New hacks to be afraid of
Date of Publishing:5/9/2010
Tabnapping, GPS hacks and smudgy touchscreens
Gone are the days when computer hacking used to be n o t h i n g more than a few annoying pranks by nerdy programmers trying to show off their prowess. Unfortunately, as technology advanced so did hackers and scammers who devised niftier tricks to lure you into a trap; mostly for economic gain. Today, they can do wonders with miniscule bits of code: Peek into your house, own your bank accounts and even steal your identity. Here are three upcoming techniques that could prove to be chinks in your security armour in the very near future. It would be advisable for you to fix these before they become your Achilles’ heel.
Geo-tags that could lead stalkers to your doorstep Geo-tags are fun. They let your pictures tell the complete story; pinpointing the exact latitude and longitude of where it was shot. But did you consider that when you share these pictures online, this feature also provides stalkers with enough information to track you down?
Shweta Sharma from Mumbai found out the hard way when she took pictures of her new abode on her iPhone and shared them online. What she didn’t know was that the geo-tag embedded in the pictures was the last piece of information that her stalker needed to walk up to her doorstep.
"I had received a few friend requests from a stranger on Facebook and Twitter, but I turned them down," says Sharma."But one day, this person showed up at my place."
Thankfully, Sharma had a few friends around at the time, and the police were quickly involved, but she dreads what would have happened if she were alone.
Sharma’s only mistake was that she had neglected to turn off the geo-tagging feature that comes with most GPS-enabled phones and digital cameras.
The feature—although pretty innocent—can turn into a privacy risk because it gives away the exact location of where your pictures were shot. Security experts believe it’s even more dangerous because people who shoot digital pictures and upload them don’t even realise that they’ve been geo-tagged.
Researchers Gerald Friedland and Robin Sommer from the International Computer Science Institute in Berkeley recently published a paper titled ‘Cybercasing the Joint: On the Privacy Implications of Geo-tagging’, which talks about different ways these geo-tags can be used.
Apart from figuring out where you live, hackers can also find out whether you are at home or away. For instance, when you post pictures online while on holiday, high-tech burglars can use the geo-tags to find out that you are on vacation—and that your apartment is probably left unattended.
Disabling geo-tags in pictures is the obvious solution to this problem. But this feature can be buried under layers of menus in cellphones and digital cameras. To locate the geo-tag function on your device, read the manual that comes with it. Alternatively, visit ‘I Can Stalk U’ at http://icanstalku.com/how.php#disable, which provides step-by-step guides on how to disable the feature for most GPS-enabled gadgets.
Phishing grows up into ‘tabnapping’
While security experts are still trying to fight phishing scams—where hackers steal your login and password by floating fake websites masquerading as banks and such—scammers have moved on to a more ingenious way of phishing called ‘tabnapping’.
So what can one do to steer clear of tabnappers? Simple: Refuse to login again in an existing window. Instead, open a fresh tab and sign in.
Smudges can reveal passwords Everyone hates smudges on their touchscreens, but according to a research paper ‘Smudge Attacks on Smart Phone Touch Screens’—published by the University of Pennsylvania—these can be much more than just ugly blotches.
The researchers claim that the fingerprints you leave behind could actually help scammers gain access to your data. According to the paper, hackers can read the smudges on a smart phone to infer passwords, either by taking photos of the screen from multiple angles, or by gaining physical control of your handsets.
The Pennsylvania team used Google Nexus One and HTC G1 handsets for the research; both of which use a graphical password system that lets you unlock your phone by swiping a set pattern on the touchscreen. They took photos of the screens and used a program to analyse the photos closely. Surprisingly, they could guess the passwords with 90% accuracy.
“Unlocking your phone in this way leaves oily residue on the screen that remains even after you’ve wiped it. And these latent smudges may be usable to infer recently and frequently touched areas of the screen—a form of information leakage,” the report states.
The study also found “pattern smudges,” which build up from writing the same password numerous times, are particularly recognisable.
“We showed that in many situations, full or partial pattern recovery is possible, even with smudge ‘noise’ from simulated application usage or distortion caused by incidental clothing contact,” the paper says.
So how do you defend yourself against these ‘Smudge Attacks’? Well, using a clear screen protector is the best way to go. And while this might not be a foolproof defence, it’s still the best plan, say experts.
Web Resource for Reference of the Above Mentioned Article: