In
olden movies – secrets of the company [say the value of quotation] would be
stolen through the Secretary / typist – in some movies, the smart ones would
take access of the carbon used in typing to know its value – in a recent movie
‘Kakki Sattai’- the villainous details will be copied from the mainframe into a
thumb drive by the heroine ! – there are advanced methods in getting access of
crucial data !!!!
In the
computer security context, a hacker is one who
exploits weaknesses in a computer system or computer network. Hackers may be
motivated by a multitude of reasons, such as profit, protest, challenge.
enjoyment, or to evaluate those weaknesses to assist in removing them. Often hackers take over the access of a
website or the network either with malicious intention or simply to deny the
rightful owner and then post some harmful message
NFC has
finally gone mainstream. The number of tablets and smartphones with NFC
technology is growing fast, but so are the questions surrounding it. NFC stands for Near-Field Communication and
allows phones, tablets, and laptops to share data with other NFC-equipped
devices. The technology evolved from radio-frequency identification (RFID)
tech. RFID is behind those security scan cards that get you into the office
everyday or bypass that tollbooth on your morning commute. NFC is very much
like RFID, but NFC is limited to communication within four inches. Unlike Bluetooth, NFC doesn’t require any kind
of manual pairing or device discovery to transfer data. With NFC, a connection
is automatically started when another NFC device enters into that four-inch
range. Once in range, the two devices instantaneously communicate and send
prompts to the user.
Then there
are ‘NFC chips’ – that can be programmed to perform certain tasks when
scanned. For example, one can place a
chip on desk and with a quick scan on the tap, can set the phone to vibrate, disable GPS, or enable only
work-related notifications, among other features.
Heard of
the new threat ? – “Biohacking”- a fairly new practice that could lead to major
changes in our life. It takes place in small labs — mostly
non-university — where all sorts of people get together to explore biology.
That could mean figuring out how the DNA in plants affects their growth, or how
to manipulate genes from another source to make a plant glow in the dark.
Here is something
read on www.forbes.com
on how hacker implanted NFC Chip in his hand to bypass security scans and
exploit android phones. In His Hand To
Bypass Security Scans And Exploit Android Phones. Going by hacker stereotypes, it’d be pretty
easy to physically identify anyone committing an act of digital crime. A
combination of pallid skin, hoody and laptop is the biggest giveaway. Such
hackneyed images of hackers are, of course, evidently wrong, bordering on
offensive. Real hackers penetrating business networks have the common sense to
avoid cliched clothing and try to conceal their tools.
For those who can
bear the pain, biohacking, where computing devices are injected under the skin,
provides a novel way to acquire real stealth to sneak through both physical and
digital scans. That’s why US navy petty officer Seth Wahle, now an engineer at
APA Wireless, implanted a chip in his hand, in between the thumb and the finger
– the purlicue apparently – of his left hand. It has an NFC (Near Field
Communications) antenna that pings Android phones, asking them to open a link.
Once the user agrees to open that link and install a malicious file, their
phone connects to a remote computer, the owner of which can carry out further
exploits on that mobile device. Put simply, that Android device is compromised.
In a demo for FORBES, Wahle used the Metasploit penetration testing software on
his laptop to force an Android device to take a picture of his cheery visage.
He’ll be showing
off the surreptitious attack at the Hack Miami conference taking place this
May, alongside the event’s secretary of the board and security consultant Rod
Soto. They admit it’s a rather crude piece of research, given it’s using
off-the-shelf tools and a known attack technique over NFC, but claim this
implant-based attack could provide criminals with a particularly useful “tool
in their social engineering toolset”. And, at a time when airlines and federal
agencies are cracking down anyone even thinking about testing the security of
in-flight communications systems, implantable chips provide a clever way to
sneak electronics past checks at airports or other high-security locations.
Wahle says he put the chip in when he was still employed by the military and it
was never detected despite going through scanners every day. “They would have
to put me through the X-ray [if they were going to detect the chip].” “This
implanted chip can bypass pretty much any security measures that are in place
at this point and we will show proof of that,” says Soto.
But implants aren’t
for the squeamish. Wahle says the needle was bigger than he’d expected when he
had the chip implanted by an “unlicensed amateur” for $40, enough to make him
want to vomit. He says he had to go through a backstreet operation due to
Florida’s restrictive body modification laws. He first had to acquire the chip,
designed to be injected into cattle for agricultural uses, from Chinese company
Freevision. But the chip, which has just
888 bytes of memory and is encapsulated
in a Schott 8625 Bio-glass capsule, is now barely noticeable, Wahle says,
poking at the cylindrical object over his webcam during a Skype call with FORBES.
There are some
clear limitations to an implant-based attack, but they can be overcome through
various means. The malicious Android file created by Wahle and Soto, for
instance, loses connection to the attacker’s server when the phone is locked or
if the device is rebooted, but having the software run as a background service
that starts on boot would fix that, according to Wahle’s whitepaper on the
attacks. Kevin Warwick, who claims to be
the first human to have implanted an NFC chip inside his body, told FORBES it
was “good that this particular application is being tested as it gives some
idea of what might be possible and some of the dangers apparent”. Warwick, now
professor of cybernetics at the University of Reading in the UK, also noted the
inability of security systems to pick up on the technology.
In Miami, Wahle and
Soto are planning to detail the steps hackers will need to go through to add
implants to their arsenal, including how to acquire the hardware and program
the chip. Could this be the beginnings of the democratisation of malevolent
biohacking? “This is just the tip of the iceberg… anyone can do this,” adds
Soto.
For
those of us, using mobile phones only for talking and perhaps for taking an odd
selfie, there is no threat as such though !
With regards – S.
Sampathkumar
28th Apr
2015.
No comments:
Post a Comment