were stolen during the burglary. The records taken were Entree Express receipts for the months of March and April 2017. The records stolen had patrons’ names,…

The post After burglary, customers using Applebee’s Entree Express in March and April should check credit for identity theft appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Woman targets elderly for check fraud, identity theft

Source: National Cyber Security – Produced By Gregory Evans

Woman targets elderly for check fraud, identity theft

Pierce County Sheriff’s Detectives are asking for the public’s help to identify a woman using a stolen identity belonging to an 86-year-old woman suffering from dementia. “In this particular case, somebody in the family recognized what was going on, which is a good thing, especially if you have parents that…

The post Woman targets elderly for check fraud, identity theft appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Stiff laws key in keeping cybercrime in check

Source: National Cyber Security – Produced By Gregory Evans

Stiff laws key in keeping cybercrime in check

Technology and a policy of having isolated networks have been relied on heavily to ensure cyber security. Little has been said about the role of the individual in this matter. The attitude of users is one of the most significant obstacles to achieving fully secure systems. Users prefer to purchase…

The post Stiff laws key in keeping cybercrime in check appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Check Point Delivers Advanced Cloud Security to Google Cloud Platform

Source: National Cyber Security – Produced By Gregory Evans

Check Point® Software Technologies Ltd. (CHKP) today introduced Check Point vSEC for Google Cloud Platform, delivering advanced security integrated with Google Cloud Platform. With this release, Check Point joins the Google Cloud Technology Partner Program and continues its industry leadership …

The post Check Point Delivers Advanced Cloud Security to Google Cloud Platform appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

US Cybercrime Shutdown: How To Check If Your System Has Been Hacked By Avalanche

chaos-computer-club-28th-congress

Source: National Cyber Security – Produced By Gregory Evans

US Cybercrime Shutdown: How To Check If Your System Has Been Hacked By Avalanche

The US government has provided a link to let people check if their computer programs have been hacked. The move has come following the shutdown of the cybercrime network, Avalanche
It has been four years since the German police have

The post US Cybercrime Shutdown: How To Check If Your System Has Been Hacked By Avalanche appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How to Stop Bullying – Walt Gardner’s Reality Check – Education Week

Bullying leaves indelible scars that are not always visible.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post How to Stop Bullying – Walt Gardner’s Reality Check – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

Schools hacked in international attack should check computers for child porn

1468715043530

Source: National Cyber Security – Produced By Gregory Evans

Schools hacked in international attack should check computers for child porn

A recent global hacking episode could have seen child pornography deposited on school computers. Thirty-six schools – five in the Waikato – were hacked in a global operation that saw passwords and other entry methods to 70,000 servers sold on the black market. Hamilton’s Deanwell school is one of those and is seeking advice from […]

The post Schools hacked in international attack should check computers for child porn appeared first on National Cyber Security.

View full post on National Cyber Security

Open Season on Teachers by Students – Walt Gardner’s Reality Check – Education Week

Harsh tactics are sometimes necessary to protect teachers from special education students.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post Open Season on Teachers by Students – Walt Gardner’s Reality Check – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

Reality Check on North Korean Sanctions

Source: National Cyber Security – Produced By Gregory Evans

A recent op-ed by Sung-Yoon Lee and Joshua Stanton highlights what should happen in dealing with North Korea. Unfortunately, for this long-time practitioner in the field of nonproliferation sanctions, it also highlights what cannot happen—or at least what cannot happen at an acceptable level of risk with the limited knowledge and the complex agendas that […] Reality Check on North Korean Sanctions is an article from 38 North: Informed Analysis of North Korea, published by the US-Korea Institute at SAIS. View full post on 38 North: Informed Analysis of North Korea

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Reality Check on North Korean Sanctions appeared first on National Cyber Security.

View full post on National Cyber Security