Security news

A new AI could stop users from sharing their Netflix passwords with others

Synamedia, a UK company, is offering a new artificially intelligent (AI) service that will help, especially pay-TV operators and video streaming platforms, to track shared passwords. The company is currently showcasing the solution at the Consumer Electronics Show (CES) 2019 in Las Vegas.

Netflix, Amazon Video, HBO Now, for instance, are some of the popular video streaming services as of now.

The service, called Credentials Sharing Insights, uses AI, behavioral analytics and machine learning, which identifies, monitors and analyzes credentials sharing activity across streaming accounts. In other words, it will keep tabs on casual password sharing between friends and family as well as criminal enterprises or individuals who want to make money by reselling login credentials of payment channels or streaming services.

“The way you secure OTT is evolving,” said Jean Marc Racine, CPO and GM EMEA of Synamedia, explained in an interview to Variety. In the past, cable TV operators largely depended on secured devices, such as locked down devices and smart cards to decrypt satellite TV.

However, with the content transitioning to streaming, operators are finding ways to make things simpler for end consumers. “Passwords are easy to share,” he argued.

How does the service work?

Synamedia’s Credential Sharing Insights service analyzes streaming data from all its users. It will train the AI-based system on factors such as location from where an account is being accessed from, what time it’s used and for what duration, the content being watched, which device is being used, so on and so forth.

For example, the service can determine whether users are viewing at their main home and a holiday home, or whether they have shared credentials with friends or grown-up children who live away from home. In the case of the latter, these users will be offered a premium shared account service that includes a pre-authorized level of password sharing and a higher number of concurrent users.

The service provider or platform then gets a probability score, where the system would classify users between scores of 1 to 10, where “1” would indicate that this user is unlikely to share their password, and “10” would represent a user who has high chances of sharing that password.

“Casual credentials sharing is becoming too expensive to ignore,” said Racine. “Our new solution gives operators the ability to take action. Many casual users will be happy to pay an additional fee for a premium, shared service with a greater number of concurrent users. It’s a great way to keep honest people honest while benefiting from an incremental revenue stream.”

Available as a cloud or on-premise offering, Synamedia Credentials Sharing Insight is already in trials with a number of pay-TV operators.

Media research firm Magid suggests that 26% of millennials share passwords for video streaming services, while consulting firm, Parks Associates predicts $9.9 billion of pay-TV revenues and $1.2 billion of OTT revenues will be lost to credentials sharing by the year 2021.

AT&T, Comcast, Disney, Verizon, and Sky are some of the biggest names, who are currently using Synamedia Credentials Sharing Insight service.

Don’t download WhatsApp Gold, as it’s a scam; here’s what you need to do

Look who’s back – the WhatsApp Gold feature – that had become viral in 2016. This feature tricked users into downloading ‘WhatsApp Gold’, an apparently ‘exclusive’ version of the app, on their smartphones which was actually a malware through a given link. Apparently, the WhatsApp Gold scam has resurfaced and started circulating on the internet.

While the original scam fooled users to install malware in the form of ‘WhatsApp Gold’, the new scam is in the form of a message warning users about a virus. The said video “Martinelli” will reportedly install malware in the user’s phone and hack it within 10 seconds of viewing the downloaded video.

The hoax message shared by WhatsApp users read, “Today the radio was talking about WhatsApp Gold and it is true. There is a video that will be released tomorrow on WhatsApp and is called Martinelli. Do not open it. Enter your phone and nothing you do will fix it. Spread the message if you know someone. If you receive a message to update Whatsapp Gold Do not open it! They just announced that the virus is serious. Send it to everyone.”

The message also warns users about a real WhatsApp Gold scam in order to make the message more genuine. However, nothing such as ‘Martinelli’ video exists, nor does the message have any download link to malicious sites. Although there were cases of the WhatsApp Gold scam, the Martinelli video is purely a hoax.

It is important to note that WhatsApp Plus and WhatsApp Gold are not applications developed by WhatsApp. Also, WhatsApp installs updates automatically through the app itself and not through download links. Hence, if users are receiving requests to manually install an update, it is suggested to ignore and delete such messages immediately.

Samsung phone users complain that they cannot delete the Facebook app

Some Samsung smartphone users were in for a shock when they discovered that they were unable to delete the Facebook app from their devices, according to a report by Bloomberg.

