Your Smart TV can Monitor You

Smart TVs have been around for a while and most of them equipped with a whole plethora of apps as well as in-built internet connectivity, to let you stream any content of your liking. However, a few exploits were recently discovered in certain Samsung Smart TV models, which would let hackers ‘watch’ you through the built-in cameras.The security loophole, which was recently discovered and patched, essentially allowed any hacker around the globe to remotely turn on the built-cameras of the Smart TV and watch you while you watch TV.Samsung was quick in fixing this security loophole. However, the instant brings out attention to a greater problem. People are increasingly interested in Smart TVs, so they must be made aware that they come with such possible security issues. Not only that, the vendors of such electronics must make every possible attempt to ramp up their security so that they are not misused.In today’s digital age, everything is fast becoming a part of the automation equation. From home automation systems to our mobile devices, everything is virtually connected to something larger – most of the times a network, or the internet itself. And this essentially opens up the door for thousands of hackers out there to find loopholes and exploit them, in turn harming the user at the end of the day.Although companies like Samsung pay hackers for different security loopholes, so that these exploits could be patched before they are misused. But quite frequently, an exploit is discovered by the vendor company only after it has been used by a number of hackers.

WhatsApp Conversations Stolen By Malicious Android

  
 Gaming App Google recently removed 'Balloon Pop 2' from the Play store after it transpired  that they app stole users WhatsApp conversations

Google has recently identified an Android gaming app on its Play store which is potentially malicious and steals the users WhatsApp conversations. The app has been removed from the Play store. WhatsApp is one of the most popular messaging apps across all major mobile platforms. This is precisely why many hackers and malware programs try to target the app and steal user conversations which are then sold on hacking forums and sites.‘Balloon Pop 2‘ was a legitimate Android app until recently. The app was available on the official Play store and from the looks of it, looked perfectly benign. However, beneath the balloon-shooting game is a malware that copies the WhatsApp conversations on a mobile device and then sends them to the WhatsAppcopy site.The conversations are made available on the said site where they are also resold to others. Interestingly, the WhatsAppcopy site claims that ‘Balloon Pop 2‘ is a legitimate way of ‘backing up‘ your WhatsApp conversations. However, the details of this operation are very murky.For instance, the description on the website reads, “Execute our game on a mobile, whatsapp conversations are sent to this website, an hour later looking for the phone, and you can read the conversations.In other words, as soon as you download and install the game, it sends a copy of your conversations to the online site. On the site, anyone can search for WhatsApp conversations by providing a phone number. If conversations from a particular phone number are available, they can then be purchased by paying a certain fee.Although the creators of the app maintain that it is a perfectly legitimate app to back up conversations, security experts say otherwise. Moreover, the fact that Google has removed it from the Play store further puts a huge question mark on its credibility

Android applications that Upgrade Bitcoin Wallets

Recently, a serious cryptography problem was discovered in Android. The exploit, when used by hackers to break into Bitcoin wallets, would’ve enabled them to steal the currency. In view of the security loophole, several Bitcoin applications have upgraded their wallets.The Android exploit could affect any such Bitcoin applications which rely on an Android component. Specifically, the Java SecureRandom class, which is used to generate random numbers automatically, was found to be problematic when it started generating same numbers for different transactions.Such repetition in what are supposed to be random transaction numbers can allow a hacker to figure out a user’s private key and by using it, steal the user’s Bitcoins.Bitcoin.org was quick to dish out a solution for this problem, “This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.”So far, a number of Bitcoin clients relying on Android have been fixed. These include Blockchain, Bitcoin Wallet, BitcoinSpinner and Mycelium Bitcoin Wallet. It has been reported that in the past, similar security exploits have been used to hack into PS3 machines, which goes on to show that the said Android exploit is serious in its nature. We hope that other Bitcoin clients too will be upgraded soon before hackers make use of this exploit.

A New Era of Hacking through Sounds

Sounds Made By A PC Can Be Used To Hack Personal Details

With every passing day, new and astonishing PC exploits are discovered. Scientists have, for instance, now revealed that the sounds made by a PC can be used to hack the personal details of its users.

This is a fairly astonishing claim because normally, the sounds made by a PC come from its CPU and are not only complex but also quite low. The exact method involves listening in on the CPU sounds very closely as it encrypts secure information. Whenever any information needs to be encrypted using the widely used RSA algorithm, such as when providing login details to a secure site, the CPU makes unique sounds known as loops. Each of these loops corresponds to a particular step in the whole encryption and decryption process. These sounds can be recorded using a mobile microphone. The next part is to take these recorded sounds and match them against unique sounds that correspond to RSA algorithms. Such an analysis of the recorded sounds can reveal the exact RSA key that is used in encryption.

Once a hacker has this information, he can not only access the personal details sent online by a user but may also be able to tap into his login information for online accounts. However, a hacker will need to physically place a low-power microphone near the PC in order to record the sounds. This microphone can be placed within a 13 feet distance of the PC which has to be tapped. Although there have been no instances where such attacks have been reported to have taken place yet, the researchers say, “We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.”