Amazon Echo recorded household audio, sent it to random contact: "An Oregon family's Amazon Echo recorded household audio and sent it to an employee of the family's husband, something Amazon blamed on a rare bug that it intends to fix."

Labels: security fail, security leak

Police use of Amazon’s face-recognition service draws privacy warnings | Ars Technica: "Amazon is actively courting law-enforcement agencies to use a cloud-based facial-recognition service that can identify people in real time, the American Civil Liberties Union reported Tuesday, citing the documents obtained from two US departments."

Labels: 1984

Smartphone app that allows credit card skimming ‘real risk’ to consumers: experts - National | Globalnews.ca: "A smartphone app, which allows the user to read credit card information through wallets and purses, is cause for concern amongst consumers that carry credit cards with radio-frequency identification (RFID) technology, according to experts.

The free app, available on the Samsung Galaxy S3 through the Google Play store, allows the phone to read the RFID chip on a credit card, picking up the cardholder’s name, credit card number and expiry date, according to a CBC investigation."

Labels: security is hard

YubiKey NEO's physical NFC key can now unlock apps on iPhone 7 & later: "Taking advantage of the more open NFC access on iPhones made possible with iOS 11, Yubico has announced that its physical YubiKey NEO authentication key can now be used to unlock compatible iOS apps. "

Labels: authentication, ludicrous speed, security is hard

Intel promises fix for new 'Variant 4' Meltdown, Spectre vulnerability: "Industry woes over Meltdown and Spectre continued this week when Google and Microsoft on Monday revealed a newly discovered silicon-level vulnerability impacting chips used in millions of computers, including those marketed by Apple. "

Labels: security fail, security flaw, security is hard, software fail

Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed • The Register: "Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed"

Labels: security flaw, security is hard

More Spectre-style chip flaws discovered in Intel processors: "The eighth vulnerability is apparently an exception, potentially posing a greater threat than Spectre itself, as it could allow an attacker to launch an exploit in a virtual machine (VM) as a way to attack the host system. Largely affecting enterprise, as well as some individual users who operate VMs privately, the vulnerability could also be used to attack other VM instances on the same server, and due to Intel's Software Guard Extensions (SGX) not being "Spectre-safe," it could also intercept passwords and keys transmitted between VM instances. "

Labels: security exploit, security fail, security flaw

Drive-by Rowhammer attack uses GPU to compromise an Android phone | Ars Technica: "Over the past few years, there has been a steady evolution in Rowhammer, the once largely theoretical attack that exploits physical defects in memory chips to tamper with the security of the devices they run on. On Thursday, researchers are unveiling the most practical demonstration yet of Rowhammer's power and reach: an exploit that remotely executes malicious code on Android phones by harnessing their graphical processors."

Labels: security flaw, security is hard

Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores • The Register: "Arm has released a new processor core design for Cortex-M-powered system-on-chips that will try to stop physical tampering and side-channel attacks by hackers."

Labels: ARM