OurMine Youtube Hack, Phone Tilt Giving Away Passwords, NSA Hacking Tools Leaked, New Ad Blocking Solution
Infosec News
INFORMATION SECURITY NEWS
For The Week of 4/11-4/18 2017
The Information Security News Service is a project of LARS (Laboratory for Advanced Research in Systems) in the CS Department at the University of Minnesota Duluth. We send out top stories in information security every Tuesday (except during some academic breaks). If you have stories you’d like to see featured, please email them to infosec...@d.umn.edu.
CURRENT NEWS
Phone Tilt Can Give Away Passwords to Apps
By using data from sensors like the gyroscope, accelerometer, and rotation sensors, apps can figure out which parts of the screen you are tapping. A team at Newcastle University put this to the test, and was able to crack four digit Android pins with 70% accuracy on the first guess, and had 100% accuracy by the fifth guess. Apps often have access to this sensor data without needing special permissions, so they can access it when the phone is locked or another app is open. The researchers say they told companies like Google and Apple about this attack, but there is no definitive solution to this problem.
OurMine Youtube Hack
By gaining access to media network Studio71’s account, hackers were able to change the titles and descriptions of all the videos on 1200 channels that the network hosts. Titles were changed to link to a now-removed youtube video, while the descriptions were changed to contain the text “Hey it’s OurMine, don’t worry we are just testing your security, please contact us for more information.” It’s unclear what the motivation was for the hack, but it seems like it was just for show. Most channels have been able to restore their original content.
https://en.wikipedia.org/wiki/OurMine
NSA Hacking Tools Released by “Shadow Brokers”
The mysterious “Shadow Brokers” group has published a gigabyte of the NSA’s weaponized software exploits in the last eight months. On Friday, they made their most significant leak yet. The leak contains about 300 megabytes of tools stolen from the NSA, include binaries targeting vulnerabilities on Windows operating systems, as well as a hacking framework to load the binaries onto targeted networks. A few of the vulnerabilities are zero days, but Microsoft has patched all the vulnerabilities, exactly one month before this release. There are also bank hacking tools (mostly targeting banks in the Middle East), as well as software to remotely control hacked computers, and more.
New Ad-Blocking Approach Might Be Ultimate Ad-Blocking Solution
Researchers at Princeton and Stanford have devised a new scheme to ad-blocking. Current ad-blocking software works by detecting common code used to deploy online ads. The new approach works by using computer vision techniques to detect common things in ads, such as a “close ad” button or the word “sponsored”. The FCC requires ads to be clearly labeled so people can recognize them as ads, making these techniques even more effective. Their tool also is able to defeat anti-ad blockers by borrowing techniques used by rootkits to hide itself. This method of blocking ads might be the next big thing in the war between ad publishers and ad blockers.