Serious You are no longer safe! U no idea that yr phone can be hacked to pay Hackers

[Sammyboy RSS Feed]

An honorable member of the Coffee Shop Has Just Posted the Following:




re
live
06:32 GMT, Sep 08, 2017

News
America
UK
Russian politics
Business
Sport
Op-Edge
In vision
In motion
RT360
Shows
More

HomeAmerica
Ultrasonic hack ‘DolphinAttack’ sends inaudible voice commands to Siri, Alexa
Published time: 8 Sep, 2017 01:45
Get short URL
Ultrasonic hack ‘DolphinAttack’ sends inaudible voice commands to Siri, Alexa
© Kacper Pempel / Reuters
Hackers can take control of smart devices using ultrasonic frequencies the human ear cannot detect, according to a new study. Tablets, phones or even in-car interfaces with major voice recognition platforms are all at risk.

Researchers at Zhejiang University published a white paper last Thursday detailing how they were able to attack devices like phones, tablets, and even in-car interfaces using a completely inaudible frequency.
Read more
© Alexey Malgavko Single hacker could bring down German elections with ‘one click’ – cyber security researchers

The DolphinAttack uses ultrasonic frequencies to access speech recognition systems such as Siri, Cortana or Alexa. Voice controllable systems (VCS) allow users to control a device with simple voice commands, such as “hey Siri. Open Google.com” with Apple devices or “Alexa, what’s the weather like today?” with Amazon Echo.

Most devices have a Micro Electro Mechanical Systems (MEMS) microphone, which contains a membrane, or a movable plate that vibrates in response to air pressure changes caused by sound waves. The device records those vibrations and converts them into an electrical signal that can be turned back into sound waves on the receiving end.

The tiny microphones in phones and other devices are able to detect frequencies above 20,000Hz, which cannot be detected by the human ear. Using harmonics, or resonant frequencies that are higher and lower than the fundamental frequency, they were able to translate voice commands into ultrasonic frequencies, which were recognized by the device’s speech recognition system.

"DolphinAttack voice commands, though totally inaudible and therefore imperceptible to [a] human, can be received by the audio hardware of devices, and correctly understood by speech recognition systems," the team wrote in their paper.

The DolphinAttack was used to execute a number of commands, from “activating Siri to initiate a FaceTime call on an iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile.”

Researchers speculated that the attack could also be used to command a device to visit a malicious website that would download a virus, initiate a phone call in order to listen in on the user or instruct the device to send messages or publish materials online under the user’s name.

PayPal even allows users to send money with their smartphone using voice commands, which could potentially be controlled through a DolphinAttack.

Researchers claim they successfully tested the attack in five languages across 16 voice controllable systems including Apple iPhone, Google Nexus, Amazon Echo, and several in-car interfaces.

A separate team in the US also demonstrated that they could use inaudible voice commands to gain access to the Amazon Echo.

Can’t hack it: US court orders hackers to leave Microsoft computers & trademarks alone https://t.co/OMQvBmDKfTpic.twitter.com/sRGi8oSkNZ
— RT America (@RT_America) August 24, 2017

The team of researchers at Zhejiang University theorized how hackers could even breach a device that was trained to respond to only one person’s voice. They devised a way that hackers could use voice recordings of the device’s owner to synthesize the opening voice command using pieces of other words. Hackers could use a phrase such as “he carries cake to the city,” and slice up the phonemes to create the phrase “hey, Siri.”

They were even able to create a working portable transmitter using inexpensive parts that could be found in any electronics shop. The hacker could then perform a walk-by attack, gaining control of a device without physically touching it, altering the device settings, or installing any malware. However, the transmitter did not work from more than five feet away.

DolphinAttack: Using Inaudible Voice Commands to Attack Speech Recognition Systems https://t.co/osY8wUsTDk@HackRead#sec...com/FJmvwdvAxI
— David Bisson (@DMBisson) September 7, 2017

The team did provide ways the Dolphin attack could be prevented. Users can turn off the waking phrases function to stop hackers from being able to access the voice controllable systems. However, that would mean users would have to manually open the voice recognition interface every time they wanted to use it.

The researchers also suggested device manufacturers design microphones that do not act on ultrasonic frequencies or implement software that ignores commands at a certain frequency.





https://www.rt.com/usa/402407-equifax-data-breach/



Credit company warns 143mn people may be affected in data breach
Published time: 8 Sep, 2017 02:08
Get short URL
Credit company warns 143mn people may be affected in data breach
© Bobby Yip / Reuters
Equifax Inc. says a breach of their system may affect 143 million people in the US. About 209,000 credit card numbers were also compromised, marking one of the worst breaches in US history due the scope and importance of information exposed.

The Equifax breach is different than other situations where data is compromised, due to the possibility that consumers may not be aware they are customers of the company. This occurs because Equifax obtains its data from credit card companies, retailers, banks and lenders which report on credit activity of individuals to credit reporting agencies, CNN reported Thursday.
Read more
© Kacper Pempel 9,400 resumes of US military & intel contractors exposed in massive security lapse – reports

The company discovered the breach on July 29 and said, “Criminals exploited a U.S. website application vulnerability to gain access to certain files,” according to CNBC.

Equifax stated “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers” was also exposed.

Equifax Chairman and CEO Richard Smith apologized to consumers and customers alike, and said he knows the breach affects what Equifax is charged with protecting, CNBC reported.

Equifax stated they are notifying people by mail who had their information exposed. The company is also working on an investigation with state and federal authorities, as their own private investigation into the incident is now complete.

In the days after the breach, three Equifax senior executives, including the chief financial officer, sold shares of the company worth about $1.8 million.

READ MORE: New York data breaches hit all-time high as 1.6mn users’ records exposed

None of the sales appear to be part of pre-scheduled trading plans, which let executives sell stock at regular intervals. Each executive still owned thousands of shares of the company following the completion of the sales, as filings show, Business Insider reported.


Click here to view the whole thread at www.sammyboy.com.