Users took to forums such as the Android Central to share their experiences while trying to delete the pre-installed Facebook app. Some users reported that when they tried to remove the app from their devices, it gave them options such as “Disable” or “Force Stop” the app, but not “Uninstall”.

While many smartphones come with some pre-loaded apps, such as email and messenger clients, or other services, the phone manufacturers these days have also started including pre-loaded apps like Facebook, Twitter, Amazon, YouTube, and others on their devices.

Samsung too has few smartphones that come pre-installed with Facebook apps and the company has also released several apps that link its devices to Facebook. For example, Samsung Mobile app and the Galaxy S4 app collect personal information about you and your friends on Facebook.

According to a Facebook spokesperson, once the pre-installed Facebook app is disabled, it acts like it’s been deleted and doesn’t collect data or send any information back to its servers, reports Bloomberg. In other words, once the user has disabled the Facebook app, it stops running.

Neither Samsung nor Facebook has commented on the issue faced by Samsung users.

NSA will release a free open source reverse engineering tool ‘GHIDRA’

The U.S. National Security Agency (NSA) will be releasing a free open source reverse engineering tool for public use in a session at the RSA conference 2019 in San Francisco titled “Come Get Your Free NSA Reverse Engineering Tool!”

For the unaware, NSA has until now officially shared its own software tools only with government agencies, secret services, and other countries.

Dubbed as GHIDRA, the software reverse engineering framework is developed in Java and has a graphical user interface (GUI). It is available for Windows, macOS, and Linux. However, in order to use the tool, the system is required to run Java 1.7.

“NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019,” states the RSAConference session description. “An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS, and Linux and supports a variety of processor instruction sets. The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.”

GHIDRA includes a disassembler that breaks down executable files into assembler code, which in turn can be read and examined by humans. It can be utilized to analyze binary files used by programs, as well as malware, that runs on different operating systems such as Windows, macOS, Linux as well as mobile platforms like Android and iOS.

Spoiler – it's a lot like IDA except slower (written in Java), its best feature is an architecture-agnostic C decompiler (uses a p-code translation layer) – not sure how many architectures the open source release will support. I have a bunch of friends that use it.

— e * v * m (@evm_sec) January 3, 2019

Apparently, the existence of GHIDRA has never officially been a secret, until it was first publicly released by WikiLeaks in CIA Vault 7 leaks in March 2017. Developed back in the early 2000s, the tool has been used extensively ever since, including outside the US and several other law enforcement agencies.

GHIDRA is expected to be released soon on NSA’s open source repository at https://code.nsa.gov/ and also on the associated GitHub account.

Design flaw in the Android version of Skype app allows you to unlock the phone without a password

A bug hunter has discovered a vulnerability in Microsoft’s Android version of Skype app that can be exploited to access several app functions without entering passcode authentication to unlock the phone.

Kosovo-based bug-hunter Florian Kunushevci, who discovered the vulnerability, demonstrated the bypass in a YouTube video (see below). The video shows that anyone in possession of someone’s phone to receive a Skype call, can answer it without unlocking the handset.

Once the person answers the call, he or she can then view photos, access contacts, send a message, and access the browser by clicking on the links sent in the message. All these actions can be carried out without the need to unlock the phone.

Kunushevci, who is an everyday user of the Skype for Android app, discovered that there was something wrong the way in which the app accessed local files on the handset while performing VoIP calls.

“One day I got a feeling while using the app that there should be a need to check a part which seems to give me other options than it should,” he explained to The Register. “Then I had to change the way of thinking as a regular user into something that I can use for exploitation.”

The researcher discovered that when a Skype call is answered, several phone application functions like photo-sharing and contact look-ups could be accessed regardless of whether the phone was locked or not. In other words, the vulnerability allows anyone to access the photo and contact feature without confirming if the person using the handset was authenticated.

Just like multiple iOS flaws found in the system over the years, this vulnerability is due to a slight oversight in system’s security. Kunushevci said, “For the specific bug that I have found on Skype, it is more of a bad design and also a bug in coding. I think to put it all together, humans make mistakes.”

Kunushevci reported the security flaw to Microsoft in October before disclosing it to the public. Apparently, the vulnerability was corrected in the version of Skype released on December 23, 2018, which is safe to use.

It is suggested that users install or upgrade to the latest version of Skype for Android app for better security, as this vulnerability affects Skype on all Android versions. Please note that the patch for this bug is included in all the Skype app builds with a version number over 8.15.0.416 for different Android versions.

Microsoft has yet to issue an official statement on the matter.

Microsoft’s Windows 10 October Update deactivates built-in Administrator account, breaks FLAC support

2018 was certainly not a good year for Microsoft’s Windows 10 October 2018 Update (version 1809), as it was plagued with issues such as automatic deletion of files, ZIP files overwrite confirmation bug, font and display problems. To fix these problems, Microsoft had re-released the Windows 10 version 1809 in November last year.

However, it looks like problems surrounding the Windows 10 October 2018 Update is far from over. Windows 10 October 2018 Update has entered the new year with two new issues.

To start with, in a blog post by Microsoft’s Japanese Network & AD support team, the company has acknowledged that upgrading from Windows 10 version 1803 to version 1809 is inadvertently invalidating the built-in Administrator account if it has been previously activated.

This problem is known to occur during the upgrade process when (1) the built-in Administrator account is valid and (2) there are other accounts that also have Administrator permissions.

Microsoft who is aware of the problem is looking to release a fix in late January 2019. Meanwhile, the company is suggesting users to give Administrator privileges to another user account when upgrading to the October 2018 Update.

For those who have already upgraded and are looking to re-activate Administrator account, can do so by going to Computer Management >Local Users and Groups > Users.

Another issue plaguing Windows 10 October 2018 Update is the broken FLAC support in Windows 10. Apparently, users are complaining that upgrading from Windows 10 April 2018 Update to the Windows 10 October 2018 Update is breaking FLAC support in Windows 10. In other words, metadata for FLAC audio files are being truncated or cut off while using File Explorer and other locations such as Groove Music or Windows Media Player.

It appears that Microsoft is aware of the issue, as it had acknowledged and addressed the issue in the latest Windows 10 19H1 preview builds.

“We fixed an issue resulting in FLAC metadata being cut short in File Explorer and other locations, the company writes in a blog post.

However, the fix hasn’t been brought to the October 2018 Update and has not been listed as a known issue. Hence, it is unclear when the issue will be fixed.

Google Chrome has now become an industry standard web browser that is used by millions of Windows 10 users. Recently a new exploit was discovered in Google Chrome that consumes 100% of system resources and completely freezes a Windows 10 computer.

So here’s everything you need to know about the Google Chrome Exploit and how to fix it.

ALSO READ: Google Chrome’s Dark Mode For macOS To Arrive In Early 2019

Google Chrome Exploit: The Issue

Google Chrome is one of the most feature-rich web browsers that is very well optimized for Windows OS. According to some reliable sources, a new bug which seems to be a tech support scam completely crashes Windows 10 and informs the users that their computer has been affected by a virus.

Initially, this bug makes Google Chrome browser unusable and then all of the open tabs are completely locked. Once both Windows 10 and Google Chrome are completely frozen a pop-up comes up which claims to be from Microsoft support. A user can’t close this pop-up and this pop-up says that your data is at a risk.

For quite some time, this bug makes your Windows 10 computer useless.

Google Chrome Exploit: The Fix

Well, if you or any of your friends or a family member has encountered this bug then this fix might completely resolve the issue. So here’s how you can get Windows 10 up and running once again.

1. Open Task Manager from Taskbar or by pressing Shift+Ctrl+Esc at the same time.
2. Under the Processes Tab, locate Google Chrome in the Apps Section.
3. Lastly, select Google Chrome and right-click to End Task.

Hopefully, your Windows 10 computer will now return to its normal state. It is worth noting, that the next time you open Google Chrome the browser would prompt you to restore tabs as the browser didn’t had a proper shutdown. Don’t restore the tabs else you would have to face the same issue once again.

Apple recently released the iOS 12.1.2 update that was supposed to fix issues with eSIM support for the iPhone XR, iPhone XS, and iPhone XS Max. After a few days, Apple released another update with similar version number but this time around instead of resolving issues the update brought some significant problems.

After the latest iOS update, many iPhone users have been reporting about a bug that automatically disconnects iPhone’s from cellular data.

So here’s everything you need to know about the issue mentioned above.

ALSO READ: iPhone X explodes after iOS 12.1 Update

iOS 12.1.2 Bug: The Issue

As mentioned earlier the bug that came along the latest iOS update kills the cellular data on iPhones. Consequently, users didn’t receive phone calls and text messages due to the unavailability of mobile data. The issue came into notice when people started reporting on forums and social media platforms like Twitter, Facebook, and Reddit.

In addition to that, some users also reported that the bug affected WiFi connections as well. It is worth noting that the bug has affected many iPhones, but it’s not present on every iPhone.

iOS 12.1.2 Bug: The Fix

Well, if you are one among many affected iPhone users, then these two fixes from 9to5Mac might help you.

1. Firstly you can disable Wi-Fi Calling from the cellular menu of the settings app.
2. Next up, head on to Cellular Data Options and change the Enable LTE field from Voice and Data to Data only.

These two fixes are not the exact solutions, but they might help many users. As of now, Apple hasn’t addressed the bug that disconnects iPhones from cellular data. That said, Apple might soon release the iOS 12.1.3 update which will ultimately resolve this issue.

Do share any personal fix that you have found for the issue mentioned above in the comments section below.

Arizona Man Says Hacker Spoke to Him Through His Home’s Nest Security Camera

As creepy and disturbing it may sound, an Arizona man was startled when a hacker spoke to him through his internet security camera that was meant to keep him safe, reports The Arizona Republic.

The victim, Andy Gregg, a real estate agent in Phoenix, Arizona, said he was in his backyard when he heard a voice speaking to him creepily from inside his home. At first, he thought a burglar had entered his home. However, he soon realized that the voice was coming from his Nest Cam IQ security camera in the front window of his home.

The hacker claimed that he was a “white hat” hacker associated with the Anonymous hacktivist group. He informed Gregg that his personal information was compromised probably in a previous data breach.

The hacker then recited a number of passwords Gregg had used for logging into multiple websites. While the hacker had no access to the cam’s video feed, nor Gregg’s location, he said the loopholes, however, could have been explored by notorious hackers for malicious purposes.

“I’m really sorry if I startled you or anything. I realize this is super unprofessional, and I’m sorry that it’s a little late in the day to do this,” the hacker can be heard telling Gregg, according to a recording obtained by The Arizona Republic/azcentral.

“We don’t have any malicious intent.”

The hacker informed Gregg that he had accessed his camera to warn him about its security vulnerabilities. Gregg immediately unplugged the camera and changed his passwords to avoid any future access to his camera by malicious hackers.

“You basically feel very vulnerable,” Gregg told The Arizona Republic. “It feels like you’ve been robbed essentially and somebody’s in your house. They know when you’re there. They know when you’re leaving.”

Google-owned Nest said in a statement to the Arizona Republic that it is aware of hackers accessing its cameras using passwords exposed in other breaches. It said that the company has no control over the device beyond the user’s login point, as their devices do not come with default logins. Users need to set up their device with a unique set of login credentials that only they are aware. Hence, Nest suggests its users to set up two-factor authentication to provide an additional layer of security on their devices.

New Purchases For JailBroken iPhones Closed Down On Cydia App Store

Cydia app store creator Jay “Saurik” Freeman on Friday announced in a Reddit post that software purchases would no longer be available on Cydia App Store.

For the unaware, Cydia App Store for iOS provides user software packages that can be installed on jailbroken iPhones, iPads and iPod touch devices. Basically, it allows users to install software from third-party by bypassing Apple’s own App Store lockdown.

However, the number of users who have cracked the iPhone has decreased in recent years due to Apple’s iOS ecosystem has grown more strong and secure.

While Freeman had initial plans to shut down the store purchases option by the end of 2018, a recently found security vulnerability in the app that would allow hackers to buy apps using other people’s accounts led to the shut down earlier than planned.

“The reality is that I wanted to just shut down the Cydia Store entirely before the end of the year, and was considering moving the timetable up after receiving the report (to this weekend); this service loses me money and is not something I have any passion to maintain: it was a critical component of a healthy ecosystem, and for a while it helped fund a small staff of people to maintain the ecosystem, but it came at great cost to my sanity and led lots of people to irrationally hate me due to what amounted to a purposeful misunderstanding of how profit vs. revenue works,” he writes.

The shutting down announcement does not mean the immediate end of jailbreaking since Freeman will continue to bear the cost of running the platform. iOS users will still be able to download apps that they have purchased from Cydia store in the past; however, they would now be no longer able to purchase new apps.

Further, Freeman is going to publish a more “formal” post this week with further details about the past and future of Cydia.

Also Read- Apple sued for lying about screen size and pixel count in its iPhone X series